Analysis of the Estonian Attacks

We all remember the cyber-attacks on Estonia last April. A lot of people are interested what really was going on during these attacks. You find a lot of sites looking into the technical analysis of the attack – which could be more or less speculation.

What I found recently and just had time to read today on a plane is more a political analysis of what was going on, putting it in the proper historical context and giving some ideas on what is needed and how you could and should look at critical infrastructure protection.

Here are some quotes from the paper:

  • Though the Estonian CERT was able, to a degree, to mitigate the impact of the attacks, due to its ad hoc, unofficial status, it lacked the authority to enforce its recommendations on all parties involved.
  • The technological systems in place to trace the sources of the cyber attack and those involved provide insufficient and unreliable information.
  • Preventing disruptions from accidents or attacks, however, is not enough. In today’s world, Internet security demands a robust response capability that can utilize defensive measures to ensure cyber, as well as civilian, order.

And here are some conclusions:

  • As the world becomes increasingly dependent on the Internet, coordinating effective global responses to cyber attacks is critical for national security. However, international legal mechanisms and law enforcement authorities are hardpressed to keep pace with the complexities of cyber-crime. While some politicians today often do not even recognize that the threat is plausible, denying its existence altogether, others willingly choose to neglect it.
  • Legal standards for the provable damages of cyber-crime need to be reformed since they inherently differ from physical damage. Different national law enforcement agencies and operations should collaborate and establish a common framework that will help trace recent developments involving Internet security in a significantly faster fashion, as current measures have completely failed to cope.

Looking at the attacks and the conclusions in the paper, I am more than ever convinced of different facts I am fighting for since quite some time:

  • Critical Infrastructure Protection is a collaboration effort between the public and the private sector. None of them can do it alone.
  • In the case of an incident, we need a strong and trusted central body to coordinate the response
  • Information sharing and exchange not only during attacks but during “peace” time as well is crucial
  • The Internet is part of the critical infrastructure of a country!

If you want to read the paper, there you go: Battling Botnets and Online Mobs – Estonia’s Defense Efforts during the Internet War

Roger

Leave a Reply