What is cyber terrorism?

Cyber terrorism is a technological means to an end of causing disruption to its victims. Attackers may seek to cause this disruption in the pursuit of political objectives, operational and tactical advantage over an adversary or for financial and personal gain. These attacks can be targeted against specific victims, or victims may find themselves in the firing line of broader untargeted attacks. Such examples can be seen in:

• The Ukraine Power Grid attacks: One example of politically motivated cyber terrorism can be seen in “Sandworm” – a hacker group which has been linked to Russian Military Intelligence units. The Group is known for its repeated attacks of Ukraine’s power supply going into the Russian invasion of Ukraine, with one of the more recent attacks occurring in November 2023, coinciding with a wave of missile strikes launched by the Russian armed forces on Ukrainian infrastructure. These attacks directly targeted the population of Ukraine’s trust in the ability of the state to protect them, while supporting the efforts of conventional Russian forces to achieve their political goals.

• The WannaCry attack: Cyber terrorist attacks can also be the result of untargeted campaigns, where victims fall into traps and inadvertently activate attacks on themselves. One such case is the 2017 WannaCry cyber attack, which saw 200,000 PCs across 156 countries infected by a ransomware attack. Attackers, later found to be operating out of North Korea, used an exploit in outdated Microsoft operating systems resulting in Critical National Infrastructure such as the National Health Service (NHS) in UK suffering major outages and disruptions to their operations.

What are the impacts?

Both of these incidents led to operational disruptions for the the victims, with organisations having to take drastic action to minimize the damage resulting in delays, loss of data and access to systems and reduced operational output. In the case of the WannaCry and Ukraine Power grid incidents specifically, the attacks also incurred a risk to life with healthcare systems being affected and other services being made unavailable to the general public.

How are we currently training for these incidents?

In creating a cyber attack scenario, the UK’s National Cyber Security Centre recommends that trainers ‘consider providing participants with related information to help make the exercise more engaging or realistic, such as a background story with references real-world events in the news,’ but this is not enough. Audiences need to be fully immersed in the exercise environment and see the real-time consequences of their actions and their decisions.

How can we improve our training?

The cornerstone of effective cyber terrorism training lies in crafting scenarios that mimic the real world. The environment of these exercises must accurately simulate the methods, means and resources the training audience will have to respond to such attacks in a real world scenario.

In our work at Conducttr – cyber attack crisis exercises continue to be in high demand, with clients continuing to place cyber risks at the top of their concerns. We focus on creating training environments that reflect the true challenges professionals might face during an attack.

In the past, we have collaborated with clients to develop training scenarios for incidents such as cyber attacks on healthcare and power infrastructure networks. In designing these exercises, the paramount consideration has been to accurately simulate real-world environments to the best extent.

How can we create accurately simulated environments?

For the Healthcare Cyber Crisis scenario, for example, we worked with one of our clients to create a network of personas that almost mirrored the roles and responsibilities of the Incident Management team that the training audience would recognise.

We worked closely with the client to ensure flows of information, roles and responsibilities and decision making points in the exercise reflected their real-world experiences. The scenario was loosely based on the response of healthcare organisations to the 2017 WannaCry attack.

The scenario simulates a ransomware attack on a hospital with the audience having to go through the processes of identifying the type of attack, advising staff on how to manage to incident and supporting efforts to recover access to data and individual machines.

As a result of working with our client’s input – we created a scenario built around true-to-life policies and procedures that healthcare information security professionals would be familiar and comfortable with. Using the same terminology and decision making processes that were used by our client in their response plans made the scenario all the more realistic and engaging to the training audience.

What does the future of training for cyber-terrorism look like?

Going forward, simulated training for these incidents will become increasingly more important as new threats are always emerging in the cyber world. Vulnerabilities continue to be found in unpatched machines and new malware can bypass current security measures. Cyber terrorism professionals will need to be familiar, comfortable and fully immersed in the context of their individual response plans to maintain preparedness.

In the face of the every-evolving risk of cyber terrorism, realistic and immersive training is the best way to prepare for incidents of this nature. Furthermore, ongoing refinement of training exercises is essential for ensuring that counter-terrorism professionals are not only prepared to respond to cyber terrorism but can do so effectively and confidently.