IDG News Service - More than anyone else, Jaak Aaviksoo has first-hand knowledge of what a cyberwar might feel like. In April 2007, Estonia's banking, media and government presence online was disrupted by several waves of distributed denial-of-service attacks that knocked services offline. The country is heavily wired -- 90% of all financial transactions are conducted over the Internet, and 70% of the population files their tax returns electronically -- so the incident was widely felt by the country's 1.3 million citizens.
Estonia's cyber meltdown coincided with major civil unrest. Protests by Russian nationals, unhappy at the government's decision to relocate a Soviet military war memorial to a less-prominent location, had flooded the streets of Tallinn. The country's Russian embassy was blocked by protesters too.
By hobbling Estonia's online infrastructure at such a time, the cyberattackers hoped to make it look like the Estonian government was losing its grip on the situation, according to Aaviksoo, who is Estonia's defense minister and managed the country's response to the incident. "The virtual medium has become an inseparable part of real life in real space," he said, speaking earlier this month at Stanford University. "So those attacks ... were aiming at the credibility of the Estonian government."
Security analysts dispute whether the Estonian attacks were, in fact, cyberwar, but in many ways that's beside the point. In the online world, everything is murky. Criminals can hop between countries and launch attacks from hacked machines, making it hard to figure out who they are or even where they're from. According to Aaviksoo, whether the 2007 incident was actually cyberwar is still "an open question."
Has Estonia learned much about this type of warfare in the three years since the attacks? Certainly. But in this edited interview with Aaviksoo, he says that in some ways, the country could be doing more to prepare for the next major cyberincident, which he says will inevitably come about.
There are regions in the world where it's difficult to get action on cybercrime. What can we do to put pressure on places like Moldova or Ukraine, where hackers are never arrested? It's not that easy. There are two reasons for that. Some of those countries have many more serious problems than cybersecurity and cybercrime legislation. Secondly, sometimes there are only claims that people are acting from those geographic locations. We can't prove that.
Like there are safe havens for terrorism -- I mean, Afghanistan is one example, Yemen is emerging. We don't know about Nigeria. There are very many more safe havens in cyberspace than in real space. And even the only international working document -- the Council of Europe Convention on Cybercrime
Last month I blogged about the partnerships you should build inside your organization. In keeping with that tone it's time we discussed expanding that partnership mentality to include some of the best technical resources you can ever get hold of, those are the ones that work in your neighboring cities, municipalities, counties, regions, townships etc. Come on folks, these people are already doing exactly the same things as you!
Free Insider Guide
