Article is published in the daily tabloid SL Õhtuleht on March 10, 2008

A New Approach to Cyber Defense

Kenneth Geers

Recent articles in the press have questioned whether conflicts in cyberspace are important. Don't be fooled. Cyber warfare is a serious threat. Estonia's Cyber War after the April riots of 2007 is just one example of the way in which the virtual world serves as a reflection of the real one. Everything that happens in the real world also happens in cyberspace, including propaganda, organized crime, espionage, and preparations for war.

The unique and ubiquitous characteristics of the Internet mean that the battles fought there can be just as important, if not more so, than what is happening on the ground. And each one of us is a combatant. Serious hackers may play an elite role, but anyone who owns a personal computer and a connection to the Internet not only has the ability to follow current events, but also the power to shape them. In that sense, the Internet era is fundamentally different from any that the world has seen before.

For cyber attackers, the maze-like architecture of the Internet provides a complicating degree of anonymity. Attack methods can disguise whether an attacker is working for private or state interests, reports to a recognized chain of command, or is working alone. Knowing who is attacking you is key to understanding both their motive and your response, but governments today face the prospect of losing a cyber conflict without ever knowing the identity of their adversary.

The technical challenge of detecting and tracing cyber attacks is difficult enough. But for law enforcement, it gets worse. Internet borders do not look like national borders. Cyber crime investigators are quickly forced outside of their political, linguistic, and cultural comfort zones.

Just as the Internet is still in its infancy, cyber defense strategies are also growing and changing quickly. To take one example, several European countries are now considering whether to ban hacker tools. But as experience has shown in the business world, the odds of preventing the dissemination of free, constantly changing software will not be easy.

In order to counter the considerable advantages of cyber attackers, governments must begin to look beyond their own borders as a rule rather than as the exception. The current enforcement environment is like a futuristic free-for-all, with corporate bounties, cyber vigilantism, and controversial sting operations by frustrated law enforcement taking the place of thoughtful, considered action.

Estonia is one government that is facing this important issue head on, and many of its allies – including the United States – are joining in. In January 2008, the government of Estonia hosted delegations from nearly half of the twenty-six member NATO Alliance, including Spain, Italy, and Germany, to discuss one possible solution to the cyber attack dilemma: the establishment of a NATO Centre of Excellence based on the principle of cooperative cyber defense.

Because computer investigations require the correlation of so many data points, which rarely exist in one country, a focused multi-national approach is the best way to take away the power and anonymity of a cyber attacker. The Centre of Excellence is designed to facilitate international collaboration, the sharing of national insight, and the coordination of mission, manpower, and mechanisms, all within the framework of an already powerful alliance.

Estonia's experience last year was not the first time that NATO has witnessed a cyber attack. During the 1999 war over Kosovo, NATO itself was the target of similar attacks, including a barrage of virus-infected email. It is not a question of whether there will be another cyber attack against NATO, but when. Is the alliance ready? That question has yet to be answered, but at the Cyber Centre of Excellence, the preparations have already begun.

[Kenneth Geers is the U.S. Representative to the Cyber Centre of Excellence in Tallinn, Estonia.]