Volunteer Cyber Army Emerges In Estonia The nation is a model for how a country might defend itself during a cyberwar. The responsibility would fall to a force of programmers, computer scientists and software engineers who make up a Cyber Defense League that in wartime would function under a unified military command.
NPR logo

Volunteer Cyber Army Emerges In Estonia

  • Download
  • <iframe src="https://www.npr.org/player/embed/132634099/132643927" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Volunteer Cyber Army Emerges In Estonia

Volunteer Cyber Army Emerges In Estonia

  • Download
  • <iframe src="https://www.npr.org/player/embed/132634099/132643927" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


In recent months, we've been reporting on this program, about a growing threat facing many countries - cyber attacks. And today we're going to hear about the first country that actually experienced a cyber war - the Baltic nation of Estonia. In 2007, government, financial and media computer networks were hit by a series of paralyzing attacks. Estonian authorities suspect Russia was responsible. Now, Estonia is a model for how a country might defend itself. NPR's Tom Gjelten reports.

TOM GJELTEN: Estonia knows what it's like to be invaded. During the Second World War Soviet troops occupied the country, then the Germans, then the Soviets again. Each occupation was fiercely resisted. After the war, Estonia became part of the Soviet Union, unwillingly. It broke free at its first opportunity in 1991. And this time it's determined to remain independent.

The government has organized what it calls a Total Defense League, mostly civilians, ready to mobilize in the event of any foreign threat. Jaak Aaviksoo is Estonia's defense minister.

Mr. JAAK AAVIKSOO (Defense minister, Estonia): Insurgent activity against an occupying force sits deep in the Estonian understanding of fighting back. And I think that builds the foundation for understanding total defense in the case of Estonia.

GJELTEN: Total defense, the idea being that defending the country is the responsibility of the whole population, not just the military. And for Estonia, that includes the defense of computer networks. The country's one of the most wired on the planet. And having been the target of one cyber attack already, they know how damaging another could be.

Defense Minister Jaak Aaviksoo, interviewed while visiting Washington recently, says an elite division of the country's Total Defense League is dedicated to cyber security.

Minister JAAK AAVIKSOO (Ministry of Defense, Estonia): We have created a Cyber Defense League that brings together people, specialists in cyber defense, who work in the private sector, as well as in different government agencies. They bring it together to prepare for possible cyber contingencies.

GJELTEN: No democratic country in the world has a cyber defense force like this, programmers and software engineers ready to put themselves under a single paramilitary command to defend the country's cyber infrastructure.

Defense Minister Aaviksoo says it's so important for Estonia to have a skilled cyber army that the authorities there may even institute a draft to make sure every cyber expert in the country is available in a true national emergency.

Minister AAVIKSOO: We are thinking of introducing this conscript service, a cyber service. This is an idea that we've been playing around. We don't have neither the mechanisms nor laws in place for that. But that might be one option.

GJELTEN: In the United States, most top cybersecurity experts work in the private sector and are not available for government duty, even in times of an emergency.

Stewart Baker tried to coordinate cyber defense efforts at the Department of Homeland Security under President George W. Bush. A Cyber Defense League like Estonia's, he says, would've been really helpful.

Mr. STEWART BAKER (Former Assistant Secretary, Homeland Security Policy): It means people are keeping their skills up to date in the private sector, and those skills can be called on in an emergency, which is the only time the government really needs all of them. That's a very sensible approach. And I wish we had the same kind of relationship with our IT sector that they obviously have with theirs.

GJELTEN: When top cyber security experts are willing, if necessary, to put themselves under a single paramilitary command, a country's computer networks can be defended more efficiently.

In Estonia, as in the United States, the information technology underpinning the power, transportation and financial systems is largely in private hands. With the defense of that IT infrastructure split between government and private industry, there are always security gaps.

But Stewart Baker says it's been hard in the United States to promote public-private collaboration in cybersecurity.

Mr. BAKER: The people who work in IT in the U.S. tend to be quite suspicious of government. Maybe they think that they're so much smarter than governments that they'll be able to handle an attack on their own. But there's a standoffishness that makes it much harder to have that kind of easy confidence that you can call on people in an emergency and that they'll be respond.

GJELTEN: Estonia's firsthand experience with cyber war has probably made it easier for authorities there to implement innovative security measures, from its Cyber Defense League to a new requirement for using digital IDs to carry out many online transactions. Many countries would face resistance to such efforts.

But that only means Estonia now has the opportunity to serve as a model. And NATO has recognized Estonia's efforts: The alliance's new Cyber Defense Excellence Center is headquartered there.

Tom Gjelten, NPR News, Washington.

(Soundbite of music)


Copyright © 2011 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.