The Fog of Cyberwar.(International Edition; WORLD AFFAIRS)(cyberwar)

Byline: Evgeny Morozov

NATO military strategists are waking up to the threat from online attacks.

Ghostnet sounds like something John le Carre would invent. This vast cyber-espionage operation spanned 1,295 computers worldwide, a third of them located in ministries of foreign affairs, embassies, international organizations and news media, some holding classified data. According to a report by three Canadian security think tanks in March, it included at least one unclassified computer at NATO headquarters in Mons, Belgium. Although the culprit is unidentified, some experts suspect China. Whether it exploited any of the data is hard to say. That it could obtain it so easily has raised eyebrows in the world's mightiest military alliance.

NATO is only just beginning to recognize that the Internet has become a new battleground, and that it requires a military strategy. As economic life relies more and more on the Internet, the potential for small bands of hackers to launch devastating attacks on the world economy is growing. To counter such threats, a group of NATO members, including the U.S. and Germany, last year established a kind of internal cybersecurity think tank, based in a former government building in Tallinn, Estonia. The 30 staffers at the Cooperative Cyber Defense Centre of Excellence analyze emerging viruses and other threats, and pass on alerts to sponsoring NATO governments. They are also working to bring the allies together on the elusive issues that deepen the fog of cyberwar.

Experts with backgrounds in the military, technology, law and science are wrestling with such questions as: What qualifies as a cyber "attack" on a NATO member, and so triggers the obligation of alliance members to rush to its defense? And how can the alliance defend itself in cyberspace? Already, the debate is producing strikingly different answers: as Washington moves to create a new "cybersecurity czar" and new funds for cyberdefenses, Estonia is moving much of the job into civilian hands, aiming to create a nation of citizens alert and wise to online threats.

The choice of Estonia as the home to NATO's new cyberwar brain trust is not accidental. In 2007 Estonia was in a public squabble with Russia over the fate of a Soviet-era monument when it suddenly found itself under a wave of cyberattacks. Among the targets were two of Estonia's biggest banks, whose online systems were severely degraded for several hours. The scale of the economic damage is still classified as a state secret, but the fact that this happened in "E-stonia," a proud digital society where even parking meters take payment via text messages, was eye-opening. Although the decentralized nature of cyberattacks made it hard to know whether the Kremlin ordered the attacks, clues led Estonia to a Russian suspect, whom the Kremlin refused to extradite.

One thing is clear: Russia gained from what may be the first successful invasion in the new age of cyberwar. Hillar Aarelaid, a manager at Estonia's computer emergency response team, who coordinated Estonia's defenses during the assault, told me that the attack used a nasty weapon called a "distributed denial of service," or DDOS. Cheap to organize and devastating, DDOS involves a small gang of hackers who command a cyber-army of infected PCs to overwhelm the Web sites of a bank (or other institution) with seemingly legitimate requests. Yet Aarelaid believes that the attackers who came after Estonia aimed to flaunt the range and power of their arsenal. If the orders came from the Kremlin, the message to former Soviet satellites was clear: defy us at your own risk. Estonia, courageously, went ahead and moved the Soviet monument anyway.