The Epoch Times reports:
Although the attacks on Estonia—one of the world’s most wired countries—did not involve physical attack, virtually the whole country came to a standstill as banks, communications, and government fell victim to cyberattacks.
It did not come to a standstill. Whenever an article starts with this meme, enjoy the line of argument ahead. Like this one:
“Just as organized crime groups have hired hackers, it is possible that nation states could hire or distantly support jihad networks and launch cyber-attacks through them,” states an April 17 report from Project Cyber Dawn, part of The Cyber Security Forum Initiative.
I guess the story the author wants to convey is: Botnets can bring down a country (Estonia, Georgia), there is an underground market for botnets, you can rent a botnet from a criminal group or person, you can “weaponize” a botnet, elite hacker groups can consist of jihadists. Hence you can bring down the US or one of its allies by renting a botnet from jihadists.
What you could read is: Estonia was not brought down to a standstill – thanks to the intervention of some capable, mostly local IT experts –, even though it’s a small country with just 1.3 m inhabitants.
Irrespective of David Eaves’ speculations about the underlying motives of the U.S., UK and the remaining Open Government Partnership cosigners, internet security certainly is a subfield of strategic foreign policy thinking. On the Atlantic Council website, John Healey has summed up the current status quo of the discussions for cybersecurity treaty. The Sino-Russian UN proposal for an “International Code of Conduct for International Security”. Healy has an excerpt addressing Twitter revolutions (Russia’s and China’s noospheric soft belly) …
The Russian and Chinese proposal asks for nations to pledge to
… prevent other states from using their resources, critical infrastructures, core technologies or other advantages, to undermine the rights of other countries … to independent control of ICTs, or to threaten other countries’ political, economic and social security.
… and the points at the omission of paragraphs on patriotic hackers (kind of unlawful cyber combatants posing asymmetric risks for the West):
Any UN voluntary code should include a pledge by nations to control patriotic hackers, militias, or other groups that are ignored, encouraged, or even supported by governments. This has been a scourge of modern cyber conflict and is a lead cause of instability in cyberspace, helping to escalate crises. And Russia and China are the particular sponsors of such groups as seen in Estonia and Georgia (Russia) and against the United States after Hainan Island incident and bombing of the Beijing embassy in Belgrade (China).
(Annotation: In Germany, courts have ruled human-bot-driven DDoS attacks legal and likened them to likewise legal sit-ins, which block traffic from and to property in the physical world.)
Update: The Council of Foreign Relations has a blog entry – alas too short – on the Chinese perspective of the geopolitics in cyberspace.
But taken together with China’s proposed International Code of Conduct for Information Security, they suggest that some observers in China feel that the United States has gained momentum in cyberspace with the introduction of the International Strategy for Cyberspace and the DoD Strategy for Operating in Cyberspace.
“The threat is there to see and if the worst were to happen…” (Donald Rumsfeld, Feb 2003)
Looks like Stuxnet is the best of all electronic Pearl Harbours, so far. The signs on the walls of what could be. The “game changer” (DHS cyber director), the menace that seems to convince politicians, media and the public alike that there is something potentially very threatening. It has taken some fifteen years of fear mongering to achieve that.
Menaces, threats, risks, dangers require responses, yet which? […]
The Baltic TImes reports:
Estonia’s defense minister has said he plans to create a volunteer “cyber defense league”… “We are thinking of introducing this conscript service, a cyber service,” Defense Minister Jaak Aaviksoo said in an interview with NPR. “[Our] league brings together specialists in cyberdefense who work in the private sector as well as in different government agencies.”
[…]