Small East European nations in vanguard of cyber-defence

Small East European nations in vanguard of cyber-defence
By Will Conroy in Prague, Vadim Dumesh in Paris, Wojciech Kosc in Warsaw, Carmen Valache in Lund July 10, 2017

Estonia and Georgia have made the top 10 in the UN International Telecommunication Union's (ITU's) latest Global Cybersecurity Index (GCI), with experts assessing that the small nations have responded very effectively since suffering cyber-attacks from Russia. 

Russia itself was ranked 11th, while on the same day the index was released, July 5, Germany's BfV domestic intelligence agency put out an annual report which accused the Russians, Turkish and Iranians, as well as the Chinese, of being engaged in substantial spying activities in Germany, albeit for very different reasons.

The ITU GCI surveyed 195 countries, basing its research on countries' legal, technical and organisational institutions, educational and research capabilities and cooperation in information-sharing networks. Singapore, the US and Malaysia made up the top three, in that order, while the Vatican ranked 186th and Equatorial Guinea, which scored zero, came last.

"Cybersecurity is an ecosystem where laws, organisations, skills, cooperation and technical implementation need to be in harmony to be most effective," the survey from the UN's specialised agency for information and communication technologies said. "The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised." 

The essential first move to counter cyber-attacks is to adopt a national security strategy for potential battlespace, the ITU said, noting that half of the ranked countries do not have one.

Taking things from another perspective, the German BfV report listed Russia, China and Iran as the main espionage and cyber-aggressors that Germany must presently defend itself against. There has already been a noticeable increase in spying by the Turkish MIT foreign intelligence agency pursuing plotters behind last year's failed coup in Turkey. Meanwhile, BfV warned that industrial spying could cost German industry billions of euros a year. Looking forward, it sounded the alarm against Russian intrusion in the September general election the country is preparing for. 

Estonia “moved to Luxembourg”

Roughly a decade ago, Estonia (GCI index ranking: fifth) was swamped by a series of cyber attacks originating in Russia, a country the Estonians were then in dispute with over the relocation of a WWII memorial, the Bronze Soldier of Tallinn, dear to ethnic Russians. Starting April 27, 2007 the websites of Estonian entities including the parliament, ministries, newspapers, broadcasters and banks were bombarded by cyberwarfare, largely involving distributed denial of service-type attacks using methods such as “ping floods” and botnets, while some of the bigger media portals suffered defacements. ATMs ceased working and swathes of the essential electronic infrastructure in the Nato and EU member were paralysed. 

The country had suffered the digital equivalent of carpet bombing and the country's angered foreign minister, Urmas Paet, accused Russian President Vladimir Putin's administration of direct involvement, declaring. "The European Union is under attack, because Russia is attacking Estonia. The attacks are virtual, psychological, and real." 

Out of obvious necessity, Estonia has since undergone a digital defence revolution, making strides of progress that it very much wants to export to the EU. In June, Tallinn announced that it was set to launch the world's first “data embassy” — all of Estonia's critical online infrastructure is to be stored in Betzdorf, Luxembourg. Should war break out, or another disaster occur, the nation will theoretically be able to continue operating via a remote location thanks to a high-security “Tier-4” (the most robust rating) data centre.

Under an agreement between Luxembourg and Estonia, Estonian data will enjoy the diplomatic immunity granted the materials of regular embassies. Estonia is by now famed for its pioneering initiatives in the cyber-world. For instance, anybody in the world can become an e-resident of Estonia with a national ID card, complete with the right to register an Estonian company online and open an online Estonian bank account. Estonians, meanwhile, vote and pay taxes over the internet. All part of what they hope is now a well-defended digital society.

Estonia, which took over the EU presidency in July, has said it expects a renewed cybersecurity strategy from the European Commission this August. Tallinn’s expectations of the Commission for the strategy are high. 

Georgia simultaneously invaded by land and cyberspace

Like Estonia, Georgia (GCI ranking: eighth) beefed up its cybersecurity after an attack launched from Russia, although in its case, in 2008, the battle was waged by both invading cyber and land forces - the first known such joint offensive in history. 'Zombie' computers were primed to overload strategic Georgian political, media and other websites, and images comparing then president Mikheil Saakashvili with Hitler were posted.

The Russian government denied it was behind the cyber-warfare although it suggested that various Russian individuals might have taken it upon themselves to assist Moscow in the Russo-Georgian war, fought over the breakaway South Ossetia region, by attacking Georgia's internet infrastructure.

Tbilisi has since aligned its legislation with the Budapest Convention on Cybercrime's principles and moved to criminalise illegal access to information systems, data and system interference and misuse of devices. 

The country's cybersecurity strategy consists of involving numerous government institutions in data protection, cooperating with the private sector to incorporate innovation into its information technology systems and international cooperation. Having established a National Cybersecurity Day domestically, Georgia has also trained professionals from regional countries — such as Afghanistan, Azerbaijan, Moldova, Montenegro and Ukraine — in cybercrime and cybersecurity, in cooperation with Nato.

As an early adopter of secure-by-design blockchain technology, which builds distributed databases protected by timestamps, the Georgian government is working with BitFury Group and Peruvian economist Hernando de Soto to switch its land registry to a blockchain-based platform.

Nevertheless, the ITU report cautions, Georgia's early adoption of information technology could be a double-edged sword, given that "as the dependency of Georgia’s critical infrastructure on information technologies increases, challenges related to the protection of Georgian cyberspace are growing". What's more, despite passing a personal data protection act in 2011, some headline-making cybercrimes, particularly pertaining to the illegal acquisition of audio, video and photographic material, still take place in the country and are often used to target political opponents.

Assessing Russian defences

No-one needs any introduction to Russia's cyber-attack capabilities — both real or imagined and conducted by the state or committed by the"free and patriotically minded" hackers that Putin lately mused "theoretically could contribute to the struggle against those who speak ill of Russia" – but what about its level of cybersecurity?

The cyber-challenge for Russia (GCI ranking: 11th), as Mark Galeotti of the Institute of International Relations Prague on July 3 argued on bne IntelliNews, does indeed cut both ways, with domestic cyber systems vulnerable to attacks such as the recent WannaCry ransomware virus and even spillovers of malware linked to Russia that derive from within its own territory. "While Russia may have all the evil hackers in the movies, in reality it is likely the US and other Western countries that have more formidable cyber-weapons at their disposal," Galeotti wrote.

The Russian Federation officially adopted its National Security Strategy in 2000 and a National Security Concept along with a Concept of the Foreign Policy of the Russian Federation in 2013. It established an Information Security Doctrine of the Russian Federation in 2000 and each government entity performs an annual audit of its own networks and systems in line with that doctrine and other identified areas in various strategies.

The ITU survey also noted: “The Russian Federation, ranked second in the [CIS] region [behind Georgia], scores best in capacity building. Its commitments range from developing cybersecurity standards to R&D and from public awareness to a home-grown cybersecurity industry. An example of the latter is Kaspersky Labs, founded in 1997 and whose software protects over 400 million users and some 270,000 organisations.”

Back on the attack front, Russia's alleged attempts to distort the US general election last year in favour of Donald Trump are set to produce vast volumes of analysis for years to come, while the Sandworm malware, which many computer experts have linked to Russia, is known for having been actively used against government sites and Nato, as well as utilities and telecommunications firms in recent years.  

What's more, the annual report from Germany’s BfV domestic intelligence agency served warning that Russia is seeking to use cyber means to influence the parliamentary election in Germany (GCI ranking: 24) set for September 24 and cautioned against "ticking time bombs" that could be placed within computer systems to sabotage critical infrastructure.

"It is assumed that Russian state agencies are trying to influence parties, politicians and public opinion, with a particular eye to the 2017 parliamentary election," the BfV intelligence report contended, stating that along with the widespread use of Internet trolls that attempt to manipulate public discourse, Russia also acts through state-controlled hacker groups such as Fancy Bear.

Last month's attack by the Petya malware, which appears to have been designed to masquerade as ransomware, has proved particularly destructive to Ukraine, again leading to a lot of finger-pointing at Russia. As well as hitting the Ukrainians hard as a possible form of “asymmetric war”, Petya has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP and French construction materials company Saint-Gobain – but it has also apparently hit Russian entities including steel and oil firms Evraz and Rosneft. In late 2015, Ukraine blamed Russia for a cyber-attack on its power grid that left part of western Ukraine temporarily without electricity. 

Turkey’s “cyber army”

Turkey (GCI ranking: 43rd) is classified by the ITU survey as at the “maturing stage” in cybersecurity, a description which refers to 77 countries that have developed complex commitments, and engage in cybersecurity programmes and initiatives.

The country has an officially recognised national cybersecurity strategy based on the principle of securing information systems used in critical infrastructure and taking necessary measures to provide national cybersecurity, according to ITU’s Cyberwellness country profile. 

In May, in the wake of the global WannaCry ransomware attack, Turkish Transport, Maritime Affairs and Communications Minister Ahmet Arslan said Turkey is to establish a “cyber army” against possible cyber threats. “Some 13,000 white hackers came to work in the public sector. We are building a cyber army,” he told Hurriyet Daily News on May 18. A white or white hat hacker is a term used to describe security specialists who try to break into systems and networks to expose their vulnerabilities.

Turkish-French automaker Oyak-Renault was among the companies hit by WannaCry and was forced to stop production for one day. Back in 2016, private lender Akbank was hacked, with damage estimated at $4mn. This was part of a worldwide cyber-attack on banks targeting the SWIFT cross-border payments system.

On the other hand, in terms of cyber-aggression, Turkey was cited in the BfV report for a "noticeable increase" in spying by its MIT foreign intelligence agency in Germany in 2016, following the failed attempt at overthrowing the Ankara government. Since the botched putsch, Turkey has accused Berlin of harbouring followers of US-based exiled cleric Fethullah Gulen, whom it blames for the conspiracy behind the attempted coup, though he categorically denies involvement. The increased intelligence activities were linked to efforts being made against Gulenists in Germany, the BfV concluded.

A network to disconnect Iran

Iran (GCI ranking: 60th), like Turkey, was categorised by the ITU as being at the cybersecurity “maturing” stage. Iranian legislation and regulation related to cybersecurity has been enacted through the Electronic Commerce Law of the Islamic Republic of Iran but Tehran does not have any officially approved national or sector-specific cybersecurity framework for implementing internationally recognised cybersecurity standards.  

Nevertheless, Iran does have a comprehensive cybersecurity strategy that includes the creation of what it calls a “national information network” that could disconnect most of Iran from the global internet, says the ITU. It also benefits from the ASIS Cyber Security Contest, which was created to raise cybersecurity awareness in Iran.

In the BfV report, Iran gets a dishonourable mention as being, along with Russia and China, one of three countries that conduct most spying on Germany. The Iranians were primarily focused on Israeli or pro-Jewish targets and political opponents of Tehran's clerical rulers, the analysis said.

The German intelligence agency also cited a marked decline in potential attempts by Iran to buy dual-use items for its nuclear programme since Tehran agreed the nuclear deal to curb the programme in return for eased sanctions in late 2015. However, that was not the case when it came to its ballistic missile development efforts.

After the publication of the BfV report, German Interior Minister Thomas de Maiziere said the government was working closely with industry to increase cyber-protection for German firms. The German sectors most exposed to cyber-attacks, he said, were the weapons, space and aerospace and car industries, as well as research institutes.