Close
  • Français
  • English

Addressing Cyber Terrorism Threats {By Zahri Bin Yunos, Cybersecurity Malaisia}

What is Cyber Terrorism? 

Cyber terrorism is the convergence of cyberspace and terrorism. It refers to the unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives [1] [2]. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not be considered as cyber terrorism.

Elements of Cyber Terrorism Attacks

Cyberspace is a virtual place that has become as important as physical space for social, economic and political activities. Many countries in the world are increasing their dependency on cyberspace when they use Information and Communication Technology (ICT) [3] [4]. This dependency places these countries in an insecure position because cyberspace is borderless and vulnerable to cyber attacks. Individuals have the ability and capability to cause damage to a nation through cyberspace. Cyber attacks are also attractive because it is a cheap in relation to the costs of developing, maintaining and using advanced as well as sophisticated tools. Many have declared that cyberspace is the fifth domain along with land, air, sea and space, and it is crucial to battlefield success.

In general, to understand cyber terrorism, we can break it down to at least five elements in order to construe cyber terrorism [5] [6]:

  1. Politically-motivated cyber attacks that lead to death or bodily injury;
  1. Cyber attacks that cause fear and/or physical harm through cyber attack techniques;
  • Serious attacks against critical information infrastructures such as financial, energy, transportation and government operations;
  1. Attacks that disrupt non-essential services are not considered cyber terrorism;
  2. Attacks that are not primarily focused on monetary gain.

How serious is Cyber Terrorism?

Cyber terrorism is real and extant. It is consider as an attractive option for modern terrorists, who value its anonymity, its potential to inflict massive damage, its psychological impact, and its media appeal. It includes warfare attacks against a nation’s state and forcing ICT infrastructure (including the critical national infrastructure) and assets to fail or to destroy them. Not only are cyber criminals not slowing down, but they keep upgrading and innovating the ways they hack into systems, steal identities and data, hijack computers and much more.

Way forward to mitigate cyber attacks and terrorism are:- 

  1. Strengthening domestic cyber security through inter-agency cooperation and Public-Private Partnership;
  2. Global collaboration & strategic alliances to strengthen regional cyber security in addressing cross-border cyber attacks and cyber crimes;
  3. Adoption of more innovative, aggressive and proactive approaches in order stay ahead of cyber threats – possessing both defensive and offensive capabilities;
  4. Enhancing the triad of People-Process-Technology.

Preventive Measures Taken by the Government – Malaysia Initiatives

In Malaysia, the Government has taken initiatives to mitigate and combat cyber attacks. One of the initiatives taken is developing National Cyber Security Policy (NCSP), which was endorsed by the Government in May 2006 [7] [8]. NCSP consists of eight (8) policy thrusts; Effective Governance, Legislative and Regulatory Framework, Cyber Security Technology Framework, Culture of Security and Capacity Building, Research and Development Towards Self Reliance, Compliance and Enforcement, Cyber Security Emergency Readiness and International Cooperation.

The NCSP was formulated to address threats and risks to the Critical National Information Infrastructure (CNII) and developed action plans to mitigate such risks. CNII consists of assets (real and virtual), systems and functions that are vital to the nation that their exploitation, damage or destruction would have a devastating impact on national economic strength, image, defense and security, government capabilities to function efficiently and public health and safety. The NCSP is focused particularly on the protection of CNII against cyber threats [9] [10].

 Alongside clear and effective governance, NCSP provides mechanisms for improving the trust and cooperation among the public and private sectors. NCSP also focuses on enhancing skills and capacity building as well as enhancing research and development initiatives towards self-reliance. It also maps out emergency readiness initiatives and dictates a programme of compliance and assurance across the whole of the CNII. The NCSP also reaches out to Malaysia’s international partners and allies. The policy describes methods that Malaysia can share knowledge with the region and the world on cyber security related matters. Malaysia developed NCSP as a proactive step in protecting critical sectors against cyber threats.

 Other actions taken against cyber attacks are:-

  1. Layered approach for defense mechanisms: By having combination of email filtering, installation of anti-virus software, pro-active malware protection, security policies and keeping protection software up to date along with the operating system and applications can help to tackle security related issues such as spam, malware attacks.
  2. Awareness: Constantly give cyber security awareness to Internet users and organizations on current security threats and how to protect against the threats by practicing best practices and safeguarding their system/networks from attacks.

 

The Roles of CyberSecurity Malaysia in Combating Cyber Terrorism 

CyberSecurity Malaysia, an agency under the Malaysia’s Ministry of Science, Technology and Innovation is structured to be able to mitigate cyber threats. One of the major characteristics of such threats is the cross border because Internet crimes do not conform to the physical boundary of a nation. Because of this, CyberSecurity Malaysia rigorously pursues international relations by establishing collaborative efforts with foreign government agencies and international organizations through bilateral and multilateral engagement. CyberSecurity Malaysia is also heavily involved in the establishment of cyber security multilateral engagement platforms such as the Asia Pacific CERT (APCERT) and the Organization of Islamic Cooperation-CERT (OIC-CERT). These platforms see the collaboration of similar organizations in mitigating international cyber threats.

In addition, other departments such as Digital Forensics, the Malaysia Computer Emergency Response Team (MyCERT) and Security Assurance have specific arrangements with their counter parts overseas. Since 2001, CyberSecurity Malaysia has been actively participated in various cyber security events locally, regionally and also internationally. All those conferences, seminars and workshops have been of great benefit not only to the target audiences (who attended the event) but also to the country. All those conferences, seminars and workshops have been of great benefit not only to the target audiences, but also to the country.

CyberSecurity Malaysia also organises its own event, known as Cyber Security Malaysia – Awards, Conference and Exhibition (CSM-ACE) yearly in Kuala Lumpur. CSM-ACE has stood out as the biggest and most talked-about public-private-community partnership event in Malaysia. We provide assistance in terms of detection, containment, analysing, eradication and recovery of incidents during national cyber crisis. We also produce Security Advisory/Alert during the national cyber crisis.

An awareness program known as CyberSAFE – Cyber Security Awareness For Everyone, is CyberSecurity Malaysia’s initiative to educate and enhance the awareness of the general public on the technological and social issues facing internet users, particularly on the dangers of getting online. CyberSAFE in Schools, is a program with the cooperation of the Malaysia’s Ministry of Education (MOE) aims to reach to young generation in schools, which comprises the major portion of Internet users in the country and the most vulnerable group.

 

References:

[1]      R. Ahmad and Z. Yunos, “A Dynamic Cyber Terrorism Framework,” Int. J. Comput. Sci. Inf. Secur., vol. 10, no. 2, pp. 149–158, 2012.

[2]      Z. Yunos, “Putting Cyber Terrorism into Context,” Published in the STAR In-Tech, p. IT11, 2009.

[3]      Z. Yunos and R. Ahmad, “The Application of Qualitative Method in Developing a Cyber Terrorism Framework,” in Proceedings of the 2014 International Conference on Economics, Management and Development (EMD 2014), 2014, pp. 133–137.

[4]      R. Ahmad, Z. Yunos, and S. Sahib, “Understanding Cyber Terrorism : The Grounded Theory Method Applied,” in IEEE International Conference on Cyber Security, Cyber Warfare and Digital Forensic, Malaysia, 26-28 June, 2012, pp. 334–339.

[5]      Z. Yunos, R. Ahmad, and N. A. A. Abd Aziz, “Definition and Framework of Cyber Terrorism,” Proceeding Southeast Asia Reg. Cent. Count. Terror. Sel. Artic., vol. 1/2013, pp. 67–79, 2013.

[6]      R. Ahmad, Z. Yunos, S. Sahib, and M. Yusoff, “Perception on Cyber Terrorism: A Focus Group Discussion Approach,” J. Inf. Secur., vol. 3, no. 3, pp. 231–237, 2012.

[7]      Z. Yunos, “Illicit Activities and Terrorism in Cyberspace,” in Proceeding of CENS-GFF CyberSecurity Forum – The Geostrategic Implications of Cyberspace, 2011, pp. 12–13.

[8]      Z. Yunos, R. Ahmad, S. M. Ali, and S. Shamsuddin, “Illicit Activities and Terrorism in Cyberspace : An Exploratory Study in the Southeast Asian Region,” in Pacific Asia Workshop on Intelligence and Security Informatics (PAISI 2012), Malaysia, 29 May, Springer Lecture Notes in Computer Science, Volume 7299/2012, 2012, pp. 27–35.

[9]      Z. Yunos and S. H. Suid, “Protection of Critical National Information Infrastructure (CNII) Against Cyber Terrorism: Development of Strategy and Policy Framework,” in IEEE International Intelligence and Security Informatics (ISI) Conference, Vancouver, Canada, 23-26 May, 2010, p. 169.

[10]    Z. Yunos, S. H. Suid, R. Ahmad, and Z. Ismail, “Safeguarding Malaysia’s Critical National Information Infrastructure (CNII) Against Cyber Terrorism: Towards Development of a Policy Framework,” in IEEE Sixth International Conference on Information Assurance & Security, Atlanta, GA, 23-25 Aug, 2010, pp. 21–27.