COMBATTING CYBER SUPPORTED TERRORISM – PART 2
CURRENT STRATEGIES FOR DEVELOPING RESILIENCE
Dr. Robyn Torok
SECAU Security Research Centre
The term ‘cyber terrorism’ often has different connotations with some limiting the term to the disruption or destruction of computer networks or systems. With cyber supported terrorism as the central threat, Part 2 examines policy options for developing resilience, exploring what has been done as well as future possibilities and directions.
Given the barriers faced in developing resilience against cyber supported terrorism, it is important to look at where Australia stands and what other countries and transnational organisations have done in dealing with such an advanced persistent threat.
Australia
Australia has well developed anti-terrorism legislation, the Anti-Terrorism Act enacted in 2005. However, while this legislation provides a solid framework, it falls short in addressing the complexities of cyber supported terrorism. In addition, the strategy paper for dealing with transnational terrorism emphasises legal, forensic, regional and international forms of cooperation. While this important policy document clearly acknowledges cyber supported terrorism, its section on countering the terrorist threat fails to adequately address this threat.
More recent policy documents dealing with cyber operations in Australia are also currently inadequate in dealing with the specific threat of cyber supported terrorism. The 2009 Cyber Security Strategy has a number of strategic priorities that deal with more direct cyber threats such as cybercrime and information security rather than how terrorists use the internet as a facilitator for their operations and propaganda. The announcement of Australia’s first Cyber White Paper in 2011 provides an important opportunity to specifically address strategies dealing with cyber supported terrorism. A paper commissioned by the Kakoda Foundation argues for the need to better develop cyber security and address cyber threats but also fails to address issues related to cyber supported terrorism. Given Australia’s need to develop a more comprehensive response to the advanced and persistent threat of cyber supported terrorism, it is important to see if other countries or organisations can provide some future directions at this important time when Australia is developing its Cyber White Paper.
United Kingdom (UK)
In 2010 the UK Home Office launched the Counter-Terrorism Internet Referral Unit to investigate and act against illegal internet content. While this unit has had some success, its overall impact is regarded as miniscule. Coupled with this initiative is the fact that in the UK, ISP’s can be held liable for material. This has been contentious with the Internet Service Providers Association arguing that it has no problem removing material when asked to do so by the Counter-Terrorism Internet Referral Unit, however, it is impractical for ISP’s to monitor the vast amount of material on its servers as well as make complex legal decisions about what constitutes illegal material. Consequently, the House of Commons Home Affairs Committee in 2012 recommended focusing on strategic prosecutions of those producing radical materials in addition to greater transnational cooperation given that many illegal sites were hosted overseas.
Given the recent move of many terrorists organisations to social media on platforms such as Facebook, YouTube and Yahoo, the House of Commons Home Affairs Committee has recommended bringing pressure on these big internet companies. These sites have an overwhelming number of pages dedicated to extremist ideology. Whilst some radical pages are removed, they quickly reappear.
Since it is clearly impractical to shut down or stop access to radical sites, UK policy makers have increasingly shifted to education and counter radicalisation strategies. One such initiative is the Radical Middle Way website (www.radicalmiddleway.co.uk) that is designed to target young British Muslims and steer them away from extremism. Another such initiative is an advice line staffed by moderate Islamic scholars (www.elhatef.com) where Muslims can turn to for issues or questions of faith rather than seeking advice from the large amount of radical material on the internet. In addition to these strategies there is a need to teach children to be more aware and critical of material when using the internet.
United States (US)
Given the events of 9/11, the US perhaps more than any other nation has developed a number of strategies to combat cyber supported terrorism. While space prevents a complete and comprehensive overview, a number of key strategic policy directions will be outlined. First, there are the new legal frameworks. These include the Patriot Act and the Homeland Security Act which give law enforcement greater powers in surveillance and investigation. Another piece of legislation specifically related to online radicalisation is The Violent Radicalization and Home-grown Terrorism Prevention Act of 2007 (S.1959/H.R.1955). However, this legislation has been criticised for its encroachment on free speech and civil liberties particularly due to its focus on ideology rather than criminal action. The Patriot Act has also been heavily criticised by giving greater powers to law enforcement to monitor internet activities including personal emails. Coupled with such legislation is a shift towards more forward looking and proactive policing in an attempt to prevent acts of terrorism.
In terms of tackling the broader issue of radicalisation, The White House has stressed the need for public and private partnerships to combat the proliferation of terrorist ideology on the internet. In 2011, the government introduced a strategy for countering violent extremism (CVE) aimed at promoting links with US Muslim communities yet has been criticised for its vagueness which includes a failure to specifically combat internet radicalisation. Despite these criticisms, the US has several organisations and agencies that conduct strategic communications and undertake counter radicalisation and propaganda strategies.
Europe
The European Union (EU) has made the countering of radicalisation and extremism one of its highest priorities in an attempt to curb terrorist recruitment amongst the EU’s significant Muslim population. The Council of the European Union has promoted a strategy of sharing the burden of monitoring internet sources to determine their threat to promoting radicalisation.
Another important body in developing resilience against cyber supported terrorism is the Action against Terrorism Unit (ATU) that forms part of the Organization for Security and Co-operation in Europe (OSCE). The ATU has made a number of important recommendations which are summarised below:
• Greater legal cooperation is needed in regard to terrorism
• Greater exchange of information and intelligence is needed between nation states
• Greater cyber forensic capacity is needed in order to successfully track and prosecute
• Greater cooperation on criminal matters
• Greater effectiveness in both monitoring the internet and exploiting counter narratives
• Greater promotion of public private partnerships
As evident in these recommendations, counter radicalisation forms a fundamental and central aspect to resilience strategies.
United Nations
To aid in transnational cooperation as well as the development of effective strategies in the fight against terrorism, the United Nations set up the Counter-Terrorism Implementation Task Force (CTITF). The United Nations Counter-Terrorism Implementation Task Force argued that the fight against cyber supported terrorism must involve technical and legal solutions coupled with effective policy. Not only is transnational cooperation emphasised but the need for public/private partnerships is absolutely critical given that much illegal material is privately hosted.
In terms of legal recommendations, the CTITF has indicated that many countries have inadequate frameworks for dealing with cyber supported terrorism. While some countries have developed specific legislation to cope with the complexities of the internet, many are using either existing cybercrime legislation or counter-terrorism legislation that may be inadequate when presenting a case against cyber supported terrorism.
Perhaps one of the most significant transnational strategies is the development of counter narratives. An effective starting point for dealing with cyber supported terrorism is to read their narratives and materials. The development of counter narratives are particularly important especially since many radical narratives are more ‘objectionable’ than illegal and often fall short of directly propagating or even condoning violence. Specific strategies recommended by the United Nations Counter-Terrorism Implementation Task Force include identification and deconstruction of extremist narratives, collecting effective counter narratives and targeting these to vulnerable groups. Such measures are critical in weakening the appeal of key discourses such as the teachings of al-Awlaki and reducing the glory associated with the terrorist lifestyle. Essentially, the legitimacy of key clerics and radical leaders must be challenged.
CONCLUSION AND FUTURE DIRECTIONS
While the threat of cyber terrorism cannot be ignored, at present it is not the advanced persistent threat that cyber supported terrorism is. In other words, terrorists are primarily using the internet as a tool to facilitate terrorism rather than a target to attack. Although the definition of cyber supported terrorism is broad, a large policy emphasis in Western nations is targeted towards developing resilience against the large amount of online extremist material used to recruit and propagate terrorism. Consequently, although cyber supported terrorism in general is an advanced persistent threat, it is the propagation of this form of terrorism and the narratives associated with it that form the most significant dimension of this threat.
On comparison of the barriers to resilience with strategies used, some clear future directions are present. First, any technical aspects will form only a small part of the solution especially given the difficulties and ineffectiveness of shutting down sites and pages. Second, clear legal frameworks are critical in dealing with cyber supported terrorism and these legal frameworks need to evolve and adjust to not only technology but to strategic changes made by terrorist groups. Third, increasingly sophisticated monitoring and forensic techniques are needed in dealing with a constantly changing cyber landscape. Fourth, there is the critical need for cooperative partnerships. These include both transnational as well as public private partnerships especially in the area of dealing with radical content. Finally, there is the clear need to better understand the terrorist message and develop effective counter narratives. The British supported websites provide a good policy model.
At a time when Australia is developing a comprehensive Cyber White Paper, it is a prime opportunity to ensure these strategic directions are encompassed including the need to develop resilience against online recruitment and radicalisation.
In conclusion, cyber supported terrorism has and will continue in the near future to represent an advanced persistent threat that will require a range of technical, legal and policy strategies that will need to continue to evolve with the aid of intra and international partnerships.
About the Author
Dr. Robyn Torok is a researcher and analyst at SECAU Security Research Centre, Edith Cowan University with a focus on the discourses of terrorism: The role of internet technologies (social media and online propaganda) on Islamic radicalisation and extremism post 9/11. She can be contacted at rtotok@our.ecu.edu.au