Cyberterrorism After Stuxnet

: Terrorists are known to use the Internet for communications, planning, recruitment, propaganda, and reconnaissance. They have shown interest in carrying out cyberattacks on U.S. critical infrastructures, although no such serious attacks are known publicly to have occurred. The discovery of the Stuxnet malware in July 2010, and its analysis over the next several months, was widely believed to have been a landmark event in cybersecurity, because it showed that cyberattacks against industrial control systems, hypothesized for a long time, are actually possible. After Stuxnet, there were public concerns that terrorists might be encouraged to acquire capabilities for similar cyberattacks. This monograph examines cyberterrorism before and after Stuxnet by addressing questions of: 1. Motive Are terrorists interested in launching cyberattacks against U.S. critical infrastructures? 2. Means Are terrorists building capabilities and skills for cyberattacks? 3. Opportunity How vulnerable are U.S. critical infrastructures?