This week, NATO will conduct a large-scale cyber defense drill using hundreds of computer scientists from over sixteen nations. The exercise will be led by the NATO Cooperative Cyber Defense Center of Excellence in Talinn, Estonia. These NATO Centers of Excellence are nationally-funded, NATO accredited, specialized institutions designed improve capabilities and readiness in light of various threats, as well as to conduct research on areas of importance to the alliance. (Such as energy security, strategic communications, command and control, among others)
It’s especially noteworthy that Estonian authorities decided to take the initiative in 2008 and establish the Cooperative Cyber Defense Center. In 2007, a massive cyber attack digitally crippled the Estonian parliament, newspapers, television broadcasters and even a segment of the banking infrastructure. The large-scale attack utilized DDoS (distributed denial of service) tactics to bottleneck online public service portals as well as block citizen usage of vital social infrastructure such as emergency ambulance and fire.
The attacks occurred during the same month in which the Tallinn city government was in the process of exhuming and identifying graves of WWII-era Red Army soldiers with the intention of moving them to another graveyard. Russian authorities expressed indignant outrage regarding the transfer, thus many Estonian security officers and other observers believe that the Kremlin was behind the cyber attack. The evidence largely backs this up, as the sheer scale of the operation as well as the coordinated, specific targets implies state involvement or consent.
However, the Estonian government has been very active in cultivating a robust public and private sector information technology industry. Estonians lead the world in start-ups per capita. Estonian technologists produced such gems as Kazaa and Skype. Due to its hardy IT sector and a deluge of geek knowledge, the Estonian economy and infrastructure suffered relatively little long-term damage from the attack. The 2007 attack on Estonia, as well as the coordinated cyber operations against Georgia during the 2008 conflict with Russia, triggered renewed attention to NATO member states’ digital vulnerabilities in today’s networked society.
In the NATO Wales summit declaration from September 2014, two sections extensively discuss methods to address cyber security. It states, “A decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis.” This is a new development that is especially pertinent in light of the geographic realities of the NATO member states that could be considered to be in Russia’s periphery. The ongoing evaluation of cyber aggression’s impact on traditional security themes such as deterrence and first strike capabilities will continue to develop into the foreseeable future. How NATO addresses this new medium of conflict in light of a resurgent Russia remains to be seen.