Cyber Terrorism and Artificial Intelligence

It was not very long ago that large-scale political intervention through cyber means used to be a stuff of fiction novels and movies, however, it is not the case anymore in the 21st century. In 2007, first visible contact between geopolitics and cyber realm came to the forefront when the world witnessed what U.S. Department of Defense has described as 5th dimension of warfare after land, air, sea and space. Estonia became the first victim of severe cyber-attacks, though at technical level mostly.


Endless continuum of cyber space has turned the world of diverse cultures into a global village where we benefit from each other’s experience, establishing linkages through cyber backbone. But when it comes to conceptualising a security strategy, this very endlessness of cyber space and its exponential growth becomes a major technological challenge. 


The most vivid aspect of these cyber-attacks was the fact that Estonia is among the few countries where the number of online services offered by private and public entities exceeds rest of the world’s. It was realized that a country with an online banking share of 98%, over 90% of total national tax declarations and a robust e-governance communication system can be an attractive target for cyber terrorism. On one hand, such online services contribute to dynamic governance model and allow the state to reduce cost of doing government businesses, while on the other, these same services also render the entire society vulnerable to cyber-attacks. Hence, the more technologically superior a nation, the more attractive a target it is for the cyber terrorism. In the cyber realm, asymmetry has the opposite implication.

At the peak of these cyber-attacks, internet connectivity with the outside world was restricted for few days as a last resort to maintain online services within Estonia. The Estonian Computer Emergency Response Team (CERT) contacted other CERTs, which together with international informal information security networks, helped neutralise the distributed denial of service attacks (DDOS). It was a global response and international cooperation that helped Estonia recover back in 2007. The challenge, however, continues to loom large and is becoming even more insurmountable due to exponential growth of digital platforms, data and infrastructure. Estonia cyber-attacks happened 12 years ago and the size of data flowing through global cyber infrastructure has grown by 400 times since then; one can guess the enormity of contemporary challenges to cyber security paradigm.

Cyber-attack on Estonia was not an isolated incident, it had deep-rooted political and ideological bearings. The central argument which led to the political strife was an argument over relocation of the World War II monument. During the peak days of cyber-attacks, it was not possible to reach Estonia via internet from the outside world. At the time of heavy political campaign, with riots in the streets and propaganda attacks against Estonia, disconnection from internet added further chaos to the existing confusion as to what really was happening in the country. These cyber-attacks were a perfect display of the employment of technologically loaded non-kinetic operations. It is just one example. Since 2007, a number of nations have suffered from politically motivated cyber-attacks.

Due to inherent vulnerabilities, there are three strategic implications for every nation-state as the world moves towards more cyber-interdependence and inter-connectivity.

First, information systems are not the only critical component of a modern cyber infrastructure as more and more utilities are being controlled from central command and control rooms, which are cyber hubs. Anyone in control of such nodes can compromise a state’s critical infrastructure other than information systems like water supply, electric grid stations, even nuclear power plants, military installations and communication networks that are critical to the national security of any country.

Second, the technological growth in ICT has outpaced governments’ ability to provide governance mechanisms over global telecommunication infrastructure and the internet. This challenge has become even more obdurate with the inclusion of Artificial Intelligence in the existing technology mix. Post 2007, the absence of formal and institutional cyber alert mechanisms and response systems for managing large-scale cyber-attacks at the global level was felt dearly. Even today, the nation-states are faced with the same dilemma to varying degrees. States are somewhat reluctant to share information regarding their respective vulnerabilities and actions due to obvious strategic and geopolitical compulsions. This has led to a situation where the world might see a fractured internet/selective connectivity. Fracturing of internet simply means that internet must be divided just like the continuous land mass of Eurasia-Africa has been divided into hundreds of independent nation-states.
The third important implication is related to how cyber security debate takes its rightful place in overall politico-strategic framework of a modern nation-state. It is evident that cyber security is no longer a mere technical issue without strategic repercussions or political underpinnings. Cyber security needs to be taken out from the IT departments’ unattended and somewhat neglected corner, brought to the center stage and bolstered with political attention and judicious investments in both capital and human resource in order to modernize protection mechanisms in most societies.


A large community of cyber experts believe that cyber space must be divided and managed in chunks by states just like they do physical landmass. Even if done, it may never guarantee solutions to cyber security problems the world is facing now.


Estonia remains a watershed event as far as the global approach towards cyber threats is concerned. There was a scramble to establish dedicated defense forces to combat technologically driven threats in the cyber realm. The fact that U.S. Cyber Command (USCYBERCOM) was only established on June 23, 2009 shows the timeframe when the world actually realized the true enormity and latent implications of cyber threats to the nation-states belonging to the first world. Estonia was the first country to adopt a National Cyber Security Strategy in 2008 that aims at promoting international awareness and establishing formal cooperation mechanisms in cyber security as central objectives, in addition to bolstering national cyber security efforts. Clearly, cyber-attacks in 2007 provided impetus for these developments.

Logically, a simple and effective cyber security response strategy can be to conceptualize cyber security and develop protective policies. At the global level, we need to divide the vast cyberspace into categories where the vulnerabilities are most likely to be present. In prevailing complex global geopolitics and cutthroat competitive environment, any application of such a conceptual framework, however, appears to be a distant dream.
Two-third of the cyber security professionals polled at RSA Conference 2019 are of the view that they have to change where they do business and with whom, due to international cyber security concerns. Due to political compulsions, states are not trusting even the security products developed by companies belonging to the rival states. The treatment of security company Kaspersky and IT giant Huawei at the hands of U.S. government is a case in point; the former is a Russian firm while the latter is a Chinese ICT heavyweight.

There are non-political challenges as well in effective cyber security conceptualisation. These challenges stem from the scale of interaction between individuals, businesses, segments of society, state and cyberspace. One way for finalising a conceptual framework is to analyse interaction between the above elements and cyberspace separately and devise response strategies accordingly.

This is mandatory because there exists quite a difference/divergence at global, regional and nation-state levels between the consequences of cyber incidents and the appropriate response mechanisms. These are different from those prevailing at the level of societal structures, economic sectors or individuals. For example, an attack on a business firm may not affect individuals or the state, but may have grave repercussions for the regional or global economy. Similarly, an attack on a critical information hub may completely destroy the companies involved in securing such communication hub without affecting any segment of the society. Then there are shared threats in the case of global cyber-attacks.

The chart below depicts possible scale of threats/damages from cyber-attacks across different access levels along with challenges a response strategy conceptualization may face at each level.



Notwithstanding such differences, all these levels are tightly inter-connected in cyberspace and any effective response system needs to tackle all of them simultaneously. This explains why even a mere conceptualisation of a cyber-security mechanism amid such complex variables is a daunting task even for first world developed nations. All the levels described above are vulnerable to cyber disruptions and attacks, which are easy to organise, hard to attribute, and asymmetric.

Endless continuum of cyber space has turned the world of diverse cultures into a global village where we benefit from each other’s experience, establishing linkages through cyber backbone. But when it comes to conceptualising a security strategy, this very endlessness of cyber space and its exponential growth becomes a major technological challenge. Even the security firms leading the cyber security research work find it difficult to factor-in every variable in the cyber security equation.

Artificial Intelligence: A Way Forward or Two Steps Backward

Governments must be able to identify the critical infrastructure in the state that can be attacked through the cyber domain. Once identified, more focused attention must be given to identify weak points, vulnerabilities or potential threat vectors through rigorous penetration testing and cyber war gaming. There are unseen variables and that too in great numbers when it comes to establishing robust cyber security conceptual framework, due to the evolving nature of cyber technologies and space.

Virtual Criminology Report published by leading cyber security firm McAfee acknowledged that with any man-made or technological cyber catastrophe, most of the consequences could be quite unexpected, having secondary and tertiary effects. Even the most sophisticated approach cannot determine exactly all interdependencies between critical infrastructures and communication nodes that support normal functioning of a society.


At present, developing international and regional information exchange, early warning and consultation mechanisms in cyber security are the long-term challenges that governments will face in the 21st century. AI can help in such complex tasks, but will it yield the required result when the perpetrators of cyber-attacks are also planning to use their own AI to overcome any AI enabled cyber security defense mechanism.


Sighting this challenge, Artificial Intelligence (AI) was sought as an answer to find elements and factors which human mind can overlook while working on required cyber security framework. AI and machine learning are developing quickly, with experts suggesting that they could be applied to several specific use cases within cyber security. Inclusion of AI into the cyber security debate, however, has rendered the already complex equation completely insolvable or more intricate to say the least.

On the solution side, it is hoped that in the future intelligent systems including these technologies will be able to accurately detect and remediate attacks in real-time. It saves time, improves the decision-making and enhances overall business efficiencies. Tools like Machine Learning (a subset of AI) are playing critical role in anomaly detection and bridging the gap between metrics and business processes to provide more efficiency.
Talking strictly in the context of cyber security, AI’s role is still evolving for both cyber criminals and cyber security professionals. “Phishing, cyber bots, multi-cloud strategies, zero trust, diversity in cyber and blockchain and cyber: we are set to enter a tumultuous period for cybercrime: but AI and cyber security will become the partnership that both cyber security and cyber criminals will put their faith in.” For example, both a customised phishing attack to get into a secure corporate network and its real time detection require application of machine learning and AI.

Gaurav Banga, CEO and founder of Balbix, sees it in numbers, “It is now mathematically impossible for humans to manage cyber security without the assistance of AI.” Experts continue to predict that we are set to see an increased focus on the quality of the data sets that underpin AI. Data is, of course, vital to AI. Machines may learn, but they need good quality learning materials, which means data, accurate data, and lots of it. But what if that data upon which AI system will learn is compromised before going into a machine learning app? Certainly, the result will be nothing short of a complete cyber calamity with the potential to expand beyond national or regional bounds.

This is a clear and present danger. Helen Davenport, director at Gowling WLG, a company pioneer in cyber solutions noted, “AI techniques may necessitate the use of centralized servers collating large amounts of user data together – making those repositories potentially a ‘one-stop-shop’ for hackers looking to steal multiple sets of information.” A more chilling revelation about AI’s negative role in cyber security debate was made by Max Heinemeyer, director of threat hunting at IT company Darktrace by stating, “We have seen the first stages of this over the last year: advanced malware that adapts its behavior to remain undetected.”

Nevertheless, there are a number of experts who think that AI holds the key to solving cyber security issues even if cyber criminals are also using it. Yet, the last two years have witnessed a debate on fracturing the internet to make it more manageable. Political reasons for such debates have their own merits and demerits. Notwithstanding those reasons, a large community of cyber experts believe that cyber space must be divided and managed in chunks by states just like they do physical landmass. Even if done, it may never guarantee solutions to cyber security problems the world is facing now.

At present, developing international and regional information exchange, early warning and consultation mechanisms in cyber security are the long-term challenges that governments will face in the 21st century. AI can help in such complex tasks, but whether it will yield the required result when the perpetrators of cyber-attacks are also planning to use their own AI to overcome any AI enabled cyber security defense mechanism, only time will answer such concerns. Meanwhile, our access to latest communication technology is creating new threats on daily basis and this trend is likely to continue in the foreseeable future. Acquiring knowledge about these emerging threats, their technical roots and remedial measures remains the only defense against them.
Any individual, business, societal segment or nation-state will ignore this knowledge at their own peril!