Former CIA Counter-Terror Chief: Al Qaeda Will Go Cyber
Cofer Black calls Stuxnet worm 'the Rubicon of our future.'
Aug. 4, 2011 -- The former head of the Central Intelligence Agency's Counter Terrorism Center said today that a battered al Qaeda will likely focus more on a new front in their global jihad against the West: cyberspace.
Cofer Black, who spent nearly 30 years with the CIA and was head of the CTC during the Sept. 11 terror attacks, said al Qaeda -- now near "strategic defeat" according to Defense Secretary Leon Panetta -- would likely fall back into "small and agile" tactics, including online attacks.
"They will enter the cyber world because it's comparatively remote, comparatively safer than strapping on a bomb," Black said during his keynote speech at the Black Hat Technical Security Conference in Las Vegas today. The Black Hat conference is an annual convention that attracts thousands of the world's top cyber security experts and hackers alike.
Just last month the British Home Office said in a report that al Qaeda has called on its supporters to wage "cyber jihad." The first known terror cyber attack, it says, was an email spamming attack in 2010 that, while relatively primitive, managed to infect the emails of thousands of U.S. and international corporations.
In a speech on July 14, Deputy Secretary of Defense William Lynn III said it was "clear" terror groups were "intent on acquiring, refining, and expanding their cyber capabilities."
"If a terrorist group gains disruptive or destructive cyber tools, we have to assume they will strike with little hesitation," he said.
Cyber attacks, whether from terrorists, criminal groups or nation-states, have reordered counter-terror experts' views on the greatest dangers to the U.S., Black said. One of the major turning points in defense thinking, he said, was the Stuxnet worm that reportedly attacked and physically damaged an Iranian nuclear facility in 2010. After the worm's discovery, a U.S. Senate Committee on Homeland Security hearing marked the attack as the beginning of a new era in cyber warfare: The Age of Stuxnet.
"The Stuxnet attack is the Rubicon of our future," Black said. "This is huge."
READ: Top Four Cyber Threats for 2011
While Stuxnet was an extremely sophisticated and expensive attack, which Black and several other experts have said was most likely the creation of a government, Black said al Qaeda and other terror groups are unlikely to ignore cyberspace as a potential vulnerability.
"Cyber will be a key component of any future conflict, whether it's with a nation-state, a rogue state or terrorist source," Black told the assembled cyber security technicians. "We're counting on you."
After leaving the CIA in 2002, Black worked for the State Department and then private security contractor Blackwater. He is currently vice president of the private contractor Blackbird.
The Las Vegas Black Hat conference has been held every year since 1997. The name of the conference is a nod to the slang descriptions of malicious hackers (black hats) who hack for mischief or personal gain, in contrast to their "ethical" brethren (white hats) who use their expertise to make cyberspace more secure. Black Hat also stages other gatherings during the year around the globe in such places as Abu Dhabi, Tokyo and Barcelona.