The CICTE Secretariat and the Council of Europe (CoE) organized jointly a Conference on Terrorism and Cyber Security for 81 member states, funded and hosted by the Government of Spain in San Lorenzo de El Escorial, Spain, April 16-17, 2009�the first such joint conference of the two organizations.  Organized under the Spanish Chairmanship in the Council of Europe Committee of Ministers, the conference was borne out of a growing partnership between the CICTE Secretariat and the Council�s Committee of Experts on Terrorism (CODEXTER). Participants totaled more than 150 and included policymakers and experts from the CoE and OAS Member and Observer States, and representatives of several international organizations, the private sector and academia.  

The conference was opened by Spain�s Attorney General C�ndido Conde�Pumpido, CoE Secretary General Terry Davis, CICTE Chair and Mexican Deputy Attorney General Juan Miguel Alcantara Soria, UN CTED Executive Director Mike Smith, and Spain�s Director General of Terrorism and Strategic Affairs in the Foreign Ministry Carmen Buj�n Freire.

The conference focused on ways in which the Internet is misused by terrorist organizations and their supporters, and the numerous risks that this poses.  The use of the Internet by terrorists as a tool for supporting or perpetrating their activities, and the potential for cyber attacks by terrorists against critical infrastructure, are among the primary challenges.

Presentations and subsequent discussion highlighted the presence of terrorist organizations on, and use of, the Internet for the dissemination of propaganda related to ideology and activities, as a means of promoting radicalization within target communities, as a forum for recruitment and training, and as a tool for all aspects of the financing of terrorism. 

To confront these challenges experts proposed a range of innovative solutions that go beyond the purely technical; among these deterring the production of extremist materials, promoting self-regulation of on-line communities, and seeking to advance a positive counter-narrative to extremist messages.

A case study illustrated the numerous challenges for law enforcement and prosecutors in investigating and prosecuting terrorist use of the Internet.  The transnational nature of terrorist activities on-line and the volume and technical sophistication of the evidence that can be collected necessitate active cooperation between investigators and prosecutors, both at the national and international levels.    

It was noted that at the international level particular attention should be paid to enhancing the efficiency and rapidity of cooperation between appropriate authorities and other stakeholders.  This can be achieved through the active use of existing tools, networks, and relevant legal instruments for international cooperation; enhanced early dialogue among counterparts in distinct jurisdictions; and more active involvement of technical experts.

Engagement with the private sector and civil society is key to denying terrorist groups a platform for disseminating their radical message and inciting violence, as well as for presenting a counter-narrative to these groups� and their supporters� efforts to promote radicalization and recruit support on-line.

While terrorist organizations appear to be motivated to launch cyber attacks against critical infrastructure and other information systems, there is a general consensus that at the present time their ability to affect large-scale disruption or destruction via cyber means appears to be limited.  A more immediate threat is that of a cyber attack combined with a physical attack � for example on physical critical infrastructure such as a nuclear or other energy facility � which could prove particularly difficult to confront and have a potentially devastating impact.  However, as the capabilities of terrorist groups to perpetrate cyber attacks are likely to increase in the future, the international community should prepare for and remain vigilant against the threats such attacks pose.  While protective measures are essential in this regard, additional emphasis should be placed on developing the capabilities and mechanisms to ensure resilience in the face of an attack.

Both governments and private sector stakeholders have a key role to play in this regard.  States should establish and develop a national Computer Security Incident Response Team (CSIRT) to serve as a focal point for the exchange of information regarding cyber incidents affecting critical information infrastructure and to coordinate incident response and mitigation among affected stakeholders.  Enhanced partnership between the public and private sectors is also essential, given that private sector entities comprise a majority of stakeholders in the area of critical infrastructure.  Moreover, the transnational nature of cyber threats requires that there be effective regional and international networks to promote cooperation and information-sharing among national CSIRTs. 

A comprehensive national cyber security strategy is vital for coordinating national efforts in the areas of legislation, law enforcement, private sector and civil society engagement, and the development of watch, warning and incident response capabilities.  With this in mind, the CICTE Secretariat is collaborating with the CITEL and the REMJA Group of Experts on Cybercrime to organize an OAS-wide workshop on developing a comprehensive national approach to cyber security, to be held in September of this year.