Abstract
The 2007 cyber attacks against Estonia were a prime example of how hackers can operate within a nation’s cyber domain. Looking at today’s cyber landscape, it would seem that the tools needed for an offensive cyber operational capability are readily available to a properly motivated extremist organisation. Reports and articles about hacking and cyber security from think tanks and popular publications focused on technology and business tend to reinforce such a perception. In the nexus of cyber and physical and especially in the context terrorism, given the availability of offensive cyber capability, it is unclear why more extremist organisations are not engaging in offensive cyber operations. To investigate this anomaly this study employed a structured expert elicitation to identify a set of variables that would assist in determining an extremist organisation’s likelihood of choosing to engage in cyber attacks. The results revealed that while there are points of convergence as well as extreme divergences in the assessment, level of Internet presence, access to human resources, and human resource available (internally to the organisation) were assessed to have the most explanatory power for determining an extremist organisation’s likelihood for engaging in offensive cyber operations.