X

Estonia posts its cybersecurity strategy

Report seeks to establish good cybersecurity practices within the country while urging global condemnation of all cybersecurity threats in the future.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi

Eighteen months after a denial-of-service attack, the Estonian Ministry of Defense has posted a detailed report (PDF) on the attacks. While focusing on specific steps the nation needs to take to prevent another attack, the report contains global recommendations as well.

In May 2007, the Baltic nation experienced a series of denial-of-service (DoS) attacks as a result of its government's decision to relocate a statue honoring an unknown Russian person killed during World War II. At Black Hat in 2007, security expert Gadi Evron said the attacks were not directed by the Russian Federation, or any government entity; he suggested it was the work of a "flash mob" of individuals from all over the world. In January, a native Russian in Estonia was convicted for his involvement in the event.

The report calls for Estonia to apply a graduated system of security measures, develop high awareness of information security to the highest standard, develop appropriate regulatory and legal framework of information systems, and promote international cooperation toward achieving global cybersecurity.

On the latter topic, Estonia will seek global condemnation of cyberattacks given the impact on individuals' livelihoods. In Estonia, a nation that is well-wired per capita, the DoS attacks shut down local ISPs and prevented people from buying food, getting gas, or completing bank transactions for several days.

The report concludes that Estonia should seek the cooperation of all nations in strengthening local cybersecurity law enforcement by presenting its expertise and experience at global security conferences.