ODNIHeader2

Print

 

The Information Sharing Environment (ISE) has always been focused on terrorism-related information sharing; with terrorist groups’ ever-increasing level of sophistication in their use of the Internet, it is only natural that information sharing play a role in tackling issues posed by cyber terrorism.

 

The Information Sharing Environment (ISE) has always been focused on terrorism-related information sharing; with terrorist groups’ ever-increasing level of sophistication in their use of the Internet, it is only natural that information sharing play a role in tackling issues posed by cyber terrorism.

 

From a strategic perspective, cyber terrorism can be explained as a domain (cyber) plus a motivation (terrorism). Nonetheless, when a US law enforcement officer responds to an event at the tactical level, sometimes both the domain and the motivation are not immediately known (consider a notional 911 call such as, "All the power is off in the 100 block of Main Street"). The use of cyber might become clear early on in that investigation, but a tie to terrorism may not reveal itself for days, weeks, or months, if ever. From that perspective, the term “cyber terrorism” isn’t always immediately clear.

 

The issue comes down to two things: people and infrastructure. In order to effectively prevent or respond to a terrorist attack, people (whether they be investigators, analysts, or subject matter experts) with the skills to make sense out of the information are needed. The appropriate infrastructure must be in place beforehand to allow those involved to share information and talk with one another.

 

On the people side, the ISE supports professional networks and associations that are building the skills that are needed during a potential terrorist attack, and underpins the critical relationship with and between groups like the National Fusion Center Association (NFCA), the Association of State Criminal Investigative Agencies (ASCIA), and the International Association of Chiefs of Police (IACP).

 

Fusion Centers, for example, need their cyber experts to stay current on the latest cyber intrusion tactics because a cyber attack against critical infrastructure starts with a successful intrusion which allows the attacker to gain a foothold in the network. A Fusion Center Cyber Pilot has helped baseline cyber capabilities for fusion centers, and a Senior Cyber Seminar for Fusion Center analysts has been proposed for later this year.

 

On the infrastructure side, all the expertise in the world is irrelevant if it cannot be shared. In fact, two of the goals of ASCIA’s recent cybercrime workshop were to identify interoperable platforms for sharing cybercrime information and define what standard data fields should be shared. While terms like “data standards” and “interoperability” may not sound terrorism-related, it is important to remember that the technology behind information sharing is agnostic; it doesn't matter whether one is sharing criminal information, cyber information, or industry best practices. The infrastructure that analysts are using today to share information about cybercrime is the same infrastructure they will be used in the future to thwart potential terrorist attacks in cyberspace.