In Georgia, reports indicate that organized cyber-warfare attacks continue against key government websites - attacks that appear to be coming from organized groups in Russia.

Suspicions that these attacks - like an even larger cyber-assault last year on Estonia - are offensive tactics orchestrated and used by the Russian government and have triggered fresh thinking in the U.S. and European capitals about what strategy might help deter such cyber-aggression in the future.

“Cyber-attack by a nation is very different from cyber-attack by a hacker,” says Admiral Bill Owens, a specialist about the threat. He told the Financial Times that the risks for major nations are rising to the point where it may be time to consider a defensive doctrine similar to “mutually assured destruction.” That was the name for a balance of nuclear weapons between the superpowers during the cold war that convinced both sides that it would be self-destructive to launch a nuclear attack.

Similarly, Owens said, diplomats might take another page from cold war arms-control and urge countries to pledge “no first use” of cyber-war - along the lines of the “no first use” pledges about nuclear weapons.

Although Georgia does not have enough web infrastructures to be very vulnerable in this area, the organized hacking it sustained comes against a background of reported attacks on government facilities in the U.S., France, Britain and Germany that were apparently probes of Western defenses or espionage to glean secret information. Both Russia and China have specialized military units that specialize in cyber-warfare, according to Western specialists. NATO is developing similar expertise.

Evoking the possibility of Western retaliation against attacks masterminded by another government, Owens said “I think that the U.S. and China have an ability to shut down each other’s societies on the internet today.”

This latest cyber-attack has spurred Europe and the U.S. to seek policy clarifications, new technical ripostes and closer cooperation, including via NATO. Michael Chertoff, U.S. Homeland Security Secretary, outlining plans for a “Manhattan project” for IT-security, warned recently that “a big and successful attack would have cascading effects across the country and across the world”.

Though there are similarities in both attacks there are also key differences between Estonia and Georgia specialists say. This time the hackers are targeting specific government websites such as the president’s, the parliament’s and the foreign ministry’s. In fact, web traffic is being redirected to sites in Russia and Turkey that could be the first step towards controlling Georgia’s incoming and outgoing high-level communications. That is the kind of control Russia would need to help oust President Mikheil Saakasvili.

Seven NATO members signed a pact in late May formally establishing an alliance-wide “center of excellence” in Estonia to combat the growing threat of cyber-terrorism.  Officially called the Cooperative Cyber Defence Centre of Excellence, the center will be operational later this year and officially open its doors in early 2009.  It will have an initial staff of 30 experts, half of whom will come from the seven founding countries.  The U.S. will participate as an observer alongside the seven: Germany, Italy, Spain, Latvia, Lithuania, Slovakia and Estonia. Other alliance states are expected to join the project as it moves forward.

The centre’s purpose is to improve preparedness and inter-operability within NATO on cyber-defense, officials said, adding that allied experts also want to draw up an alliance-wide cyber-defence doctrine, including legal mechanisms. The center will also provide training, assess threats and steer research projects.

The choice of Estonia’s capital, Tallinn, as the site for the center is significant and appropriate.  Just more than a year ago, Estonia - which has a high degree of computer infrastructure - became the first victim of an all-out cyber assault on the nation’s on-line electronic services in a string of network attacks that apparently originated in Moscow.  The Estonian government had moved a bronze statue of a Soviet soldier-a reminder of the USSR’s former dominance of the country-from a prominent spot in central Tallinn to a military cemetery. 

The current issue of European Affairs carries a comprehensive and insightful analysis of the “cyber war” on Estonia a year ago. Kertu Ruus, an Estonian journalist (who is a member of our quartely’s editorial board) tracks exactly how Estonian government and private networks were attacked by massive “botnets,” which are huge networks of so-called “zombie” computers that are hacked into and made to access targeted networks.  Ruus’s article also details the NATO allies’ response to the attacks, and the call by some to invoke Article 5’s rule that an attack on one ally is an attack on all.

The U.S., for its part, has also stepped up its efforts to defend against cyber crime.  As noted here last month, Secretary of Homeland Security Michael Chertoff has compared the risks presented by cyber terror to the impact of 9/11.  Addressing a group of IT professionals in Silicon Valley last month, he implored the industry to “send some of your brightest and best to do service in the government.

Meanwhile the European Observer  says that EU has launched a public consultation on how to combat high-tech crime and warfare, but predicts that Brussels will move  cautiously on the possible legislative remedies and instead stress strengthened cooperation between EU states.

Another coordinated cyber attack - this time on the websites operated by Radio Free Europe/Radio Liberty (RFE/RL) - was launched over the weekend that marked the one-year anniversary of the “cyber war” offensive against Estonia. That three-week internet barrage on Estonia’s civil electronic portals occurred amid ire in Moscow about Estonia’s decision to move a Soviet war memorial out of the city center in the Estonian capital, Tallinn. Labeled the world’s first “cyber war” by some observers, the episode is recounted and analyzed in depth in Kertu Ruus’s article in the newest issue of European Affairs.

This time, the principal targets were RFE/RL’s sites in Belarus, which were put out of action for several days until the attacks were publicly reported - and then abruptly ceased. April 26, the day the attacks began, was the 22nd anniversary of the Chernobyl disaster, and RFE/RL had been planning live internet coverage of a large rally that day protesting the plight of uncompensated Chernobyl victims - many of whom lived in Belarus and were in the zone of heavy radioactive fallout from the reactor that suffered a meltdown in neighboring Ukraine. At the time, in 1986, both those countries were part of the Soviet Union and ruled from Moscow.

The recent cyber attacks came just days after the so-called “Hackers Panel” convened in London at the annual InfoSecurity Europe conference. The panel includes “white hat” hackers, who help companies tighten up their digital security by searching for flaws in their defenses. This year the hackers, who for the first time broke their usual custom of anonymity, warned that major nationwide British shopping chains were likely prime targets for future cyber attacks. “If someone wants to have a pop at the UK, they are unlikely to go for the government web servers,” said Steve Armstrong, an expert in hacking and a member of the panel. “They will go for the lower hanging fruit - companies which are seen as good representatives of the country.”

Related Post:
Lessons from Estonia: Homeland Security Chief Says Cyber Threat “on par with 9/11″, 18 April 2008

See Also:
RFE/RL Websites Hit By Mass Cyberattack, Radio Free Europe/Radio Liberty, 28 April 2008
Radio Free Europe says it’s under cyber attack, Associated Press, 28 April 2008
Hackers warn High Street chains, BBC News, 25 April 2008

Michael Chertoff, the U.S. homeland security head, warned recently that the potential harm of a cyber-warfare attack was “on a par” with what the United States sustained in the 9/11 terrorist attacks in 2001. He issued the warning this month at a public meeting of information-technology specialists in California.

This threat is treated in depth in the current issue of European Affairs, due out this week in the article entitled “Cyber War I” about the massive attack last year on Estonia’s civilian infrastructure of communications, finance and public service. Western defenses are still in their infancy, and Chertoff’s comments were partly aimed at getting the tech community to overcome their inhibitions about helping national security in this realm. As described in this reconstruction of the episode in Estonia, the tide was turned in Cyber War I partly thanks to a helping hand from some top global geeks. Written by Kertu Ruus, U.S. bureau chief of the leading Estonian business daily Aripaev, the article talks about the status of Western readiness against computer warfare, including the creation in Estonia of a NATO center to work on this specialized form of war.

At last week’s IT conference in Silicon Valley, Chertoff’s overtures to technology’s private sector were clear: “Please send some of your brightest and best to do service in the government,” he asked the audience. He acknowledged that the Federal government is unable to compete with private industry in terms of money, but hoped that some of the U.S.’s top IT professionals would be drawn to DHS out of a desire to serve their country.

Read Kertu Ruus’s account of Cyber War I in the upcoming issue of European Affairs.

See Also: Cyber risk ‘equals 9/11 impact’, BBC News, 8 April 2008