Cyberterrorism and Private Infrastructure: a Thorny Legal Problem
By: David W. Opderbeck, Professor of Law, Seton Hall University Law School; Director, Gibbons Institute of Law, Science & Technology
Cyberspace is the new frontier in espionage, intellectual property theft, warfare between nation-states - and terrorism. Although fears of a cyber-Armageddon provoked by computer-savvy terrorist cells may be overblown, the tools necessary to produce substantial cyber-disruptions are readily available to anyone.
There is a thriving online black market in user-friendly, customizable malware, and for a relatively small fee, it is possible to rent a "botnet" of millions of compromised computers capable of initiating a powerful denial of service attack or other malicious event. Such events could disrupt intelligence gathering and communications capabilities in advance of a kinetic attack, destabilize financial markets, interfere with transportation, induce public panic, or even produce kinetic effects of their own when public utilities and other facilities are computer-controlled.
This threat poses a significant policy and legal problem because most critical cyber infrastructure is privately owned. As the ongoing public debate over the National Security Agency's online data collection programs demonstrates, it is very difficult to balance the twin goals of liberty and security in the cyber domain. This article maps some of the legal terrain over which any potential solution must travel. In future articles, I will discuss particular threats and possible responses.