Aleks Ìý Ìý I want to touch on some of those issues in a little while but before we get to that er, I think it's a very interesting modern phenomenon certainly um, and it'll be, it'll be interesting to look at Estonia within the context of the global openness and transparency. ÌýBut before we go on to that I'm interested in how you feel the, the cyber attacks in April 2007 may have affected um, Estonians beliefs in the internet whether it's the transparency, whether it's the trust?
President Ilves Ìý Ìý Well OK the er, I mean the cyber attacks um, in 2007 I guess er, I mean if you, you know, um, because of my own personal interest I mean the, in the 90's you could you know, people speculating that in the future people could use cyber attacks and cyber warfare and. ÌýUm, no Estonia first of all was much better prepared than I think er, almost any other country would have been because er, we had just two months earlier in fact war gamed or gamed cyber attacks because we had our first national, our general elections in which people could vote um, on the web. ÌýAnd since we um, since er, everyone anticipated or we anticipated that every hacker worth his salt would as a matter of pride and honour attempt to, to sabotage the elections we actually went through what would happen if we got distributor denial of service or DDOS attacks. ÌýEr, and figured out well if we got these things then we would er, there are a number of strategies to follow, a number of er, partners in the European Union with which we sort of er, cooperated or, or in the process of the war gaming, or the gaming decided we will if this happened we would do that. There were no real, no er, noticeable attacks on er, during the election. ÌýNow when the, these attacks took place er, contrary to at least some of the spin given to it, it was quite organised in that if you actually look at the er, the level of attacks er, er, they drop off immediately at er, 2400 Greenwich Mean Time on the 9th. ÌýEr, no ............... little bit about math and generally how things run I mean it wasn't a galcean normal curve. ÌýEr, I said why is that? ÌýThey said because the money stopped. Er, basically you can treat the cyber attacks in that, in that case as a er, a public private partnership involving at least on one part the Mafia or the, because er, I mean generally er, DDOS attacks are against um, well are, are, are, they're bought. ÌýI mean you rent er, bots, robot networks which then use to spam computer spam servers, knock them out. ÌýUm, it's use er, they're used or had been used previously mainly in extortion cases with um, saying well you know, you pay us $200,000 and we wont' shut down the server er, that you need to run your business. Er, so er, the clear deduction was that this was paid for er, you know, the amount of money is not insignificant. ÌýI mean someone paid for er, paid these illegal bot nets to do this. ÌýUm, and what did, how did it affect us? ÌýWell I mean it affected us mainly er, in that um, the er, government sites were shut down um, bus er, businesses were shut down, banks were targeted. ÌýUm, all in all er, they were fairly primitive in that um, and if you talk to er, cyber er, crime, cyber war experts today they said well OK that was nice but er, generally we're much more worried about other things. Today that was er, in fact the first time we'd seen this used as an instrument or political or of policy. ÌýEr, but these days' things can be much worse which I agree. ÌýI mean um, I guess it was more that the, there had been er, DDOS attacks er, previously um, against er, certain ministries. ÌýUm, in fact the UK, the German, the French er, and the US Ministries of Defence or the Pentagon had all been attacked but this was sort of you know, all out.
Aleks Ìý Ìý Ìý Ìý And, and their tactics were fascinating given well two things. ÌýGiven um, their approach to attack the finance system and the communications system and then also and the, the government websites as well. ÌýAlthough they didn't do things like transport and justice and some of the other elements of a nation state. ÌýBut also secondarily because it was associated with physical riots because of what was happening on the street here and ultimately what was happening in Moscow as well.
President Ilves Ìý Right.Ìý
Aleks Ìý Ìý Did you at any point er, get the sense that there could potentially be an escalation because of the combination of the cyber war and the physical riots that were going on both here and in Russia?
President Ilves Ìý ÌýWell I was not worried about a escalation er, we were a member of NATO I mean so. ÌýEr, there are a couple of issues. ÌýI, I mean I, when I said things were mo, had moved beyond that I think if you look at the er, the report done by the er, cyber consequences unit in the united States which analysed the Georgina War and how er, the er, how cyber attacks were used there, it was far more sophisticated because it wasn't just sort of a blanket approach to sites. ÌýEr, places the, er, the first time ever we saw something that could only have been in the minds of sort of science fiction writers.
Aleks Ìý Ìý Ìý Ìý Ìý Absolutely.Ìý
President Ilves Ìý ÌýWhich was that you have military installations or you would put up in a er, on a site that not, I mean very few people knew but you put up where you would be attacking in half an hour and post the, the URL. And then people around the world would er, would sort of start er, sort of their DDOS sort of programmes to take down the sites. ÌýNow that is a, that is a, that was a major step in er, sophistication that you coordinate through using people around the world to coordinate military, the physical military attacks with cyber attacks. ÌýUm, that's interesting. ÌýNow this moves on to sort of some very serious issues er, regarding things such as NATO. Because um, I mean we, we, we are at a point in which a um, in NATO we have Article 5 that says, and it's the 3 Musketeer clause; an attack on one is an attack on all and all for one. ÌýIf you er, shoot a missile at a er, a sort of a, a, a NATO country's electrical plant er, that is an act of war. ÌýArticle 5 says OK we have been attacked we all now go and attack the country that, or whoever attacked the electrical system or whatever. OK um, but if you take out the same electrical system with um, with a cyber attack so you don't know who did it, you can have a, you can have a guess but you don't really know who did it. And secondly what is the response? ÌýBecause in the case of er, say a missile attack well basically the idea is a proportional response. ÌýSo you don't start a nuclear war because someone's blown up your electrical plant in one small place. ÌýBut what is the appropriate response? ÌýYou don't, you don't have responsibility, you haven't been able to ascertain responsibility and what do you do back? ÌýUm, so er, the whole issue of deterrents come in; how do you, what do you do I mean? And these are the kinds of philosophical strategic issues that er, I think people are grappling with today. ÌýBecause er, it's quite clear that um, you can do er, basically all of the bad things that a war does without using dynamite, TNT, missiles. ÌýI mean there was the case in um, er, it was reported in the Wall Street Journal in the spring about er, malware found in, in er, in an electrical grid where any system controlling that one third of the west's electrical grid. Um, and there have been a number of other things that have, I mean there have been suggestions that a number of electrical failures have been due to cyber attacks. ÌýIntentional, unintentional we don't know. ÌýIn any case it's a whole, it's a whole new, brand new area and that's what for example here in Tallinn er, we are, are er, are er, our people and our various allies from different countries are working on at the NATO Cyber Security Centre.
Aleks Ìý This two pronged attack though, many of the people we have spoken with have, have emphasised that you know, it was, it was, it was a joined up manoeuvre in that you know, stuff has gone on outside, people who didn't' access say banks or didn't' have that constant update of communication, there was a real kind of um, well there is not a lot that people could really do. ÌýThey weren't able to figure out what was going on and that has a, a real psychological effect on a population if more and more of us are relying upon online information, on line networking to do our daily businesses.
President Ilves Ìý ÌýWell I mean you couldn't er, I mean if you take down the newspapers you, you don't know what's going on in, in the country. ÌýEr, if you take down the banks your business or basically economic activity is paralysed. ÌýI mean we had a fairly, I mean we had a, the first line was to simply isolate the country from domestic, I mean the dome, er, the country from outside attacks which you know, considerably eased the problem. ÌýEr, however, er, well if you're a country like ours er, which is so dependent upon foreign trade. ÌýEr, I mean if you're a large, you're a big country that you have a huge domestic market then, then you can maybe ti, tolerate it a little longer. But I mean we have a country in which you know, one of the highest er, export to GDP ratios in the world. ÌýSo I mean everything is based on transfers of funds to here and out and all that stuff because you know, you can't get messages in. ÌýPeople from outside the country couldn't read the Estonian newspapers I mean all of that was a serious problem. All that of course has been fairly well now studied in terms of um, er, I mean what it means for a country's security. ÌýBecause this was er, sort of a, the first case of it happening on grow er, as I said the kinds of attacks were nothing new. They weren't sophisticated, is was just massive and, and, and, and er directed at a lot of different kinds of er, institutions. ÌýI think that we've become much, all of us er, have become much more sophisticated regarding at least our understanding of the dangers in all of this. ÌýEr, and, and I think that er, now for example NATO is taking this issue much more seriously than it did before these cyber attacks.
Aleks Ìý How er, I mean there are several theories about how this was perpetuated and, and who was responsible for this. ÌýUm, the prevailing one is that this was a, a state associated, Russian state associated er, and organised um, attack. ÌýHow has Estonian's relation, Estonia's relationship with Russia changed or how has it been affected by the events in 2007?
President Ilves Ìý Ìý I don't think they really have been. ÌýI mean I think it's, since there's no proof um, I mean everyone has their own opinion and er, you know, well I mean. Ìý Er, there is you know, it goes back to David Hume. ÌýI mean events happened in close temporal correlation you think there is a causal relationship. ÌýThat's not necessarily true of course; that was Hume's point. ÌýBut that er, just because the sun rises every day doesn't mean that it will rise tomorrow and so forth. ÌýEr, all this philosophy 101. ÌýBut the fact that you have one event or another event er, does not necessarily mean they're related. Ìý ÌýBut on the other hand it probably wasn't organised in Uruguay or probably wasn't er, organised in um, Mali.
Aleks Ìý We've spoken about the psychological effects on the Estonian population um, and also we've spoken briefly about what was happening within the country. ÌýBut how do you feel the Estonia's reputation has been affected by the attacks er, diplomatically, when it comes to people's perspectives of the security of the networks system er, the, the success of the network?
President Ilves Ìý ÌýWell I mean I, I think that er, how did it, immediate effect was the er, the, the decision that had not been made because no one was, I mean people weren't quite sure whether it was a necessary thing to do or not. ÌýEr, but the immediate consequence was the establishment of the NATO Centre for Excellence here. ÌýI mean this was. ÌýSo I think in terms of long term political planning it, well whoever, whoever planned it er, sort of shot themselves in the foot. I mean er, er, because the immediate consequences had actually have a centre to deal with. ÌýJust for a background I mean we'd been actually arguing this for a number of years and NATO say well this is an area, we know, we know a little bit about it, you know, we should be dealing with this, we need a NATO centre. ÌýPeople said well yeah that's an interesting idea but you know, we're not there yet. And then, then it's. ÌýSo I mean that was a, that really backfired on whoever wanted to harm the country and um, and I think it's made us more secure as well. ÌýI mean I think people feel, feel um, feel good about it and um, er, we are, well I mean why are you here? ÌýOh well you come and ask us what, how it was? I mean in fact Estonia without ever planning to be has become a place er, with expertise on issues that er, we never wanted to have expertise on but now we have it. ÌýEr, and er, it's kind of odd that you see I mean er, I mean just because of my own intellectual interests I mean you know, there, there are conferences and people who I've, whose work I read before. ÌýI mean before the cyber attacks. ÌýAnd now there's an interesting piece and, but I never thought I'd meet them because it wasn't really my area. ÌýAt the same time you know, sort of ............ deal with this every day unless I go to a place that someone says you know, I'm this person and I wrote you know. ÌýI go oh you're that, I read your article 10 years ago. ÌýSo that's kind of funny. ÌýEr, but I don't think it really has affected much except um, except perhaps in a positive sense of er, alerting people to the fact that er, there is a degree of er, IT sophistication here in this little corner of Europe that er, they didn't know about. Um, because why else would you use I mean turn around, I mean there are a lot of countries that are very unsophisticated when it comes to government solutions er, or public er, public services on the, on the web. ÌýEr, now if they ............ no one would notice. ÌýI, I mean you notice it if you're vulnerable and you're vulnerable if you're, you're at a high level. ÌýUm, and er, er, and I would say you know, the negative side is that in fact countries that are less developed even within Europe er, their politicians have a hard time sometimes understanding what it is that I'm talking about. ÌýBecause it's not, I mean I remember when I, when I was elected to the European Parliament and I had to switch offices and I went to a computer, I mean I went in to t new office and there was no computer in the office. And I said well I mean why is there no computer? ÌýWell the previous person didn't have a computer, a very prominent European politician. ÌýI said er, well how does it work? ÌýI mean no computer? ÌýIt's, well the secretary would you know, print out all emails and er. ÌýI said oh and what about his letters? ÌýWell he would dictate to the secretary. I mean it's, it's 1930's style doing things. ÌýAnd um, it's changed. ÌýEr, I mean it's, for us it seems bizarre but in er, er, that anyone would not have a computer. ÌýBut it's still fairly, fairly wide spread in Europe even today that people eschew the use of computers or at least er, in the generation of politicians my age still. ÌýI think when you go, when you get, get in to people in their 40's then it's already er, it's. ÌýAnd then when you get to people in their 30's and 20's then of course there's a difference. ÌýSo I think it's a generational thing. ÌýI just happened to have a bizarre childhood so I started using computers very early.Ìý
Comments Post your comment