Like a stealthy member of the Special Forces, the first digital intruder slipped in completely unnoticed. A collection of ones and zeroes disguised like all of the rest, it sneaked deep within the system, riding in along with an endless stream of data.
Once inside, the virus quickly and quietly set about its work. Unchecked and unwatched by the security system, its destructive secret mission began.
It was only days later that its real intentions became known and the surprise attack intensified. A hacker’s collection of zombies, bots and worms soon followed and in what seemed like a nanosecond the tiny country of Estonia had been virtually taken down by a new kind of devious and destructive aggression.
The nation, it was learned, was being pummeled by a cyber attack.
But despite the best pre-planned defensive efforts put together by its IT crews, Estonia’s electronic Maginot Line proved as feeble as the original. Firewalls withered as the flood of data sent forth by their unknown opponents quickly crashed one system after another, crippling numerous vital public services.
Websites of government ministries, banks and newspapers all fell useless as the digital assault continued virtually unchecked over a three-week period.
While the rest of the world watched the attacks with a combination of curiosity and indifference, military planners around the globe thought otherwise. They recognized that a long-awaited and long-predicted cyber-war had claimed its first victim.
As with like the blitzkrieg of old, a new chapter in warfare had been opened up for all to see.
It wasn’t the brute force of armies that nearly brought Estonia to its knees, but instead a new variety of digital of weapons launched by hackers using thousands of computers located all over the world.
Not a single shot was fired during the skirmish. But none were really needed. Bloodlessly crashing Estonia’s various networks proved to be damaging enough.
It was war by other means.
"We’ve been lucky to survive this," said the Estonian defense minister. "If an airport or state infrastructure is attacked by a missile, it’s clear war. But if the same result is done by computers, then what do you call it? Is it a state of war? These questions must be addressed."
Weighing in on the issue was NATO Secretary General Jaap De Hoop Scheffer. He immediately recognized the seriousness of the attacks, especially since many suspected that they were put together by an old adversary–the Russians.
"Does this have a security implication? Yes, it does have a security implication. Is it relevant for NATO? Yes, it’s relevant for NATO," said the General.
"It is a subject which I am afraid will stay on the political agenda in the times to come," he added.
The NATO treaty, after all, does state that an act of war against any one of its members is an attack against them all.
But while the rest of the world was left to debate whether or not these cyber attacks constituted an actual war, the U.S. Defense Department quietly continued to battle cyber attacks of its own–directed primarily by the Chinese.
In fact, at the Naval Network Warfare Command (Netwarcom), U.S. cyber soldiers track and defend against hundreds of suspicious events directed at its networks each day. They come primarily from Chinese hackers, who are constantly probing Defense Department networks in an all-out war, Netwarcom officials say.
"They will exploit anything and everything," a senior offical said. "It’s hard to believe that it’s not government-driven."
A recently revealed Chinese military white paper would seem to back up that assertion. The report stated that China is making plans to be able to win an "informationized war" by the middle of this century.
Some of those same fears were heard in Congress only last month. In testimony before the House Committee on Homeland Security, one expert after another described how the United States is vulnerable to a "strategically crippling cyber attack."
Our defenses, the officials said, have become dated, leaving us open to an attack, "not by a conventional weapon, but by a cyber weapon." Just like Estonia.
Of course, the combination of all of these events simply underscores the increasing vulnerabilities that network-centric nations face in the new digital age.
No one may have died in Estonia as result of the attack, but the truth is that the cyber-aggression shown there may well foreshadow a future event–a digital Pearl Harbor of our own.
Next week we will take a look at some of the companies that are being called upon to defend us against these cyber-threats.
Wishing you happiness, health, and wealth,
Steve Christ, Editor