excerpt from the "Cyber Strategy & Policy Brief (Volume 13/14 - January/February 2017)"
The tragic succession of terrorist events hitting Europe in the last years and still openly threatening Europe stability has led to a mostly shared reaction by member States toward the intensification of measures to contrast terrorism, both within the territory of each single State and on the Internet.
Yet, the first thing to be stressed is that no real terrorist attacks against information systems of national strategic relevance have been carried out so far, and actually ISIS online activities have always been exclusively confined to propaganda, proselytism, radicalization, first stage of recruitment and training, fund raising and operational planning of future terrorist actions.
In fact, despite the media depict ISIS as capable of conducting significant cyber attacks, such as attacks to critical national infrastructures or capable of autonomously manufacturing cyber weapons, as a matter of fact this terrorist organization has not yet raised the bar at all.
Even in case terrorist attacks have actually been carried out, their threat level has never exceeded the threshold of the so-called merely disturbing activities. In fact, all the computer attacks detected and ascribable to ISIS fall under the categories of mere Distributed Denials of Service (moreover, accomplished by means of very simple tools such as the recent software "Caliphate Cannon"), defacement of websites or social network accounts of several governmental agencies, or at most leakage and disclosure of personal data of governmental, military or public security personnel.
As already analyzed in February 2016 issue of Cyber Strategy and Policy Brief, what ISIS is more focused on, instead, is finding the most secure methods and means of communications possible.
It is in fact by using the Internet as a crucial means to recruit new supporters that in some cases some ISIS members have been identified, geolocated, and even killed, due to the high levels of exposure on the net.
Nonetheless, although propaganda and then the media describe ISIS as capable of developing software completely securing communications among the members of the terrorist group - as in the recent case with the mobile app called Alrawi - there is actually no trace on the Internet of such software nor of the Alrawi app. On the contrary, all the information available in the field of secure communications leads to believe that the popular and common mobile apps Conversation, Signal, Telegram and Threema are also used by ISIS. All the rest is merely propaganda.
Notwithstanding, policymakers around the world have always reacted to terrorist attacks exclusively by granting broader and more effective powers to their administrations, so that they can restrict access to websites visited by ISIS militants to carry out the above-mentioned activities.
The only goal is in fact to conduct stricter controls of the Internet, and, if necessary, immediately ban those websites identified as vehicles to spread terrorist ideology, recruit possible martyrs-to-be or raise funds. It is easy to gather that all the above is especially due to the highly effective and socially penetrating role played by ISIS propaganda through the Internet.
As things stand now, however, basing a repression strategy exclusively on this kind of activities, just contrasting them in such a broad and complex environment as the Internet - which moreover can offer simple and easy ways out to those under investigation - makes the traditional investigative and repression methods look particularly "rudimentary", expensive and in many cases ineffective, if not marginally and for short periods of time.
Indeed, just hindering or completely and indiscriminately denying access to those websites whose "service" to the community consists of providing propaganda and ideological radicalism, by filtering or even shutting down such virtual spaces, cannot but damage the effectiveness itself of any investigations carried out until then.
The result shall therefore be no other than having that website shut down - most of the times without the authors of those illicit actions even being actually tracked and arrested. In addition, that very website shut down will almost immediately be reopened somewhere else, maybe duplicated at the same time in several areas of the Internet - so that the jihadist network no longer loses continuity in the flow of information - while investigations shall start again from scratch as if nothing had happened.
Conducting effective counter terrorism on the Internet means inevitably acting on more levels, equally relevant and interlinked, always bearing in mind that such phenomenon is linked to the "virtual" and "real" world as well. Hence - it must be specified, although it might seem granted - any contrast attempt started on the Internet shall inevitably find its way and material continuation also in the real world.
Based on the analysis carried out so far, the following strategic guidelines can outline a correct approach to contrast such phenomena:
1. Analyze and figure out the peculiarities of the threat and the goal ISIS intends to fulfill through the Internet, as well as the characteristics of its militants.
It is in fact undeniable that some of ISIS peculiarities greatly differ from those typical of other guerrilla/warrior groups or well-known terrorist organizations. Inter alia, particular attention must be paid to the fact that today most of those willing to become ISIS affiliates or militants are not driven by the wish to embrace a radical Islamic ideology nor to safeguard shared cultural origins, but are rather simply fascinated by captivating and appealing symbols and stories learnt on the Internet.
2. Start procedures aimed at deterring ISIS militants.
Removing specific contents from a website, infiltrating special agents in online jihadist networks, as well as immediately introducing - and making it public - criminal liability for terrorism-related crimes (especially with regard to crimes of opinion such as incitement or subversive propaganda) are undoubtedly the three main pillars to start from so as to set up an effective deterrence strategy against ISIS militants. This, in order to stop promoting new supporters, destabilize the jihadist network and the existing relationships of trust, as well as stem online activities of its militants, who are mainly second-generation individuals, which is European/Western citizens.
3. Conduct counter-propaganda and promotion of positive messages through the Internet.
Given ISIS almost spectacular communication level on the Internet and the consequent very high likelihood of impact such propaganda might have on some kinds of users, the appeal of these messages should be reduced not only through real counter-propaganda (i.e. see the videos uploaded online by the U.S. Government) but also by promoting positive messages for those not included in the jihadist network or who intentionally dissociate from it.
4. Increase Internet Service providers (ISPs) and users´ awareness and sensitivity levels towards such issues.
Given the material impossibility for Governments and their Police Forces to constantly and effectively monitor cyberspace as a whole, the foundations must be laid at soonest of a system based on self-regulation of the contents to be managed by the very Internet Service Providers (ISP), to which some responsibilities with regard to cooperation and contrast in this field shall be delegated.
In addition, the need to create also preconditions for the creation of a "bottom-up" self-defence system is clear, a system to be based on end users of the Internet, raising their awareness of the phenomenon, and providing them with simple and easy tools to report any possible contents considered to be dangerous and/or inopportune.
5. Carry out more and more dedicated diplomatic missions with allied countries in order to prevent and contrast ISIS propaganda and ideological radicalization on the Internet.
A further and essential requirement is to raise awareness of the Governments of allied countries towards this kind of threats, suggesting shared strategies and solutions. Such a strategic element is essential as never before and in some cases becomes even a prerequisite for any other activity, due to the global scope of the threat, that - by means of the so-called "second-generation terrorists" - concerns all Western countries, as well as because of ISIS well-grounded capabilities to attract more and more people on the Internet, or the fundamental need to cooperate so as to help investigate and repress such phenomenon.
6. Cut the funds fuelling ISIS terrorist activities.
An effective yet surely complex move is to hit the bank accounts of ISIS leaders and their financing subjects so as to drain them or in any case alter their capacity (currently estimated at over 2 billion dollars). Moreover, such a move is inevitably based on solid international cooperation relationships. Nonetheless, reducing even just a part of the funds available for Islamic terrorists means inevitably reducing the main resource fuelling, promoting and driving this kind of conflicts. Besides, this stratagem is not new at all in history (as shown by the plans to remove first Milosevic in 1999, then Saddam Hussein in 2003, and finally Gheddafi in 2011), and nowadays might be put into practice even just through targeted cyber attacks.
To conclude, and as already mentioned, it needs to be always borne in mind that such phenomenon is linked to the "virtual" and "real" world as well, that has always been the real goal of propaganda and ideological radicalism through the Internet, as well as the next step to be taken, ideally.
Therefore, the strategy outlined so far cannot but represent a small part of a much wider strategic contrast concept, aimed at stemming, preventing and hitting ISIS militants´ actions on the Internet, but also and especially within the territory of each single state and in the occupied territories.