Threat Intelligence, Network Security, Network Security

The power and danger of using the cyber “T” word

When President Obama first addressed the nation in the hours following the Boston bombings last week, he admirably reserved judgment as to the motivation of the heinous attacks. "We still do not know who did this or why," he said. "And people shouldn't jump to conclusions before we have all the facts."

But as the president exited the podium without taking any questions, in a telling moment of what soon would come, the media that was present shouted: "Mr. President, was this terrorism?"

In his next address, the following day, everything was different. Obama referenced the attacks as terrorism, still without any evidence that an "unlawful use of force or violence...in furtherance of political or social objectives" (as the FBI defines terrorism) had actually occurred. The mainstream media, if it hadn't already, updated its menacing-looking graphics and headlines to reflect what it seemingly wanted to hear since the blasts went off near the finish line of the Boston Marathon. The parade of national security "experts" and counter-terror talking heads could officially commence.

But while we may now know who likely committed this cowardly act, we still aren't that much closer to understanding why. And we still still shouldn't jump to conclusions before we have all the facts.

Unfortunately, we already have.

And that's exactly why the term "terrorism" can be so reckless. Since it first was used to describe the bombings, it singlehandedly permitted the city of Boston to experience an unprecedented lockdown, transformed overnight into what briefly resembled martial law, where residents were forced from their homes at gunpoint to ensure that one of the suspects was not holed up there. And most residents dutifully submitted to this, without any reservations that the actions resembled an authoritarian state. The scene in Boston looked like something we are used to seeing in a faraway place. But in an instant, it was normalized in a neighborhood minutes from Fenway Park, all because the authorities were hunting for terrorists. Terrorists, you see. Not run-of-the-mill murderers.

And the worst could be yet to come if the bombings are used to usher in a further breakdown of Americans' privacy or a backlash against Muslims.

What has transpired in Boston and the surrounding areas is exactly the reason why the term terrorism is so dangerous. As Guardian columnist Glenn Greenwald has noted, the word is meaningless, but, at the same time, it justifies everything. And what separates the actions in Boston from that of the Newtown school shootings, the Aurora movie theater massacre, or the sniper spree in Washington, D.C.? The only constant, it seems, is that terrorism almost exclusively is used to characterize people of Muslim descent carrying out violence against Americans.

And just as a supposed act of physical terrorism has prompted hysteria on the streets of Boston, we must recognize that a similar consequence is just as plausible in the cyber realm. Already, members of Congress have used the blasts as a call to pass the controversial Cyber Intelligence Sharing and Protecting Act (CISPA). Rep. Mike McCaul, R-Texas, went as far as to conflate the explosions in Boston with the possibility of "digital bombs" being dropped on U.S. critical infrastructure.

Along these same lines, one should also recognize the increasing use of the word "cyber terrorism," itself a risky label to apply to malicious acts conducted online. While the definition is up for debate, the U.S. State Department has defined cyber terrorism as "the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents."

Has the U.S. ever been a victim of this? That's unlikely. Yet we have seen the designation applied on a number of occasions for far less calamitous acts. As an example, it recently was invoked in the wake of a series of distributed denial-of-service attacks launched against U.S. banking websites, presumably conducted because the alleged perpetrators were seeking the removal of a YouTube video that they found offensive to Muslims.

But there is no reliable evidence to suggest that the attacks launched by a group calling itself Martyr Izz ad-Din al-Qassam Cyber Fighters were terrorism related. No proof exists that the group is connected to any terror organizations. And the DDoS attacks didn't have any serious impact on banking infrastructure, i.e., no Americans lost access to their money, never mind any lives being harmed.

That didn't stop Obama-appointee Debbie Matz, chairwoman of the National Credit Union Administration and a former member of the president's economic team, from sending a letter in February to credit unions advising them to implement DDoS mitigation strategies given an “increasing frequency of cyber terror (emphasis mine) attacks on depository institutions.”

Distinction and nuance here are critical. Cyber terrorism is not espionage or online financial fraud. And it's certainly not firing packets of traffic at a server so a website gets knocked offline.

As Peter Singer, director of the Center for 21st Century Security and Intelligence, and a senior fellow in the Foreign Policy program at Brookings, wrote late last year: "About 31,300. That is roughly the number of magazine and journal articles written so far that discuss the phenomenon of cyber terrorism. Zero. That is the number of people who have been hurt or killed by cyber terrorism at the time this went to press."

That's why those in power who loosely wield a term as culturally and politically significant as terrorism, freely and indiscriminately, is textbook demagoguery. At its best, it will drive up levels of fear. At its worst, it will be used as justification to pass overly restrictive and invasive laws that govern use of the internet, while permitting increased surveillance and the seizure of personal information. Remember, if what we saw in the suburbs of Boston last Friday is any indication, actions you never thought imaginable could one day happen in cyber space too.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.