Cyberwarfare and Cyberterrorism: In Brief (CRS Report for Congress)
Premium Purchase PDF for $24.95 (15 pages)
add to cart or
subscribe for unlimited access
Pro Premium subscribers have free access to our full library of CRS reports.
Subscribe today, or
request a demo to learn more.
Release Date |
March 27, 2015 |
Report Number |
R43955 |
Report Type |
Report |
Authors |
Catherine A. Theohary, Specialist in National Security Policy and Information Operations; John W. Rollins, Specialist in Terrorism and National Security |
Source Agency |
Congressional Research Service |
Summary:
Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism. Cyberwar is typically conceptualized as state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force. Cyberterrorism can be considered "the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives." Cybercrime includes unauthorized network breaches and theft of intellectual property and other data; it can be financially motivated, and response is typically the jurisdiction of law enforcement agencies. Within each of these categories, different motivations as well as overlapping intent and methods of various actors can complicate response options.
Criminals, terrorists, and spies rely heavily on cyber-based technologies to support organizational objectives. Cyberterrorists are state-sponsored and non-state actors who engage in cyberattacks to pursue their objectives. Cyberspies are individuals who steal classified or proprietary information used by governments or private corporations to gain a competitive strategic, security, financial, or political advantage. Cyberthieves are individuals who engage in illegal cyberattacks for monetary gain. Cyberwarriors are agents or quasi-agents of nation-states who develop capabilities and undertake cyberattacks in support of a country's strategic objectives. Cyberactivists are individuals who perform cyberattacks for pleasure, philosophical, political, or other nonmonetary reasons.
There are no clear criteria yet for determining whether a cyberattack is criminal, an act of hactivism, terrorism, or a nation-state's use of force equivalent to an armed attack. Likewise, no international, legally binding instruments have yet been drafted explicitly to regulate inter-state relations in cyberspace.
The current domestic legal framework surrounding cyberwarfare and cyberterrorism is equally complicated. Authorizations for military activity in cyberspace contain broad and undefined terms. There is no legal definition for cyberterrorism. The USA PATRIOT Act's definition of terrorism and references to the Computer Fraud and Abuse Act appear to be the only applicable working construct. Lingering ambiguities in cyberattack categorization and response policy have caused some to question whether the United States has an effective deterrent strategy in place with respect to malicious activity in cyberspace.