Two years on, Estonia helps EU prepare its cyber-defences

Two years on, Estonia helps EU prepare its cyber-defencesTallinn - Two years since the world learned of a new form of "cyber-warfare" directed against the small Baltic republic of Estonia, the results are still being felt.

But in a twist of history, the onslaught that was supposed to cause permanent damage has instead helped put the country on the map and boosted its high-tech industrial sector.

In April and May 2007 servers based in Russia attacked Estonian Information Technology (IT) infrastructure, apparently in response to an Estonian government decision to relocate a Soviet-era war memorial in Tallinn.

Main targets included the networks of government ministries, banks and even the web page of Estonian President Toomas Hendrik Ilves.

A series of investigations into the cyber-attacks suggest there was an element of co-ordination behind the attacks, though the Kremlin has always denied official involvement.

The attacks were serious but not completely disastrous and many people were impressed by tiny Estonia's ability to stand up to such a massive onslaught. Unwittingly, the Russian-based attackers had provided an ideal showcase for the Baltic state's online capabilities.

In the wake of the attacks, Tallinn was chosen as the site for a new NATO cyber-warfare facility and Estonia found itself routinely referred to as "e-stonia" in headlines thanks to its scheme to introduce e-government, open an online embassy and even install parking meters paid via text messages.

Two years to the day since the first wave of Russian cyber- attacks, Tallinn was the venue for a high-level EU conference to decide the bloc's future cyber-security strategy.

Reflecting on his country's experiences, President Ilves said simply cutting the connections when an attack was underway was too crude a response.

"We can live with the president's website being down but if banks cannot do transfers, that means you can't do any international commerce - which we couldn't do for a few days," he said.

Economy and Communications Minister Juhan Parts used the conference to unveil a plan for a simulated attack to test the EU's cyber-defense capability, though he said it was too early to say how involved Estonia would be in its implementation.

Several EU member countries already run simulated attacks on a national level, but the pan-European cyber-wargame would be a first, said Peter Wallstrom of the Swedish Post and Telecoms Agency, who is responsible for planning a simulation later this year in which Sweden will be attacked by supposed cyber-terrorists.

"We have these exercises every other year. The last one we did was in 2007 when the overall scenario involved extreme weather conditions causing floods and other problems.

"This year will be a terrorist scenario moving throughout Sweden attacking vital nodes. It's a large exercise involving about 450 people from various ISPs, power companies, cabinet office, ministries and others," he told the German Press Agency dpa.

Though members of the public would not be directly involved, they would be made aware of the results, he said, as part of efforts to raise awareness of the potential cyber-threat.

And while Wallstrom said the choice of a terrorism theme was "a good way to be creative in the scenarios" the EU will need to face real terrorist cyber-attacks sooner rather than later according to Pascal Chauve of France's Secretariat General for National Defence.

According to a French white paper from 2008. Chauve warned that such attacks are a "certainty" and could be "on a massive scale."

"They would have major impact and are of a high probability, but still haven't been done by terrorists," he said.

"I hope EU institutions are well equipped enough to handle it ... it's time for us to play the role of the bad guy," Chauve said. (dpa)

General: 
Technology Update: 
Regions: