Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Towards a Baltic Sea Region Strategy in Critical ... - Helsinki.fi
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER III: INFORMATION AND COMMUNICATION TECHNOLOGY<br />
attacks, lur<strong>in</strong>g them to disclose their bank codes. Earlier attacks <strong>in</strong><br />
October 2005 forced the temporary closure of the service <strong>in</strong> Sweden and<br />
later actually succeeded, caus<strong>in</strong>g a reported loss of over €900,000 from<br />
user accounts as of January 2007 (Libbenga 2007). Most of the bank’s<br />
websites now post detailed customer advisory notes on how to deal with<br />
phish<strong>in</strong>g attacks 64 .<br />
• Example 2: A malfunction<strong>in</strong>g of a 220 kV power transmission l<strong>in</strong>e <strong>in</strong><br />
Uppsala 2 nd October 2002 caused outage <strong>in</strong> <strong>fi</strong>xed and mobile<br />
communication networks <strong>in</strong> northern parts of Stockholm, Uppsala,<br />
Västerås, and so on. Consequently, the network failures triggered<br />
cascad<strong>in</strong>g failures affect<strong>in</strong>g terrestrial television and radio broadcasts <strong>in</strong><br />
some areas, the radar at Stockholm-Arlanda airport caus<strong>in</strong>g flight<br />
disruptions, and also rail system caus<strong>in</strong>g tra<strong>in</strong>s to run late (Eckström<br />
2004).<br />
• Example 3: The Estonian government moved a Soviet war memorial<br />
statue from a central square <strong>in</strong> Tall<strong>in</strong> on 26 th April 2007. For the next<br />
three weeks, websites belong<strong>in</strong>g to Estonian government departments<br />
(e.g., all m<strong>in</strong>istries, except those of Culture and Agriculture) and<br />
bus<strong>in</strong>esses come under unusually <strong>in</strong>tense but coord<strong>in</strong>ated DDoS attacks.<br />
The Estonian authorities were then obliged to block overseas Internet<br />
connections to enable locals to cont<strong>in</strong>ue access<strong>in</strong>g essential onl<strong>in</strong>e<br />
services provided by key Estonian websites (Lesk 2007; Rantanen 2007).<br />
• Example 4: In August 2007, hackers <strong>in</strong><strong>fi</strong>ltrated a database belong<strong>in</strong>g to<br />
the telecom operator Tele2 and managed to steal details of 11-digit<br />
personal identi<strong>fi</strong>cation (ID) numbers and home addresses belong<strong>in</strong>g to<br />
over 60,000 Norwegians.Among the victims is the head of the national<br />
data <strong>in</strong>spectorate, Datatilsynet. The stolen details put the victims under<br />
the serious threat of identity theft. The Norwegian police subsequently<br />
urged <strong>in</strong>creased vigilance by the victims and are <strong>in</strong>vestigat<strong>in</strong>g the matter<br />
(Solberg 2007).<br />
A more general snapshot of a country’s overall <strong>in</strong>formation security trends is<br />
typically provided by national CERTs (Computer Emergency Response Teams) or<br />
CSIRTs (Computer Security and Incident response Teams). CERTs/CSIRTs offer a<br />
one-stop-shop service for report<strong>in</strong>g all security <strong>in</strong>cidents (e.g. break-<strong>in</strong>s, DDoS<br />
attacks, new malware, discovered vulnerabilities etc.), publish<strong>in</strong>g threat alerts and<br />
provision<strong>in</strong>g advisory services for a nation’s <strong>in</strong>formation security communities.<br />
Therefore, the statistics of security <strong>in</strong>cidents compiled by a national CERT/CSIRT<br />
are usually quoted when analyz<strong>in</strong>g <strong>in</strong>formation security trends for a particular<br />
country. For <strong>in</strong>stance, the statistics obta<strong>in</strong>ed from the F<strong>in</strong>nish CERT (CERT-FI)<br />
<strong>in</strong>dicate a sharp rise <strong>in</strong> reported security <strong>in</strong>cidents s<strong>in</strong>ce 2002 (see Figure 8).<br />
Notably, the number of reported <strong>in</strong>cidents <strong>in</strong> the <strong>fi</strong>rst half of 2007 already exceeds<br />
64 See for example Nordea F<strong>in</strong>land (2007).<br />
NORDREGIO REPORT 2007:5 99