An interesting debate about this yesterday in my class on terrorism: can cyber attacks be considered terrorism?
I took a very narrow definitional approach to answering this question and not everyone agreed with me. My take was that cyber attacks can be considered terrorism only if they meet what we might consider the standard definition of the phenomenon: the use or threat of violence by a non-state actor with the intent of creating fear in an audience for a political objective.
Of course much of this definition can be contested, but the biggest area of debate in class was over "violence". My position was that terrorism is terrifying precisely because it creates a fear of physical harm in the audience. If an action does not seek to create such fear, it's not really terrorism. So defacing a website, or hacking into a server for information, by a terrorist group is not terrorism. Hacking an air traffic control system with the intent of causing planes to crash would be terrorism.
Given this definition, has there ever been any cyberterrorism? I cannot think if a single event that would qualify as cyberterrorism. Perhaps my recall or imagination are limited. Or it could be that some want to magnify the problems of information security and assurance by attaching the label "terrorism" to it? After all, terrorism is a bad thing, and a pretty serious bad thing at that. So calling the problem that you think about all day "terrorism" might have some inadvertent appeal. Just be careful to make this claim on my final exam.