This is a summary of an event with Toomas Hendrik Ilves, President of Estonia, on 21 May 2013; it reflects the views expressed by the speaker and not those of The Henry Jackson Society or its staff.
To view the full transcript of the event, click here
Cyber attacks are amongst the biggest emerging threats to security that states face today and this was highlighted by the unprecedented cyber assault suffered by Estonia in 2007. Estonian banks, news organisations, government agencies, and political parties all suffered debilitating online attacks. Addressing an audience in Parliament on 21st May, the President of Estonia, Toomas Hendrik Ilves, spoke about the cyber attacks his country suffered, the various cyber-based threats states face, and how cyber security can be made more robust.
According to President Ilves:
Recent events have shown us the dangerous and diverse nature of cyber attacks:
- In 2007 Estonia suffered distributed denial-of-service (DDoS) attacks in which the servers of many of the country’s biggest and most important websites were overloaded to the point of becoming inaccessible. President Ilves drew an analogy between these DDoS attacks and inviting ten people to a children’s birthday party and having two thousand guests arrive;
- Russia used a combination of cyber and conventional military attacks in the 2008 war with Georgia. Georgian media outlets were targeted before missile attacks were launched;
- Cyber attacks leave various areas of research and development vulnerable to intellectual theft, threatening important sources of national wealth;
- This danger was illustrated last year when former FBI Executive Assistant Director Shawn Henry’s testimony to Congress revealed that a US company lost all research from their ten-year billion dollar project in a single weekend to cyber theft.
We can enhance cyber security by:
- Using systems that verify identities online. In order to do this we need to extend the Lockean contract that gives governments the monopoly on the use of force, providing them additional control over responsibility for identity;
- Attempting to implement any such system is likely to be most challenging in English-speaking countries, as these tend to have electorates which are extremely nervous about identity and privacy issues, a tradition that goes as far back as Locke;
- Extending international law to create transnational rules directly relevant to cyber security. Various international conventions regulating warfare exist, but it is not clear how they apply to cyber security specifically;
- Although there is a Council of Europe convention that obliges signatories to prosecute cyber criminals, it has yet to be ratified by members including Russia, Belarus, and Ukraine. More encouragingly, the Convention has been adopted by several non-European states including the US, Canada, Japan, and the Philippines.
The Prime Minister’s Special Representative to Business on Cyber Security Baroness Neville-Jones also took part in the discussion. She offered the following thoughts on cyber security:
- Since the end of the Cold War a significant change has taken place in the balance of power and responsibility between the state and the individual. In the Cold War, security was generally seen as being the responsibility of the state;
- Today, the internet gives the individual greater power over his or her identity and it is widely accepted that the individual must also take some responsibility in protecting this identity. For example, it is for the individual decide how much information he or she chooses to reveal on a social networking site. This shift in balance creates difficult questions about how much responsibility the state should take with respect to identity protection;
- Economically, Britain is a highly interconnected society. This means that if something goes wrong, the effects are felt throughout the country. For example, the fuel protests in 2000 in which protesters blockaded oil refineries had a devastating effect on the British economy. This interdependence means that a cyber attack could be extremely harmful to Britain;
- Governments are not ignoring the threat of cyber attacks, but it will be extremely difficult for them to prevent assaults entirely.