This is the mobile-friendly web version of the original article.

Deterrence and Response Improvements for a Large-Scale Cyberterrorism Attack

Walden University

ScholarWorks

Walden Dissertations and Doctoral Studies, Walden Dissertations and Doctoral Studies Collection

2021

Harrison Cunningham

Walden University

Video: Desmond Pittman, Shine On Walden University :60

This Dissertation is brought to you for free and open access by the Walden Dissertations and Doctoral Studies Collection at ScholarWorks. It has been accepted for inclusion in Walden Dissertations and Doctoral Studies by an authorized administrator of ScholarWorks. For more information, please contact [email protected].

1. Abstract
2. Acknowledgements
3. Table of Contents
4. List of Tables
5. List of Figures

Walden University

College of Social and Behavioral Sciences

This is to certify that the doctoral dissertation by

Harrison E. Cunningham

has been found to be complete and satisfactory in all respects, and that any and all revisions required by the review committee have been made.

Review Committee Dr. Glenn Starks, Committee Chairperson, Public Policy and Administration Faculty

Dr. Christopher Jones, Committee Member, Public Policy and Administration Faculty

Dr. Joshua Ozymy, University Reviewer, Public Policy and Administration Faculty

Chief Academic Officer and Provost Sue Subocz, Ph.D.

Walden University 2020

Abstract

A successful large-scale cyberterrorism attack has never been conducted against the United States, yet cyberterrorism is a real and evolving threat. The United States assumes a largely defensive posture toward the thousands of daily cyberattacks conducted against the country, allowing cyberterrorists to probe and execute cyberattacks with broad impunity. The United States would most likely respond to a successful large-scale cyberterrorism attack within a framework of regulations concerning physical acts of terrorism since no policy exists on how to respond to major cyberterrorism attacks. The purpose of this qualitative study was to explore the perceptions of U.S. terrorism and cybersecurity experts to understand how the country might better prevent, cope with, and respond to a large-scale cyberterrorism attack. Punctuated equilibrium theory provided a lens to understand the relationship between policy information flow and politically driven change to guide this study. Data were generated through one-on-one semistructured telephone interviews from nine cybersecurity and terrorism experts. These data were then coded and analyzed to interpret patterns and generate themes. Results indicated that the United States should not consider specific large-scale cyberterrorism attack response options since terrorists likely do not yet possess the capabilities to carry out a cyberattack. However, the country could do much more to prevent destructive cyberattacks, to include eventual cyberterrorism attacks, through deterrence. The implications for positive social change include improving the collective national cyber defense, from small private companies to large government organizations. This study can also raise U.S. policymaker cyberterrorism awareness through more extensive education and improved synthesis of cyber related information to support accurate determinations.

Deterrence and Response Improvements for a Large-Scale Cyberterrorism Attack by Harrison E. Cunningham

MS, Troy University, 2014 MA, The University of Oklahoma, 2011 BA, Boston University, 2006

Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Public Policy and Administration

Walden University February 2021

Acknowledgements

Many thanks to my committee chair, Dr. Glenn Starks, for instilling in me the confidence to pursue this dissertation with a purpose. Also, thanks to Dr. Christopher Jones for the perpetual encouragement and impeccable advice from the beginning. Lastly, thank you to Dr. Joshua Ozymy for compelling me to reevaluate aspects of this dissertation to make it a much better final product.

Table of Contents

• List of Tables
• List of Figures
• Chapter 1: Introduction to the Study
  • Background of the Study
  • Problem Statement
  • Purpose of the Study
  • Research Question
  • Conceptual Framework
  • Nature of the Study
  • Definitions
  • Assumptions
  • Scope and Delimitations
  • Limitations
  • Significance of the Study
  • Summary
• Chapter 2: Literature Review
  • Research Problem and Purpose
  • Literature Search Strategy
  • Theoretical Foundation
    • Overview and Key Framework Proposition
  • Literature Review Related to Key Concepts
  • Rationale and Relevance of Framework
    • Cyberwarfare
    • Terrorism
    • Cyberterrorism
    • Deterrence
  • Summary
• Chapter 3: Research Method
  • Introduction
  • Research Design and Rationale
  • Role of the Researcher
  • Methodology
    • Participant Selection
    • Instrumentation
    • Procedures for Data Collection
    • Data Analysis Plan
  • Issues of Trustworthiness
    • Ethical Procedures
  • Summary
• Chapter 4: Results
  • Introduction
  • Study Setting
  • Demographics
  • Data Collection
  • Data Analysis
    • Discrepant Cases
  • Evidence of Trustworthiness
    • Credibility
    • Transferability
    • Dependability
    • Conformability
  • Study Results
    • Theme 1: Terrorists’ Cyber Capabilities
    • Theme 2: Large-Scale Cyberterrorism Attack Probability
    • Theme 3: Large-Scale Cyberterrorism Attack Likely Responses
    • Theme 4: Cyberterrorism Prevention Measures
    • Theme 5: Cyberterrorism Policy Agendas
    • Theme 6: International Cyberterrorism Considerations
  • Summary
• Chapter 5: Discussion, Conclusions, and Recommendations
  • Introduction
  • Interpretation of the Findings
  • Limitations of the Study
  • Recommendations
  • Implications
  • Conclusion
• References
• Appendix A: Interview Protocol
• Appendix B: Interview Questions
• Appendix C: Second Cycle Codes

List of Tables

Table 1. Demographics of Participants

Table 2. Interview Statistics

List of Figures

Figure 1. Code Development

Figure 2. Themes, Categories, and Codes