Experts from nearly 40 countries met in Estonia yesterday to discuss the latest issues in fighting cyber attackers and address the asymmetric nature of web-based threats.
Estonian President Toomas Hendrik Ilves offered opening remarks at the international conference organized by the NATO-accredited Cooperative Cyber Defence Centre of Excellence in Estonia’s capital Tallinn. He warned about the severity of cyber crime, saying how there have already been cases of actual or prevented aggression against nation-states carried out in cyberspace.
“Were they to have been carried out with kinetic weapons, we in NATO would be faced minimally with an Article 4 and most likely with an Article 5 scenario,” he said.
The president also stressed the lack of adequate cyber defenses and touched on the problem of defining Internet-based attacks.
“We have no conception of how to define aggression in cyberspace or redefine it for cyberspace; we lack clear attribution to any political entity; we lack a response doctrine to apply were we to know who committed the aggression; and we have not dealt with the possibility of asymmetry, i.e., what if an effectively military action was perpetrated in its entirety by a small group of unknown hackers,“ he said.
Estonia has suffered several incidents of cyber warfare. In 2007, the country was targeted by numerous Internet attacks that disabled the websites of the Estonian parliament, financial constitutions and news organizations. The attacks happened while Estonia and Russia were engaged in one of the worst conflicts since the collapse of the Soviet Union, originating in Estonia’s decision to remove the Bronze Soldier Soviet war memorial in central Tallinn.
Ilves noted how being an open society with the critical infrastructure, electricity grids, and transportation and cellphone networks being so entwined with the Internet makes Estonia susceptible to attacks.
“As much of our critical infrastructure is also transnational ““ we require a transnational approach,” he said. “We need to make our transnational computer-dependent critical infrastructure resilient, that is to say, if not impervious then at least maximally shielded from the dangers of an attack.”
In addition to Ilves, other speakers include former U.S. “cyber czar” Melissa Hathaway, F-Secure Chief Research Officer Mikko HyppÃ¶nen, NetWitness CEO Amit Yoran, and cryptographer Bruce Schneier.