A few months ago, a report by the National Infrastructure Advisory Council (NIAC) suggested that the nation needs to redouble efforts to ensure cybersecurity readiness, saying, “…We find ourselves in a pre-9/11-level cyber moment, with a narrow and fleeting window of opportunity to coordinate our resources effectively.” The urgency behind this ties to the fact that cyber threats have evolved from individual hackers proving “it can be done” to orchestrated nation-state attacks that paralyze internet-reliant societies. The cyber world has become the theater where wars take place. This is not breaking news. Just ask Estonia.
In 2007, Estonia became one of the first countries to be hit by a nation-state attack. To understand what to expect in the coming decade, the Center for Strategic and International Studies (CSIS) recently invited Lauri Almann, permanent undersecretary of the ministry of defence at the time of the attacks and Merike Kaeo, chief technical officer, Farsight Security to examine what happened in Estonia and what was learned.