Q&A

What CSOs Can Learn From Estonia

Security researcher Gadi Evron reviews lessons of the Estonian cyber attacks he helped to investigate last year.

By Bill Brenner, Senior Editor

Evron: That stuff [from the presentation] was a joke. I was mainly concerned about visiting because of the cyber fraud activity happening there and the damage the criminals can suffer at the hands of people like me. I found a beautiful country with a very relaxed and fun culture. Their attitude was that if there were problems they wanted to talk about them and fix them.

CSO: If you could offer three pieces of advice to government or private entities hoping to avoid such attacks, what would it be?

Evron: Don't panic. Accept that the threat is there. Don't jump to solutions such as just better funding or adopting a cold-war strategy. On a practical note, though, establishing a country-wide incident response capability is important. Open channels to the private sector. Treat the Internet as insecure in your design when you build new infrastructure around it.

CSO: You live in the West Bank, and when you mentioned your initial mental picture of Estonia in that talk last year, it was easy to see how the TV news can give a distorted picture of cetain places that don't neccesarily reflect the reality of the situation. Do you think your corner of the world gets a bad rap when it comes to the overall security situation?

Evron: The reputation is understandable [but] the reporting is mostly biased and even plain-out wrong on both sides. This is true not just for the local situation but for computer security and anything else I've had the chance to be privy to and then later see reported in the news.

• Email
• Print
• Comments
• Digg This
• SlashDot