Cyber-Terrorism Center—Malaysia

The Oceana region of the globe, with its vast archipelagos and vital shipping lanes such as the Malacca Straits, is fast becoming a central location for a number of institutions and conferences geared toward combating transnational crimes and terrorism. In March, we mentioned that a regional security conference was held in Putrajaya to discuss piracy, transnational crime, and maritime terrorism. In January, an Asian Regional Cooperation Agreement was signed among 16 nations, with the agreement that an information-sharing center would be established in Singapore. Today, it is being reported that Malaysia is establishing “an international centre to fight cyber-terrorism.”^[1] The facility would be located “at the high-tech hub of Cyberjaya outside Kuala Lumpur,” and would be another example of the public-private approach to law enforcement because it “would be funded and supported by governments and the private sector.”^[2]

Called the International Multilateral Partnership Against Cyber-Terrorism, or IMPACT, the center would be modeled after the Centers for Disease Control in Atlanta, and it “will provide an emergency response to a cyber attack on the economy or trading system of any country.”^[3] The decision was made at the World Congress on Information Technology, held last week in Austin, Texas.^[4] According to Malaysian Prime Minister Datuk Seri Abdullah Ahmad Badawi, the “threat posed by cyber-terrorism was something that governments could not ignore,” because “a nationwide blackout, [the] collapse of trading systems, or the crippling of a central bank’s cheque clearing system,” could cause severe and crippling economic loss.^[5]

IMPACT has already reached agreements with Symantec, Japan’s MICRO, and Russia’s Kapersky Lab to be partners and serve on its international advisory board.^[6] Prime Minster Abdullah hopes that IMPACT will be established and operational by the end of the year.^[7] He warned, though, that once IMPACT is in place, it will “not be an overnight success,” and efforts will have to be made to expand its capacity.^[8]

Cyber-terrorism is an issue that is analogous in many ways to the debate about where piracy at sea ends and maritime terrorism begins. In other words, what precisely is the line between cybercrime and cyber-terrorism? As we have pointed out before, the line between piracy and maritime terrorism is not necessarily clear, which raises due process, military, and comity concerns. Thus, it is very important to distinguish what will be considered a terrorist act, which of course is a criminal act, and what will be considered a “mere” criminal act without terrorism implications. In 2000, Dorothy Denning—who at that time worked at Georgetown and is now a Professor at the Naval Postgraduate School—testified before Congress that “Cyberterrorism is convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear.”^[9] This is a very narrow definition and, while it maintains much cultural currency nearly six years later, some organizations find its definition too limiting. For example, a Symantec white paper argues that her definition “is very different from the definition that appears to be operationally held by the media and the public at large.”^[10] That in itself is not a reason to discard a definition, but the white paper does note that, as of 2003, the FBI, the Department of Defense, and the Department of State all paint the definition of terrorism in slightly different strokes.^[11] The National Conference of State Legislatures also has a slightly different take on the debate, say that “Cyberterrorism can be defined as the use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attacks, or terroristic threats made via electronic communication.”^[12]

In other words, the problems that we have described on a global scale in developing a concrete definition of terrorism, can also be seen on a national scale regarding a definition of what constitutes cyber-terrorism

---

[1] Malaysia to Establish Global Centre Against Cyber-Terrorism: Experts, BakuToday.net, May 9, 2006.
[2] Id.
[3] Brendan Pereira, Abdullah’s Coup in Austin, Texas: Malaysia Scores Firsts With Two New Ventures, New Straits Times, May 7, 2006.
[4] Id.
[5] Id.
[6] Id. We have discussed Symantec’s role in investigating computer attacks on our transnational crimes blog, here.
[7] Cyber-Terrorism: Centre to be Set Up by End of the Year, New Straits Times, May 8, 2006.
[8] Key Global IT Firms Support IMPACT Plan, The Star (Malaysia), May 8, 2006.
[9] Dorothy E. Denning, Cyberterrorism: Testimony Before the Special Oversight Panel on Terrorism Committee on Armed Services, US House of Representatives, May 23, 2000.
[10] Sarah Gordon, Cyberterrorism? 4, Symantec, 2003. (PDF)
[11] Id. at 5.
[12] Cyberterrorism, Natl. Conf. on State Legislatures, May 9, 2006.