Estonian Attacks Raise Concern Over Cyber 'Nuclear Winter'
The cyberattacks against Estonia were particularly damaging, as the country had to shut down key computer systems for their own protection.
As NATO technical assistance this week begins to flow into the cyberwar-torn Estonia, additional details are surfacing about the cyberattacks launched during the first two weeks of May against the Baltic nation. Thoughts also are turning to how future attacks might be averted.
The cyberattacks against Estonia, mainly in the form of Distributed Denial of Service (DDoS) attacks, primarily targeted the Estonian government, banking, media, and police sites. "Private sector banking and online media were also heavily targeted and the attacks affected the functioning of the rest of the network infrastructure in Estonia," the European Network and Information Security Agency, or ENISA, reported Thursday on its Web site. As a result, the targeted sites were inaccessible outside of Estonia for extended periods in order to subdue the attacks and to maintain services within the country.
DDoS attacks are particularly difficult to prevent and require a lot of coordination to contain the damage when multiple sites are hit. In order to weather the 128 separate strikes launched against its cyber infrastructure, Estonia sought help from not only its own Computer Emergency Readiness Team, established late last year, but also the Trans-European Research and Education Networking Association (pdf) and CERTs from other countries, including Finland and Germany, according to ENISA.
While cyberattacks against governments are nothing new, the Estonian attacks were particularly damaging, as the country had to shut down key computer systems for their own protection. "Estonia has built their future on having a high-tech government and economy, and they've basically been brought to their knees because of these attacks," said Howard Schmidt, a former White house cybersecurity advisor and former chief security officer at eBay and Microsoft, in an interview. "Whether this is done by one nation against another or one group against a nation, it's a concern."
Although there have been no proven, documented cases of one nation attacking another via cyberspace, such cyberwarfare is a chilling prospect that's treated among most nations with the much the same reverence as the Cold War players treated a potential nuclear winter. "Most rational leadership" would want to avoid cyberwarfare due to the potential large-scale economic disruption that would follow, Schmidt said.
This could include shortages of supplies that affect both citizens and the military. "Because Estonia doesn't have a large a base of computers that comprise its infrastructure, it's not very distributed, so any attack could affect them on a larger scale," said Shane Coursen, a Kaspersky Lab senior technical consultant, in an interview.
A major hurdle that nations face in defending their critical infrastructures is working with the entities that actually own their countries' telecommunications networks, electrical grids, and transportation systems. This is a major issue in the United States, given that the private sector owns more than 85% of the critical infrastructure and doesn't take kindly to government demands that shareholder money be invested in protection rather than expansion.
Cooperation between government and private-sector critical infrastructure owners is essential. "When it comes to information warfare, corporations in general are no match for a trained [enemy] intelligence officer," David Drab, a 27-year veteran of the FBI who retired in 2002 and is now principal for information content security with Xerox Global Services, said in an interview. These officers have an objective, they have resources, and often they have the element of surprise on their side, he added.
The attacks against Estonia began in early May in protest of that government's removal of a Soviet-era memorial from the center of the country's capital, Tallinn. Now Estonia has become the victim of a high-tech brand of vengeance, as botnets flood the country's networks with an overabundance of traffic in an effort to disrupt business and government functions.
It's not uncommon for government computers to be attacked via DDoS, but it is unprecedented with regard to a DDoS being used to attack the governmental assets of a sovereign nation, said Paul Schmehl, senior information security analyst with the University of Texas at Dallas, in an interview.
While there's no proof that the attacks against Estonia are originating from the Russian government, there's no denying the Cold War-era tension that exists between the two nations, which had been united under the banner of the Soviet Union until 1991. Schmehl, however, cautioned those who are quick to blame Russia for the attacks, which he said were "not by Russia but from Russia. Nowadays you can never assume anything about the real origin of an attack. The attack could easily be conducted by someone else who has compromised assets inside of Russia."
Further, Schmehl said, "Without proof, a very real war could be provoked by insisting that attacks coming from a certain country are authorized by, or even conducted with the knowledge of, that country."
Schmidt proposed that there are actions that can be taken to mitigate the prospect of cyberwarfare. One is for nations to work with their critical infrastructure owners to bolster their cyberdefenses. This includes ensuring that software patches are up to date and that access-control systems -- biometric or otherwise -- are in place to protect IT infrastructures from intruders and malicious insiders. Schmidt's other proposal is to "create treaties among countries that agree to not do this to each other."
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
. We've got a management crisis right now, and we've also got an engagement crisis. Could the two be linked? Tune in for the next installment of IT Life Radio, Wednesday May 20th at 3PM ET to find out.