Trends and Tactics in CyberTerrorism

Presented by
Li Jingjing
Information Security Supervision Bureau (ISSB)
Ministry of Public Security (MPS)
China

Outline

Whats Cyber-Terrorism?
Crime Types and Trends of CyberTerrorism
Tactics and Countermeasures on CyberTerrorism
Proposals

Whats Cyber-Terrorism?

Whats Cyber-Terrorism
According to criminal law of China, terrorism is
attributed to the crime endangering public security. So is
cyber-terrorism.
We can define it by two aspects :

Intention

mass loss of lives

severe economic damage

to generate public panic comparable to that from a

physical act of terrorism.

to disturb social and public order

The intention of cyber-terrorism is the same as that of

traditional crime.

Whats Cyber-Terrorism

Result
The object of damage is unspecified.
To be as one of endangering public security
crimes, cyber-terrorism usually imperils public
lives and property.
The result of damage is uncertain.
The scope affected and harm degree of
crime result is out of the criminals
expectation and control.

Whats Cyber-Terrorism

The difference between Hacking and cyberterrorism

Hacking

characteristics
zAim

Intention

zwould

not result in severe economic

damage or loss of life.
zNot want to generate social panic
zNot
zThe

Result

to cause lesser disruption

Cyber terrorism
zAim

to cause mass loss of lives

or severe damage of economy
zWant to generate social panic
zIntend to disturb public order

intending to disturb public order

object of damage is specified ----usually

imperial the information system of certain
subject.
zThe result of damage is certain----control the
result at the certain scope and degree.

zThe

object of damage is
unspecified
zThe result of damage is
uncertain

Crime Types and Trends of

Cyber-Terrorism

Crime Types and Trends of Cyber-Terrorism

Crime types
Cyber as object: Terrorist attacks critical information
infrastructure to cause mass loss of lives, severe damage of
property or disorder of society.
Cyber as tool: Terrorist tend to facilitate traditional forms
of terrorism by using Internet to:
z
z
z
z
z
z
z

organize and command on internet

communicate with each other
threaten the victims
distribute terror information or rumors.
recruit supporters.
impart the method of terrorism.
acquire intelligence in support of physical violence.

Crime Types and Trends of Cyber-Terrorism

Trends
Due to being the vitals of homeland security, economic
development and public order, the critical information
infrastructure has become the main target of cyberterrorism. Therefore, it is necessary to reinforce the
security of the critical information infrastructure.
With the rapidly development of internet industry, internet
is exploited as important tool and channel by terrorists.
Owing to application of divers information technology, the
targets of cyber-terrorism will include not only computer
network but also other digital devices.

Crime Types and Trends of Cyber-Terrorism

Trends
Compare with traditional crimes, cyber-terrorists are
more easier to disguise their identities and the
damage is more severe. So both investigation and
information security safeguard will confront with new
challenges.
Cyber-terrorism often involves multiple places or
countries, so it is essential to establish efficient
mechanism of intelligence sharing and legal
assistance between different countries or regions.

Tactics and Countermeasures on

Cyber-Terrorism
Protection

Emergency response
And recovery

prevention

Investigation

Tactics and Countermeasures on Cyber-Terrorism

Organ

organ of information security safeguard

State Council of China
State Informatization Leadership Group

The National Network and Information Security Coordination Team

Different departments of government

Tactics and Countermeasures on Cyber-Terrorism

organ of information security safeguard

2000, Chinese government established State Informatization
Leadership Group (SILG ) which included the National
Network and Information Security Coordination Team
(NNISCT ).
NNISCT is in charge of :
z
z
z
z

researching and enacting strategy and policy of national information

security safeguard.
organizing and coordinating related departments of government to
protect critical information infrastructure.
mobilizing and directing computer emergency response.
improving information sharing and notification.

Tactics and Countermeasures on Cyber-Terrorism

organ of law enforcement

Organizational structure
Information Security Supervisory Bureau
(ISSB) of Ministry of Public Security (MPS )
Provincial Information Security Supervisory
Department

Regional Information Security Supervisory

Department

Tactics and Countermeasures on Cyber-Terrorism

Legislation
1: Cyber as object
The legislation of China emphasizes the protection of
critical information infrastructure.

Article 285, Criminal Law

Whoever intrudes into information systems
concerning state affairs, construction of defense facilities,
or sophisticated science and technology will be sentenced
no more than three years in jail.
For those who intrude into the information systems
related to critical infrastructure, no matter the systems
were damaged or not, the intruders will be punished.

Tactics and Countermeasures on Cyber-Terrorism

1: Cyber as object
Article 124, Criminal Law
Whoever sabotages radio and television
broadcasting facilities, public telecommunication
facilities, and endangers public safety is to be
sentenced a maximum imprisonment of seven
years.
Only the public telecommunication facilities
were mentioned in this article, however, it would
be better to include all the critical information
infrastructure.

Tactics and Countermeasures on Cyber-Terrorism

1: Cyber as object
Modification Act of Criminal Law
In Dec. 2001, the criminal law was amended to combat
terrorism. Several articles related to terrorism were
renewed.
Administrative Penalties Law for Public Security
In Aug. 2005, National Peoples Congress enacted
Administrative Penalties Law for Public Security. It
provides that whoever illegally intrude or impair general
information system, which is not serious enough to be a
crime, he will be gotten administrative penalty.

Tactics and Countermeasures on Cyber-Terrorism

2: Cyber as tool

Modification Act of Criminal Law

Any person who seriously disturbs social order by
knowingly disseminating terror information of a
fabricated fact will be punished with a maximum
imprisonment of five years.
Most of this kind of cases were committed through
Internet.
Administrative Penalties Law for Public Security
If a person disturbs social order by distributing
rumor related to danger, plague or others, and it generate
public panic, he will be gotten administrative penalty.

Tactics and Countermeasures on Cyber-Terrorism

Policies
Chinese government constitutes many policies to
protect critical information infrastructure, such as:

national information security strategy

It confirms the goal, tactics, measures and safeguardsupporting works of protection for critical information
infrastructure safeguard.
regulation and standard of grading protection of
information security
other policies of information security industry.

Tactics and Countermeasures on Cyber-Terrorism

Prevention and Management

Carry out the system of grading protection of information

security.
z All the critical information systems are asked to be
evaluated by third party and divided into 5 grades.
z According to the regulation and standard, the critical
information system with specified grade should be
taken corresponding safeguards and supervised by
government.
Adopt crisis evaluation of information system in order to
reinforce crisis management for critical information
infrastructure.

Tactics and Countermeasures on Cyber-Terrorism

Prevention and Management

Construct and implement notification system of
network and information security.
In 2004, The National Network and Information
Security Coordination Team (NNISCT) established
National Notification Center for Network and
Information Security (NNCNIS ).
z NNCNIS is responsible for aggregating, analyzing,
assessing, notifying and early warning information
concerning network and information security.
z

Tactics and Countermeasures on Cyber-Terrorism

Prevention and Management

set up and execute classified response system of cyber-emergency, so

as to enhance capability of response for critical information
infrastructure on
z preventing
z preparing
z responding
z recovering.
Supervise ISP and ICP fulfill the following legal responsibilities:
z Inform users of their legal burden when they apply Internet
services.
z Report offences or crimes to police in time.
z Assist police to investigate cyber-terrorism or other cybercrimes.
z Provide related data according as legislation.

Tactics and Countermeasures on Cyber-Terrorism

Crime Striking
Fast crime detecting, reporting and responding mechanism are
essential to combat cyber-terrorism.
Set up online cyber-crime reporting website in each province.
z www.Cyber-police.cn
z Beijing: http://bj.cyber-police.cn
z Shanghai: http://sh.cyber-police.cn
established 24/7 contact mechanism among administrators of
critical information infrastructure, ISP, ICP and Cyberpolice in order to efficiently deal with information security
incidents occurred in critical information systems.

Tactics and Countermeasures on Cyber-Terrorism

Crime Striking

Enhance digital forensic technology and train staff regularly.

Regulate investigation procedure for assuring the admissibility
of electronic evidence.
Seek technology supporting by
z Cooperating with institutes, information technology
enterprises, ISP, ICP and other organizations.
Improve cooperation and coordination with other countries and
regions by
z Participating the international training of technology related
to cyber-terrorism or other cyber-crimes.
z Supplying legal assistance for Japan, Korea, Hongkong of
China, etc.
z Promoting intercourse and collaborate on legislation,
computer forensic, staff training etc.

Proposals

Proposals

Reinforce cooperation and coordination

among the members of ARF for combating
cyber-terrorism:

Take effort to unify the definition of cyberterrorism so as to guide legislations of the

members.
Establish Point-of-contact on 24/7 basis
between our law enforcement agencies.
Set up efficient and effective intelligence
sharing mechanism.

Cyber-terrorism
An regional security
Lets work together

Thanks a lot