Has Estonia's e-revolution backfired?

By David Reid
Reporter, BBC Click

Estonia has been an internet early adopter, using the web to streamline administration with e-government, e-voting, even e-parking. But relying on a net vulnerable to cyber attack has its risks.

Estonia has long lived in the shadow of its neighbour.

During the second world war Russian warships massed off the country's ports.

Half a century later the Soviet occupation ended just as the world was waking to another revolution - a digital one - and Estonia grabbed it with both hands.

Cyber attacks began after a war memorial was moved in Tallinn

Now the country is a world leader in out-sourcing and e-banking and has the skyscrapers to prove it.

People vote online and even avoid the tow-truck's clutches by paying for parking tickets using their mobiles.

Estonians trust technology and have even adopted ID cards - which have proved controversial elsewhere.

Building the country

Many governments are envious of how Estonia has managed to implement its electronic ID card scheme.

But Estonia's government has packaged its e-revolution as part of building the country after independence from the Soviet Union.

In Estonia this does not mean state intrusion. It means progress and freedom.

The attacks affected a range of government websites

"When we got independence, we had to start from zero."

"It was much easier to implement innovation back then. You had to build everything up in a very rapid way in order to sustain the society. And the internet was part of it," says Rica Semjonova of the Estonian Informatics Centre.

Cyber-Warfare

Estonia's IT strength might also prove to be a vulnerability. A diplomatic spat this summer over the relocation of a Soviet-era monument in the capital Tallinn led to a series of online incidents that many observers described as nothing less than cyber-warfare.

I do not know who this was. Was it someone linked to a state power of another country? I cannot say Juhan Parts, Minister of Economy and Communications

Estonia's ethnic Russians were furious the statues were moved. Some blocked roads and rioted, others took their grievances online, multiplying traffic a thousand times until websites were slowed to a standstill.

"It started in the first night of the riots and - of course - as we were covering the riots anyway, everyone was at work. What we saw was that all traffic numbers were going up, up, up," explained Jannus Lillenberg from www.postimees.ee.

"And then it just kept growing and we understood that something was not right. And then we went three nights and days to build some way to absorb these attacks and stop the spam, to throw them away before they got to our website."

Estonia's main line of defence against the attack was the Estonian Information Centre.

"To compare it, it is a forest fire. At first it is a very small fire, but with the wind from the correct direction and no rain for days," said Hillar Aarelaid from the Centre.

"Before an attack it is very difficult to tell what kind of attack it will be. You can understand it only when you are under attack."

Even months on, no-one is really sure who was behind it all - an underground network of hackers, a state, or as some are now saying - both. All that is left are suspicions.

Internet experts from NATO and the EU all tried to track down the culprits

"Some attacks, for example, started one moment and ended at exactly midnight. It is not possible that attacks from different corners of the globe coming to the Estonian servers and then suddenly cancel at midnight," says Juhan Parts, Minister of Economy.

"I do not know who this was. Was it someone linked to a state power of another country? I cannot say."

As a member of NATO, a military attack on Estonia would be treated as an attack on all NATO states.

So, how about a cyber-attack that cripples its information infra-structure for weeks?

That is still being pondered.

But with allegations that China has recently mounted cyber attacks on Western states, the internet might become an infrastructure worth protecting with something more than strong talk and firewalls.