Task 1 : 500 words

Instructions: Use examples from the readings, or from your own research, to support your views, as appropriate. Encouraged to conduct research and use other sources to support your answers. Be sure to list your references at the end. References must be in APA citation format. A minimum of 500 words

The case surrounding the events in Estonia (2007) have significant implications for cyber issues. What were the challenges to attribution with the Estonia Case Study? Why is this important to the future of understanding cyber threat situations?

Number of Pages: 2 Pages

Academic Level: College

Paper Format: APA

Task 2 : 500 words

Write responses. See attached.

Add additional insight opinions or challenge opinions and you can visit a couple of the web sites contributed and share your opinion of these sites.  Minimum of 250 words for each.  1) The country of Estonia suffered a cyber-attack in 2007 after the removal of the Bronze Soldier Soviet war memorial. The attack was a Distributed Denial of Service (DDoS) attack that targeted government ministries, political parties, newspapers, banks, and company’s websites. Since Estonia was a member of NATO they sent experts in the field to Estonia to assist in the investigation (Traynor 2007). The team determined that because of the way the attacks were carried out they did not believe that it was done by the Russian government. The attacks were crude and did not show the capabilities that would have been used by another nation. A DDOS attack is carried out by using a network of slave computers to send requests for information to the systems which will overload the bandwidth or the computers causing the web servers to crash. Hackers are beginning to use peer-to-peer technology to carry out attacks making it more difficult to find the original source of the attack. Peer-to-peer technology allows the hacker to move across the Internet from one computer to the next without those computers reaching back to the original computer (Waterman 2007). Since the attackers must be tracked backwards through each computer to the next it becomes much more difficult to get to the origin.                Attribution for these types of attacks is an important subject. If there is no attribution for attacking someone then these attacks will not only continue but increase. A DDoS attack is only one of many types of attacks that are out there. Attribution must be done differently depending on the type of the attack, seriousness of the attack, and many other factors making it a challenge. The peer to peer or multi-stage attacks are the most difficult to deal with. Attacks are not only challenging technically but they also present legal, political, and privacy challenges. Technically it is difficult to trace the attack back to exactly which computer originated the attack. Legally it is a challenge because attacks may cross several jurisdictional boundaries, politically they are a challenge because many times they must be dealt with at the national level, and privacy is challenged because there must be a balance between anonymity and knowing what people are doing so that they can be held responsible for their actions.             In most cases people are determined to find and prosecute the individual that carried out the attack. Although this is a noble cause, is it the best way to deal with attribution. In other types of situations the country is held responsible for the actions of their citizens. Should the actions taken in a cyber world be treated differently? Since there are so many issues from many different angles in dealing with an attack the best answer may be to hold the country responsible for their citizen’s action and let them find and prosecute the individual. If the attack was carried out by the government of the country then they should be held responsible regardless (Healey 2012). They are no complete answers right now but each of these attacks provides an opportunity to learn and provide better solutions for the future.

Respond here in 250 words:

2) One of the more interesting facts about the Russia based Estonia cyberattack case of 2007 that severely limited services in Estonia, was that it was executed by a group of non-government or non-sanctioned hackers operating mostly out of Russia, which were apart cascading effects brought on by the movement of a Soviet war memorial followed by riots and other physical violence in protest of the Estonian government (Czosseck 2011, 57).  With analysis being done, the cyber trail led back to non-Russian government computers.  Russia being a very near peer advisory would not be lazy enough to leave an easily detectable trail back to the Kremlin (Lewis 2007).  However, it is safe to say that the Russian government could have easily orchestrated non-government type hackers to carry out the attack on the Russian government’s behalf (Ibid).  I would also argue that if this was indeed a “hactivist” led initiative, enforcing international laws against a country becomes much harder if the country of origin can plausibly deny any involvement or deny any extradition of accused subjects.        Another important note to make is that this attack did not completely collapse Estonia (Ibid).  Estonia actually had an internet based government making them very strong within the cyberspace domain and able to respond effectively and calmly restoring services in a limited capacity fairly quickly (Ibid).        Due to the attack being conducted by individuals not only in Russia, but from other countries around the globe, this became an international incident causing NATO members to become somewhat involved (Waterman 2007). The silver lining to this event is the understanding and forming an International response team and in this case the team reacting was called the Forum of Incident Response and Security Teams (FIRST) was seen a necessary tool for persecution (Ibid). This is a critical point to note because it shows the necessity of international interoperability, information sharing, and the formation of international cyber law.         Former Chairman of the Joint Chiefs of Staff General Dempsey noted that, “Cyber has escalated from an issue of moderate concern to one of the most serious threats to our national security . . . We now live in a world of weaponized bits and bytes, where an entire country can be disrupted by the click of mouse” (Shanker 2013). His statement is true enough, nations not only need to fear an attack from a physical army or terrorist, but an individual actor with the right cyber ability and resources to attack any government and industry cyber network. Future efforts need to focus on building and maintaining robust physical and cyber networks as coordinated parallel efforts.         I think the most pertinent lesson to be learned with regards to these series of attacks is that developing, maintaining, and the continuous building of robust cyber defense networks is paramount to a nation’s overall defense plan. The end result was that Estonia and other countries received a wakeup call regarding new threats emerging from the cyber domain, with new types of opponents waging these types of information wars (Cozsseck 2011 58). Additionally, ensuring that any defense plan incorporates said cyber defense plan with the physical defense of a nation-state as a combined effort.