Estonia leads the way in countering cyber-attacks
Estonia, which recently suffered what appeared to be the largest political cyber-attack ever seen on EU soil, is organising an EU ministerial meeting on the protection of vital infrastructure against cyber-crime, the European Commission has announced.
The continuation of the current status quo in Critical Information Infrastructure protection (CIIP) is not an option, the website of the ministerial meeting to be held in Talinn on 27-28 April states.
As protection against cyber-attacks becomes more and more of a priority for the EU, Information Society Commissioner Viviane Reding, who has introduced the practice of streaming weekly messages on her Commission homepage, will address the issue of cyber-attacks in her next communication, a Commission spokesperson told EurActiv.
Cyber-attacks on the electric grid appear to be one of the biggest worries. Following the January Russia-Ukraine gas crisis, EU experts recently expressed concern that a collapse in any of the South East European countries would have triggered a long-lasting regional blackout (EurActiv 19/03/09).
The Wall Street Journal published an article, widely picked up on by other media, claiming that cyber-spies from Russia and China had broken into the US electrical grid and left behind software programs that could be used to disrupt the system.
According to unnamed current and former national security officials, the intruders had not sought to damage the power grid or other key infrastructure, but officials warned they could try to do so during a crisis or war.
Many of the intrusions were detected not by the companies in charge of the infrastructure, but by US intelligence agencies, officials said. Intelligence officials worry about cyber-attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.
Recently, the Commission proposed to ensure the resilience of critical information infrastructure in the private sector through voluntary rather than binding measures. But a binding approach could also be used, the EU executive said.
What is first needed appears to be a Europe-wide debate on the threat. Next, the Commission and EU member states must define appropriate guidelines, and finally, the Union must promote those principles at global level by building partnerships with third countries.
An impact assessment will be made before further measures are envisaged, the document says.
The likelihood of terrorist attacks on critical infrastructure is increasing. The electricity blackouts that have paralysed European countries in the last two years show the real danger that failure in one sector can likely halt entire segments of the economy.
On 27 April 2007, officials in Estonia relocated the 'Bronze Soldier', a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move incited rioting by ethnic Russians and the blockade of the Estonian embassy in Moscow.
The event also marked the beginning of a large and sustained distributed denial-of-service attack on several Estonian national websites, including those of government ministries and the prime minister's Reform Party.
The Estonian cyber-war set the global community on alert, with NATO promising to help protect its member state from a new and little-understood threat.
The 2007 case, which remained unresolved, took a surprise turn this month when Sergei Markov, a State Duma member from the pro-Kremlin Unified Russia party, unexpectedly announced at a roundtable discussion on information warfare that it was his assistant who had carried out the attacks.
The assistant turned out to be Konstantin Goloskokov, an activist or 'commissar' with pro-Kremlin youth group Nashi.