Connect to share and comment

After two decades of relative peace, security experts caution that internet warfare is all but imminent. GlobalPost examines the skirmishes, defenses, and the "calamitous" threat that a small group of hackers could pose to American cities.

NATO's geek brigade

With cyber war pegged as a serious threat, NATO is prepared to respond with real force.

the domestic water supply," suggests Prof. Bill Boothby, an expert on the legal implications of cyber war.

"It's going to introduce toxins into the water that nobody can detect," he explains. "Parallel processes make those who are monitoring believe everything is operating normally, so the first indication you get that something's wrong is when the kids start turning up in the hospital very ill."

How nations can respond to such an attack is a legal grey area. Boothby, who retired in 2011 as deputy legal director of Britain's Royal Air Force, was one of a panel of international specialists commissioned by the Tallinn center to outline how the laws of war apply to cyberspace.

The so-called Tallinn Manual, published in March, controversially concluded that nations would be in their rights under international law to respond with bombs or bullets against cyber attacker that caused death, destruction or damage on a significant scale.

The manual triggered headlines suggesting NATO had given the all clear to kill hackers, and accusations it would lover the threshold for a military response.

Although NATO officials point out that the 300-page manual is not an official alliance document, it  is expected to be influential in the policies of allied nations.

Shea says only the most damaging cyber attacks would likely trigger a kinetic response. He insists the allied militaries need to have that option.

"That which is not permissible in the real world, does not become permissible because it's in cyberspace," he contends. Hackers “can't believe they can do terrible things in cyber space and get immunity because it is done with electrons rather than bombs."

The Tallinn experts were unable to agree on whether the 2010 Stuxnet computer worm — widely reported to have been launched by Israel and the United States to disrupt Iran's nuclear facilities — constituted an "armed attack" that would have entitled Iran to use force in response.

They also disputed whether a cyber strike that caused only economic damage — such as taking down Wall Street — would be legal grounds for a missile strike.

A smokeless gun

One major problem in responding to a cyber attack is the difficulty in determining where it is coming from. In 2007, Estonia was hit by a massive denial of service attack that tried to overwhelm the network systems of the country's banks, media and government agencies. At the time, the country was embroiled in a dispute with Russia over its decision to relocate a Soviet-era statue.

Although suspicion immediately fell on some sort of Russian involvement, conclusive evidence pointing to a Kremlin-sanctioned operation has never been found.

Nevertheless the Estonia attack inspired a turning point in NATO's cyber defense approach, leading to the founding of the Center of Excellence the following year and galvanizing military preparations for future events. One of Europe's most digitally connected countries and with real experience at the sharp end of a cyber attack, Estonia was the logical place to locate it.

After breaking away from Soviet rule in 1991, the Baltic nation of 1.3 million quickly spotted a bright future by investing in emerging digital technologies.

Within six years, 97 percent of schools were connected to the internet. Skype and Kazaa were developed by Estonians, and 99 percent of bank transactions now occur online. The country’s embrace of the digital sphere led some to nickname it e-Stonia.

In 2002, Estonia introduced electronic ID cards, enabling citizens to do just about everything online — from paying their taxes, to voting, signing official documents or launching new businesses.

"You can establish a company legally in 15 minutes just using this ID card, or do lots of stuff that in other countries you'd have to spend time sitting in line for hours or days," says Tarmo Randel, head of the government's Computer Emergency Response Team. "This is actually really cool."

Of course there's a  downside to being among the world's most wired countries.

"Everything is digital, so [we] are beginning to be more and more vulnerable," Randel told GlobalPost.

That became clear during the 2007 attack, when hackers laid virtual siege to the country for four days. Estonian tech defenders are proud of the way they beat back the digital invaders.

"There was an image that we were down. That's not correct," Randel says. "It caused some sleepless nights for administrators, and some systems were down for tens of minutes or a couple of hours, but people did their jobs well ... ordinary people barely noticed."

Nevertheless, the attack was a wake up call that greater cooperation was needed internationally and within the country to prepare for future attacks.

Since the 2007 assault hit headlines around the world, Randal says such events have become bigger, more sophisticated and more frequent. "Things are constantly happening, there is no down time."

Each day his teams confront defaced pages; drive-by infection-spreading sites; malware infected homes and companies; and attempts at major security breaches.

So far, the defenders have mostly been able to neutralize them before they create a major disruption but officials stress that complacency is not an option.

"We live increasingly in fragile glass houses where this is concerned," says Boothby. "Every time that we replace a card index with a computer system we increase our vulnerability, and there are very few card indexes left."