Last Friday, Foreign Policy ran an online article by the NEFA Foundation’s senior investigator Evan Kohlmann, ‘A Web of Lone Wolves’, in which he exhorted US security agencies to get their act together in dealing with terrorist propaganda on the internet. In a refreshing departure from his occasional hawkishness, Evan rightly summed up one particular factor in governments’ responses to the problem:
With such a generalized threat, it will be a continuing challenge for Western governments and societies to draw the fine line between what is protected under the freedom of speech and what is criminalized as direct incitement to murder.
This is correct, as we flagged up in our ICSR report on online radicalisation earlier this year, and is also a problem similar to those faced by governments in tackling the potential of cyberterrorism. I wanted to just briefly point out the differences between the terms, ‘internet terrorism’ and ‘cyberterrorism’, or at least what they represent in public discourse.
‘Internet terrorism’ is used to describe many activities but generally refers to the use of the internet for the recruitment, radicalisation and mobilisation of individuals into extremism, and crucially involves the publication of propaganda that facilitates this, as well as the types of online fora in which interactions take place. Most of this activity is geared to effecting kinetic terrorism in the physical world, although the ‘e-jihad’ is sanctioned as a legitimate branch of jihad in itself; participants are performing their duties to Allah even if not engaged in physical actions.
‘Cyberterrorism’, on the other hand, is the exploitation and subversion of computer networks themselves, for the purposes of facilitating or causing acts construed as terrorism. Examples include the theft of intelligence data, the manipulation of SCADA (Supervisory Control and Data Acquisition) systems, disruptive hacking of government assets, etc; the list is long. Although the risks of cyberterrorism are massively overhyped, the possibilities exist, and security planners are paying a great deal of attention to them.
Whilst there might be a good deal of overlap between the two―extremists might discuss hacking power networks openly on a forum, for example―they are quite different, even if often confused in newspaper reports, etc. I don’t particularly like either term, and I’m only using them because they are illustrative of concepts. I think of both as forms of terrorism, in terms of desired effects (material damage, publicity, human costs) and actors, although there are so many disputes and terminological debates in this field that one is liable to receive a bloody nose no matter what one says.
Perhaps more importantly, counter-strategies differ depending upon what it is we’re talking about. It could perhaps be said that ‘internet terrorism’ is better tackled at the ‘hearts and minds’ level, although technical knowhow is obviously required when it comes to disrupting and interdicting particular elements of the techno-social world of the internet. ‘Cyberterrorism’ is a trickier beast to prevent, and probably relies as much on network defensive measures as it does on sorting out the root causes of why people might feel the need to put people’s lives at risk in these ways. Both require legal clarity, political sensitivity, and social awareness, as well as an iron fist when really necessary.
The core difference is that ‘internet terrorism’ is about ideas and getting people to act upon them; ‘cyberterrorism’ is about control over resources and connectivity. The former is more ideological, the latter logistical. It’s easier to punt ideas onto the internet than it is to take control of an enemy network. The effects of either could be very serious indeed, although the likelihood of either resulting in human casualties is actually very low. Neither is ‘new’ in the sense that war has always involved clashing ideologies, as much as it has been largely dependent on logistical superiority. The modern vehicle of this particular conflict of wills―the internet―sometimes causes things to become slightly foggy, particularly linguistically. We need to be clear what we’re talking about or we won’t find effective strategies for coping with it.