Estonia’s former Foreign Minister Marina Kaljurand delivers Black Hat keynote on lessons learned from 2007 offensive

More than 10 years have passed since Estonia found itself the target of a series of DDoS attacks that battered the sites and servers of various public and private institutions – a significant event on the cyberspace battleground that forced the small nation to become one of the world’s most digitally connected countries.

Marina Kaljurana, current chair of the Global Commission of the Stability of Cyberspace, was the Estonian ambassador to Russia at the time her country’s critical infrastructure was hit by the politically motivated offensive.

“I had two tasks,” Kaljurana said, in her keynote address to attendees at this year’s Black Hat Europe conference in London.

“I had to learn in 15 minutes what DDoS meant in order to start explaining it to others, which I managed, and my second task was to find ways of cooperation with Russia – that, I failed.”

In 2007, when the cyber-attacks on Estonia took place, cybersecurity was still something of a niche area of interest for politicians. A decade later, it has transformed into a sector that’s high on the political agenda of nearly every nation-state.

This has meant a significant increase in both digital awareness and hygiene, where Estonia, for its part, has come out on top with a forward-thinking take on how to secure the digital environment.

“Estonia is known for being the first country in the world to introduce e-government, online voting, e-taxation, e-police, I could continue,” Kaljurana said.

“We have enjoyed our e-lifestyle, and we also understand that it entails challenges and responsibilities.”

Kaljurana, who described herself as an “alien” in the cyber arena due to her lack of IT or programming background, believes multi-stakeholder cooperation is the only way to create norms in cyberspace and prevent the escalation of cyberwarfare.

“Cyber-attacks have become the new normality, and they are global and massive in their scale,” she said. “Cyber does not have borders and that’s why, if you want to be efficient, you have to cooperate with others.”

Lessons learned

The need for international cooperation was one of the lessons Estonia learned from the 2007 cyber-attack, as well as the importance of having regulations in place to secure the exchange of data and build online services which citizens can trust.

“The cooperation between private and public sector, in my country, has been the center of our innovation,” said Kaljurana.

“Since the early days, the government’s philosophy was not to hire programmers, but to use the services of private companies, which in turn increased the competitiveness of the IT sector.”

Tasked as the Estonian Foreign Minister between 2015 and 2016, Kaljurana recognized that there was still a long way to go to build such a mutually beneficial relationship between government and industry worldwide.

“I was hearing all the time that governments aren’t hearing us [the private sector], they aren’t including us in their deliberation, they aren’t taking us seriously, and to some extent, that was true,” she said.

She added: “There are no golden rules. Every state and government has to find its own way.”

Kaljurana also noted that many questions which sprang from the attacks on her country remained unanswered today – particularly in relation to attribution, offensive measures, and the capability of international law to hold state-actors and cyber-criminals accountable for their actions.

“States are beginning to support each other’s attribution, and these are very strong political moments,” she said, pointing to the UK’s recent move to formally place responsibility of the 2017 NotPetya cyber-attack on Russia.

“There needs to be a readiness of states to openly attribute, and a readiness of others to support that attribution.”

While Estonia blamed Russia for the DDoS attacks in 2007 almost immediately, it took two years to attribute the responsibility on a technical level.

Black Hat Europe 2018 continues through Thursday.