Showing posts with label Estonia. Show all posts
Showing posts with label Estonia. Show all posts
Wednesday, June 12, 2013
Tallinn Tech is looking for a Professor of Cyber Security
The Department of Computer Science at Tallinn University of Technology is looking for a Professor of Cyber Security.
Application deadline: October 31, 2013
This appointment is part of the strategic growth of the Department of Computer Science. The department is seeking an energetic and dynamic candidate who will contribute to and complement the current research and teaching activities, and promote cooperation with national and international partners in academia, industry, government, and military.
The successful candidate will serve as a leader of research and teaching in the field of practical cyber security and digital forensics.
Further information:
http://academicpositions.eu/ad
For informal inquiries, please contact Prof. Jüri Vain: +372 620 4190, juri.vain@ttu.ee .
Application deadline: October 31, 2013
This appointment is part of the strategic growth of the Department of Computer Science. The department is seeking an energetic and dynamic candidate who will contribute to and complement the current research and teaching activities, and promote cooperation with national and international partners in academia, industry, government, and military.
The successful candidate will serve as a leader of research and teaching in the field of practical cyber security and digital forensics.
Further information:
http://academicpositions.eu/ad
For informal inquiries, please contact Prof. Jüri Vain: +372 620 4190, juri.vain@ttu.ee .
Monday, October 25, 2010
CFP: International Conference on Cyber Conflict
Finally, the CFP for our own conference is out. The International Conference on Cyber Conflict is the third conference in the series organized by CCD COE. This year, we also have IEEE as a co-sponsor. The conference will take place 07-10 June 2011 in Tallinn, Estonia.
As for the CFP [pdf]:
As for the CFP [pdf]:
In 2011 the conference will focus on the combination of defensive and offensive aspects of Cyber Forces and will combine different views on cyber defense and operations in the current and envisaged threat environments. All this shall not be limited to military perspective.
Legal, strategic and technical submissions are welcome on equal grounds.
Researchers and practicians are encouraged to submit papers covering novel and scientifically significant practical works related to 2011’s topics via our web portal. Accepted papers - after passing the peer-review - will be published in the conference proceedings provided in hard cover and digitally though IEEE Xplore.
Paper submission deadline is 20 JAN 2011.
Wednesday, October 20, 2010
Article in FutureGov Magazine
I recently wrote an article for FutureGov Magazine about the events in Estonia in 2007. Although my intent was to tone down the hype surrounding the incident, the final "independent" editing process managed to come up with a intro paragraph about "cyber war", even though I had specifically avoided this term in the article itself. I guess that is the risk one takes with media.
The article is available in the August-September issue [large pdf!], on pages 70-72.
The article is available in the August-September issue [large pdf!], on pages 70-72.
Monday, September 6, 2010
Interview explosion
I gave an interview to Baltic News Service (BNS) on Friday. Instead of writing it up as one article, they chose to create a bunch of short pieces that are currently flooding some news portals in Estonia. For a casual observer, it looks like I have personally launched a massive frontal assault on cyber awareness issues. Interesting development, although unintentional.
Thursday, August 26, 2010
CFP: ECIW 2011
I am back from my summer hiatus and ready to kick-start another year of cyber conflict studies. Let's start with the CFP to the 10th European Conference on Information Warfare and Security (ECIW). This time it is held in Tallinn, Estonia. It is hosted by the Institute of Cybernetics at Tallinn University of Technology, in collaboration with the CCD COE. I will be serving as the local Program Chair, so I hope to see some of you there.
Please feel free to circulate this CFP:
Please feel free to circulate this CFP:
This is a call for papers for 10th European Conference on Information Warfare and Security being held at The Institute of Cybernetics at the Tallinn University of Technology, Tallinn, Estonia on the 7-8 July 2011.
The 10th European Conference on Information Warfare and Security (ECIW) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat information warfare or to improve information systems security to come together and exchange ideas. There are several strong strands of research and interest that are developing in the area including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.
Please consider submitting to this conference. We are interested in the entire range of concepts from theory to practice, including case studies, works-in-progress, and conceptual explorations. The conference committee welcomes contributions on a wide range of topics using a range of scholarly approaches including theoretical and empirical papers employing qualitative, quantitative and critical methods.
Case studies and work-in-progress/posters are welcomed approaches. PhD Research, proposals for roundtable discussions, non-academic contributions and product demonstrations based on the main themes are also invited.
You can find calls for papers for these tracks at:
http://academic-conferences.org/eciw/eciw2011/eciw11-call-papers.htm
The ECIW conference proceedings are:
· listed in the Thomson Reuters ISI Index to Scientific and Technical Proceedings (ISTP/ISI Proceedings)
· listed in the Thomson Reuters ISI Index to Social Sciences & Humanities Proceedings (ISSHP)
· listed in the Thomson Reuters ISI Index to Social Sciences & Humanities Proceedings (ISSHP/ISI Proceedings).
· indexed by the Institution of Engineering and Technology in the UK.
Conference publications are submitted for accreditation on publication. Please note that depending on the accreditation body, this process can take several months.
Please feel free to circulate this message to any colleagues or contacts you think may be interested.
Tuesday, December 22, 2009
Russia and Cyber Attacks
A colleague pointed me to an article in the Baltic Security and Defence Review, an annual publication of the Baltic Defence College (international staff college for military officers at OF3-OF5 ranks). MAJ William Ashmore (US Army) writes an overview of recent cyber conflicts with Russia, titled "Impact of Alleged Russian Cyber Attacks" [pdf].
While the article covers a lot of ground it seems that he is not a subject matter expert in cyber conflicts. The quality of the references is relatively weak (mostly public news media) and there are a few simple errors. On the other hand, he has done a fairly broad background check for the legal/doctrinal work done at OSCE, UN etc.
He provides an overview of events in Estonia 2007 and Georgia 2008 among others, and a summary of NATO's activities in setting up cyber defence. He spends some time on Herman Simm's case (highly placed spy for Russians in Estonian MoD, caught 2008), although to me his arguments there seem a bit weak.
He reviews the national and international responses/comments to the Russian cyber campaigns, including potential attribution. There is also a fairly interesting chapter about future trends in Russian cyber activities (including Dr Panarin's recommendations). I think he may be onto something when he says that in Russia, cyber is mostly seen as an offensive capability.
With the US primarily focused on the Chinese cyber threat, the Russian (and other) cyber studies remain in the background. Therefore, it is a refreshing piece of reading, regardless of some issues with depth or quality. As always, read the article for full info.
Happy holidays!
While the article covers a lot of ground it seems that he is not a subject matter expert in cyber conflicts. The quality of the references is relatively weak (mostly public news media) and there are a few simple errors. On the other hand, he has done a fairly broad background check for the legal/doctrinal work done at OSCE, UN etc.
He provides an overview of events in Estonia 2007 and Georgia 2008 among others, and a summary of NATO's activities in setting up cyber defence. He spends some time on Herman Simm's case (highly placed spy for Russians in Estonian MoD, caught 2008), although to me his arguments there seem a bit weak.
He reviews the national and international responses/comments to the Russian cyber campaigns, including potential attribution. There is also a fairly interesting chapter about future trends in Russian cyber activities (including Dr Panarin's recommendations). I think he may be onto something when he says that in Russia, cyber is mostly seen as an offensive capability.
With the US primarily focused on the Chinese cyber threat, the Russian (and other) cyber studies remain in the background. Therefore, it is a refreshing piece of reading, regardless of some issues with depth or quality. As always, read the article for full info.
Happy holidays!
Wednesday, November 4, 2009
CFP: Conference on Cyber Conflict
The Call for Papers is out for the CCD COE Conference on Cyber Conflict. The event will take place in Tallinn from 16-18 June 2010 and it combines the two conferences that the Centre organized in 2009 (You can read summaries here and here). There will be a separate training day on June 15th.
Bruce Schneier will give the keynote address and judging from the experience of the this year's events we expect many other interesting talks and papers as well.
The conference is split into three tracks: Technical, Concepts and Strategy, and Legal and Policy. Paper submissions are welcome to all tracks. Note that the deadline for abstract submission is a mere four weeks away!
Key dates
Abstract due: 30 November
Paper due: 01 March 2010
Conference: 16-18 June 2010
Bruce Schneier will give the keynote address and judging from the experience of the this year's events we expect many other interesting talks and papers as well.
The conference is split into three tracks: Technical, Concepts and Strategy, and Legal and Policy. Paper submissions are welcome to all tracks. Note that the deadline for abstract submission is a mere four weeks away!
Key dates
Abstract due: 30 November
Paper due: 01 March 2010
Conference: 16-18 June 2010
Friday, September 4, 2009
Paper on Cyber Society
I co-authored a paper with Peeter Lorents and Raul Rikk that was published in the 13th International Conference on Human-Computer Interaction, San Diego, in July. You can also find the paper in LNCS 5623, pp. 180-186.
The paper is titled Cyber Society and Cooperative Cyber Defence. In it, we explore the concept of cyber society, which we define as "a society where computerized information transfer and information processing is (near) ubiquitous and where the normal functioning of this society is severely degraded or altogether impossible if the computerized systems no longer function correctly."
We then examine Estonia as an early form of a cyber society and illustrate it's potential vulnerabilities with the events of April-May 2007. We conclude the paper with the foundations behind the establishment of the Cooperative Cyber Defence Centre of Excellence.
This was my first co-authored paper and as such a new experience. One of the problems of having multiple authors is to write a consistent paper - something that could be improved in this case. However, I think it does convey the ideas that we wanted.
The paper is titled Cyber Society and Cooperative Cyber Defence. In it, we explore the concept of cyber society, which we define as "a society where computerized information transfer and information processing is (near) ubiquitous and where the normal functioning of this society is severely degraded or altogether impossible if the computerized systems no longer function correctly."
We then examine Estonia as an early form of a cyber society and illustrate it's potential vulnerabilities with the events of April-May 2007. We conclude the paper with the foundations behind the establishment of the Cooperative Cyber Defence Centre of Excellence.
This was my first co-authored paper and as such a new experience. One of the problems of having multiple authors is to write a consistent paper - something that could be improved in this case. However, I think it does convey the ideas that we wanted.
Friday, June 26, 2009
Evgeny Morozov on Cyber Myths
Evgeny Morozov of the Open Society Institute has an interesting essay in the Boston Review about myths in cyberspace. Specifically, he addresses the scaremongering and vague threat information that is used to get access to funding, fame or power.
He points out many official statements that exaggerate the threat from cyber terrorism and cyber war and asks the question: is there any evidence to back up these claims? No, at least not in the public realm. He also makes a point that the threat from the net information is produced by intelligence/defence organizations and information security companies that benefit from the increased funding. I think he is right in the sense that there are very few facts available, so we are left with hypotheses and conjecture. Honestly, I am partly to blame, as I have presented similar worst case scenarios in numerous conferences, in order to raise awareness of the topic.
He also touches the foggy quagmire that is the international legal definition of cyber warfare and what, if anything can and should be done if one breaks out. I think we will not have a clear answer on this in the near future, but at least the topic is also addressed by professionals.
In terms of how useful cyber attacks are for the military, Morozov refers the opinion that superpowers do not need cyber power, as they have more conventional means to crush the enemy. While that may be true, the question of attribution once again comes up - who will the superpower nuke, if they cannot identify the source of the cyber attack?
On the other hand, his conclusion that we should focus more on the threats from cyber crime and cyber-espionage is correct. However, it is not correct because cyber war is improbable, but because the tools used in cyber war will be very similar to the ones used in crime and espionage. The same piece of malware can be used to steal your personal data, collect intelligence on your organization or to disrupt your networks in preparation for a war. Thus, better defense against crimeware will also mean better defense in war.
A comment on Estonia
Unfortunately, Morozov uses unclear wording that may suggest that Estonia was off-line for nearly a month in 2007. It would be more correct to say that Estonia was under attack for about three weeks in 2007, but only a few critical on-line services (like banks) were affected for clients inside Estonia. One of the options, a white-list based "island Estonia" defence meant that the vast majority of the attacks could be easily blocked while maintaining service to the vast majority of the clients. As a result, clients of the two biggest banks in Estonia saw only a 45-90 minute interruption of service at the start of the attacks and that only affected the web interface of the banks. What is worrying, however, that these were critical "civilian" targets in a political conflict.
Sure, non-critical services (public government websites and news sites, for example) did suffer longer service outages due to cyber attacks (mostly simple DDoS), but in my opinion this was not a big issue for the state as a whole. The biggest effect would be potential information blockade, as local news sites or press sites are off-line, but that can easily be remedied by using other means of communication to push the message out (remember, e-mail works, phones work, faxes work, radio and TV are still on air, and even the postman makes his rounds). I personally had no problems communicating with friends and colleagues abroad throughout the period.
He points out many official statements that exaggerate the threat from cyber terrorism and cyber war and asks the question: is there any evidence to back up these claims? No, at least not in the public realm. He also makes a point that the threat from the net information is produced by intelligence/defence organizations and information security companies that benefit from the increased funding. I think he is right in the sense that there are very few facts available, so we are left with hypotheses and conjecture. Honestly, I am partly to blame, as I have presented similar worst case scenarios in numerous conferences, in order to raise awareness of the topic.
He also touches the foggy quagmire that is the international legal definition of cyber warfare and what, if anything can and should be done if one breaks out. I think we will not have a clear answer on this in the near future, but at least the topic is also addressed by professionals.
In terms of how useful cyber attacks are for the military, Morozov refers the opinion that superpowers do not need cyber power, as they have more conventional means to crush the enemy. While that may be true, the question of attribution once again comes up - who will the superpower nuke, if they cannot identify the source of the cyber attack?
On the other hand, his conclusion that we should focus more on the threats from cyber crime and cyber-espionage is correct. However, it is not correct because cyber war is improbable, but because the tools used in cyber war will be very similar to the ones used in crime and espionage. The same piece of malware can be used to steal your personal data, collect intelligence on your organization or to disrupt your networks in preparation for a war. Thus, better defense against crimeware will also mean better defense in war.
A comment on Estonia
Unfortunately, Morozov uses unclear wording that may suggest that Estonia was off-line for nearly a month in 2007. It would be more correct to say that Estonia was under attack for about three weeks in 2007, but only a few critical on-line services (like banks) were affected for clients inside Estonia. One of the options, a white-list based "island Estonia" defence meant that the vast majority of the attacks could be easily blocked while maintaining service to the vast majority of the clients. As a result, clients of the two biggest banks in Estonia saw only a 45-90 minute interruption of service at the start of the attacks and that only affected the web interface of the banks. What is worrying, however, that these were critical "civilian" targets in a political conflict.
Sure, non-critical services (public government websites and news sites, for example) did suffer longer service outages due to cyber attacks (mostly simple DDoS), but in my opinion this was not a big issue for the state as a whole. The biggest effect would be potential information blockade, as local news sites or press sites are off-line, but that can easily be remedied by using other means of communication to push the message out (remember, e-mail works, phones work, faxes work, radio and TV are still on air, and even the postman makes his rounds). I personally had no problems communicating with friends and colleagues abroad throughout the period.
Subscribe to:
Posts (Atom)
Posts
