Ten Years Since The Outbreak Web War One

It was ten yeras ago that Russian hackers attacked Estonia, crippling government websites and emails, so that it was unable to counter a Kremlin propaganda blizzard that depicted the Baltic state as a hellhole run by fascists. The attack also swamped online banking and public services.

Estonia, one of the world’s most Internet-savvy countries, soon bounced back. But a decade later, we are still grappling with the new era of increasingly sophisticated digital weapons.

The natural reaction is to look for answers from the nuclear age. We developed weapons of awesome destructive power but we also created a diplomatic, legal and strategic framework that contained them. MAD, mutual assured destruction, plus the non-proliferation treaty and a series of arms-control deals saved us from Armageddon. We should do the same in cyber-space.

The ambition is laudable. The digital arms race is spiraling out of control. Cyber-weapons are getting more sophisticated, just as our dependence on computers and networks is accelerating. 
A few lines of code, maliciously deployed, can bring down an airliner, burn down a house, shut down a power grid or freeze a financial system. In an interlinked, inter-dependent world, all the cyber-powers should have an interest in refraining from such attacks.

Yet the nuclear analogy is misleading. A nuclear warhead, and the missile that delivers it, are open to precise measurement and calculation. So too are the means for stopping them, such as missile defence systems. That meant that the superpowers could put transparency at the heart of nuclear arms control and deterrence, “trust but verify” as Ronald Reagan phrased it.

But digital weapons are invisible and their powers are a matter of guesswork. Cyber-arsenals are necessarily shrouded in total secrecy. If you have the ability to make Vladimir Putin’s mobile phone catch fire in his pocket, by remotely sabotaging the software that controls the battery, you certainly won’t disclose it. He will get a different phone and you must invent another weapon. If Russia’s cyber-soldiers can do the same thing with Donald Trump’s phone, they won’t disclose it either. Until recently countries did not want even to admit that they possessed offensive cyber capabilities at all.
In real-world, “kinetic” in military parlance, warfare you also have a pretty good idea of who is shooting at you. In cyber-space, you may be mystified. Though Nato believes that Russia was behind the attack on Estonia in 2007, the Kremlin disputes it. 

That kind of crude swamping attack can be organised quickly for a few hundred pounds. All you do is rent a “botnet”, a swarm of computers, to send simultaneous phony Internet requests to the target until it crashes. The owners of these computers will have no idea that their machines have been conscripted into a digital renta-mob.
More sophisticated attacks may leave more clues, such as the time zone and language in which malicious software is written. This is why cyber-forensics experts believe Russia was behind last year’s attacks on the American political system.
But these trails of digital breadcrumbs can be faked. The US says that it reserves the right to retaliate to a cyber-attack with kinetic force: i.e., high explosive. That is a powerful deterrent, if the Pentagon can be sure that its response will be directed against the real perpetrator.

Even if you are sure of the attacker’s identity, his motives may be obscure. Nuclear weapons were a binary threat: they are either being used or they are not. Digital techniques are much subtler; the lines between espionage, political competition and outright warfare are blurry. Are you hacking into Mr Putin’s phone to bug it or to blow it up? Or both?

In 2015 it emerged that hackers, said to be Chinese, had broken into the US Office of Personnel Management and stolen 20 million files containing details of current and former government officials. That caused anguish in American spookdom (it’s hard to spy on China when its spy-catchers know who to look out for). But not outrage; the CIA would do the same to China, given the chance.

Perhaps trickiest of all for military planners is that digital weapons may hit energy, financial and transport systems over which they have little or no control. It is one thing to harden your nuclear bunkers against a rocket attack, quite another to fortify your country’s editorial decision-making. A state’s single biggest vulnerability may be individual carelessness with logins and passwords.

The line between political influence and coercion is particularly blurry. Many Americans are furious about the Russian propaganda and other attacks during last year’s presidential election. But Russians would argue that in the 1990s America repeatedly threw its weight behind favoured candidates in Russian elections. It may be unpleasant to be on the receiving end of such tactics, but it is hard to put them in the same category as a missile strike.

A Nato cyber-centre (appropriately in the Estonian capital Tallinn) publishes a thought-provoking law manual for cyber-conflict. Oxford University politics dons are applying their minds to digital security issues too. But the insidiousness and scope of digital weapons makes them more like terrorism than old-style warfare: we civilians are in the front line whether we like it or not.

The Times

You Might Also Read:

How A Nation Became Russia's Cyberwar Experiment:

Hacker, Tailor, Soldier, Spy: Future Cyberwar:

Information Warfare Isn’t Just Russian – It’s Also American As Apple Pie:

 

« App Or Browser: Which Is Safer For Online Banking?
Hacking A Chip With A Wave of Your Hand »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Andesite

Andesite

Andesite is delivering sustained advantage to cyber defense teams through technology and community.

Swise

Swise

Swise is a Cyber security and compliance platform for your small business. Simplify and automate your security and compliance with our AI-powered platform.