An Examination of Estonia 2007 Cyber Attacks and the Effects on National Cyber Security Policies of Countries

Yıl 2023, Cilt: 6 Sayı: 2, 332 - 347, 31.12.2023

Esma Dilek , Özgür Talih , Türksel Bensghir

https://doi.org/10.33721/by.1392577

Öz

Cyber-attacks are among the major issues that need to be taken into consideration in terms of national security in countries that are digitalised and transforming into an information society. Unlike traditional physical attacks, the manner in which cyber attacks will occur, which attack surfaces they will use, and which targets they will be directed towards are unpredictable and varied. The consequences of attacks in the cyber space can have unpredictable effects in various dimensions. One of the most prominent examples of this issue in the world occurred in 2007 against Estonia. Estonia, one of the most technological countries in Europe, was exposed to one of the most coordinated, comprehensive cyber-attacks ever organised against a single country. This wave of cyber attacks against Estonia, which emphasised the importance of having advanced cyber defence capabilities, highlighted the issues that need to be focused on in the field of cyber security to ensure national security. In this study, the cyber-attacks against Estonia in 2007, the reasons, targets, national and international effects of these attacks, the cyber defense measures taken, and the lessons learned after the attacks were examined. In the light of these lessons, the current cyber security policies of Türkiye and the countries ranked high in the International Telecommunication Union (ITU)’s Global Cyber Security Index have been evaluated.

Anahtar Kelimeler

Estonia, Cyber Attack, Cyber Defense

Estonya 2007 Siber Saldırılarının İncelenmesi ve Ülkelerin Ulusal Siber Güvenlik Politikalarına Etkileri

Öz

Siber saldırılar, dijitalleşmiş ve bilgi toplumuna dönüşen ülkelerde, ulusal güvenlik açısından dikkate alınması gereken önemli hususlar arasındadır. Geleneksel fiziksel saldırılardan farklı olarak siber saldırıların ne şekilde meydana geleceği, hangi saldırı yüzeylerini kullanacağı ve hangi hedeflere yöneleceği konuları beklenmedik şekillerde ve çeşitliliktedir. Siber dünyada meydana gelen savaşların sonuçları farklı boyutlarda öngörülemeyen etkilere sahip olabilmektedir. Bu durumun dünyada ses getiren örneklerinden biri, 2007 yılında Estonya’ya yönelik olarak meydana gelmiştir. Avrupa’nın en teknolojik ülkelerinden olan Estonya, o tarihe kadar tek bir ülkeye yönelik düzenlenen, koordineli, en kapsamlı siber saldırılardan birine maruz kalmıştır. Gelişmiş siber savunma yeteneklerine sahip olmanın önemini vurgulayan, Estonya’ya yönelik bu siber savaş dalgası, ulusal güvenliğin sağlanması için siber güvenlik alanında odaklanılması gereken konuları gün yüzüne çıkarmıştır. Bu çalışmada, 2007 yılında, Estonya’ya düzenlenen siber saldırılar, bu saldırıların nedenleri, hedefleri, ulusal ve uluslararası etkileri, alınan siber savunma önlemleri, saldırılar sonrasında öğrenilmiş dersler incelenmiştir. Bu dersler ışığında, Uluslararası Telekomünasyon Birliği (ITU) Küresel Siber Güvenlik İndeksinde üst sıralarda yer alan ülkelerin ve Türkiye’nin güncel siber güvenlik politikaları değerlendirilmiştir.

Anahtar Kelimeler

Estonya, Siber Saldırı, Siber Savunma

Etik Beyan

bulunmamaktadır

Destekleyen Kurum

yok

Teşekkür

yok

Kaynakça

• Boeke, S. (2017). National cyber crisis management: Different European approaches. Governance-An International Journal of Policy Administration and Institutions. https://doi.org/https://doi.org/10.1111/gove.12309
• Buresh, D. L. (2020). A Critical Evaluation of the Estonian Cyber Incident. Journal of Advanced Forensic Sciences, 1(2), 7-14. /https://doi.org/10.14302/issn.2692-5915.jafs-20-3601
• CCDCOE. (2013). The Tallinn Manual. 3, https://web.archive.org/web/20130424162717
• CCDCOE. (2021). Crossed Swords. https://www.ccdcoe.org/exercises/crossed-swords/
• CCDCOE. (2022). Locked Shields., https://ccdcoe.org/exercises/locked-shields/
• CCDCOE. (2023). CCDCOE to Host the Tallinn Manual 3.0 Process., https://www.ccdcoe.org/exercises/crossed-swords/
• Crandall, M. (2014). Soft Security Threats and Small States: The Case of Estonia. Defence Studies, 14(1), 30-55. https://doi.org/10.1080/14702436.2014.890334
• Czosseck, C., Ottis, R., & Talihärm, A.-M. (2011). Estonia after the 2007 Cyber Attacks: Legal, Strategic and Organisational Changes in Cyber Security. IJCWT, 1, 24-34, http://doi.org/10.4018/ijcwt.2011010103.
• Estonia. (2010). National Security Concept of Estonia. https://eda.europa.eu/docs/default-source/documents/estonia---national-security-concept-of-estonia-2010.pdf
• Fonseca, C. E., Perdomo, I. L., & Arozarena Gratacos, M. (2014). El manual de Tallin y la aplicabilidad del derecho internacional de la ciberguerra. Ortiz, Javier Ulises. http://cefadigital.edu.ar/handle/1847939/993
• Georgetown University Law Library. (2023). International and Foreign Cyberspace Law Research Guide. https://guides.ll.georgetown.edu/cyberspace/cyber-conflicts
• Haataja, S. (2017). The 2007 cyber attacks against Estonia and international law on the use of force: an informational approach. Law, Innovation and Technology, 9(2), 159-189. https://doi.org/10.1080/17579961.2017.1377914
• Harrison, K., & White, G. (2012). Information sharing requirements and framework needed for community cyber incident detection and response. 2012 IEEE Conference on Technologies for Homeland Security (HST), 463-469. https://doi.org/10.1109/THS.2012.6459893
• Herzog, S. (2011). Revisiting the Estonian Cyber Attacks: Digital Threats and Multinational Responses. Source: Journal of Strategic Security, 4(2), 49-60. https://doi.org/10.2307/26463926
• ITU. (2020). Global Cybersecurity Index 2020. https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf
• Jackson, C. (2013). Estonian Cyber Policy After the 2007 Attacks: Drivers of Change and Factors for Success.
• Kaska, K., Talihärm, A.-M., & Tikk, E. (2010). Developments in the legislative, policy and organisational landscapes in Estonia since 2007. International Cyber Security Legal and Policy Proceedings, 40-66.
• Mäses, S., Maennel, K., Toussaint, M., & Rosa, V. (2021). Success Factors for Designing a Cybersecurity Exercise on the Example of Incident Response. 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 259-268. https://doi.org/10.1109/EuroSPW54576.2021.00033
• NATO OTAN. (2023). Cyber Coalition: NATO’s Flagship Cyber Exercise. https://www.act.nato.int/activities/cyber-coalition/
• Nezgitli, S., & Benzer, R. (2020). Avrupa Birliği Siber Güvenlik Kanunu. Journal, 2(1), 10-17. https://dergipark.org.tr/tr/pub/jismar/issue/55710/659519
• NÚKIB. (2023). Exercise Types. https://nukib.gov.cz/en/cyber-security/exercises/exercise-types/#:~:text=Crossed%20Swords%20is%20a%20technical,to%20full-scale%20cyber%20operations.
• Ottis, R. (2008). Analysis of the 2007 cyber attacks against Estonia from the information warfare perspective. Proceedings of the 7th European Conference on Information Warfare, 163. Academic Publishing Limited Reading, MA.
• Republic Of Estonia. (2020). Cyber Security Strategy 2019-2022. Ministry of Economic Affairs and Communications. https://www.mkm.ee/media/703/download
• Republic Of Estonia. (2023). Cyber Security in Estonia 2023. Information System Authority. https://www.ria.ee/media/2702/download
• Rid, T. (2012). Cyber war will not take place. Journal of strategic studies, 35(1), 5-32, https://doi.org/10.1080/01402390.2011.608939.
• T.C. Ulaştırma ve Altyapı Bakanlığı. (2020). Ulusal Siber Güvenlik Stratejisi ve Eylem Planı 2020-2023., https://hgm.uab.gov.tr//uploads/pages/siber-guvenlik/ulusal-siber-guvenlik-stratejisi-ep-2020-2023.pdf
• T.C. Ulaştırma ve Altyapı Bakanlığı. (2021). 12. Ulaştırma ve Haberleşme Şurası Sektör Raporları. https://sgb.uab.gov.tr/uploads/pages/suralar/12-ulastirma-ve-haberlesme-surasi-sektor-raporlari.pdf
• The White House. (2023). National Cybersecurity Strategy., https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
• Thematic Area. (2007). 2007 cyber attacks on Estonia., https://stratcomcoe.org/cuploads/pfiles/cyber_attacks_estonia.pdf
• Tikk, E., & Kaska, K. (2010). Legal Cooperation to Investigate Cyber Incidents: Estonian Case Study and Lessons. 9th European Conference on Information Warfare and Security 2010, ECIW 2010.
• Zhu, X. (2023). Western Studies on the Sovietization of Eastern Europe. Chinese Journal of Slavic Studies, 3(1), 15-32. https://doi.org/10.1515/cjss-2023-0008