Why Aren't Terrorists Committing More Cyberattacks?

The fear of terrorist organizations flexing their cyber muscles by launching a debilitating cyberattack is far greater than the actual reality of the situation, said Tricia Bacon, former counterterrorism official for the State Department at an event Tuesday.

On the cyber front, terrorists are still considered less of a threat than both state-sponsored attackers and criminal organizations.

Terrorists have been known to use the Internet to amplify their message, to recruit and to communicate with one another through a secure platform, she said during a forum hosted by the National Academy of Public Administration and American University, called "Barriers to Cybersecurity in the Next Presidential Administration." But when they do use the Internet as a weapon, they tend to go for "soft targets," such as a company's Twitter account.

This is likely because most terrorist groups haven't decided to focus their energy on cyberattacks or don't yet have the capabilities to engage in this type of destruction, said Bacon, currently an assistant professor for American University's School of Public Affairs.

“In a sense, this comes from the fact that they don't yet need cyberattacks to accomplish their aims,” she said. “As we've seen with the events over the weekend, they can still terrorize pretty effectively using conventional terrorist attacks.”

For example, Lashkar-e-Taiba, the terrorist organization responsible for the 2008 Mumbai attacks, is likely the most technologically advanced terrorist group operating today, she said. But the group still mainly uses its cyber capabilities simply to keep its communication and activities a secret.

ISIS, another well-known terrorist organization purported to have planned the attacks in Paris last week, still has a mostly decentralized cyber unit, made up of individuals who support the organization but often don’t actually have contact with it. As a result, it has carried out many low-level harassment-style attacks, she said.

But this doesn't mean the situation won’t change.

“I do see in the future that we're likely to see cyberattacks as a way to amplify the traditional kind of attacks that they conduct, as well as a continuation of nuisance and harassment types of tactics,” Bacon said.