Small Wars Journal

cyber security

What is cyber-terrorism, and is it a threat to U.S. national security? Riley.C.Murray Thu, 11/04/2021 - 2:32am
The primary defense and security concerns of the 21st-century have been and will continue to be driven by the strategic phenomena of cyberspace and terrorism.[i] However, there are several competing definitions of both cyberspace and terrorism, and there is no universally accepted definition for many cyber-related activities (i.e. cyber-terrorism, cyber-warfare, and cyber-crime). Cyber-terrorism is often loosely defined as the “convergence of terrorism and cyberspace,” which allows for a wide range of interpretation and confusion.[ii] This paper provides a more pragmatic definition of cyber-terrorism by addressing the nuances of previously proposed definitions in order to help the U.S. national security apparatus address current and future threats. Additionally, it will discuss what constitutes a cyber-terror attack and how it differs from other cyber-crimes. Lastly, it will then determine what threat, if any, cyber-terrorism poses to U.S. national security. To do so, I will first provide definitions for both cyberspace and terrorism which are helpful for understanding the distinct phenomenon of cyber-terrorism.

Disrupting digital harms in Central Asia

Mon, 06/21/2021 - 7:52pm

Disrupting digital harms in Central Asia

Robert Muggah and Rafal Rohozinski 

Central Asia is the staging ground for a new digital Great Game. The key players include Russia, China, Europe, and the US, along with a rash of Central Asian actors. What happens there has implications not just for the region, but the future of the Internet. One of the reasons why Central Asia’s assuming more strategic importance is because of the digital transformation occurring across the region. Their digitalization is part of a deeper historical commitment to technology-driven modernization stretching back to the twentieth century Soviet Union. Today, the region is registering a dramatic increase in internet roll-out, mobile broadband connections and social media users.

Centro Asia

Central Asia (Public Domain – Creative Commons CC0)

Central Asia’s digitalization is generating opportunities, but also risks. The onboarding of Central Asians is occurring amidst a complex backdrop of top-down secular authoritarianism, bottom-up agitation for more progressive democracticization and a contest between moderate and hardline Islam. Digital transformation, then, could accelerate digital authoritarianism. Indeed, there is a real push from China, Russia and the US to shape the wider technology environment, with profound implications for the future of civic freedoms and digital rights. And as more Central Asians go online, their exposure to digital harms, including violent extremism, is increasing.

New SecDev Group-led research is shining a light on the scope, scale and dynamics of online violent extremism across Central Asia. For one, while persistent, violent extremist actors have a modest online footprint: a small number of entities are disproportionately responsible for a high proportion of harmful content. Related, extremist groups are using third party networks to amplify their reach and moving between platforms to avoid take-downs. What’s more, their appeals are linked to regional grievances, from Afghanistan and Syria to Muslim grievances in France and the treatment of Uyghurs in China.

A managed risk approach is critical to prevent, disrupt and reduce online violent extremism in Central Asia. Too often, interventions are narrowly targeted, having comparatively limited impact and potentially making the problem worse. The spread of violent extremism is connected fundamentally to wider geopolitical, regional and domestic factors such as the continued repression of minorities in Xinjiang and the impending withdrawal of NATO troops from Afghanistan. These tensions will continue to stoke grievances and serve as a focal for radicalization. Ultimately, intervention strategies must account for these political realities in their design.

While appealing, police-led interventions and platform-led strategies focused on taking down content will not successfully deter online violent extremism. To the contrary: they can potentially incentivize extremist groups to move to more obscure platforms and adapt their strategies, generating new challenges. Interventions designed to disrupt online extremist groups and remove radical content need to be mindful of the unintended consequences of aggressive take-downs. For example, overzealous efforts can undermine media independence, ramp-up indiscriminate surveillance and trigger anti-terrorist legislation and operations that curb rights.

Several Central Asian governments are actively exploring ways to adopt more stringent surveillance and censorship laws and to make use of artificial intelligence and other intrusive surveillance technologies ostensibly to “fight terrorism.” There is a danger that digital transformation and smart city initiatives could lead to indiscriminate surveillance, with dangerous implications for civic and human rights. What is needed now more than ever are approaches that do not focus reservedly on violent extremism, but rather emphasize the prevention and reduction of digital harms. European and US partners have a key role to play here, not least in strengthening inclusive digital transformation, promoting independent and high quality online media and bolstering digital literacy.

One way to disrupt the risks of digital harms is by applying lessons from public health. This begins by continuously diagnosing the online threats, mitigating risk factors, reinforcing protective factors, and testing out measures to evaluate their outcomes. The US, Europe, and multilateral organizations can work with Central Asian public authorities, social media platforms and representatives of civil society to double down on inclusive digital transformation that simultaneously manages digital harms and short circuits the transition towards digital authoritarianism. This will require applying a wide range of measures in partnership with gatekeepers—trusted brokers—to deliver safer and secure online environments.

For Additional Reading

Rafal Rohozinski and Robert Muggah, “Central Asia’s Growing Internet Carries New Risks of Violence.” United States Institute of Peace. 15 June 2021. 

Kumar Bekbolotov, Robert Muggah, and Rafal Rohozinski, “Jihadist Networks Dig In on Social Media Across Central Asia.” Foreign Policy, 11 November 2020.


Cyber-States and US National Security: Learning from Covid-19

Fri, 03/20/2020 - 11:42am
What are the current implications for US national security? The first implication is our open market view of cyberspace and the sale of data by private social network companies like Facebook. Our national security is encumbered when private companies can use the data of citizens to sell to any entity who can pay, like the Cambridge Analytica case.

About the Author(s)

Cyberwar to Kinetic War: 2020 Election and the Possibility of Cyber-Attack on Critical Infrastructure on the United States

Wed, 01/29/2020 - 12:26am
The current possibility of the United States walking into a trap of a kinetic war is exceptionally likely, given the conditions that will be enumerated here, and the historical pattern of the US reacting to surprise attacks with the force of a giant rudely awakened from a deep slumber is not ahistorical. The Election of 2016 was a sure indicator of one phase of election manipulation.

About the Author(s)

Challenging Snowden: Spycraft, Ethics, and Amendments

Thu, 01/23/2020 - 12:32am
Is it ethical for the country’s intelligence agencies to exploit nearly every known wireless communication modality in favor of U.S. policies and interests even though it could potentially involve spying on countless American citizens in violation of the Fourth Amendment? Edward Snowden utilized principles of ethical decision making, but faulty logic resulted in a treasonous act with longstanding damage to U.S. intelligence operations and foreign diplomacy.

About the Author(s)

Uniting the Cyber Domain Stakeholders

Tue, 01/21/2020 - 12:11am
The United States faces an organizational dilemma when it comes to the cyber domain, as the Department of Defense, Department of Homeland Security, Intelligence Community, and the private sector all are stakeholders in the domain and the security. Uniting the stakeholders under one security domain, specifically quantum encryption, would strengthen the United States cyber defense against their adversaries.

About the Author(s)

Destination Atlanta: Ransomware Lessons for Municipalities and Law Enforcement

Fri, 08/23/2019 - 4:29pm
The rise of ransomware as an attack vector has continued to thrive and appears focused on those municipalities and law enforcement agencies with limited resources and unchecked system vulnerabilities. Of major concern are the evidentiary losses and reduction in consumer confidence within these governmental organizations requiring a new focus and financial expenditures to mitigate these attacks from occurring in the future.

About the Author(s)

OODA Loops in Cyberspace: How Cyber Awareness Training Helps Threat Actors SWJED Wed, 09/05/2018 - 6:45am
Cybersecurity’s human adversarial engagement is often lost in discussions of cybersecurity. We discuss how defenders’ focus on technology unintentionally creates vulnerabilities which can be exploited by threat actors. In particular, we discuss how the convergence of cyber awareness training and defensive technologies is exploited by threat actors with devastating consequences.