ABSTRACT
The US Central Intelligence Agency (Pappas and Simon 2007) has stated that terrorist organisations are seeking to develop their abilities to use computers and the Internet as weapons for executing cyberattacks. While the cost-benefit argument still holds true generally, the Stuxnet malware discovered in 2010 has dramatically changed the cyber security field. This chapter revisits and updates the cost-benefit argument against cyberterrorism, taking into account known details about Stuxnet. It examine the implications of terrorist malware cost model (MCM) to make predictions about the feasibility and likelihood of weaponised malware being used for future cyberterrorist attacks. Malware is significantly different from traditional PC software in a number of ways. An analysis of Stuxnet costs, according to the MCM proposed here, generally reinforces the cost-benefit argument that for the time being the costs of cyberterrorism (at least by malware) are very unfavorable compared to traditional kinetic terrorist attacks.
