Author of the Month: Richard Bingley – IT Governance Blog


Combatting Cyber Terrorism – A guide to understanding the cyber threat landscape and incident response planning

Richard has led and operated various vital security projects, including the London 2012 Olympics and Russia 2014 Winter Olympics. He’s also served as executive director of London First’s security and resilience division.

In addition, Richard was a senior lecturer in security and resilience at Buckinghamshire New University, and director of the BNU Business School.

Currently, he’s director of the business security briefing service CSARN.org and CEO at the Global Cyber Academy. Richard is also a frequent media commentator on AI, cyber security and future technology issues.

His book – Combatting Cyber Terrorism – is our book of the month, making Richard author of the month for May!

The book was a finalist for the Cyber Book of the Year Award at The Real Cyber Awards, 2024.


Thank you so much for your time, and congratulations on your book! What drove you to write it?

I sensed that so much of what security and risk managers were seeing in the political extremism space had become augmented, and to some extent complicated, by the emergence of web 2.0 and beyond.

Some commentators started to use the phrase ‘cyber terrorism’ in the context of relatively ‘normal’ cyber threats and events.

I felt we really needed to understand what ‘cyber terrorism’ actually is – or isn’t – and try to encapsulate it with a definition and some understandable criteria.

So, what does ‘cyber terrorism’ mean, exactly?

Let’s start with two core principles of ‘cyber crime’ [according to the UK National Cyber Security Centre], which is crime that can:

  1. Only be committed through using ICT devices, where the devices are both the tool for committing, and the target of, the crime; and
  2. Be increased in scale or reach by using computers, computer networks or other forms of ICT.

‘Cyber terrorism’ can then encapsulate terrorists:

  • Intentionally using computer systems to attack and harm people and property;
  • Using computer systems to diversify, complicate and increase the impact of their attacks, including body counts and escalated public panic; and
  • Providing misinformation and disinformation to target audiences, including the emergency services and/or investigators, to sabotage aid, medical assistance and evidence.

There are more examples, but these give a good sense of what cyber terrorism really means. Unfortunately, we currently don’t have a universally accepted definition.

Universally accepted definition or not, ‘cyber terrorism’ is an alarming phrase. How worried should we be?

Very.

The advance of technology has, and will continue to, usher in huge progress in terms of life quality and business efficiency and optimisation – if harnessed right. Most recently, we’re seeing the incredible acceleration of AI enablers into most aspects of our personal, social and business lives.

This should help most of us in many ways, whether by treating previously fatal medical conditions, travelling faster and more safely, or more quickly and effectively seeing incoming threats and preventing them from materialising.

However, as with the evolution – or revolution – of any technology, we also get the unleashing or strengthening of negative forces and impacts. This is where the worrying part comes in.

Undoubtedly, the pervasiveness of advanced technology has generated:

  • More political radicalisation;
  • Higher levels of personal motivation to attack people or entities – lots of people are unable to ‘switch off’ from things that antagonise them; and
  • The ability for politically violent extremists to communicate with like-minded individuals, often in an anonymised ICT environment.

But if we plan to counter these new types of threats, we need to understand them better. I’m positive that organisations and wider society can then adjust accordingly to harness the best of what this technological revolution has to offer.    

Who is realistically at risk of being targeted by cyber terrorists?

Everybody, unfortunately. We’re all members of organisations, demographics or nation states targeted by the tiny number of violent extremists out there.

One aspect of the rise of Internet-inspired terrorism is that we can much more vividly see the warped ideologies and religious distortions underpinning much of the outlook and behaviour of violent extremists.

A couple of features have emerged alongside web 2.0:

  1. The rise of suicide-terrorism and mass shootings whereby the assailant[s] doesn’t care about an escape plan. Therefore, they and their few online supporters often cheer on for a ‘body count’. This suggests that most, if not all, members of the public are targets whenever these assailants ‘activate’.
  2. The rise of ISIS saw the promotion of the ‘Takfiri’ idea. This essentially pushes the notion that violent Islamist terror actors can use lethal violence against other Muslims because they’re ‘apostate’, particularly if they’re living in non-Islamic nation states or working for non-Islamic employers.

Such fundamentalist rhetoric is increasingly presented as part of the prosecution’s evidence in court cases against neo-Nazi and ultra-nationalist, violent extremists in Europe and the US. Most of these individuals, often with mental health conditions, have been radicalised to the point of violence.   

Who is your book aimed at?

It’s mainly for security risk management practitioners.

That said, I cover how these cyber-based threats and actions intersect with the physical security world. So, I hope information security professionals and physical security operators will find it practical.

I also highlight and explain the impacts of cyber terrorism through several case studies, so business continuity and crisis management professionals should find it valuable too. Plus, these case studies make the book very accessible to the general public – not just the corporate market.

My book is intended as an introductory guide, explaining why organisations should prepare and how to conduct yourself online. So, I include lots of sources – such as agency and corporate reports, and decent videos – to learn more.

What is the top take-away of Combatting Cyber Terrorism?

Don’t wait for your government to protect you. In open democracies, for all the right reasons, governments are extremely slow and sensitive about intervening in your private Internet space.

So, please, do the right thing. Do the legally sound thing. Look after your people, and look after yourself.

One of the best ways to do this is to look after your IT. That’s why I dug out ‘Ten Commandments of Computer Ethics’ published by the Computer Ethics Institute more than 30 years ago. Spoiler alert: I end the book with those commandments.

What do you like the most about your new book? Do you have any favourite snippets?

The ending. Not just because pretty much all good cyber security is rooted in ethics, but also because most of us write these books on top of our ‘day jobs’ – I almost burst into tears in front of my dogs when I finished writing the last word!

Do you have any more books, or other exciting projects, on the horizon?

I’m fascinated by aspects of AI, so I’d like to write a book about AI security for organisations.

Specifically, I’d like to write a solid overview for executives explaining how business management, leadership and strategy have been fundamentally changed by:

  • The arrival of AI 2.0;
  • The fusion of AI and robotics; and
  • The simultaneous arrival of ‘intelligent’ technologies.

The book wouldn’t be particularly focused on safety and security, but more about what jobs, management, supply chain management and strategic leadership need to look like for businesses, and wider business communities, to survive and thrive.

I’d like it to cut through some of the wild mythology out there and move the focus beyond the headline names and media hype.

And finally, do you have any advice for aspiring authors?

A book lives or dies by its structure. So, I always keep an up-to-date Excel spreadsheet and maintain an overview of each chapter and sub-chapter in each row. This gives me a ‘helicopter view’. I can then shift the chapters around like jigsaw pieces to optimise the flow.

I’ve also banned myself from writing chapters longer than 4–6 pages. At-work executives need to be able to often pick up and put the book down again!

Finally, write a bulleted plan for your chapters, sub-chapters and key points. Besides, the publisher will want to see and approve this.

But remember: it’s a private plan, and you can always add, change or delete ideas. This takes the pressure off, yet gives you a detailed ‘skeleton’ that provides you with a roadmap and a sense of direction.

This roadmap will almost certainly change, because the more you research and the more you write, the more new angles and important aspects of the topic arise.

The simple bottom line is no plan, no book!


Find out more about Richard’s book here. We’re also offering a 15% discount throughout May! Just use ‘Richard15’ at the checkout.



Source link

Leave a Comment