Estonia is in the vanguard of Europe’s cyber battlefield

Tallinn is at the forefront of cyber defence, nine years after attacks by Russian hackers

All is tranquil now around the Bronze Soldier of Tallinn, but the chaos that accompanied his transfer to a cemetery in a suburb of Estonia's capital has not been forgotten by anyone in this Baltic state, nor at Nato headquarters.

When Estonia's government decided to move the two-metre-high Soviet war memorial from central Tallinn in April 2007, part of the Russian community that makes up almost a quarter of the country's 1.3-million population went on the rampage.

In several nights of rioting that shocked usually peaceful Estonia, one man was killed, more than 100 people were injured and about 1,000 were arrested.

Russia was also furious, and senior politicians accused EU and Nato-member Estonia of disrespecting the Soviet war dead and even of courting fascism.

READ MORE

Then something else happened which would change not only the nature and scale of the dispute, but ultimately the way nations and Nato would think about modern warfare.

Harnessing hundreds of thousands of infected computers around the world, cyber attackers bombarded designated Estonian internet addresses with a storm of requests, blocking and ultimately crashing them.

As these “zombie” computers – linked up into “botnet” armies – overwhelmed networks with a flood of data, skilled hackers broke into certain “high-value” websites, deleting content and posting their own messages.

The websites for Estonia’s presidency and parliament, top banks and leading media were attacked, sparking fears of cyber meltdown in the country where Skype was invented and everything from bill-paying to voting is done largely online.

Using its own expertise, and international help from sources including Nato, Estonia survived, and the attacks subsided after several weeks.

Russian hackers

The timing of the attacks and the many “calls to arms” in Russian-language chat-rooms placed suspicion squarely on Russian hackers, and officials in Moscow refused to help Estonia investigate or track suspects.

The Russian state's direct involvement could not be proved, but the 2007 attack is now seen as a harbinger of the kind of "hybrid" conflict that Russia is waging in Ukraine – launching a broad spectrum of hostilities with everything from artillery to propaganda to computers, while seeking deniability by removing insignia from troops and tanks, and claiming that soldiers are mere "volunteers".

A year after the online attacks, Nato states opened a centre of excellence dedicated to cyber defence in Tallinn.

It is located in an Estonian military base that happens to be next door to the cemetery where the Bronze Soldier now resides.

The centre brings together experts from Nato’s 28 states to research emerging cyber threats and ways to counter them, and runs “live fire” exercises in which national teams try to defend their networks against sophisticated attacks.

Jaan Priisalu is a senior fellow at the centre, and it describes him as "one of the world's leading experts in defending both critical infrastructure and information assets".

Priisalu was head of IT security for Estonia’s largest bank in 2007, and quickly realised it was being targeted by “people who have done this before and can engineer the attacks. People with experience.”

“We counted that at one stage we had 82,000 bots coming against our bank. And they changed their places. When you announced where they were, they were taken down and others appeared,” he recalled.

“Before this event, cyber attacks were somehow shameful. The reasoning was that you had been too stupid to maintain your computer systems.

“But our politicians spoke up and said we are victims of a systematic and politically motivated cyber attack.

“Then all other politicians . . . could talk openly about it. It opened discussion in the world about this – that is why it was so important.”

Huge funds and expertise are now being pumped into cyber attack and defence, amid fears over the potential vulnerability of critical infrastructure like power, water and security systems that are increasingly controlled by computers.

In 2014, Nato leaders declared that cyber hostilities could trigger the alliance's article five mutual-defence clause – that an attack on one member is an attack on all – and at their summit in Poland last week they went further still.

"Now, in Warsaw, we . . . recognise cyberspace as a domain of operations in which Nato must defend itself as effectively as it does in the air, on land and at sea," they announced.

“Today . . . we have committed to enhance the cyber defences of our national networks and infrastructures, as a matter of priority.”

This is what the Tallinn centre of excellence has been working on since 2008, most strikingly with its annual “Locked Shields” cyber-defence exercise, which this year brought together more than 550 participants from 26 countries.

Attacker mindset

"Offensive and defensive tools are developing quickly. What we try to do in training is understand the mindset of the attacker and see where the defenders' cracks show, what are their weaknesses and areas that need improvement," said Liisa Past, the centre's head of communications.

Widespread recognition of cyber threats has not reduced them, however.

“Are we safer than in 2007? No, because we are giving machines more and more of the jobs that we find tedious,” said Mr Priisalu.

“Attacks are becoming more precise. They do better reconnaissance and measurements to find vulnerabilities in systems,” he explained.

“Attackers still have the advantage. We need to co-operate more in defence, but countries and companies are looking after their own interests . . . This is how capitalism works, and it’s a very short-term view.”