Private Industry and Academia Combat Cyberterrorism

In this piece, I identify what measures private industry and academia are using to combat cyberterrorism.

Private Industry

Private Sector Responsibilities. The private sector owns and operates a large majority of our critical infrastructures and key assets (CIs/KAs). Customarily, private companies prudently engage in risk management planning.  They also invest in security as a necessary component of business operations to assure customer confidence.  In the current threat environment, the private sector remains the first line of defense for its own facilities.  Consequently, private-sector owners and operators reassess and adjust their planning, assurance, and investment programs to accommodate the increased risk of deliberate terrorist acts.  Since the events of September 11, 2001, nationwide enterprises have increased their investments in security to meet the demands of the new threat environment (Anonymous, 2003a).

Countering Cyberterrorism Rests on Private Industry. According to security experts, the U.S. government is failing to keep a close eye on the cyberterrorism threat.  Rather than governments and the military, they say that the burden of watching and preparing for a computer-driven attack on U.S. CIs is falling on the private sector.  Dan Vorton, executive editor of Homeland Defense Media in the United States and author of Black Ice: The Invisible Threat of Cyberterrorism, said, “We have an unprecedented situation where a greater part of our national security interest is in the hands of private companies, whose mission is not to protect the United States but to make money and provide shareholder value.  And the government has been unwilling to increase regulation that would improve cyber security.” On the contrary, Mark Rasch, former head of the U.S. Justice Department’s computer crime unit, said, “There is a general danger of cyberterrorism, but there are more immediate and direct threats to the infrastructure, and if you have limited money, I would chase the other threats before cyberterrorism” (Morrison & Nuttall, 2005).

Large Enterprises. Large enterprises evaluate their network security, which affect the security of the nation’s CIs. Such evaluations include (1) conducting audits to ensure effectiveness and use of best practices, (2) developing continuity plans, which consider offsite staff and equipment, and (3) participating in industry-wide information sharing and best practice dissemination (Anonymous, 2003b).

Small Businesses. Small businesses help our nation secure cyberspace by securing their own connections to it.  Installing firewall software and updating it regularly, maintaining current antivirus software, and regularly updating operating systems and major applications with security enhancements are actions that enterprise operators take to help secure cyberspace (Anonymous, 2003b).

Control System Security. In recent years, most companies that operate critical industrial infrastructure have invested heavily in protecting their high-level corporate information systems from cyberterrorism … and for good reason.  Significantly, a corresponding investment in securing plant- and facility-level control systems largely has not materialized.  Station equipment connects directly to industrial monitoring and control systems.  A cyberterrorist attacking the control system layer can cause loss of production, environmental damage, loss of intellectual property, and unsafe working conditions (Ahern, 2003).

Four Principles. Effectively securing CI operations from cyberterrorism requires that management observe four important principles (Ahern, 2003):

1. Understand that the control system layer is a vulnerable point of attack with potentially serious consequences.
2. Recognize that security tools designed for higher, corporate-level information security do not adequately address control layer security threats.
3. Plan and build a defense that handles attacks from outside as well as from within the enterprise.
4. Apply “best practices” in creating a control-level security system that will perform these five key functions: (a) monitor, (b) detect, (c) notify, (d) protect, and (e) recover.

Organizing for Cyberterrorism. Cyberterrorist threats are on the rise.  Businesses could activate a proactive counterterrorism program to protect, for example, a firm’s marketing activities.  In this case, marketing executives can take a series of steps to minimize the potential threat and/or impact of a cyberterrorist attack.  Tactical initiatives of the electronic commerce marketing team could include the following (Griffith, 1999):

• Develop an internal monitoring system to keep abreast of potential cyberterrorism threats.
• Maintain vigilance over system security.
• Develop action plans for the most vital threats.
• Develop a methodology for costing potential threats.
• Implement protocols for prosecuting cyberterrorists.

Even though the idea of these initiatives may be over a decade old, they are still current and would be effective if implemented today by companies that have not yet done anything to combat cyberterrorism.

Conclusion. Cyberterrorist threats are on the rise.  However, the U.S. government is not keeping close surveillance on the cyberterrorism threat.  Consequently, in the current threat environment, the private sector remains the first line of defense for its own facilities.  Furthermore, since the 9/11 attacks, nationwide enterprises have increased their investments in security to meet the demands of the new threat environment.  Hence, rather than governments and the military carrying the protection load, the burden of watching and preparing for a cyber attack on U.S. CIs rests on the private sector.  Therefore, private industry has taken a proactive approach to combat cyberterrorism, which is a good thing.

Academia

Terrorism Education for Our Youth. There is a related requirement to develop educational programs on terrorism at all levels.  Even on the primary level, students should have a basic understanding of terrorism, for they see it each day in the media and portrayed in movies and video games.  By not understanding the nature of terrorism, their fears are amplified.  Too often, for children and adults, it is what we don’t understand of which we are most fearful.  It is through education that the generalized fear of terrorism can be lessened, thereby countering the “fear multiplication” intentionally caused by acts of terrorism.  Curriculum should be developed on understanding terrorism as an integral part of education in middle and high schools.  It is important to develop courses that do not promote anxiety but rather give the students an understanding of a threat that is and will continue to be a reality in their own and political life (Sloan, 2008).

Terrorism Education for College Students. Finally, in colleges and universities, terrorism education will enable individuals to address such complex issues as reconciling security and civil liberties in a democratic system.  But beyond that, such an education may not only help to promote interest in international affairs, but also hopefully provide the foundation for those who wish to be involved either in academia or in government as specialists on terrorism.  Well-educated students with a background on terrorism are vitally needed if we are to have a new generation of individuals who will specialize in the study of a major form of international violence (Sloan, 2008).

New Jersey Institute of Technology. September 11, 2001, has become a symbol to the end of innocence in America and the rest of the world. “9/11” has become a synonym for terror, radical Islam, weapons of mass destruction (WMDs), and Jihad.  In the aftermath of the event, many organizations have stepped into the new frontier, which can be called the counterterrorism industry.  New Jersey Institute of Technology (NJIT) is one such organization.  In the fall of 2006, the college initiated a new undergraduate program called “Physical and Digital Counter-Terrorism” to answer the increasing demand for counterterrorism education both from the government and the general population (Shaked, 2006).

Dr. Robert Statica. Dr. Robert Statica, NJIT’s Information Technology (IT) program administrator, is one of the leaders of the new program, a sequence of six courses—three in traditional terrorism and three in digital or cyberterrorism.  The new program is currently open to government employees and law enforcement personnel.  The IT department is also “actively working with the former Director of the FBI’s NJ Joint Terrorism Task Force, retired FBI agent Stephen Foster on developing the traditional counterterrorism courses,” said Statica (Shaked, 2006).

Cutting-edge Knowledge. The NJIT offers to companies and government agencies a practical, hands-on, and sophisticated six-course (18-credit) certificate program designed to combat digital and physical terrorism.  Classes are also available at the workplace or through distance learning. “Companies or agencies may customize the program in any way they so desire.  The goal is to create a new generation of counterterrorism experts, and we think the array of in-depth courses we’ve put together will fit the bill,” said Robert Statica, program director. They offer cutting-edge knowledge about traditional (or physical) counterterrorism strategies, cyber security, and cyber-investigations as well as digital forensics, computer crime, and more (Weinstein, 2006).

References

Ahern, B. M. (2003, September). Control system security in the age of cyberterrorism. Pipeline & Gas Journal, 230(9), p. 12.

Anonymous (2003a, February). The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. Washington, DC: The White House.

Anonymous (2003, February). The National Strategy to Secure Cyberspace. Washington, DC: The White House.

Griffith, D. A. (1999, Summer). Organizing to minimize a cyberterrorist threat: As marketing’s reliance on technology increases, companies must take steps to prevent security breaches. Marketing Management, pp. 9-15.

Morrison, S., & Nuttall, C. (2005, November 16). US ‘relying on private companies to counter cyberterrorism’: But security experts are divided over the extent of the threat to the country’s infrastructure. Financial Times, London (UK), p. 4.

Shaked, S. (2006, September 12). Developing new ways to fight the war on terror. Vector. Retrieved from http://www.njitvector.com/home/index.cfm?event=displayArticlePrinterFriendly&uStory_id=baf6edc7-2178-4f61-b287-0d583bbbb6e0.

Sloan, S. (2008). The evolution of terrorism as a global test of wills: A personal assessment and perspective. Memorial Institute for the Prevention of Terrorism (MIPT), 29 pp.

Weinstein, S. (2006, August 9). NJIT offers new certificate to fight digital and physical terrorism. NJIT Public Information Press Release. Retrieved from http://www.njit.edu/publicinfo/press_releases/display_page.php?url=release_905.htm.

###