This article, linked to here in the International Herald Tribune, also appeared on the front page of The New York Times today. It is a good and sobering bookend to a blog we posted that commented on a Government Accountability Office (GAO) report citing multiple security problems at the Federal Bureau of Investigations (FBI).
The government of Estonia took a withering multi-pronged barrage when it removed a memorial to the defeat of the Nazis in World War II. This is not the first instance of massive attacks aimed at a government, but seems to be the most serious and sustained. The main features were distributed denial of service (DDoS) attacks launched by botnets. The attacks included the posting of a bogus letter of apology on the Reform Party Web site.
The international community is reacting. The Times article says cyber warfare may be addressed by NATO, and this Monsters and Critics piece says the European Commission has taken the lessons of Estonia to heart and is cooperating more fully. Those are good ideas, since nations themselves are becoming more aggressive. The Times says China and Russia are known to have offensive cyber warfare capabilities, and it is believed that the United States does as well.
Unfortunately, cyber and physical terrorism share an especially pernicious trait. In both cases, the precise author of the attack -- a nation, a group acting on behalf of a nation or some disaffected non-national group -- remains hidden until the perpetrator takes credit. Indeed, some of the attackers against Estonia were traced to an IP address in the Russian government, but it is impossible to say if the address was real or spoofed. The Russians, of course, indignantly deny any involvement. New technology may avert this particular problem, but others certainly will emerge.
The extent of the attacks and their juxtaposition with the GAO report can't be ignored. The most obvious takeaway is that the United States better be serious about guarding its electronic infrastructure. Hopefully, there is coordination and information transfer between the offensive folks working for the government -- assuming we have some -- and those assigned with protecting our assets. There also should be a high level of cooperation between the U.S. and its allies. The inescapable reality is that the U.S. is the biggest target. That's truly terrifying if proper precautions are not taken.