Evolution globally has become very rapid which in turn has also affected Negara Brunei Darussalam in general. This is due to not only the never ending enhancement of information technology (IT) and the dependence as well as reliance on technology. In light of this development, the world has become a more borderless entity and also a transparent one. With the emergence of the information superhighway communication and the sharing of information has become very fast which has befitted people around the world and has created a closer bond between them regardless of race, culture or religion. Bruneians cannot be disregarded in this as there is a shown impact of the usage of the information superhighway as a means to communicate given the fact that Bruneians constitute the highest rate of internet users in the region. Nevertheless, for each positive entity there is a side-effect as information technology can also be exploited which has given the rise to cyber-terrorism.
There any many versions to define the meaning of cyber-terrorism. It can be defined as an act of leveraging a target's computers and information particularly via the Internet in order to cause physical, real-world harm or severe disruption of infrastructure. Another definition is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. This misuse of information technology could also disrupt the flow of information and communications, especially for organisations in which are solely dependant on information and communication as a whole. Simply put, cyber-terrorism was said to be a convergence of cyberspace and how the use of the cyberspace be made as a tool or aid in terrorist activities.
The root of cyber-terrorism which is terrorism has also become more dynamic as technology has become more sophisticated, it is safe to say it grows in accordance with technology. A set example is the recent attacks in Mumbai as compared to the biggest terrorist attack of September 11th although in terms of casualties nothing measures up to the September 11th attacks but it can be seen that in a span of 7 years terror attacks have become more coordinated, widespread and unpredictable as technology becomes more enhanced. It could be expected, in the near future, the traditional terrorist threats or attacks would be overtaken by cyber-terrorism. It would be a better option as it can have a swift but disastrous effect. This option would also mean that actions taken by them would not amount to much bloodshed but has a very strong impact to the terrorists target. The internet is a very difficult medium to control as even a threat could look innocent, for example the rise of social websites such as FacebookTM or MyspaceTM, which has an increasing following cannot be controlled and when exploited it can be seen as a platform for recruitment by terrorist groups as well as an indoctrination of terror influence to the internet surfing generation. Since these sorts of websites are somehow protected by the users themselves, there would be no limit in expressing and influencing the world on their views or ideology. Another example would be the increase of electronic mail (E-Mail) subscribers, bulk or mass e-mails in the form of forwarded e-mails can be used to spread the terrorists cause world-wide. Not only that, e-mail is one of the major source of spreading computer viruses, bugs or other software that could harm a persons computer or an organisational network. As users of the internet increases and with limitless boundaries and minimal control, defence against cyber-terrorism would be an uphill struggle.
One of the major events which could have lead to cyber-terrorism was the start of the new millennium. The fear of the `Millennium Bug' has placed fear to users and also made it a potential platform for cyber-terrorists to conduct their malicious acts. Though nothing disastrous happened but it did bring up fear to the world and thus hindered activities for major organisations whether it is government or commercial. If things went their way, in a worse case scenario, a total black-out would be experienced by users and thus disrupt mostly everything and everyone that depends on technology leading their lives, from life support, finance and also records kept in a database.
The government would also have an affect due to the interlinking of government establishments through communication networks. These networks are considered one of the prime resources of communication and also exchange of information. This would also be a high profile target for cyber-terrorists as this would disrupt the government system and risks such as Denial of Service or illegal gathering of information would be a major issue.
As mentioned earlier, with the increase of dependency on technology, some organisations however would take this to their advantage, especially now as the environment has become more competitive in nature. For fear of subversion; be it commercial or military is becoming an increasing trend throughout. This could lead to extreme results if not guarded or put into place firewalls or some sort of security as if an enemy organisation for example a terrorist organisation happens to have hackers infiltration into a system would not be a problem.
For an organisation that is technologically superior, cyber-terrorism would be advantageous. For cyber-terrorists, they could easily attack silently due to the anonymity provided. Acting as parasites, they would just feed or do damage to users and would then move on to other targets knowing that it would take time to track them down. With the low cost and ease of obtaining IT facilities leads to mountless opportunities and also flexibility for a cyber-terrorism attack is there. Cyber-terrorists would not have to stay at one place to mount and attack but the effect would be worldwide with IT having a global reach. A cyber-terrorist which can remotely access and modify information in databases or even worse, destroying files, would could give much harm to organisations such as altering numbers for financial purposes and also to modify political ballots to their advantage. Another extreme scenario will be accessing air or maritime control centres' information, which could be done from through the internet, to identify and track flights or shipping to target and also leads to confusion which could cause collisions. But as most of terrorist actions where conducted with the reasoning to show the world their capabilities and their cause, cyber-terrorism, in which could affect the whole world and would mean world media coverage and this is ultimately what the terrorists want.
But surprisingly, some hacking tools could be found in computer shops and can also can be made available online. An example of these hacking tools is the key logger. It is a simple device that could be plugged into a USB slot to access passwords and also gather important documents from an unknowing user with little or no encryption on their systems. To add to this easily available hacking tools will be the ease of availability of hacking software and also communications tapping devices. To increase the threat, with more increased usage of wireless networks, this could be easier to be executed without being physically connected to a cable network which makes tracking even more difficult.
The widespread usage of Global Positioning Systems (GPS) has now picked up and has increased in popularity. From personal and public transportation and also the military is dependant on GPS in position finding. The threat to these users is the availabilty of GPS jammers or parts to manufacture a jammer in which could be obtained in small sizes. Confusion or adverse consequences for example in military target acquistion could be a result from jamming GPS signals. This was experienced during a commercial demonstration for a military tank in Europe where the tank went out of control and went into a ditch when the GPS equipment was jammed by an unknown source.
To show the vulnaribility of the system nowadays against cyber-terrorism threat, an exercise was conducted by the National Security Agency (NSA) in the United States in which a team of thirty-five hackers attempted to hack the national security systems. In doing so, they were allowed to penetrate any Pentagon network and could only use hacking software that could be downloaded freely from the Internet. They started mapping networks and obtaining passwords gained through "brute-force cracking" (a trial-and-error method of decoding encrypted data such as passwords or encryption keys by trying all possible combinations). Often they used simpler tactics such as a telephone call, pretending to be a technician or high-ranking official, and asking for the password. From their actions, the hackers managed to gain access to dozens of critical Pentagon computer systems. Once they entered the systems, they could easily create user accounts, delete existing accounts, reformat hard drives, scramble stored data, or shut systems down. They broke the network defenses with relative ease and did so without being traced or identified by the authorities. This was a shocking result to the organisers as in the first place, the team of hackers had shown that it was possible to break into one of the United States national security system and, potentially, if given time, cripple it. In the second place, the NSA officials who examined the experiment's results found that much of the private-sector infrastructure in the United States, such as the telecommunications and electric power grids, could easily be invaded and abused in the same way. But this was just in the United States alone, and as the cyberspace has a global reach and would have a higher risk of vulnarability with reduces security systems, this would also result in crippling, invasion and abuse of systems globally with ease. According to Symantec, one of the world's corporate leaders in the field of cybersecurity, new vulnerabilities to a cyberattack are being discovered all the time. The company reported that the number of "software holes" (software security flaws that allow malicious hackers to exploit the system) has grown throughout the years. Still, Symantec claimed that no single cyberterrorist attack was recorded. This may reflect the fact that terrorists do not yet have the required know-how. Alternatively, it may illustrate that hackers are not sympathetic to the goals of terrorist organizations—should the two groups join forces, however, the results could be devastating.
The Royal Brunei Armed Forces (RBAF) being a defense entity of the Brunei Government can be considered a high profile target cyber-terrorism. With the increased reliance of technology in dealing with day to day work, especially for data transfer and communications, the threat posed on the RBAF could be subversion in the form of propaganda, disruption of information, for example intelligence information and also disruption of communications. The RBAF has taken some measures to combat this which is stated in the chapter on Information Technology Security in the RBAF Manual of Security, personnel training and also having secure communications amongst others. Not only the RBAF, but also throughout Negara Brunei Darussalam or throughout the world, dependency on technology has also increased. Convenience being one of the main reasons for utilising technology increases their dependency. Critical usage such as in finance and in communications would have an extremely costly effect to the nation economically if tampered. This would in turn affect the integrity of the nation as it is known to be an `abode of peace'.
In turn, combatting cyber-terrorism has also become an economical interest. With the heightened fear of cyber-terrorism, an “arms race” for better technological security in defending their equipment against the risk of cyber-terrorism threat. The rise in the number of consultants and also availability of security software and devices has become an economical advantage as the products they offer would be an increasing need with the increased dependancy due to the threat that might appear.
Measures should be taken to deter and combat cyber-terrorism not only by organisations but also thoroughout the nation. The most important key in upholding these measures will be education. As knowledge can be the core in combatting cyber-terrorism, it is up to the nation to train and educate the users and this will build a defensive wall against cyber-terrorism. Some measures can be found off the shelf, for example anti-virus software, but another important measure will be the discipline instilled to users when dealing with information technology tools. By controlled access to malicious sites or parental guidance in usage of the internet, this too will help lessen the vulnaribilty for cyber-terrorist actions. Users can also contribute by having off the shelf software such as anti-virus software and also regularly updating operating systems and softwares. The usage of firewalls or cryptography which in turn improves computer security would also help in deterring cyber-terrorism. One of the major deterrance of cyber-terrorism would be the setting up of a national counter-terrorism organisation as it would be the first line of defence for cyber-terrorism.
Regionally, the Association of South East Asian Nations (ASEAN) has recognised cyber-terrorism as a new security threat and was first brought up in one of the seminars in the 11th ASEAN Regional Forum (ARF) in 2004 in which, attending the seminar was representatives from the ARF participants including Negara Brunei Darussalam. The main objective of the seminar was to share information and ideas on the national policies of ARF member countries on cyber terrorism and to encourage the cooperative and effective efforts to combat diverse cyber threats and cyber terrorism. It was also intended to build trust and confidence and enlarge the network of the cyber security community within the ARF community.
Although comfirmed cyber-terrorism attacks has not been announced or recorded, but a risk is there and measures has to be put up to secure global networks against them. The fear of cyber-terrorism is still there with the relative rise on technological dependency and cyber-terrorism opportunities such as hackers and viruses. As terrorism is still a global threat, the world has now put up defences to act as countermeasures to deter or deny any terror attacks, and counter cyber-terrorism should be one of them based on the popularity, dependancy and reach the technology has to offer. Potential cyber-terrorists such as hackers are now becoming popular with the younger generation as they grew up in the techological era. An increased emergence of younger generation taking hacking as a hobby should also be a worry as this would provide a grooming and training opportunity for a new generation of terrorist. It would also give a dynamic result for terrorist if they are able to converge traditional acts and cyber-terrorism as a combined terrorist act.