Looking for security in cyberspace

  • 2010-07-28
  • By Ella Karapetyan

SOCIETY AT RISK: President Ilves delivers his opening speech at the cyber conflict conference.

TALLINN - Cyberspace is under constant attack. It can be assumed that the continuing globalization and interoperability of information systems will make cyber space even more attractive as a target and increase its vulnerability.
Today nations across the globe are arming to prepare for cyber conflicts. Cyber attacks and cyber conflict still remain one of the biggest issues in the world. Cyber crime is one of the fastest growing and most lucrative aspects of illegal use of the Internet. Estonia suffered the largest political cyber-attack ever seen on EU soil.

Cyber attacks can be viewed as contemporary asymmetrical threats to a country’s national security. The attacks against critical infrastructure in the UK, France and Germany and against governmental networks in Estonia and Georgia have demonstrated that we have likely entered an era of cyber terror and, perhaps, even of cyber war.
Estonia was the first NATO member to be hit by a digital attack. Cyber conflict and cyber attacks are the issues Estonians faced in April of 2007, when the Estonian government relocated a World War II war memorial statue that commemorated the Russian liberation of Tallinn to a cemetery outside of town, and rioting broke out.

According to the Estonian government, some ethnic Russians in Estonia were angered by the move and protests turned violent. As a result of the controversy, Estonia found itself the focus of concentrated attacks from cyber space in the form of denial of service attacks against government and banking Web pages.

Denial of service attacks happen when thousands of computers are linked together using software, or an agent called a ‘botnet’ to overwhelm a Web site with requests, essentially crashing the servers that host the Web site.
This was particularly disruptive to Estonia as the small Baltic nation is one of the most highly developed countries in the world when it comes to the Internet. Daily life in this small nation, whether it is banking or voting or filing tax returns, is conducted almost exclusively on the Internet. So when banking or government Web sites are out of service, life grinds to a halt.

On May 8, 2008, the Estonian government endorsed the Estonian cyber strategy for the period 2008 to 2013. This document constitutes the strategic objectives of cyber security and the relevant activities for diminishing the vulnerability of cyber space.

Estonians know firsthand what it is like to be the recipient of cyber attacks, and due to this the annual Conference on Cyber Conflict was their attempt to shed some light on this issue.
On June 16, the third international conference organized by the NATO-accredited Cooperative Cyber Defense Center of Excellence took place in Tallinn and was opened by President Toomas Hendrik Ilves. In his opening speech, President Ilves, among other issues, touched upon the asymmetry of cyber threats.
According to Ilves there have already been cases of actual or prevented aggression against nation-states carried out in cyberspace: “Were they to have been carried out with kinetic weapons, we in NATO would be faced minimally with an Article 4, and most likely with an Article 5 scenario.”

However, as President Ilves said, “we have no conception of how to define aggression in cyberspace or redefine it for cyberspace; we lack clear attribution to any political entity; we lack a response doctrine to apply, were we to know who committed the aggression; and we have not dealt with the possibility of asymmetry, i.e., what if an effectively military action was perpetrated in its entirety by a small group of unknown hackers. This means that even before we can talk about the hardware and software side of cyber defense and cyber warfare, we have to develop a conceptual consensus.”

Speaking of computerization and ‘Internetization,’ President Ilves said that since our critical infrastructure, our electricity grids and transportation and mobile phone networks are so enmeshed with and tied to the Internet, any open society is vulnerable. “As much of our critical infrastructure is also transnational, we require a transnational approach. We need to make our transnational computer-dependent critical infrastructure resilient, that is to say, if not impervious then at least maximally shielded from the dangers of an attack,” President Ilves stressed.

The event aimed to address the strategic, tactical, technical and legal aspects of conflict in cyberspace via peer-reviewed, cutting edge research. It followed three interdisciplinary parallel tracks: concepts and strategy, technical challenges, and law and policy.
On June 18, Peter Flory, NATO Assistant Secretary General and Chairman of the Cyber Defense Management Board, closed the conference with a keynote speech emphasizing “the critical importance of information in NATO’s military operations and political work, and the role of cyber defense in ensuring the confidentiality, integrity and availability of that information.”
He also commended the Center for its “excellent support for NATO’s cyber defense work at all levels.”
The Conference on Cyber Conflict brought together more than 300 computer security specialists from 39 countries. During the event, experts from government, the private sector and academia discussed cyber security in three parallel conference tracks: strategy, law and technical issues. Keynote speakers included renowned cryptographer Bruce Schneier and former cyber security adviser to the U.S. president, Melissa Hathaway, chief security technology officer at the communication technologies company BT and author of several cyber defense-related publications.
The Conference united two highly-regarded events that CCD COE held in 2009: the Conference on Cyber Warfare in June and the Legal and Policy Conference in September.
 The Cooperative Cyber Defense Center of Excellence deals with education, consultation, lessons learned, research and development in the field of cyber security. The Center’s mission is to enhance the capability, cooperation and information sharing among NATO, NATO nations and Partners in cyber defense.
It was formally established on May 14, 2008, in order to enhance NATO’s cyber defense capability.  Located in Tallinn, Estonia, the Center is an international effort that currently includes Estonia, Latvia, Lithuania, Germany, Hungary, Italy, the Slovak Republic, and Spain as sponsoring nations.
The Estonian Ministry of Foreign Affairs announced on July 21, 2010, that the week before, the UN task force of national experts, called “Developments in Information and Communication Technology in the Context of International Security,” finished its work in New York. The group included Estonian expert Linnar Viik. The UN secretary general appointed the 15 experts in the group based on their expertise and visibility in the cyber security sector.
The task of the expert group was to analyze existing and potential threats and risks in the cyber realm and formulate proposals for common standards of behavior and co-operation methods. In the recommendations made in the final report, it is considered necessary to continue a dialogue among nations in order to reduce the risk of information and communication technology being abused and also to protect critical state and international infrastructure facilities.

“This is a breakthrough report on the level of the UN, because previous efforts made over the last ten years to formulate standard recommendations in the cyber security realm have always ended with no agreement being reached,” said Viik, giving his opinion on the results.

“Estonia is satisfied with the opportunity to contribute to the work of the task force in an area that is a priority for us and in which the know-how of our experts is highly valued on the global level,” said Foreign Minister Urmas Paet.
The report places an emphasis on working out trust mechanisms and risk-reducing measures, information exchange in national legislative and security strategy sectors, and identifying measures to support the growth of cyber management capabilities in nations with a lower development level. There is a need to develop universal specialized terminology and definitions, which was also prescribed by the UN General Assembly in the cyber security resolution approved on Dec. 2, 2009.

The UN secretary general will soon present the task force’s report to the UN General Assembly for approval.