How Estonians became pioneering cyberdefenders
Three hundred cybersecurity experts are in Estonia this week for an international conference on cyberconflict. They want to know what Estonians know.
Ahead of spring elections, Agu Kivimägi was tasked with trying to ensure that online voting in Estonia wasn't vulnerable to attack. Its pioneering system of casting national ballots via the Internet would be a hacker's prize target.Skip to next paragraph
Subscribe Today to the Monitor
After the ballots were counted, returning Estonia's center-right government to power, e-voting escaped assault – or any technical difficulties, for that matter.
Mr. Kivimägi, who oversees computer security for Estonia's Interior department, is part of the world's first volunteer cyberarmy, deployed this year to help ward off hacker strikes and defend against online warfare.
Made up of Estonia’s best information technology (IT) minds, from programmers to lawyers, the 150-member Cyber Defense League is Estonia’s cyber national guard. Should Estonia come under attack, they would deploy under the command of the National Defense League, a volunteer force created to safeguard the country's security and independence.
RECOMMENDED: The new cyber arms race
A reaction to Estonia experiencing a major cyberattack in 2007 – unofficially traced to Russian hackers – the volunteer cyberforce is an effort to get Estonians to participate in a societal, not just a military, task. Now, the tiny Baltic nation's e-defenses have captured the world's attention as hacker strikes grow in intensity – and the threat of cyberwar becomes increasingly real.
"We are only starting out, but I mention [the cyberarmy] initiative as the kind of solution that we need to begin to consider," Estonian President Toomas Hendrik Ilves said today at the 3rd International Conference on Cyber Conflict to Analyse the Nature of Cyber Forces, a gathering this week of more than 300 cyberdefense experts from 37 countries in Tallinn.
"We have slowly gotten to the point where we admit that cyberattacks and cyberwars are a major threat and not just child’s play by misguided hacker-geeks... . When threats are no longer classic threats, our response can no longer be classic either," he said, encouraging other countries to follow Estonia's lead in establishing all-volunteer cyberarmies.
The 2007 attack also revealed NATO vulnerabilities. If Russian hackers could paralyze a whole country, what could a state-sponsored attack do? After the strike, Estonia lobbied NATO to establish a cyberdefense think tank in Tallinn and today NATO's Cooperative Cyber Defense Center of Excellence (CCDCE) shares space with a division of Estonia’s regular army.
In November, NATO made cybersecurity a strategic focus and stressed the need for greater cooperation among members of the alliance and international bodies, such as the European Union or the United Nation. And in Brussels today, NATO defense ministers adopted a new cyberdefense policy that clarifies political and operational mechanisms for an alliance response to cyberattacks. Under the new policy, all NATO structures will come under a centralized cyberdefense umbrella.
"Clearly, the policy makers in NATO have realized that cyberattacks are attacks, period, and that all the same rules apply as in other forms of warfare," Ilves told conference participants.