Estonia Three Years Later

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Estonia Three Years Later: A Progress Report on Combating Cyber Attacks

Full Citation

Scott J. Shackelford, Estonia Three Years Later: A Progress Report on Combating Cyber Attacks, Journal of Internet Law, Vol. 13, No. 8 (2010). SSRN



Issues: States, Cyberwar

Key Words

Cyber Warfare, Botnet Attack


Hackers have been online since a Cornell graduate student infected MIT’s burgeoning network with the first Internet worm on November 2, 1988. But recently cyber attacks on states have proliferated both in numbers and severity. The best-known recent example of such a cyber attack was on April 27, 2007. In a matter of hours, the websites of Estonia’s leading banks and newspapers crashed. Government communications were compromised. An enemy had invaded and was assaulting dozens of targets across the country. But this was not the result of a nuclear, chemical, or biological weapon of mass destruction. Nor was it a classical terrorist attack. A computer network was responsible, with attacks coming from thousands of zombie private computers around the world. And this was just the beginning. Flash forward to August 7, 2008 when immediately prior to the Russian army invading Georgia en masse a cyber attack reportedly crippled the IT systems of the Georgian military including air defense. Georgian command and control was forced to resort to U.S. government and Google accounts while Estonian advisors helped to deflect the ongoing cyber onslaught.

These cyber attacks are far from unique. Literally thousands of largely unreported major and minor cyber attacks occur daily. Power utilities in the United States, Polish and South Korean government websites, and UK technology firms have all be hit by cyber attacks in just the past few months. Even school districts in Illinois, Colorado, and Oklahoma have lost millions to fraudulent wire transfers. Responses have been varied, with many nations such as Singapore creating new cyber security authorities responsible for safeguarding IT.

Together these episodes exemplify that cyber attacks against states are increasingly common, and increasingly serious. No longer does it take thousands of planes and divisions of soldiers to destroy vital governmental institutions. It can now be done by a relatively small group of knowledgeable persons linking together zombie computers into a clandestine network that may be used to crash nearly any computer system in the world connected to the internet, from air traffic control to sewage treatment plants.

The central topic of this article is uncovering in brief what is being, and can be done to counter these attacks, both at the national and international level. The focus is on the last two-and-a-half years since the specter of cyber war fully entered public consciousness on the international scene with the cyber attack on Estonia. The question presented is what progress has been made since that time? In short, the answer is very little. Many nations have found mutual benefit in the status quo strategic ambiguity. National information infrastructures, and the World Wide Web in general, remain acutely vulnerable to cyber attacks. Without concerted multilateral action, such as by coordinating the more than 250 Cyber Emergency Response Teams (CERTs) currently operating around the world while also clarifying the applicable legal regime, this intolerable state of affairs will continue.

The structure of the article is as follows. Part I analyzes the threat of cyber attacks to international peace and security. Part II briefly summarizes the current cyber defense policies of the major players, to the extent that information is publicly available, including the United States, Russia, China, and NATO. Part III lays out the current legal regime that may be applied to cyber attacks, highlighting the significant gaps in the system. Finally, Part IV concludes by arguing for the need for a new regime for regulating cyber attacks and proposes new minilateral and multilateral measures that should be taken to more effectively protect information infrastructures from cyber attacks.

Additional Notes and Highlights