Perspective: Coming attractions for history's first cyberwar

Most of the coast-to-coast office water cooler talk this week doubtless revolved around David Chase's ambiguous (and brilliant) finale to The Sopranos last Sunday night.

We don't know whether Tony gets whacked or whether it was a dream sequence--or even both. I suppose that was as it should be, as it left us guessing in true whodunit fashion about motive.

Another fascinating whodunit novella is playing out a few time zones away from here, in the nation of Estonia--but this one is for real. In case you missed the news, here's the headline version: in late April, Estonia's government moved a Soviet-era war memorial commemorating an unknown Russian killed fighting the Germans.

Needless to say, this went over like a lead balloon with neighboring Russia, which still hails the Red Army for its role defeating the Nazis.

Not so in Estonia, which spent nearly a half century under communist rule. The country decoupled from the Soviet Union in 1991 and has not looked back. The only people upset about the change in letterhead are the country's ethnic Russians.

So it was that Estonia's decision triggered rioting among that same population. One man was killed, and 153 people were injured. In Moscow, President Vladimir Putin very publicly criticized Estonia, and demonstrators blockaded the Estonian embassy.

Up until that point, the story line played out with few surprises. Eastern Europe is still a cauldron of conflicting nationalistic passions where there's not always a shared, agreed-upon narrative of the postwar era.

Then things got squirrelly.

Despite their nation's small size, Estonia's 1.4 million people represent one of the most wired populations in the world. The country's parliament actually declared Internet access to be a basic human right. Unlike the United States, which seems congenitally unable to resolve the mystery of e-voting, Estonia has been using the Internet to elect representatives since 2005.

So if some group wanted to really wreak havoc, how better than to strike at Estonia's Internet infrastructure? And that's what happened.

Shortly after the government announced its decision, Estonia's Web sites--including those of government ministries and the prime minister's Reform Party--came under attack in a distributed denial-of-service attack that lasted for weeks.

Russia rejected accusations that the government had anything to do with the cyberbarrage. In an earlier interview with CNET News.com, Jose Nazario, a security researcher from Arbor Networks, suggested that the 100- to 200-megabit-per-second size of the attack waves was on the low side of the average DOS attack.

Whoever it was, though, knew what they were doing. Things got so bad that the North Atlantic Treaty Organisation was invited to provide technical assistance to help shore up Estonia's defenses. A NATO spokesman had it right when he said that in the 21st century, it's not just going to be about tanks and planes. What he didn't say was whether this represented the opening shots of history's first cyberwar.

I put that question to Dorothy Denning, an expert in terrorism and cybersecurity at the Naval Postgraduate School. She thinks it's more likely that this particular episode was the work of protesters who wanted to register their unhappiness.

"Governments do try to keep collateral damage to a minimum, and this looks to have been the work of people where it's obvious where their sympathies lie," she said. "There's too much collateral damage."

In that respect, this most recent DOS attack resembles cyberconflicts that have broken out between hackers in India and Pakistan, as well as between sympathizers of Israel and the Palestinians. But Denning also noted that national-security experts in our country are likely to take away at least one lesson from what's going on in Estonia.

"It's taken cyberprotest to the next level," Denning said. "It can happen here or to any country where people are unhappy. These were serious attacks which lasted a long time. And it proves you need defenses."

She's absolutely right, but so far, cybersecurity remains honored more in the breach than in the observance by the federal government. For all its exhortations to beef up homeland security, the Bush administration still considers this a side show compared with more pressing geopolitical issues.

Maybe so, but they're kidding themselves if they don't think that this chicken is one day going to come home to roost. That's when I won't be the only person with a blue moon in his eye.

Biography
Charles Cooper is CNET News.com's executive editor of commentary.

More Perspectives

[gslohcin]

ever heard of WMCCS

The government has always had a seperate, secure network, WMCCS - Worldwide Military Command Control System - oops, there goes my Top Secret Clearance

[Martin Ozolin]

cyberwar

Open, positive, pro-active behaviour was consistently scorned and punished by soviet era centralized government, well known for silencing opposition. On the other hand, bad news, or disinformation is abundant for the huge, "minority" language group in the baltics. Anybody wishing to learn Russian can forget about finding a pronouncing dictionary with a roman alphabet.