Cyber Terrorism: The Greatest Risk in the U.S. Tremendous technological advancements have been made in the last few decades. Today, humans depend more on computer networks and information technology (IT) systems than on other means for information. From business to government, computer networks are relied upon to store, process, retrieve, and transfer critical information. Increased dependence on computer networks has, however, posed a major threat. Cyber terrorism is now arguably the biggest threat facing the U.S. (Harress, 2014; Thomas, 2016). Attacks against computer networks via computer viruses, worms, malware, and hacking have become increasingly common. The attacks are directed to information systems and infrastructures that support critical processes such as defense, transportation, banking, and energy production. This threatens the country's social, economic, and political stability. Nonetheless, there are often assertions that the risk of cyber terrorism is not as pervasive or substantial as often portrayed. Though there could be some truth in this argument, cyber terrorism has become the most significant national security issue for the U.S. This paper discusses why cyber terrorism is the greatest risk facing the U.S. The paper specifically focuses on what constitutes cyber terrorism, why the threat of cyber terrorism cannot be understated, and the way forward towards deterring cyber terrorism.

Defining Cyber Terrorism

Defining cyber terrorism can be difficult. As per U.S. law, a terrorist act has three aspects: the act is violent and potentially threatens human life; the act is unlawful in light of criminal law; and the act is fueled by ideological reasons (Chen, Jarvis & Macdonald, 2014). This definition, however, largely mirrors the conventional form of terrorism, where predominantly there are physical consequences such as the destruction of property and loss of human life. Today, terrorist acts can be executed without necessarily bombing buildings or killing people. This new form of terrorism is referred to as cyber terrorism. It generally refers to the deliberate and planned disruption of computer networks or IT systems mainly with the aim of causing and spreading fear (Pedersen, 2014). State-sponsored hackers, hired hackers, international cyber syndicates, as well as terrorists may execute the attacks. It is important to note that attacks on computer networks are not a recent happening. As early as the 1990s, when the internet revolution was evolving, defacing websites was a common phenomenon (Weimann, 2004). Nonetheless, such acts were largely driven by ego or economic gain. Today, however, hackers are increasingly driven by ideological reasons. They are more determined to cause fear as well destabilize the government and the economy. Instances of hackers stealing classified information from federal agencies and employees, or targeting information systems that support critical infrastructures and businesses have been on the rise. Such attacks are usually not motivated by egoistic tendencies -- they tend to be driven by a belief in the ideology of creating disorder, terror, and destabilization.

In essence, as the name suggests, cyber terrorism "is the convergence of cyberspace and terrorism" (Weimann, 2004, p. 4). It denotes malfide attacks on computer networks, and information systems aimed at intimidating or coercing the government or its subjects in advancement of ideological or political objectives. Though such attacks may not cause physical violence against property or persons, they can result in substantial harm, enough to cause panic.

The Threat of Cyber Terrorism: Real or Exaggerated?

Rise in Cyber terrorism has been termed as the...

presently (Harress, 2014; Thomas, 2016). In 2013, a sequence of sophisticated denial-of-service (DOS) attacks against government computer networks as well as hacking attempts on Central Intelligence Agency's (CIA) were reported (Harress, 2014). In addition, BAE systems, the largest defense firm worldwide allegedly encounters cyber-attacks as frequently as twice weekly (Thomas, 2016). This presents a major risk to the government given the firm is one of the largest suppliers of military equipment and systems to the Department of Defense (DOD). Such incidents, which are merely a few of the many reported and unreported attacks, have caused the federal government to pay greater attention to the threat of cyber terrorism in the last few years.
A cyber-attack on government information systems is obviously not an attack that can be ignored. The CIA and the DOD, for instance, are involved in critical activities aimed at guaranteeing national security, including intelligence gathering. Accordingly, cyber-attacks on computer systems and networks that support these agencies can result in the loss of or unauthorized access to highly classified information. Adversaries can use the information to plan catastrophic attacks against the U.S. or counter attacks directed by the U.S. against them.

Whereas attacks on government computer networks cannot be underrated, attacks on energy sector pose an even greater threat. The energy sector is without a doubt the lifeline of the U.S. economy. Without electricity and fuel, economic activity would literally come to a standstill, substantially affecting the day-to-day life of the public. In 2014, internet security firm Kaspersky announced that it had discovered the most sophisticated cyber weapon it had ever encountered (Harress, 2014). The firm said that the attack, which involved taking over IP addresses and stealing personnel emails, had primarily targeted oil and gas companies. A successful attack on the energy sector would have devastating impacts on the economy. Transportation systems, manufacturing and industrial processes, and other economic activities that are crucial for everyday life would be considerably disrupted.

Businesses also face the threat of cyber terrorism. Business organizations rely on trade secrets to build competitive advantage and outsmart their rivals. They also possess a great deal of confidential information relating to consumers, employees, as well as strategy and organizational processes. Further, in an effort to achieve efficiency and optimize operating costs, businesses have become extensively dependent on IT systems. This has, however, increased their vulnerability to cyber-attacks. Attacks on Sony's Playstation network as well as Microsoft's Xbox Live network are two recent examples. Indeed, cyber terrorism has become a perilous reality for businesses that they need to counter.

One may readily argue that attacks on business information systems are not fit for classification as acts of cyber terrorism -- they could be seen as more of cyber-crimes as opposed to terrorist attacks. This is, however, not necessarily true. In the case of Sony and Microsoft, for instance, the attacks led to unauthorized access to confidential employee and consumer data. The impact of such an event on a business organization can be overwhelming, particularly with respect to revenue loss, public confidence loss, intellectual property loss, and brand damage. This damage evidently reflects the fundamental motive of terrorism -- to cause panic. More importantly, most attacks on business organizations seen today tend to be obviously tied to geo-political situations, making them even more representative of terrorist attacks. There is, therefore, need for business organizations to priorities IT security more.

While the threat of cyber terrorism appears real by all means, some commentators view it as exaggerated. According to Weimann (2004), most possible attacks on critical information systems are overstated. Weimann's (2004) contention was informed by three reasons. First, at the time the assertion was made, there was no instance of reported, authentic cyber terrorism -- there were only speculations and sensationalized media reports. Second, cybercrimes are often mistaken for terrorist acts. Generally, cybercrimes differ from cyber terrorism in the sense that the former are driven by economic gain or the hacker's ego, while…