Interview with a leading researcher of the NATO Cyber Defence Center, Kenneth Geers (pictured).

Please name one of the main trends in cyber crime in 2009.

A major trend in 2009 is that attackers have shifted from sending a small number of threats to a large number of people to sending many unique threats to a smaller group of Internet users. In other words, cyber targeting has improved.

What are the most fruitful outcomes of the work done by the NATO Cyber Defence Center to date?

The most visible event was our June 2009 Conference on Cyber Warfare in Tallinn. Researchers from almost twenty countries gathered to explore the relationship between computer security and national security. Not surprisingly, the devil was found in the details: the challenge of attribution, the calculation of damages, the cyber threat to critical infrastructure, law enforcement jurisdiction, and much more. A CCD CoE book, The Virtual Battlefield: Perspectives on Cyber Warfare, comprised of the papers presented at the conference, will be out in late September.

What are the most serious attacks we have seen in 2009?

In January, the entire nation-state of Kyrgyzstan was knocked off-line during a time of political crisis, via distributed denial-of-service (DDoS) attacks against the country’s two biggest Internet service providers (ISPs). It is believed that the cyber campaign may have been intended to put pressure on the Kyrgyz government to remove foreign military forces from its territory.

From where and for what reason were the most serious attacks carried out lately?

One of the most controversial subjects in cyber security, for at least the past decade, has been whether a “digital Pearl Harbour” will happen or is even theoretically possible. In my opinion, devastating cyber attacks on critical infrastructure are possible, especially in coordination with a traditional kinetic attack. In 2007, it was reported that Syrian air defence systems were disabled by a cyber attack moments before the Israeli air force destroyed a suspected Syrian nuclear reactor. If true, that event demonstrates the clear power of cyber attacks, at least indirectly, to inflict damage on national critical infrastructures and could even be called a small–scale Digital Pearl Harbour.

Do you have any overall figures on the regularity and amount of different type of attacks?

There is a lot we do not know about the cyber threat, but what we do know is worrying. In July 2009, for example, Symantec reported that 89 per cent of all e-mail messages sent were spam. That means that, despite really focused and well-funded efforts to stop it, the amount of spam we receive every day continues to increase!

This story was first published in the quarterly magazine Life in Estonia Fall 2009 edition. Read also our previous post on cyber fraud trends.