May was not a good month for geeks in Estonia.
The tiny Baltic republic weathered a month-long cyberattack that shuttered Internet servers nationwide. At the height of the crisis, people who wanted to use payment cards to buy bread or gas had to wait, as the onslaught crippled Estonia's banks.
Investigators traced the attack to Russians angered by Estonia's decision to relocate the statue of a Red Army soldier erected during the Soviet era. Tensions over the incident led to rumors of Russian state involvement in the cyberattacks.
Even if these suppositions are never corroborated, Estonia's experience may be repeated elsewhere. "Estonia shows us how, as we become more networked and more wired, our vulnerabilities increase," says James Mulvenon, the director of the Center for Intelligence Research and Analysis, a Washington, D.C., think tank. With a population of just over 1.3 million, Estonia is one of the most wired countries on earth. Elections, banking, and point-of-sale systems have largely moved to the Web, so cyberattacks such as the one in May can have a profound effect on its commerce.
United States at risk
The United States faces many of the same dangers as Estonia. And with public utilities such as hydro-electric plants and nuclear power plants moving away from proprietary (and more secure) systems toward open-standards-based systems that use common Internet protocols such as TCP/IP to connect to one another, the list of potential targets is increasing.
Attacks on U.S. systems have never been linked directly to state-sponsored cyberwarfare, but in 1999 Chinese hackers took down three U.S. government sites after NATO bombers mistakenly attacked the Chinese embassy in Belgrade.
Though identifying adversaries in cyberwarfare is difficult, preparing for computer network attacks involves many of the same steps as preparing for other online threats, according to Gregory Garcia, assistant secretary for cybersecurity and telecommunications with the U.S. Department of Homeland Security. "For our purposes, we really need to focus on reducing our vulnerabilities so those attacks don't happen in the first place," he says.