Advances in computer technology, coupled with the widespread availability of inexpensive, effective development tools and the availability of free knowledge on the Internet, have allowed cyber terrorists to improve their methods and conduct attacks remotely, damaging their intended targets. This opens up new opportunities for individuals and groups willing to engage in illegal activities to advance their shared goals, beliefs and agendas, invisible and often undetected through cyberspace, thereby creating new varieties of criminal threats. Generation of cyber terrorism; use of cyberspace to carry out activities classified as “terrorist”. Cyber terrorists can launch attacks through cyberspace and the virtual world, uniting the physical world and cyberspace [ 1 ]. Connectivity has become a central element of government institutions, critical infrastructures (telecommunications networks, finance, transportation and emergency services), culture and education. [ 2 ] Many critical private, public, national and military infrastructures can be vulnerable to cyberattacks as they continue to rely on legacy traditional security solutions rather than comprehensive and sophisticated cyber defense [ 3 ]. Cybercrime, cyberterrorism, and cyberwarfare are all common topics in the cybersecurity field. Physical terrorism and cyber terrorism have some common elements and a common goal, namely terrorism. However, cyber terrorism remains a vague concept, and there is a lot of controversy around its precise definition, goals, risk factors, characteristics and preventive strategies [ 4 ]. Cybercrime and cyberterrorism are often used interchangeably, or the term “cybercrime” can be used to refer to cyberterrorism, thereby blurring the distinction between the two, especially for the general public. Cyberattacks are still considered one of the highest priority risks for national security around the world [ 5, 6 ].

Despite the inherent advantages of information technology, dependence on information technology has made countries and societies far more vulnerable to cyberattacks such as computer intrusions, program encryption, undetected internal threats in network firewalls, or cyber terrorists. The decentralized nature of the Internet, on the one hand, ensures the relative anonymity of users, and on the other, makes it insecure and illsuited for tracking intruders or preventing their abuse by the internal openness of cyberspace [ 7,24-26 ].

Most researchers agree that a precise definition of cyber terrorism is needed, both for theoretical research and for the implementation of practical applications. At the same time, it is emphasized that this concept is multidisciplinary in nature, and should reflect the legal, economic, technological aspects of the problem. The definition should indicate the main characteristics or principles of the concept, as well as the range of real or potential scenarios to which the term cyber terrorism can be applied [ 8,27 ]. Defining cyber terrorism is even more difficult due to its abstract nature associated with understanding how certain incidents occur in cyberspace. Without a clear definition of the basic concepts, researchers cannot analyze the same sentences, therefore conceptualization is a necessary initial stage of research.

Since cyber terrorism is a combination of the terms “cyberspace” and “terrorism”, it is important to clearly define these terms.

"Cyber" in cyber terrorism refers to cyberspace. It is a prefix that is commonly added to a number of subgroups dealing with issues in the cybersecurity discourse, including, but not limited to, cybercrime, cyberwar, cyber espionage, and of course cyber terrorism. Cyberspace, unlike terrorism, is an accepted term. It refers to the virtual world, including the Internet and other computer communications infrastructure, which consists entirely of computers, algorithms, computer networks and data. According to [ 9,28 ], a cyberattack is “a deliberate computer-to-computer attack that disrupts, disables, destroys, or takes over a computer system, or damages or steals the information it contains”. While cyberattacks themselves take place in cyberspace, they can have repercussions in the physical world.

Unlike cyberspace, terrorism is a term for which there is no agreed definition. However, there are a number of similar aspects that are broadly agreed upon. [ 10,23 ] contains a definition and criteria for what constitutes terrorism: «...the deliberate creation and exploitation of fear through violence or threat of violence in the pursuit of political change. All terrorist acts involve violence or the threat of violence. Terrorism is specifically designed to have farreaching psychological effects beyond the immediate victim(s) or objects of the terrorist attack. It is meant to instill fear within, and thereby intimidate, a wider “target audience” that might include a rival ethnic or religious group, an entire country, a national government or political party, or public opinion in general. Terrorism is designed to create power where there is none or to consolidate power where there is very little. Through the publicity generated by their violence, terrorists seek to obtain the leverage, influence, and power they otherwise lack to effect political change on either a local or an international scale.»

In this way, terrorism is separated from other types of crime and irregular warfare (see Table 1). For a response, having a criterion to distinguish terrorists from other threats is of particular importance in cyberspace, where attribution can be particularly difficult.

Based on the definition of terrorism, a set of criteria for cyber terrorism can be formed (see Table 2). Conducted either by an organization with an identifiable chain of command or conspiratorial cell structure (whose members wear no uniform or identifying insignia) or by individuals or a small collection of individuals directly influenced, motivated, or inspired by the ideological aims or example of some existent terrorist movement and/or its leaders

The authors of the book [ 17 ] propose to consider all actions carried out by a terrorist cell or an individual via the Internet as cyber terrorism. The UN Office on Drugs and Crime has classified six ways the Internet is used for terrorist activities: propaganda (recruitment, radicalization and incitement); financing; preparation; planning (through secret communication and information from open sources); execution; and cyberattacks.

Depending on the criminals involved and their motivation, cyber attacks can be classified into the types of cyber threats presented and defined in Table 3.

Definition the emergence of popular political action, of the self-activity of groups of people, in cyberspace. It is a combination of grassroots political protest with computer hacking. Hacktivists operate within the fabric of cyberspace, struggling over what is technologically possible in virtual lives, and reaches out of cyberspace utilising virtual powers to mould offline life. Social movements and popular protest are integral parts of twenty-first-century societies.

The structure reflecting the main objects and processes of cyber terrorism to be modeled is shown in Fig. 1. It consists of three main sections: Operating Forces, Techniques и Objectives.

Five forces are considered: characteristics, purpose / focus, types, capabilities and social factors. Each workforce, in turn, has a number of related subclauses. Operational forces provide the context in which cyber terrorism operates. Various high-level techniques are presented. These high-level techniques are supported by a variety of information gathering and computer and network security techniques. The objectives are similar to the motivation for standard terrorist activities, although there are some differences to show more pronounced intent.

The framework's contribution is to organize the area of cyber terrorism and provide its context for analytical review and in-depth modeling. The operational forces describe the various benefits of using cyberterrorism, the intended systems to be attacked, and the terrorist's mindset. The "Techniques" section discusses the classification of attack tactics. The "Objectives" section discusses the immediate objectives of the attacker and also distinguishes between cyberterror activities and helper functions that can be used by computers and networks (which are often confused with cyberterrorism). This discussion helps to clarify important details regarding the functional thinking of cyber terrorists, as well as clarify which aspects of cybercrime and hacking will be used.

Cybercrime, regardless of how it is defined or classified, can have devastating consequences for computerized networks. Until a universally effective solution to this universal problem is found, the strength of a cybersecurity governance regime will depend on an information security management system that emphasizes a comprehensive cyber risk assessment that takes into account all possible threats to an organization's business, including internal and external threats. Modeling the technologies and processes for conducting cyberattacks, and not least the behavior of attackers, should lead to the construction of effective systems for ensuring the cybersecurity of critical infrastructures. The classification of cyber threats given in the article, the definition of cyber terrorism and its characteristics should focus the attention of the model developer on the processes and entities that should be reflected in the models of cyber terrorism in the first place.