Cyber-Terrorism: Exploration of Typology for Jurisprudence

by

Jean-michel Newberg

CyJurII Theorist

on 2 April 2026

Abstract

Terrorism has remained a deeply contested term for decades, with no consensus emerging from international legal discourse, along with the absence of universally accepted definition in international law. This ambiguity is compounded further in the cyber domain. This Insight examines the typology of 'terrorism' and argues that genuine acts of cyber-terrorism have already occurred. Building on this foundation, the definition of 'cyber-terrorism' is refined and narrowed to align with established terrorism typologies, supported by real-world examples. The Insight concludes by proposing a structured analytical test to assist jurists in determining whether a given case warrants classification as cyber-terrorism.

Keywords: Terrorism; cyber-terrorism; typology; cyber-physical systems; international law

 1.  Introduction

Definitions and typologies of cyber-terrorism have been debated for decades, yet no consensus has emerged within international legal discourse. This lack of definitional clarity is compounded by persistent disagreements surrounding the constituent elements of both “terrorism” and the “cyber” domain.[1] Problems further arise from contentions upon both “cyber” and “terrorism” on their own:

-            Defining “terrorism” is one of the most contentious debates in antiterrorism academic discourse that continues to further plague international law.[2] For this reason, the definition of “terrorism” is narrowed to “The intentional use of, or threat to use violence against civilians or against civilian targets in order to attain political ends.”[3] In other words, an act of terrorism must meet all the following criteria:

o   Must be an intentional act.

o   Must threaten or enact physical violence against civilians (or civilian targets such as critical infrastructure).

o   Must be to achieve a political goal.

-            “Cyber” is defined as “of, relating to, or involving computers or computer networks (such as the Internet)”.[4] Since computers and their networks are all based on computer technologies, an act of cyber-based terrorism must necessarily involve the use of such technologies.

-             While “cyber” is more easily agreed upon by the academic community, the central challenge lies in ensuring that “cyber-terrorism” is not over-inclusive because a definition of “cyber-terrorism” must limit cyber events to only those that can be included in the narrowed definition of “terrorism” and exclude potentials from other cybercrimes such as cyberbullying, cyber warfare, and other forms that may be mistaken for cyber-terrorism.

 2. Typologies of terrorism

When exploring different types of terrorism, patterns emerge between the distinct types. Categorizing these forms of terrorism into typologies can then be used to group similar characteristics:

“(i) Perpetrator-centered typologies: Regime repressive state terrorism, non-state terrorism, anarchist terrorism, social-revolutionary left-wing terrorism, racist/xenophobic right-wing terrorism, ethno-nationalist separatist or irredentist terrorism, vigilante revenge terrorism, lone wolf/actor terrorism, organized crime related narco-terrorism, state-sponsored foreign terrorism. 

(ii) Methods and tactics-centered typologies: insurgent civil war terrorism, warfare inter-state war terrorism, nuclear terrorism, suicide terrorism, sexual terrorism, cyber terrorism.

(iii) Motive-centered typologies: political terrorism, revolutionary terrorism, religious fundamentalist terrorism, theoterrorism, eco-terrorism, single issue terrorism, idiosyncratic e.g., mental illness-related terrorism. 

(iv) Location-centered typologies: domestic (national) terrorism, urban terrorism, transnational terrorism and international terrorism.”[5]

 3. Towards a Functional Definition of Cyber-terrorism.

Drawing together the definitional elements of “terrorism” and “cyber”, a more precise formulation of cyber-terrorism may be advanced:

“The intentional use of, or threat to use computer technology that possesses the ability to cause physical harm against civilians or against civilian targets in order to obtain political ends.”

Each component of this definition is cumulative:

-            “The intentional use of, or threat to use” meets the “Must be an intentional act” requirement for “terrorism”.

-            “computer technology that possesses the ability” meets the “Must use computer technology” requirement for “cyber” while limiting the technologies to only those that can cause physically harm.

-            “to cause physical harm against civilians or against civilian targets in order to attain political ends” meet the last two requirements for “terrorism”.

This narrowing refinement is not merely semantic; it determines whether conduct falls within terrorism frameworks under international or domestic law or is instead classified as cybercrime or cyber warfare.

 3. Cyber-terrorism Across Typologies

Advances in technology have altered the “cyber” potential to fit into any of the four typological categories of terrorism:

-            Type I (Perpetrator): Focuses on the “Who” of the terrorism act.

o   One unique insight into this Type is all above examples are conducted by biological humans. However, with the rise of artificial intelligence (AI) and autonomous agentic AI, cyber technology can presently make decisions modeled after the neural network of a biological human brain while still remaining a cyber-based product.[6]

-            Type II (Methods/Tactics): This is the historic typology for cyber-terrorism. The focus here is on “How” the terrorism act is being conducted.

o   An example of this occurred when a narco-terrorism attack occurred in Mexico that targeted a governmental prosecutors office.[7]

-            Type III (Motive): “Why” terrorism is conducted. This kind of cyber-terrorism lens looks for terrorism acts conducted for/against cyber-based motivations.

o   An example of this is the Unabomber’s (Ted Kaczynski) mail bombing campaign as he believed cyber technology was destroying the natural environment.[8]

-            Type IV (Location): Cyber-terrorism is conducted in its own unique location: cyberspace. Cyberspace is considered the “fifth” dimension in conflict and war operations, including irregular warfare and terrorism.[9] Terrorism acts conducted in cyberspace are near-real time and can deploy, operate/conduct, and evolve in any location with access to a cyber-based network connection (including connections to and from interplanetary space stations).

 4. A Structured Test for Cyber-terrorism

To ensure doctrinal clarity, this Insight proposes a five-part cumulative test. A given act constitutes cyber-terrorism only if all conditions are satisfied:

-            Must be an intentional act.

-            Must threaten or enact physical violence against civilians (or civilian targets such as critical infrastructure).

-            Must be to achieve a political goal.

-            Must use computer technology that possesses the ability to cause physical harm.

 For this, five close-ended questions can and must be answered for determination:

 1.       Did any physical violence occur?: This is the most important thing to discern. If the answer is “no”, then the case must be treated as another type of crime, even if cyber technology was utilized.

2.       Did the physical violence occur directly as a result of computer technology?: Simply using computer technology in an act that can be considered terrorism does not mean it should be labeled as “cyber-terrorism”. For example, if a terrorist uses a computer to communicate messages during an attack carried out by firearms, this doesn’t make it “cyber-terrorism”. Violence must occur directly as a result of computer technology. This is generally something only cyber systems that can interact kinetically with the physical world can achieve (AKA cyber-physical systems).

3.       Was violence intentional? Sometimes a cyber-attack can result in loss of life even if it wasn’t the intent.

a.       For example: In 2019, a hospital in Alabama was attacked by a hacker who shut down the computers in an attempt at fiscal extortion. This attack resulted in reduced care to patients which allegedly caused a newborn baby to receive a severe brain injury and die.[10] While this is a cybercrime of severe consequences, it is highly questionable if causing people to receive an injury and/or die was the intent. While this is a severe crime (possibly several crimes) and is in part due to a cyber entity, it is not cyber-terrorism.

4.       Was the attack conducted against civilians or civilian targets? Terrorism requires violence against civilians or critical infrastructure. Attacks again non-civilians (such as military) must be labeled as something outside of “terrorism” and therefore do not meet “cyber-terrorism”.

5.       Did the attack occur to achieve a political end? Going back to the Alabama hospital incident, the crime occurred for the purposes of financial gain and not a political goal and the crimes should not fall under “cyber-terrorism”.

 If, and only if, the answer to these five questions is all “Yes”, then the case can be labeled as “cyber-terrorism”. Accordingly, this framework excludes borderline cases such as ransomware attacks causing indirect harm without intent to injure, while preserving the conceptual integrity of cyber-terrorism as a distinct legal category.

5. Conclusion

As technology continues to evolve in the cyber space environment, the potential for cyber-terrorism grows. By establishing a functional and precise definition the international community can use, the foundation for future frameworks to accurately distinguish cyber-terrorism from other cybercrimes has a foundation. The five determinative questions provided offer a practical tool for law enforcement, policymakers, and researchers a prerequisite for a coherent response to one of the most dynamic security challenges of the modern era.

End notes

[1]  International Center for Counter-Terrorism and Schmidt AP, ‘Defining Terrorism’ (ICCT 2023) <https://doi.org/10.19165/2023.3.01> accessed 14 February 2026

[2]  Schmidt (n 1)

[3]  Ganor B, ‘Defining Terrorism: Is One Man’s Terrorist Another Man’s Freedom Fighter?’ (2002) 29 Media Asia 123 <https://www.proquest.com/scholarly-journals/defining-terrorism/docview/211523623/se-2?accountid=44888>

[4]  ‘Definition of CYBER’ (24 March 2026) <https://www.merriam-webster.com/dictionary/cyber> accessed 29 March 2026

 [5]  International Center for Counter-Terrorism and Schmidt AP, ‘Defining Terrorism’ (ICCT 2023) <https://doi.org/10.19165/2023.3.01> accessed 14 February 2026

[6]  Henschke A, ‘Terrorism and the Internet of Things: Cyber-Terrorism as an Emergent Threat’ in Adam Henschke and others (eds), Counter-Terrorism, Ethics and Technology (Springer International Publishing 2021) <https://doi.org/10.1007/978-3-030-90221-6_5> accessed 29 March 2026

[7]  ‘Drone Attack Hits Prosecutor’s Office near U.S. Border in Mexico - CBS News’ (16 October 2025) <https://www.cbsnews.com/news/drone-attack-prosecutors-office-mexico-us-border/> accessed 29 March 2026

[8] Kaczynski TJ, ‘Industrial Society and Its Future’ (1995)

[9] Bunker RJ and Heal C ‘Sid’, Fifth Dimensional Operations: Space-Time-Cyber Dimensionality in Conflict and War-A Terrorism Research Center Book (iUniverse 2014)

[10] ‘Baby Died Because of Ransomware Attack on Hospital, Suit Says’ (NBC News, 30 September 2021) <https://www.nbcnews.com/news/baby-died-due-ransomware-attack-hospital-suit-claims-rcna2465> accessed 29 March 2026