In 2007, following a disputed relocation of the Soviet-era Bronze Soldier monument, Estonia faced cyber-attacks that have been widely acknowledged as the world’s first cyber war. At the peak of these attacks, fifty-eight Estonian websites were offline at once, including those of the government, most newspapers and banks.
Prior to the incident, cyber-attacks had not been seriously considered as an imminent threat to the state or its citizens. There was no common code of conduct or universal agreement between policy-makers. For example, it was not defined if this kind of an offence would qualify as an attack against a member state of NATO and hence activate collective defence under Article 5. It was not even clear if a state could legitimately respond to cyber-attacks.
But there is no bad without good – the country learned and gained from the experience. Now, ten years later, Estonia has become a global heavyweight in cyber security-related knowledge, advising many other states on the matter – the country has signed agreements on developing training and cooperation in cyber security with Austria, Luxembourg, South Korea and NATO. In December 2016, NATO organised its largest cyber defence exercise in Estonia. Named Cyber Coalition 2016, the three-day event attracted more than 700 cyber defenders and legal experts, government officials and military officers, academics and industry representatives, participating from dozens of locations across the alliance and partner nations.
The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) – an operationally independent international military organisation, set up in 2008 and funded as well as directed by voluntarily participating states – focuses on research, development, training and education in both the technical and non-technical aspects of cyber defence. Although the organisation is not responsible for NATO’s cyber security, its publications, such as the Tallinn Manual; an annual conference, such as CyCon; and exercises, such as Locked Shields, do have a significant effect on NATO’s growing cyber capability. Then there are multiple Estonian startups and enterprises that have sprung up since the country became cyber security heavyweight – such as BHC Laboratory, Clarified Security, Bytelife, GuardTime, Cybernetica and others.
But how is Estonia as a country prepared to put up with another cyber-attack on these days?
According to Klaid Mägi, head of the Incident Response Department (CERT-EE), Estonia’s preparedness to handle cyber crises has significantly increased over the past decade. The country has created intrusion detection and protection systems, practised cooperation with both public and private institutions, significantly contributed to the awareness of users, and is participating in intensive international cooperation.
“Estonia’s current cyber security is bolstered by high-functioning e-government infrastructure, reliable digital identity, mandatory security baseline for all government authorities, and a central system for monitoring, reporting and resolving incidents. Vital service providers are obliged to assess and manage their ICT risks. Most importantly, there is a common understanding that cyber security can only be ensured through cooperation and that a joint contribution is required at all levels – state, private sector and individuals,” Mägi says. Contrary to some opinions that tend to underestimate the likelihood of attacks, cyber threats are no theoretical danger. Each month, Estonia’s national computer emergency response team records close to 300 cyber incidents – these numbers represent cyber security events that damage the confidentiality, availability or integrity of digital systems or of the data stored therein. “The number of recorded events where damage was prevented, including attempted cyber-attacks, is more than three times higher still,” Mägi emphasises.
Due to technological developments and a worsened international security environment, the current situation of cyber threats is increasingly diverse and complex. Mägi says that foreign governments’ special services have become more active in cyber espionage and preparing cyber-attacks. “The communication networks of Estonian government institutions are constantly probed and mapped to check the capability of Estonia’s communication systems, and attempts are made to hack into computer networks of vital service providers.”
The training for security experts, who protect national IT systems, is what Locked Shields, the annual scenario-based, real-time network defence exercise, is focusing on. Organised by the CCD COE in Tallinn since 2010, it is the world’s largest and most complex international technical live-fire cyber defence exercise. Every year, teams are put under intense pressure to maintain the networks and services of a fictional country. This includes handling and reporting incidents, solving forensic challenges, and responding to legal and strategic communications and scenario injects. To stay abreast of market developments, Locked Shields focuses on realistic and cutting-edge technologies, networks and attack methods.
For example, in the recent 2017 exercise, which involved nearly 900 participants from 25 nations, the teams were tasked to maintain the services and networks of a military air base of a fictional country, which, according to the exercise scenario, will experience severe attacks on its electric power grid system, unmanned aerial vehicles, military command and control systems, critical information infrastructure components and other operational infrastructure.
However, according to Mägi, attacks by cyber criminals pose an even greater risk to everyday security. “Criminals’ interest in digital services is triggered primarily by opportunities for online financial fraud or extortion. By spreading ransomware to targets such as hospitals, organised crime can even put people’s life and health at risk,” he asserts, adding that to safeguard people’s convenient modern lifestyle, Estonia invests into the security of essential services and e-governance, and systematically raises public cyber security awareness and competence.
Increased cybercrime and politically motivated attacks on electronic services mean cyber security is more important than ever for both the private and the public sector. The importance was also evident at the recent international conference on cyber conflict, CyCon 2017, when almost 600 key experts and decision makers of the global cyber defence community gathered in the Estonian capital – prompting the former Swedish prime minister, Carl Bildt, to tweet that “the cyber defence world is converging on Tallinn these days.”
If you want to know more about Locked Shields watch this video.