25 November 2021

Cyberwarfare era calls for security rethink: Estonian ex-president

Ahn Sung-mi

The evolution of technologies is changing the character of warfare. In any future war, the battle will be determined long before any bullets are fired or missiles flown. Wars may be won through cyberattacks that crash countries’ networks, causing power outages and severing military communication, says former Estonian President Toomas Hendrik Ilves.

The changing face of war requires countries around the world to “rethink” the entire approach to security and defense, Ilves said during a recent interview with The Korea Herald last week. The former president, who spearheaded the Baltic nation’s digital transformation, was in Seoul to speak at the World Emerging Security Forum, organized by the Foreign Ministry, to discuss global cooperation against new security threats.

Ilves added that from a larger security perspective, the biggest change with digital warfare is that “distance has no meaning.”

“What this development in security policy has done is that it has eliminated geography, which up until now has been the primary concern of security thinking because you had kinetic weapons,” he said. “You knew where weapons were coming from, and you were worried about your neighbors. But now, we have to be worried about everybody.”

But cyberthreats have also brought new opportunities to rethink what an alliance is, beyond geography, Ilves stressed.

“Once you get into warfare that is no longer geographically based, well, maybe then you can have an alliance that is not geographically based,” he said. “In fact, it would make an incredible sense if liberal democracies form a nongeographic security alliance to deal with cyberattacks and the weaponization of digital by authoritarian, totalitarian regimes.”

Against a common foe, however, countries are mostly on their own to deal with cyberthreats, he said. They are hesitant to share news of cyberattacks with other countries or publicly disclose them out of fear that sensitive and critical intelligence could be leaked.

Ilves, however, stressed that the sharing of information among like-minded countries is important to tackle future attacks.

“We need to share information and come up with ways of defending ourselves. The main criteria for that should be only open to liberal democracies with rule of law and free and fair election that respect the freedom of human rights,” he said, stressing that leading digital countries like South Korea and Estonia need to cooperate in this area even more.

Ilves’ particular focus on cybersecurity dates back to his two-term presidency from 2006 to 2016. It was during his tenure that a massive cyberattack crippled government and major corporate sites in his country. Many allege that the attack was traceable to Russia -- a charge Moscow has denied.

Dubbed the world’s first cyberwar, the cyberattack was destructive and laid bare Estonia’s security vulnerabilities. But it also offered a silver lining: a chance for the country to rebuild its cyber defense system and firmly establish itself as a global leader in this field. Today the country’s capital, Tallinn, is home to NATO’s cyber defense hub, the Cooperative Cyber Defense Center of Excellence, and the EU’s IT Agency.

Robust cybersecurity is also critical to Estonia’s highly digitalized society, where 99 percent of all government services are available online -- from filing taxes to voting and accessing medical records. This e-government system came in handy especially during the COVID-19 pandemic, allowing people to access public services at home with no need to wait in line at government offices.

Ilves shared what he called the three pillars of a successful digital society, more precisely in the area of public service.

“The first thing is the digital identity,” said Ilves, mentioning an iconic 1993 cartoon in the New Yorker depicting two dogs at a computer. One dog says to the other, “On the Internet, nobody knows you’re a dog.”

In Estonia, all citizens and foreign residents have state-issued digital identification that they use to access public and private services -- paying their bills, voting online, signing contracts, accessing health information and much more. To ensure security, the digital ID has to be protected with two-factor identification and end-to-end encryption, said Ilves.

The second pillar, he stressed, is the “architecture” of the system -- having many data centers rather than a single data center where everything is in one place.

The last pillar is “data integrity,” which he believes gets “far too little attention.” Ilves said everyone is so concerned with privacy when it comes to government services, but the real concern is the integrity of data, meaning no one is allowed to change the data.

“Let’s say someone has a blood type of AB. If others read it, it’s not a problem. But if someone changes the data, that’s problematic. That’s what integrity is about.”

To ensure data integrity, Ilves said Estonia has deployed blockchain technology. All critical data is on a permissioned blockchain so that it cannot be rewritten.

No comments: