Estonia prepares for cyberwar

More than anyone else, Jaak Aaviksoo has first-hand knowledge of what a cyberwar might feel like. In April 2007, Estonia's banking, media and government presence online was disrupted by several waves of distributed denial of service attacks that knocked services offline. The country is heavily wired - 90 percent of all financial transactions are conducted over the Internet and 70 percent of the population files their tax returns electronically - so the incident was widely felt by the country's 1.3 million citizens.


Estonia's cyber meltdown coincided with major civil unrest. Protests by Russian nationals, unhappy at the government's decision to relocate a Soviet military war memorial to a less-prominent location, had flooded the streets of Tallinn. The country's Russian embassy was blocked by protesters too.

By hobbling Estonia's online infrastructure at such a time, the cyber-attackers hoped to make it look like the Estonian government was losing its grip on the situation, according to Aaviksoo, who is Estonia's defence minister and managed the country's response to the incident.

"The virtual medium has become an inseparable part of real life in real space," he said, speaking earlier this month at Stanford University. "So those attacks ... were aiming at the credibility of the Estonian government."

Security analysts dispute whether the Estonian attacks were, in fact, cyberwar, but in many ways that's beside the point. In the online world, everything is murky. Criminals can hop between countries and launch attacks from hacked machines, making it hard to figure out who they are or even where they come from. According to Aaviksoo, whether the 2007 incident was actually cyberwar is still "an open question."

Has Estonia learned much about this type of warfare in the three years since the attacks? Certainly. But in this edited interview with Aaviksoo, he says that in some ways the country could be doing more to prepare for the next major cyber-incident, which he says will inevitably come about.

IDG News Service: There are regions in the world where it's difficult to get action on cybercrime. What can we do to put pressure on places like Moldova or Ukraine, where hackers are never arrested?

Jaak Aaviksoo: It's not that easy. There are two reasons for that. Some of those countries have many more serious problems than cybersecurity and cybercrime legislation. Secondly, sometimes there are only claims that people are acting from those geographic locations. We can't prove that.

Like there are safe havens for terrorism - I mean, Afghanistan is one example, Yemen is emerging. We don't know about Nigeria. There are very many more safe havens in cyberspace than in real space. And even the only international working document - the Council of Europe Convention on Cybercrime [ ] - is so far signed and ratified by 50 countries. So there's a long, long way to go, for different reasons. Sometimes there are constitutional limitations for ratifying [cybercrime law], some don't take that seriously. Some may have bad ideas about this Convention altogether.

IDGNS: How important is international cooperation to solving the problem of cybercrime?

Aaviksoo: I think it's extremely important. I don't think that we can achieve anything really without international cooperation. It's not necessarily 100 percent, so that all countries must cooperate. But clearly major countries should cooperate and make life more and more complicated for those who want to evade prosecution.

IDGNS: Did you get much cooperation from your neighbours when the attacks were happening in Estonia?

Aaviksoo: Unfortunately, not from Russia. They introduced formal excuses of not having the appropriate legal agreements in place to look into cybercrime.

IDGNS: Do you feel this has evolved at all since then? If there is another attack, will you get better cooperation?

Aaviksoo: I won't comment further. It's clearly a complicated case, not only in the case of cyberattacks in Estonia, but also in the case of cyberattacks in Georgia during the crisis. And in a few other cases, there is indirect evidence that the willingness to cooperate is not at the level which we would like to see.

"Recommended For You"

US, China reach cyberespionage agreement Estonia recovers from massive denial-of-service attack