Terrorists have been using the internet for years, and more recently, have been using the platform to launch cyber-attacks. The form of these attacks is constantly shifting, so preventing them is very difficult. The threats often lay dormant, and are hard to detect. However, there are steps organizations and states can take to protect against cyber-terrorism and cyber-crimes. No one should think that they are immune; these attacks will only increase in number and threat. International coalitions and organizations should be formed to fight cyber-attacks, especially since terrorist organizations are already heavily cooperating in launching them.
Chair: Dr. Eitan AzaniDeputy Executive Director, International Institute for Counter-Terrorism (ICT), IDC Herzliya, Israel
Col. (Res.) Rami EfratiFormer Head, Civilian Department of Cyber Bureau, Israel
Mr. Ofir HasonCEO and Co-Founder, CyberGym, Israel
Adv. Deborah Housen-CourielAssociate, International Institute for Counter-Terrorism (ICT), IDC Herzliya, & Fellow, Tel Aviv University's Yuval Ne'eman Workshop for Science, Technology and Security, Israel
Mr. Gabriel MazoozComputer & Cyber Department Manager, Generation & Energy Group, Israel Electric Corporation, Israel
Mr. Iddo MoedCyber Security Coordinator, Strategic Affairs Department, MFA, Israel
Prof. Gabriel WeimannProfessor of Communication, University of Haifa, and Senior Fellow at the Woodrow Wilson Center, Washington, DC and at the University of Munich, Germany
Mr. Ofir HasonMr. Ofir Hason founded Cyber Gym with the Israel Security Agency (ISA), which deals with cyber warfare. This connects to ISIS because ISIS wants to disturb the existing geographic boundaries of the world, and replace the current system with their own global caliphate. With cyber warfare, there are no lines or boundaries, so it requires an international coalition to fight. Anyone can fight anyone from anywhere online, so stopping recruitment is a big issue. Many people and companies still don't see cyber-attacks as a threat, and thus don't have the necessary skills to combat them.
Prof. Gabriel WiemennProf. Gabriel Wiemenn explained how countries and terrorist organizations exchange virtual blows online, and have done so for decades. Terrorist organizations use the internet because it isn't regulated, and it's usually free. This leads to constant change and is highly difficult to monitor. Terrorist organizations have four main uses for the internet: First, virtual interactivity, where they communicate with others online and answer questions. Second, they use narrowcasting, which is the broadcasting of specific messages to specific groups. Third, they make use of online recruitment in different countries. Fourth, lone wolf terrorists are often recruited, radicalized, instructed, and compensated online – they are not truly lone wolves. Terrorists spread tactics and ideology through lectures, question and answer sessions, and videos on existing platforms such as Twitter, YouTube, and Facebook. They also acquire targets for attacks through Google Earth. The only ways to combat cyber terrorism are new weapons, new defenses, new regulations, and new platforms protected against terrorist activity.
Mr. Gabriel MazoozMr. Gabriel Mazooz describes how cyber defense consists of hardware, software tools, methodology, human resource, and intelligence. Purely mechanical digital security is not sufficient; employees must be trained in combatting cyber-attacks. Still, this is not enough – these are just defenses, not solutions. For example, Hardware Trojans are a new, difficult threat because they combine hardware and software, and they have delayed effects. New threats emerge constantly, so never be complacent, and think outside the box when looking for possible cyber-attacks.
Col. (Res.) Rami EfratiCol. (Res.) Rami Efrati argues that the best way to deal with terrorism is cooperation, both intranationally and internationally. No one believes that cyber terrorism will affect them, so they don't invest in the necessary protective precautions. Terrorists can use their own websites to launch cyber-attacks by embedding viruses, thus using intelligence gathering against us. Often when there is a big scare of an attack, and then nothing happens, victims of the attack are relieved, and assume their system has not been penetrated. In fact, a virus may lie dormant, waiting to be called into action. In order to successfully combat them, we must look at cyber-attacks like terror attacks, and treat them just as seriously.
Adv. Deborah Housen-CourielFrom a lawyer's perspective, Adv. Deborah Housen-Couriel explains that knowing what the proper terminology is to characterize these cyber-attacks is very difficult. There was an early conference on cyber-crime in 2001, but it's hard to know what is crime and what is terrorism. There have been many such conferences since, but a universal definition has not been applied. Recently, increasing numbers of law enforcement agencies and intelligence alliances have begun to fight cyber-terrorism. Israel is dealing with the definitional issue by broadening the scope of the definition of terrorism.
Mr. Iddo MoedMr. Iddo Moed defines cyber-terrorism as the use of cyber-domain tools for terrorist activities. He posits that this becomes dangerous when there is not just intent, but capacity. Terrorist organizations and criminals are very hard to distinguish because they often act like one another. Different nations use very different security systems to protect against cyber-attacks; there needs to be more cooperation. According to NATO, international law now applies to the cyber realm, and thus a cyber-attack can legally warrant military action. The most effective way to combat cyber-terrorism is to build international coalitions, both multilateral and bilateral. An international institution must be created to focus solely on cyber-terrorism, to fill the space between nations and non-state actors.
Dr. Eitan AzaniDr. Eitan Azani explains that for jihadists, the Internet is a platform to mobilize decentralized systems to launch an attack and to raise money. There are two levels of defense against cyber-attacks: organizational, involving software, and personal, involving knowledge. Jihadist cyber-attacks are launched by special electronic jihad units, and begin with their own media outlets, which publish everything their operatives need to know in order to launch an attack. Each group uses every social media outlet, launching many "lone wolves" who in reality have a large backing. After attacks, they can publish the details of the attack to inspire others and glorify jihad. It should be the assumption that most organizations are constantly under cyber-attack, and should invest in the necessary safeguards. There is a high level of cooperation and information sharing between different terrorist groups, and thus groups with low capabilities have a high learning curve. Level of threat is the level of motivation x capability x frequency. State-sponsored jihadists groups are the biggest threat.