Lessons From Estonia

How the movement of a statue sparked a cyber riot and helped a nation build the strongest cyber defense infrastructure in the world.

“It’s one thing if a citizen cannot get access to a government Web site or an online media site. But if you can’t get access to your money, that’s a serious problem.”
— Lauri Almann, former permanent undersecretary of the Estonian Ministry of Defense

In 2004, Estonia joined the North Atlantic Treaty Organization (NATO) which effectively protected them from military aggression from Russia. The two countries had a rocky relationship. Estonia was an imperial Russian governorate in the early 20th century but gained independence in 1920, only to be occupied in 1940 and then 1944. This last occupation lasted until the Soviet Union dissolved on December 26, 1991. Estonia then moved to deny citizenship to the thousands of Russian people that were re-located from Russia to Estonia during Moscow effort, according to Stephen Herzog, to “Russify” Estonian culture.

In March of 2007, the new government of Prime Minister Andrus Ansip, decided to relocate the Bronze Soldier, a statue memorializing the Soviet liberation of Estonia from the Nazis. The plan was to move the statue from a place of prominence in Tonsismagi Park in central Tallinn, to a secluded area, the Defense Forces Cemetery of Tallinn on April 30, 2007. For Russians, the statue represented their victory over Nazism. But for the Estonians, the statue did not represent their liberation: it represented the iron fisted rule of Russian occupation. Large scale protest and riots followed from April 27 to April 29 as ethnic Russians, who felt they were being discriminated against, decided to take it to the streets. Over 1300 arrest were made, hundreds were injured, and one fatality was reported.

However, the most lasting damage was done by the cyber-attacks. For three weeks, the entire cyber infrastructure of Estonia was victim of a cyber aggression attack that can only be described as brutal. Banks, media outlets, law enforcement, government sites, and Internet Service Providers (ISPs) were all attacked by hackers. Government employees were not able to communicate, ATM machines did not work, newspapers and broadcasters could not deliver news.

This attack was a Distributed Denial of Service Attack (DDoS). Websites that handled only 1000 hits a day was handling over 2000 hits per second. The hackers took over computers in the United States, Egypt, and Russia and used them in the attacks against Estonia. Government and email service stopped working and were defaced.

Meanwhile, Russia added fuel to the fire by falsely reporting that the Bronze Soldier was destroyed and the graves of Russian war veterans were demolished. The Estonian Computer Emergency Response Team (CERT) could not communicate with the private sector or other governments and was forced to disconnect international data links to keep communication running domestically.

The Kremlin denied any culpability, even though it was clear the attacks came from Russian Internet Protocol (IP) numbers and the Russian forums urged the activities taking place. Online instructions were in the Russian language and the appeals to Russia were ignored. During the cyber riot, Russian President Vladimir Putin condemned the relocation of the statue and stated that Estonia was “…sowing discord and new distrust between states and people.”

Estonian official believes the attacks were directed by the Kremlin and other independent groups joined the melee. Hostile states count on independent hackers to join the attack to make the situation more chaotic and to make it even more difficult to find out where the attacks originated.

The Estonia cyber attack was a perfect dress rehearsal for Russian hackers to prepare for large scale cyber attacks that would later be conducted against the United States and Kyrgyzstan. It was a gateway attack, and the world witnessed for the first-time what cyber warfare might look like. Even though it was not a full-fledged cyber attack, it was a chilling reminder that cyber attacks can be just as destructive as a traditional military attack.

Estonia was prime for a cyberattack. They build their government based on a high-tech economy. At the time of the attack, 60 percent of Estonians used the Internet daily and 97 percent of banking took place online. They used a national identification card that enabled them to digitally pay taxes, submit service request and even vote online. Their technological advancement and dependability left them vulnerable for a massive cyber attack.

After the cyber attack, Estonia moved ahead and made the type of improvements that is the envy of the rest of the world. This incident helped to create a country of cyber experts. Estonia became one of the first countries adopt a national Cyber Security Strategy. There are five goals to this strategy.

1. Ensuring the protection of information systems underlying important services
2. Enhancing the fight against cybercrime
3. Developing national cyber-defense capabilities
4. Managing evolving cybersecurity threats
5. Developing cross sectional activities

Estonia did not stop at increasing the activities of the government. They engaged in a societal awareness program. They knew that even schoolchildren can help prevent the spread of malware, just as any other computer user. For this goal they instituted a massive training program for elementary school students. In a public opinion survey, Estonians ranked cyber attacks as the most pressing threat to their national security. This is a country with over 90 percent of the population has easy access to the Internet and Internet use is 100% for young Estonians.

The Estonian information Technology Foundation for Education provides cybersecurity training for all segments of society from elementary school children to the elderly. Estonian universities such as Tallinn University of Technology and Tartu University have new degree programs in cybersecurity as well as postgraduate degree programs in digital forensics. The opportunities these educational systems provide is helping to ensure Estonia has an army of cybersecurity experts well into the future. English is the language of instruction for these programs so the schools are attracting international students and building a great reputation.

The cyberattack of 2007 is considered to be the first in history to be directed at a country’s key infrastructure. The Estonian government has made big bold moves to protect it from the type of cyber attack they experienced in 2007. In the process, they have produced best practices and resources that all countries now follow to prepare against cyber attacks. Few countries have gone this far in protecting their digital infrastructure. Part of solving this threat and mitigating this problem is admitting there’s a problem in the first place. And that is not even good enough if nothing comprehensive is done about it.

We don’t know if the measures Estonia has taken to counter cyber warfare would work until there is another attack on their cyber infrastructure. But there is no denying that if another attack does occur, the chances that it would have the same effect as the 2007 attack is very unlikely. The people of Estonia have experienced the worst state sponsored cyber attack in history, and they have learned their lesson. This is a lesson that America has yet to learn.