IST faculty engaged in fight against cyberterrorism

On February 9, the White House announced the Cyber Security National Action Plan, a major initiative to fortify the government's digital defenses and educate Americans about ways they can improve their own digital security. Improving national cyber defenses is a key component in combating terrorist organizations such as the Islamic State of Iraq and the Levant (ISIL), which are relying on increasingly sophisticated techniques to wreak havoc on the international community.

At Penn State's College of Information Sciences and Technology (IST), several faculty members are engaged in research and teaching activities that seek to identify the ways in which terrorists use technology to advance their agendas and how counterterrorism experts and law enforcement agencies can stay one step ahead of the perpetrators.

"Tech-savvy terrorism networks such as ISIL pose a global threat to peace and stability," said Andrew Sears, dean of the College of IST and Interim Chief Information Security Officer (CISO) for Penn State. "At the College of IST, we are dedicated to providing students the knowledge and skills they need to combat these malevolent actors as well as contribute to international efforts to fight cyberterrorism."

Pete Forster, associate dean for online and professional education and the academic program coordinator of the Homeland Security Master of Professional Studies program at the College of IST, is on the front lines in the battle against cyberterrorism. He is co-chairperson of the Combating Terrorism Working Group (CTWG), which is composed of a body of international experts devoted to addressing critical terrorism-related challenges and formulating recommendations for appropriate policy responses. The CTWG is part of The Partnership for Peace Consortium of Defense Academies and Security Studies Institutes -- a voluntary association of institutes of higher learning in defense and security affairs.

According to Forster, terrorists have always sought to communicate their actions to each other and the public generally, but in recent years have adopted the Internet to employ a "little twist to manipulate people to take action." Terrorists are engaged in an online grooming process that is similar to tactics used by child pornographers or human traffickers, he said, in which they identify vulnerabilities and establish relationships with individuals. After ensnaring recruits, terrorists often transfer their interactions to the dark web -- World Wide Web content that exists on darknets, overlay networks that use the public Internet but require specific software, configurations or authorization to access.

"Terrorist groups are using the Internet very effectively to get their message out," Forster said. "Their mode of communication has moved to a new plane in the cyber world."

Don Shemanski, a professor of practice in the Security and Risk Analysis (SRA) program at the College of IST, has a wealth of experience to draw from when analyzing current events. He served for 23 years as a diplomat with the United States Foreign Service then, prior to joining IST in 2008, he served as Counselor for Global Affairs at the U.S. Embassy in Berlin, where he directed the office responsible for policy issues such as counter-terrorism, nuclear nonproliferation, climate change and international judicial assistance.

From a terrorist's perspective, Shemanski said, cyberterrorism is advantageous since it can be done remotely and costs less than conducting physical attacks. To carry out their operations in cyberspace, he added, terrorists employ tactics such as using graphics to conceal their online messages and soliciting donations through PayPal. In addition, they often broadcast their messages via YouTube clips.

Gerry Santoro, a senior lecturer of IST who teaches in the SRA program, said that many of the techniques used by hackers and cybercriminals are increasingly being adopted by terrorists. In June 2015, the Federation of American Scientists (FAS) disclosed a Congressional Research Service (CRS) report that warns that hackers potentially affiliated with terrorist groups or rogue nations have the ability to insert harmful malware into the internal systems governing the U.S. grid, which increasingly are being hooked into the Internet.

"The Internet can be used to deliver cyberweapons," Santoro said. "The fear is that these skills are making their way to terrorists."

Shemanski and Santoro both said that they incorporate discussions on current events in their SRA classes. Shemanski conducts simulation exercises in his classes that require students to think strategically. Santoro said that every morning, he highlights news articles for students to read, adding that they "need to stay up to date on technology and the evolving law around security."

In many instances, Forster said, terrorists have "taken advantage of laws to protect the privacy of innocents" to conduct nefarious activities on the Internet. Edward Snowden -- a former National Security Agency (NSA) subcontractor who made headlines in 2013 when he leaked top secret information about NSA surveillance activities -- brought the issue of privacy versus security to the forefront.

"How do we need to adapt our legal system to address these issues and what is the balance of privacy versus security that we wish to achieve?" Forster said.

One major hurdle that counterterrorism experts and law enforcement officers face, Forster said, is that the amount of "digital exhaust," which refers to everything consumers do on a daily basis—clicks, tweets, searches, Facebook posts -- makes filtering out suspicious online activities extremely challenging.

"There's so much data, how do you find those things that are a threat to us?" he said.

To deal effectively with the dark side of the Internet, Forster said, the law enforcement community needs to develop a communication-based plan and deliver better education to the public on the dangers of cyberspace.

In the aftermath of the November 2015 Paris attacks that killed 130 people, news organizations such as The New York Times and NBC News reported that unnamed officials suggested that terrorists used encryption and communication platforms like Silent Circle, Telegram and WhatsApp to plan their activities. Encryption is where data is rendered hard to read by an unauthorized party. Since encryption can be made extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption. According to news reports, the law enforcement and intelligence communities in the United States, and to some extent in Europe, have been asking tech companies (which are pushing back) to give them a backdoor into these kinds of encrypted communications.

On February 16, Apple CEO Tim Cook posted an open letter to the company's customers announcing that Apple would oppose an order from a U.S. Federal judge to help the FBI access data on an iPhone 5c used by San Bernardino shooter Syed Farook. Cook starts the letter noting that smartphones have become an essential part of people's lives and that many people store private conversations, photos, music, notes, calendars and both financial and health information on their devices. Ultimately, Cook says, encryption helps keep people's data safe, which in turn keeps people's personal safety from being at risk.

In contrast, Forster believes that breaking encryption may be necessary to successfully combat cyberterrorism, saying that law enforcement officials should "look for a streamlined legal process that would allow for the breaking of encryption."

"The ability to look at encrypted data is probably going to be helpful," he said.

Santoro, on the other hand, isn't convinced that governments breaking encryption is a sound strategy to combat cyberterrorism.

"Do you want to allow governments to have a backdoor to encryption?" he asked, rhetorically. "If you do, I guarantee criminals and terrorists will also have access to those backdoors."

According to Shemanski, dealing effectively with cyberterrorists requires a national initiative to secure cyberspace that includes "good, active intelligence about terrorist operations" and beefing up cyber defenses (i.e. firewalls).

"Our reliance on technology is clearly not going to become less in the next five to 10 years," Shemanski said. "There are so many lucrative targets [for terrorists] and that is only going to increase as time goes on."

Last Updated March 01, 2016