How Russia Strengthened NATO’s Cyber Defence

Russia’s 2007 cyber-attacks on Estonia did not cause any long-term harm. What they did, however, is they helped NATO realise the vulnerabilities of a country’s digital presence. As a direct consequence, NATO’s Centre of Excellence was founded to provide cyber-attack prevention and devise a specially dedicated military protocol applicable to the most modern type of warfare.


In the morning of 27 April 2007, Estonia’s digital services were down. It was the first massed attack in the world directed at an entire nation and not just a single institution. Amongst the entities affected were government bodies, police, banks, emergency centre, Internet service providers, online media, and enterprises. The attacks, though not sophisticated in their nature, were conducted at a significant scale – especially for Estonia, whose public services are to a large extent digitalised. For a total of 22 days, the attackers were flooding the country’s cyberspace through continuous sending of requests and spam messages. Despite the simplicity of those actions, their volume was so large that the hosts of targeted services were incapable of handling them, thus disrupting the entire digital systems. Estonian intelligence agency quickly identified that the attacks were coming from the territory of Russia, which country rejected its neighbour’s formal request for investigation assistance. It was discovered, however, that users of Russian forums published calls for contribution in the attacks with simplified instructions on how it can be done. Additionally, some of the malicious queries contained indications of political motivations and the attackers’ Russian language background.

After three weeks of attacks disrupting Estonia’s digital services, the warfare was countered with no long-term harm to the country’s servers and systems. It was time for the world to learn its lesson. Firstly, the West realised the vulnerabilities of a state’s cyber presence. From a theft of a society’s sensitive data, to interfering the entire country’s utility services such as electricity, safety, defence, financial services, and communication; a hostile nation could gain a tremendous military advantage remotely, without the victim even realising. Indeed, it was the first time in its history that NATO had received a request for assistance in cyber defence. At that time, cyber warfare was vastly unregulated; there were no international laws let alone specialistic protocols providing a scheme of defence. Nevertheless, the international military alliance had already been defending itself from digital threats on daily basis. Even at the time Estonia was undergoing the crisis, the organisation was experiencing the same type of attack from the same source as the Baltic state. Not fully prepared for providing external help, NATO coordinated the member nations to collaborate on the resources available for helping Estonia. It was then unquestionable that a procedural improvement was needed and that in the coming years there would be more of such requests. Thus, NATO assessed its internal defence strategies and appropriate infrastructure, followed by a report issued to all allied defence ministers. The report further evolved into cyber defence policy which then led to the creation of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and its establishment in Tallin. In fact, Estonia advocated its erection prior to its association to NATO, in 2003. The institution is now responsible for improving the interoperability of cyber defence within the member states and their systems, enhancing training, education, and spreading awareness of the issue, providing cyber defence support for experimentation, analysing the legal aspects of digital security, and contributing to the making of NATO’s security policy. In 2009, CCDCOE provided an international forum for experts, scholars and practitioners, to study how international law, especially humanitarian and jus ad bellum which describes the criteria under which entering a war is permissible, apply to the digital sphere. They later composed a manual describing how those laws should be interpreted in the context of cyber warfare. It was the first endeavour that used a comprehensive, analytical approach to the issue and clarified, at least to some extent, the legal matters surrounding it. Once published, the paper enjoyed vast coverage in popular media and sparked further professional study of cybersecurity.

Russia’s 2007 cyber-attacks on Estonia had only one long-term effect – prompting NATO to systematise its procedures and protocols regarding cyber safety assistance and to allocate more resources to extensive research and experimentation in this area. By doing so, Russia did nothing but pointed a crack in the West’s wall and suggested its renovation.

Author: Jędrzej Duszyński – Alumnus of Worth School, a British Independent School, where he pursued Sixth Form education on a full academic scholarship. Alumnus and Volunteer at United World Colleges Poland. He gained professional experience during a research internship at Institute of Economic Affairs and a consulting work placement at Oliver Wyman, London. He currently works as an Executive Assisant at the Polish-based think-tank Warsaw Intitute.

This article was originally published on “Polish Daily News”.