Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress [Updated April 1, 2005] [open pdf - 216KB]
"Many international terrorist groups now actively use computers and the Internet to communicate, and several may develop or acquire the necessary technical skills to direct a coordinated attack against computers in the United States. A cyberattack intended to harm the U.S. economy would likely target computers that operate the civilian critical infrastructure and government agencies. However, there is disagreement among some observers about whether a coordinated cyberattack against the U.S. critical infrastructure could be extremely harmful, or even whether computers operating the civilian critical infrastructure actually offer an effective target for furthering terrorists goals. While there is no published evidence that terrorist organizations are currently planning a coordinated attack against computers, computer system vulnerabilities persist worldwide, and initiators of the random cyberattacks that plague computers on the Internet remain largely unknown. Reports from security organizations show that random attacks are now increasingly implemented through use of automated tools, called 'bots', that direct large numbers of compromised computers to launch attacks through the Internet as swarms. The growing trend toward the use of more automated attack tools has also overwhelmed some of the current methodologies used for tracking Internet cyberattacks. This report provides background information for three types of attacks against computers (cyberattack, physical attack, and electromagnetic attack), and discusses related vulnerabilities for each type of attack. The report also describes the possible effects of a coordinated cyberattack, or computer network attack (CNA), against U.S. infrastructure computers, along with possible technical capabilities of international terrorists."
CRS Report for Congress, RL32114