Al-Qaeda has explored the critical infrastructure in the U.S., such as electric power, telephone communications, and water supplies in search of vulnerabilities to carry out “electronic jihad,” or cyberterrorism, warns the the House Task Force to Investigate Terrorism Financing.
In a recently published report, the task force, a component of the House Financial Services Committee, acknowledges that “it is widely believed that terrorists do not yet have the capabilities to launch destructive or even disruptive cyberattacks.”
However, it adds that terrorists “are becoming increasingly proficient in the cyber sphere and have an avowed interest in developing their capabilities,” noting that “the means” of conducting cyberterrorism are becoming increasingly cheap and accessible.”
In 2012, al-Qaeda released a video calling for “electronic jihad” against U.S. networks, such as the electric grid, and highlight vulnerabilities in America’s critical cyber network.
“Internet piracy is an important field of jihad,” the al-Qaeda narrator of the video says, according to CNN.
The jihadist then advises followers with expertise to “target the websites and information systems of big companies and government agencies of the countries that attack Muslims.”
Al-Qaeda’s cyber threat prompted the Senate Committee on Homeland Security and Governmental Affairs to call for the urgent implementation of cybersecurity measures for the most critical networks in the United States.
Four years later, the bipartisan House task force reports:
Al Qaeda has expressed interest in “electronic jihad” as a means of disrupting the American economy, and Al Qaeda prisoners have revealed the group’s intent to use cyberattacks. Al Qaeda has probed the electronic infrastructure for ways to disrupt or disable critical infrastructure such as electric power, telephone communications, and water supplies. ISIS [Islamic State], too, has announced a “cyber caliphate,” though it has so far launched only low-impact website-defacement attacks.
The task force notes that jihadists’ interest in cyberwarfare comes as no surprise, given that it is an effective method of asymmetrical attack. It reports:
Cyberterrorism will likely never completely replace traditional terrorist attacks like bombings, but experts believe cyberattacks can be especially effective if used as a force-multiplier alongside them. The risk from cyberterrorism attacks is particularly elevated for the financial sector.
As a critical infrastructure and the heart of the U.S. economy, an attack on the financial sector would have an extremely high-impact. Moreover, the financial industry consists of many highly visible symbols of Western capitalism, which are appealing targets for terrorists.
The task force concedes that terrorist groups are currently less capable cyber-actors than nation-states such as China and Iran or most cybercrime syndicates.