Final Research Paper

Final Research Paper

Ethan Klussman

FIAD 3300

March 28, 2021

Professor Charter

Page | 1
 Final Research Paper

The world of emergency management is always changing. We have seen a dramatic

change in how our government has responded and reacted to natural and man-made disasters. As

our approach has evolved, we have been able to learn valuable lessons from each catastrophic

event. Not all lessons learned are from negative outcomes, but a vast majority of our lessons

learned are from failures realized during or after the fact. As we look at how emergency

management is handled, we rely heavily on electronic means for communication (i.e., cell

phones, computers, mobile platforms, servers, mobile and portable radios, etc.), data gathering,

asset tracking, financial transactions, just to name a few. Due to the ever-changing technology,

every year we rely more on the electronic footprint to enhance our capabilities. Our challenge is

to prepare for the consequences of a major cyber terrorist attack that could cripple our entire

emergency management system.

One recent example from our local community has caused significant concern across our

region. In December of 2020, our county 911/dispatch center was a victim of a cyber-attack.

Computer hackers were able to bypass a sophisticated firewall and security system with a simple

email attachment. Once the recipient opened the email, a trojan horse was put in place and

allowed the hackers complete access to all the servers, computers, and any device connected to

the network. This included the 911 phone lines. The hackers were able to take our 911 system,

computer aided dispatch system, and they had control of the radio system. Fortunately, for the

communications center, the terrorists did not take the radios offline but did disable the 911 phone

system and the computer aided dispatch consoles. This created a firestorm unlike anything we

have seen in recent memory. Dispatchers did not have the skill set to locate the appropriate

jurisdiction the call belonged to (they dispatch for 17 jurisdictions), manually dispatch the calls,

and systematically track what assets were in service and which were not. It took nearly 12 hours

Page | 2
 Final Research Paper

to implement a system that would allow the dispatch center to function but it required twice the

staffing and 60-120 seconds longer to accomplish the same task they were doing with the

computer.

Cyber terrorism is not a new threat. This threat has been around since the late 1990’s. It has

become more prominent over the years due to the resiliency of would-be terrorists that want to

inflict financial, physical, and emotional pain on a person, region, or even a country. In 2001,

[ CITATION Mic01 \l 1033 ], published a report outlining how cyber attacks will be used in

warfare against the United States and allied countries. They also go on to describe how these

cyber attacks would likely precede a physical attack by terrorist organizations. Terrorists would

use this dual wielding approach which could lead to a more catastrophic result, if successful.

This report, [ CITATION Mic01 \l 1033 ], was drafted in response to the September 11th, 2001

terrorist attacks. Its purpose was to warn policymakers of the increasing danger of cyberwarfare.

As we review the types of cyberterrorism, the precautionary measures being employed, and

the consequences of a successful cyber-attack, we will be able to relate how cyberterrorism can

and will impact our emergency management system. The impacts could be a small as a single

household, a more moderate impact like the one shared earlier (county-wide), or it can have a

devastating impact on the country. As emergency managers, we will need to prepare, mitigate,

respond, and recover from a cyber-attack. This is a threat to every jurisdiction across the country.

One big challenge is that, unlike other catastrophic events, our lessons learned from previous

incidents is limited. That coupled with the pace at which technology changes presents new and

problematic issues to anticipate.

Understanding the definition of cyberterrorism will help us identify the who, what, and why.

Dr. Dorothy Denning, [ CITATION Dor07 \l 1033 ], defines cyberterrorism as,

Page | 3
 Final Research Paper

“generally understood to refer to highly damaging computer-based attacks or threats of

attack by non-state actors against information systems when conducted to intimidate or coerce

governments or societies in pursuit of goals that are political or social. It is the convergence of

terrorism with cyberspace, where cyberspace becomes the means of conducting the terrorist act.

Rather than committing acts of violence against persons or physical property, the cyberterrorist

commits acts of destruction and disruption against digital property.”

It is important to review the five (5) main types of cyber terrorism attacks [CITATION

Cou03 \l 1033 ]. Being able to grasp what each of these are will help us understand our

vulnerabilities and allow us to mitigate some of the damage that could be inflicted. According to

[ CITATION Cou03 \l 1033 ] the five types of cyber terrorisms attacks, with definitions are;

Incursion: These type of attacks are carried out with the purposed of gaining access or

penetrating into computer systems and networks to get or modify information. This method is

very common and widely used with a high success rate. There are many loop holes existing in

insecure computer systems and networks and terrorists can take advantage to obtain and/or

modify vital information which can be used to inflict further damages to the organization or for

personal gain.

Destruction: This method of attack is used to intrude into computer systems and networks with

the main purpose of inflicting severe damage or destroying them [2]. The consequences of such

an attack can be disastrous, whereby organizations might be forced to be out of operations for an

undetermined time, depending on the severity of the attacks. It can prove to be very costly for the

Page | 4
 Final Research Paper

affected organizations to get their operations up and running again and thus it will impact them

hard financially and also damage their reputation.

Disinformation: This method is used to spread rumors or information that can have severe

impact

to a particular target. Regardless of whether the rumors are true or not, the use of such attacks

recklessly can create uncontrollable chaos to the nation or the organization. This type of attack is

quite difficult to contain since it can be done almost instantly without the need to access the

victims computer and network systems.

Denial of Service: Denial of Service attacks or DOS attacks as they are more widely known are

also a common method of attack. The impact of such attacks is felt the most by ecommerce

enabled business that sells products or services online. Public websites are also sometimes the

target of this type of attack by cyber terrorists. The main objective of DOS attacks is to disable or

disrupt the online operations by flooding the targeted servers with huge number of packets

(requests) which

would ultimately lead to the servers being unable to handle normal service requests from

legitimate users. The impact from such attacks can be disastrous from both an economic and

social perspective where it can cause organizations to suffer from massive losses.

Defacement of web sites: This type of attack is targeted to deface the websites of the victims.

The websites can either be changed totally to include messages from the cyber terrorists for

propaganda or publicity purposes which might cause them to be taken down or to re-direct the

users to other websites which may contain similar messages. The number of cases of such attacks

has dwindled in the past few years thanks to a greater awareness on the issue. However, a small

Page | 5
 Final Research Paper

number of such cases is still happening and thus proper security measures will need to be taken

to try to avoid such embarrassing and financially disastrous situations from happening again.

The destruction and denial of service attacks could prove to be the most severe for emergency

services.

Dr. Denning discusses that most attacks in the cyber world are not acts of terrorism. She

outlines that to be a terroristic act is needs to “generate fear comparable to that from physical

acts of terrorism, and it must be conducted for political or social reasons.” [ CITATION Dor07 \l

1033 ]. Attacking our critical infrastructures, oil, gas, water, transportation, financial institutions,

emergency services, electric, and telecommunications would be examples of terroristic attacks.

Each of these examples can be remotely accessed in today’s electronic era. Disrupting any or all

of these infrastructures could lead to catastrophic injuries, death, financial instability,

transportation shutdowns, and extended power outages.

Page | 6