Estonia readies for the next cyberattack

Estonia's defense minister says the questions is not if, but when another attacks will occur.

More than anyone else, Jaak Aaviksoo has first-hand knowledge of what a cyberwar might feel like. In April 2007, Estonia's banking, media and government presence online was disrupted by several waves of distributed denial of service attacks that knocked services offline. The country is heavily wired -- 90 percent of all financial transactions are conducted over the Internet and 70 percent of the population files their tax returns electronically -- so the incident was widely felt by the country's 1.3 million citizens.

Estonia's cyber meltdown coincided with major civil unrest. Protests by Russian nationals, unhappy at the government's decision to relocate a Soviet military war memorial to a less-prominent location, had flooded the streets of Tallinn. The country's Russian embassy was blocked by protesters too.

By hobbling Estonia's online infrastructure at such a time, the cyber-attackers hoped to make it look like the Estonian government was losing its grip on the situation, according to Aaviksoo, who is Estonia's defense minister and managed the country's response to the incident. "The virtual medium has become an inseparable part of real life in real space," he said, speaking earlier this month at Stanford University. "So those attacks ... were aiming at the credibility of the Estonian government."

Security analysts dispute whether the Estonian attacks were, in fact, cyberwar, but in many ways that's beside the point. In the online world, everything is murky. Criminals can hop between countries and launch attacks from hacked machines, making it hard to figure out who they are or even where they come from. According to Aaviksoo, whether the 2007 incident was actually cyberwar is still "an open question."

Has Estonia learned much about this type of warfare in the three years since the attacks? Certainly. But in this edited interview with Aaviksoo, he says that in some ways the country could be doing more to prepare for the next major cyber-incident, which he says will inevitably come about.

IDG News Service: There are regions in the world where it's difficult to get action on cybercrime. What can we do to put pressure on places like Moldova or Ukraine, where hackers are never arrested?

Jaak Aaviksoo: It's not that easy. There are two reasons for that. Some of those countries have many more serious problems than cybersecurity and cybercrime legislation. Secondly, sometimes there are only claims that people are acting from those geographic locations. We can't prove that.

Like there are safe havens for terrorism -- I mean, Afghanistan is one example, Yemen is emerging. We don't know about Nigeria. There are very many more safe havens in cyberspace than in real space. And even the only international working document -- the Council of Europe Convention on Cybercrime [http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CL=ENG ] -- is so far signed and ratified by 50 countries. So there's a long, long way to go, for different reasons. Sometimes there are constitutional limitations for ratifying [cybercrime law], some don't take that seriously. Some may have bad ideas about this Convention altogether.

IDGNS: How important is international cooperation to solving the problem of cybercrime?

Aaviksoo: I think it's extremely important. I don't think that we can achieve anything really without international cooperation. It's not necessarily 100 percent, so that all countries must cooperate. But clearly major countries should cooperate and make life more and more complicated for those who want to evade prosecution.

IDGNS: Did you get much cooperation from your neighbors when the attacks were happening in Estonia?

Aaviksoo: Unfortunately, not from Russia. They introduced formal excuses of not having the appropriate legal agreements in place to look into cybercrime.

IDGNS: Do you feel this has evolved at all since then? If there is another attack, will you get better cooperation?

Aaviksoo: I won't comment further. It's clearly a complicated case, not only in the case of cyberattacks in Estonia, but also in the case of cyberattacks in Georgia during the crisis. And in a few other cases, there is indirect evidence that the willingness to cooperate is not at the level which we would like to see.

IDGNS: From an international perspective, if you were to be attacked again, do you think things would be different? What's changed since then?

Aaviksoo: I think we have many more international agreements in place. We do have technology measures in place. We are able to monitor what's going on. We'd definitely be better in the assignment of the attacks; we can better follow where it's coming from. So we've done a lot of work to prevent similar things happening.

IDGNS: Estonia is the poster-child for this type of attack. What's the thing people are not getting right now? What's the most common strategic mistake that other countries are making with respect to cyberattacks?

Aaviskso: I think the biggest problem is the lack of public awareness, in the broadest sense of the term. Without public awareness and public concern, politicians tend to underestimate the threats. In a democratic society, you respond to what people ask you to do. So there is no strong pressure from the people if the awareness is not there. Somehow they need simple wake-up calls, like what happened in Estonia. And even in the case of Estonia, maybe we were not able to make full use of the momentum we gained in 2007. It's three years ago already, and nothing on that scale has happened since then, and people are saying maybe that was exaggerated, maybe it's not that serious. People are very practical, and they have a number of real-world problems. When they don't see a direct threat from cyberspace, they say maybe it's not there. And that's psychologically understandable, but that doesn't mean that we can underestimate the threats.

IDGNS: I sometimes wonder if the threats are overblown. We've had physical attacks here in the United States; we haven't had that type of paralyzing cyberattack. How much should we be worrying about it?

Aaviksoo: Much of that is hidden. I think this data is not overblown. Identity theft, intellectual property theft, credit card fraud -- it's growing. It's growing at a speed of doubling every year, or something of that kind. So unless you are hit by that kind of crime yourself, I think this is so unreal, something from far away in the expanses of cyberspace. Psychologically it's a much stronger feeling when your purse is stolen from your pocket. That makes these things complicated.

IDGNS: The great fear is that there will be critical infrastructure hit that will cause loss of life. Is that something we should worry about?

Aaviksoo: It is. Direct kinetic damage is also possible. But I don't think we should only think about loss of human lives. If money is being stolen, intellectual property is being stolen, that is also a big problem. This basically means that it drives up costs for cyber security on behalf of the individual players, so I think governments should be made responsible for securing the broader environment. Otherwise the costs by private individuals and industrial or physical people, they simply have to pay too high a price.

IDGNS: What is the chance of a repeat of the 2007 incident?

Aaviksoo: I'd say 100 percent. It depends on what timescale you think of. In the next five years, definitely. Not necessarily for Estonia, but maybe in another country. It depends on a number of circumstances. It's usually not a standalone event.

It may take place anywhere in the world. Of course, in the case of a bigger country, you need more resources to make an international security issue. With a small country, the resources may be more limited, but offensive strategies are also being developed. We know that; we know the countries who invest more. We know countries who haven't done better until recently, but now are developing also offensive capabilities, in order to simulate the offensive environment in order to develop defensive technologies. So it's clearly an emerging battlefield.

IDGNS: Are you developing offensive capabilities?

Aaviksoo: We work on simulating hostile environments. It's like everything -- take biological weapons. You have to know what the threat is, and you have to be able to monitor it.

Join the PC World newsletter!

Error: Please check your email address.

Tags cyberattackssecurityestonia

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?