A 1999 study prepared for the Defense Intelligence Agency and produced at the Naval Postgraduate School began with a disclaimer stating, “cyberterror is not a threat. At least not yet, and not for a while.” Nevertheless, the authors warned, “cyberterror is indeed coming.” Around the same time, Richard Clarke, who at that time was the White House special adviser for cyberspace security, preferred use of the term “infowarfare” instead of cyberterrorism. More than a decade later, he still rejected the word cyberterrorism on the basis that it is a red herring that “conjure[s] up images of Bin Ladin waging war from his cave”; he did, however, caution that there may be such a term as cyberterrorism in the future.
Barry Collin first introduced the term cyberterrorism in the 1980s, although just as experts have not formed a consensus definition of terrorism, there is still no unifying definition of cyberterrorism. Cyberterrorism is an even more opaque term than terrorism, adding another layer to an already contentious concept. Cyber events in general are often misunderstood by the public and erroneously reported by the media. People tend to use the terms cyberwar, cyberterrorism, cybercrime, and hacktivism interchangeably, although there are important, sometimes subtle, differences.
The purpose of this article is to propose a comprehensive definition of cyberterrorism that captures the full range of how terrorists have used the internet in the past and how they will likely use more robust cyber capabilities in the future. This article will first look at clusters of cyberterrorism graphed according to methods and targets; it will then describe the clusters in more detail and provide examples. Finally, the article will offer a new definition of cyberterrorism incorporating these clusters.