Too little, too late? Should we be faster to point the finger of blame at cyber attackers?
Countries are increasingly joining forces to name-and-shame nations that launch disruptive cyber attacks, but the move should have happened sooner, according to the former Foreign Secretary of Estonia.
Marina Kaljurand served in the role from July 2015 to October 2016 and has been involved in Estonia’s foreign affairs since the early 1990s.
The country has a population of 1.3 million, but it’s become a benchmark of digital and online services, with 99 percent of government services available digitally.
However, this reliance on the internet made Estonia vulnerable: in 2007 the country became the first in the world to become a victim of politically motivated cyber attacks when a series of distributed denial-of-services (DDoS) attacks targeted infrastructure.
At the time of the incident Estonia was involved in a political dispute with Russia; the Kremlin denied it was involved with the attacks, although Estonia remains unconvinced.
“Our then defence minister answered the question and his logic was if somebody looks like a dog, talks like a dog, eats like a dog, then most probably it’s a dog – in our case it was a bear,” Kaljurand said during her keynote address at Black Hat Europe in London.
However, Estonia stood alone in attributing the attacks to Russia, with neither NATO or the European Commission able to find any proof of links to Moscow.
In the decade since, Estonia has bolstered its cyber security protections and has pushed for international cooperation against the cyber attacks. In that time, offensive cyber capabilities have grown, with nation-state backed cyber attacks having notably taken down power-grids in Ukraine and caused chaos around the world with the spread of WannaCry ransomware and NotPetya.
But according to Kaljurand the processes of response and attribution by nation-states have struggled to keep up with the fast evolving world of cyber operations “we might argue that it’s too little and too late,” she said.
When it came to the attribution of the cyber attacks against Sony by North Korea and the attribution of the cyber attacks against the Democratic National Committee to Russia-backed hackers, the US first pointed the finger of blame. But in February 2018, countries including the US, the UK, Canada, Australia, New Zealand, Lithuania and Estonia jointly blamed Russia for NotPetya – but Kaljurand still doesn’t think this was enough and that more countries should have been a part of the coordinated action.
“That immediately raised the question: where’s Germany? Where’s France? Where’s Italy? Where are others?,” she asked. By others, she was referring to the European Union, which eventually issued a statement in April, but Kaljurand dismissed the response as “really poor and weak” as it “didn’t name any countries”.
But following attempts by the Russian military intelligence service (GRU) to launch cyber attacks against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Hague, the European Union has spoken out against Russian cyber activity, joining the US in doing so.
This attribution was also supported by NATO secretary general Jens Stolenberg, marking the first time the organisation has attributed cyber attacks to a nation-state
“What was important about those attributions it was the first one against Russians hacking into the organisation for chemical weapons that was supported collectively by all NATO members – it was expressed in a statement by the secretary general of Nato,” said Kaljurand.
So while Estonia stood alone following the 2007 cyber attacks, things have moved forward and according to Kaljurand, the prospect of nation-states working together against those who use cyber attacks for disruption and destruction can be a significant movement.
“What I see today, 11 years later, is states are supporting each others attribution and these are very strong and powerful political movements”.
READ MORE ON CYBER SECURITY