Modern field guide to security and privacy

From Estonia, lessons for the Age of Cyberwar

Attackers crippled Estonia's digital networks in 2007. Since then, it has shored up cyberdefenses while expanding connectivity to every corner of daily life.

|
Ints Kalnins/Reuters
Students attended cyberdefense class in the school in Poltsamaa, Estonia, in December 2015. REUTERS/Ints Kalnins

Long before Moscow became the prime suspect in the Democratic National Committee data breach, hackers tied to the Russian government have sought to sew political discord via the internet.

Most notably, many experts believe that in 2007 Russian operatives unleashed a series of devastating cyberattacks on neighboring Estonia following a dispute with Moscow over a Soviet-era war memorial.

At the time, Estonia had the world's most connected society, giving attackers plenty of targets. They succeeded in taking down government computers, banks, and newspaper sites, trying to paralyze the "e-way of life" Estonians painstakingly crafted after the Soviet Union dissolved in 1991.

And now, as a growing number of digital attacks hit countries' most critical systems, from hospitals to electric utilities to voting infrastructure, Estonia has become a critical voice and an important model when it comes to preparing for escalating conflict in cyberspace.

"Estonia's drum-beating has helped increase the dialogue among other nation-states about what aggressive actions in cyberspace warrant either a political, military, or economic response, or a combination of these," says John Bumgarner, research director at the US Cyber Consequences Unit, an independent, nonprofit research institute in Washington.

Indeed, in the years after the 2007 attacks, and with President Toomas Hendrik Ilves taking the lead, Estonia has challenged the world to pay closer attention to cyberwarfare. 

"The first battle in the wars of the future will be over the control of cyberspace," said Lani Kass, a special assistant to the US Air Force chief of staff, four months after the digital assault on Estonia. "If we don’t dominate cyberspace, we won’t be able to dominate air, space, land, or sea domains."

In 2008, NATO established its center of excellence for cyberdefense in Tallinn, Estonia's capital city. Today, it's where Americans meet with allies to conduct hands-on cyberwar simulation exercises.

"It’s about how those countries would come together if an aggressor like Russia caused some harm on an another member," says Mr. Bumgarner. 

That's a conversation that's taking place in Washington in light of allegations that Russians breached the networks of the Democratic National Committee and separate reports of hackers compromising state election boards. 

As a result of those reports, US lawmakers and government officials are considering a range of measures including new federal legislation that would safeguard the polls.

After the 2007 attacks, Estonia went to great lengths to harden its digital security. It's currently in the process of improving its encrypted digital ID card that citizens use when doing everything from filing taxes to paying library fines to buying bus passes to casting votes. Estonia started issuing e-residency cards to nonresidents in late 2014.

The ID card provides an important layer of protection for the country, say Estonian officials. "Security is multilayered. If there is a weakness, this does not mean that attacker can hack to system and cause harm," said Agu Kivimägi, a former IT head for Estonia's interior ministry.

And that helps protect Estonia's digital voting system, too, he said. "The electoral system is the basis of democracy, and you must defend it."

To be sure, the introduction of Estonian-like electronic ID cards would face tremendous opposition in the US and other Western democracies. Critics of relatively new laws in several states that require voters show photo ID at the polls say the practice can be discriminatory and even discourage people to vote.

"Estonia is a good model, but one that would be hard for the US to duplicate," says James Lewis, senior vice president at the Center for Strategic and International Studies in Washington.

"At the end of the day, cybersecurity is a government responsibility," said Mr. Lewis. "Estonia’s government led the rest of the country in creating an integrated defense. [The US is] bigger and is in a slow-moving constitution crisis."

Still, Piret Pernik of the Tallinn-based International Centre for Defense and Security, Russia's alleged tampering with US politics and election systems "put into question the reliability of the system, the accuracy of the election results for the general public."

And even if there's no tangible effect of the breaches on the outcome of the upcoming presidential election, "In that sense, Russians may have achieved their political goals," she said.

And, like many other experts, Ms. Pernik drew parallels between the DNC hack to the 2007 Estonian attacks. "The methods are not the same but the main goal, to discredit western rule power, confuse society, and undermine the western system of democracy, is the same."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to From Estonia, lessons for the Age of Cyberwar
Read this article in
https://www.csmonitor.com/World/Passcode/2016/0921/From-Estonia-lessons-for-the-Age-of-Cyberwar
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe