While the debate is currently raging regarding the definition of cyber war, another central debate in cybersecurity is the issue of cyber terrorism. Jim Lewis, of CSIS, believes that cyber terrorism is not the principle threat at present, largely because he does not think terrorists presently have the capability. “I don't worry about cyber terrorism,“ he said at a recent event in the Washington, DC area. “If they had the capability, did you think they would wait to use it?“
Back in early February, Robert Knake wrote an article published on CFR titled “Cyberterrorism Hype v. Fact.” In it, he argues that “For now, the United States has little to fear from al-Qaeda on the cyberfront. Only a handful of sophisticated nation states currently have the ability to carry out a devastating cyberstrike.”
Jeff Carr, author of Inside Cyber Warfare, wrote a critic on his blog that challenged some of Knake’s assumptions, including that his focus on Al Qaeda as the sole possible terrorist threat is too narrow. Carr was kind enough to publish Knake’s response to Carr’s criticism.
Knake’s response touches on several sections of Carr’s critic that he views as slightly flawed. For example, jihadism is not a monolithic entity, but rather a disparate subset of terrorist organizations, most of whom are not affiliated with one another.
Perhaps most interestingly, Knake believes that the term “cyber terrorism” might prove useful. “As we develop norms for the use of cyber attacks, it may be useful to characterize and think about certain kinds of attacks as cyberterrorism. Such a label would suggest that these attacks are not permissible,” Knake writes.