The key to national cyber security is that all public authorities, businesses and individual computer users must be alert and aware about security.
According to the 2013 Estonian Internal Security Service review, businesses and individuals “must be careful to take all the necessary security measures” after it “detected a number of attempted attacks run from other countries, which tried to access information illegally”.
Asked if this was a sign of success that an effort was “tried” and not “succeeded”, Lancope director of security research Tom Cross said: “Yes, if they were successful at detecting attacks and preventing the attackers from accessing information, then this is a success – this is the result we seek to achieve in information security.”
Addressing sabotage, the report claimed that not much “is known about attacks of this kind either in Estonia or elsewhere internationally than about cyber intelligence attacks, where information is collected secretly without any covert response”; however it claimed that if such an attack were to take place, “the consequences for national security and the economy could be serious”.
Asked if this is because of a lack of evidence or incidents, Cross said it was the latter, as there are constant attacks being experienced internationally that have state espionage as a motive. “There have been many reports issues about the different tools and tactics used in these attacks, and so people have a clear idea of the threat,” he said.
“Sophisticated computer sabotage happens much less frequently, so there are fewer examples from which to create a profile of typical incidents and threats. Computer sabotage is most often committed by a disgruntled employee of the victim organisation, rather than by an outside attacker, although there have been stories of companies that were wiped out by the malicious acts of external attackers. Consider what happened recently to Code Spaces.”
Asked if Estonia was downplaying the threat of an attack, Cross said that this sort of attack could have a devastating effect on a country’s IT infrastructure, and could have significant economic consequences if targeted at the right systems.
The report also claimed that “all the services offered in the cyber environment are potential targets for cyber attacks”. Asked if this is a roundabout way of saying that any online service can be hit, Cross said: “Countries that rely more on the internet are more vulnerable to internet security weaknesses and because of their internet-based Government services, Estonia faces a greater threat from internet security issues than countries that don’t utilise the internet as much,” he said.
“Certainly, they are aware of this and are striving to protect their applications, but security is a process and not a solution. You don’t simply ‘secure’ an application and then walk away from it. The threats are constantly evolving, as is our knowledge of the vulnerabilities. Therefore, a constant process of vigilance is needed to protect internet-based systems.”
The report makes for an interesting read and Cross, who recently presented on cyber conflict in the country, made the excellent point that there have been examples of state-sponsored attacks (with Stuxnet), but Estonia is possibly better placed to speak on this than any other nation.