Tuesday, June 12, 2007

The Siege of Estonia

As most regular viewers of CNN are probably aware, the city of Tallinn in Estonia recently removed the statue of a Soviet soldier from a central park and moved it to a military graveyard in the suburbs.

Many Russians took this news badly - both in Estonia and at home. While Estonians had their own reasons for hating the statue, Russians viewed the statue as a symbol of their role in the liberation of Tallinn, and inevitably, protests and a political firefight followed.

Then, as the controversy grew, a new phenomenon occurred: in the weeks that followed the outbreak of anger, Estonia became the first state to experience a new twist on one of the oldest battle strategies there is: the siege.

In this instance, the siege involved stopping the normal flow of data in and out of the country. This was accomplished by packet flooding - i.e. by flooding Estonia's computer networks and connected devices with massive amounts of meaningless data.

The result was dramatic - the packet flood siege shut down whole networks, preventing communication, transactions and normal commerce.

Speculation continues as to the source, but Estonia insists that Russia - or Russian patriots - initiated the flood.

Assuming Russia did carry out this siege, they are not alone in having this capability, according to the Department of Defense. We should assume the US, the originator of the Internet, has this capability. And, according to a DoD report published last month, China has been building up its capabilities in this area, with a view to possibly taking out Taiwan's computer networks. Here's an excerpt:

"The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks... a limited military campaign could include computer network attacks against Taiwan’s political, military, and economic infrastructure to undermine the Taiwan population’s confidence in its leadership."

Most IT organizations have experienced some form of flood attack, and seen the effects: late nights, lost productivity, underutilized assets and, in the worst instances, data corruption or loss, but this is the first time I'm aware of that a whole country has been targeted.

As indicated by this event, an attack on a country's data infrastructure could potentially have long-term effects, in addition to the short-term disruptions to commerce, food production, utilities and the ability of law enforcement to ensure security.

Estonia may be small, but there is no reason a similar attack could not be mounted on IP blocks in the US, in Israel or Palestine (where one of the world's fiercest cyberbattles continues), or anywhere else where political interests collide.

Though telecommunications are regulated by federal bodies in virtually all countries, data security and network security practices do not come under the command of a unified group in any of the countries I have visited - except China. We may need to rethink this.

No comments: