RL32114
Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress
October 17, 2003

Download Locations:

	Center for Democracy & Technology
	Federation of American Scientists
	Thurgood Marshall Law Library/University of Maryland School of Law
	U.S. Department of State

Summary:

Persistent computer security vulnerabilities may expose U.S. critical infrastructure and government computer systems to possible cyber attack by terrorists, possibly affecting the economy or other areas of national security. This report discusses possible cyber capabilities of terrorists and sponsoring nations, describes how computer security vulnerabilities might be exploited through a cyber terror attack, and raises some potential issues for Congress.

Currently no evidence exists that terrorist organizations are actively planning to use computers as a means of attack, and there is disagreement among some observers about whether critical infrastructure computers offer an effective target for furthering terrorists' goals. However, terrorist organizations now use the Internet to communicate, and news reports have indicated that Al Qaeda and other groups may be using computer technology to help plan future terrorist attacks. At the same time, nuisance attacks against computer systems and the Internet are becomingmore rapid and widespread, indicating that computer system vulnerabilities persist despite growing concerns about possible effects on national security.

This report presents a working definition for the term "cyber terrorism", plus background information describing how current technology and management processesmay leave computers exposed to cyber attack, and a discussion of possible effects of a cyber attack. Potential issues for Congress are presented in the second section, including: whether appropriate guidance exists for a DOD information warfare response to a cyber attack; whether the need to detect possible cyber terrorist activity interferes with individual privacy; whether the roles and responsibilities for protecting against a possible cyber terrorist attack need more clarity for government, industry, and home users; and, whether information sharing on cyber threats and vulnerabilities must be further increased between private industry and the federal government. The final section describes possible policy options for improving protection against threats from possible cyber terrorism.

Appendices to this report explain technologies underlying computer viruses, worms, and spyware, how these malicious programs enable cyber crime and cyber espionage, and how tactics currently used by computer hackers might also be employed by terrorists while planning a possible cyber terror attack.