Nation states seen as biggest cybersecurity threat

Estonia serves as a model of the dangers lurking behind coordinated Internet attacks.

A prominent cybersecurity expert and the Estonian ambassador to the United States cautioned government insiders Thursday to be mindful of the significant threat that coordinated attacks by nation states can pose to a country's digital infrastructure.

Speaking at a breakfast hosted by Government Executive and the European Affairs journal, Dmitri Alperovitch, president of Asymmetric Cyber Operations LLC, outlined the categories of Internet adversaries, placing nation states ahead of terrorist groups, hacktivist collectives and organized crime as the biggest threat to national security on the digital front.

"I don't believe we have a cyber problem today," Alperovitch said. "I believe we have a China problem today, I believe we have a Russia problem today."

The true danger of nationally coordinated cyberattacks, he said, is that they are easy to deny, making a police or military response impossible.

Alperovitch also noted that though nation-sponsored attacks could inflict harm on the order of espionage or sabotage, they remain unlikely to cause the type of damage associated with Sept. 11 or Pearl Harbor. "Some people talk about cyber 9/11, cyber Pearl Harbor," he said. "It is very, very unlikely, almost impossible -- probably just below that line -- to cause strategic destructive damage on par with those types of events in cyberspace today."

In 2007, Estonia, a nation so fully Web-integrated that almost all its citizens vote and do their banking online, was the first country to experience a coordinated attack on its government and financial systems. Estonian ambassador Marina Kaljurand, who was ambassador to Russia at the time, said government officials strongly suspected Russia was behind the attack. But, she noted, such allegations were hard to prove.

"If the Russian government wasn't supporting [the attack], it was at least tolerating it," Kaljurand said, noting that officials were uncooperative in Estonia's cleanup efforts.

Asked whether national cybersecurity breaches should be treated as armed attack under Article Five of the North Atlantic Treaty, Kaljurand said nations like Russia would "pay more attention" if cybersecurity were identified as a significant threat.

Estonia officials considered invoking Article Five in the wake of the 2007 attacks, Kaljurand said, but refrained from doing so because the assault proved to be disruptive rather than destructive.

Alperovitch expressed skepticism about NATO intervention in such events, saying that any new convention on cybersecurity likely would require "tens of years" to take effect.

Ultimately, Kaljurand said, all cybersecurity problems boil down to whether someone is trustworthy or careful enough to be given access to sensitive information. "There's lots of information in cyberspace, and the weakest link is human," she said.

But the strongest link can be human, as well. As part of its response to the 2007 attacks, the Estonian government offered financial support and benefits to private hacker groups in exchange for assistance with cybersecurity measures. Estonia must rely on these so-called patriotic hackers, according to the ambassador. "We don't have huge defense industries. We don't have defense industries at all," she said.

Though the patriotic hacker model is one that can be implemented in other nations, Kaljurand was quick to add, "This cooperation can only be based on trust. If there is no trust, there cannot be cooperation."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.