{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T16:29:48Z","timestamp":1775060988030,"version":"3.50.1"},"reference-count":41,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,1,1]]},"abstract":"<p>At the time of the state-wide cyber attacks in 2007, Estonia was one of the most developed nations in Europe regarding the ubiquitous use of information and communication technology (ICT) in all aspects of society. Relaying on the Internet for conducting a range of business transactions is common practice. But naturally, the more a society depends on ICT, the more it becomes vulnerable to cyber attacks. Unlike other research on the Estonian incident, this paper does not focus on the analysis of the events themselves. Instead, the authors examine Estonia\u2019s cyber security policy and subsequent changes made in response to the cyber attacks. As such, the authors provide a comprehensive overview of the strategic, legal, and organisational changes based on lessons learned by Estonia after the 2007 cyber attacks. The analysis is based on a review of national security governing strategies, changes in the Estonia\u2019s legal framework, and organisations with direct impact on cyber security. The paper discusses six important lessons learned and manifested in actual changes: each followed by a set of cyber security policy recommendations appealing to national security analysts as well as nation states developing their own cyber security strategy.<\/p>","DOI":"10.4018\/ijcwt.2011010103","type":"journal-article","created":{"date-parts":[[2011,11,16]],"date-time":"2011-11-16T12:41:11Z","timestamp":1321447271000},"page":"24-34","source":"Crossref","is-referenced-by-count":26,"title":["Estonia after the 2007 Cyber Attacks"],"prefix":"10.4018","volume":"1","author":[{"given":"Christian","family":"Czosseck","sequence":"first","affiliation":[{"name":"Cooperative Cyber Defence Centre of Excellence, Estonia"}]},{"given":"Rain","family":"Ottis","sequence":"additional","affiliation":[{"name":"Cooperative Cyber Defence Centre of Excellence, Estonia"}]},{"given":"Anna-Maria","family":"Talih\u00e4rm","sequence":"additional","affiliation":[{"name":"Cooperative Cyber Defence Centre of Excellence, Estonia"}]}],"member":"2432","reference":[{"key":"ijcwt.2011010103-0","unstructured":"Blomfield, A. (2007). Estonia calls for Nato cyber-terrorism strategy. Retrieved from http:\/\/www.telegraph.co.uk\/news\/worldnews\/1551963\/Estonia-calls-for-Nato-cyber-terrorism-strategy.html"},{"issue":"1","key":"ijcwt.2011010103-1","first-page":"179","article-title":"A Proposal for an International Convention to Regulate the Use of Information Systems in Armed Conflict.","volume":"47","author":"D.Brown","year":"2006","journal-title":"Harvard International Law Journal"},{"key":"ijcwt.2011010103-2","unstructured":"Council of Europe. (2001). Convention on Cybercrime. Retrieved from http:\/\/conventions.coe.int\/treaty\/en\/treaties\/html\/185.htm"},{"key":"ijcwt.2011010103-3","first-page":"67","article-title":"Council Framework Decision 2005\/222\/JHA of 24 February 2005 on attacks against information systems.","volume":"69","year":"2005","journal-title":"Official Journal L"},{"key":"ijcwt.2011010103-4","unstructured":"Cyber Defence League (CDL). (2011). K\u00fcberkaitseliit. Retrieved from http:\/\/www.kaitseliit.ee\/index.php?op=body&cat_id=395"},{"key":"ijcwt.2011010103-5","unstructured":"Denning, D. E. (2001). Activism, hacktivism, and cyberterrorism: the internet as a tool for influencing foreign policy. In Networks and netwars: The future of terror, crime, and militancy (pp. 239-288)."},{"key":"ijcwt.2011010103-6","doi-asserted-by":"crossref","unstructured":"Ellis, B. (2001). The International Legal Implications and Limitations of Information Warfare: What Are Our Options? Retrieved March, 2, 2011, from http:\/\/www.iwar.org.uk\/law\/resources\/iwlaw\/Ellis_B_W_01.pdf","DOI":"10.21236\/ADA393007"},{"key":"ijcwt.2011010103-7","unstructured":"ENISA. (2010). EU Cyber Security Exercise \u2018Cyber Europe 2010\u2019. Retrieved January 31, 2011, from http:\/\/www.enisa.europa.eu\/media\/press-releases\/cyber-europe-20102019-cyber-security-exercise-with-320-2018incidents2019-successfully-concluded"},{"key":"ijcwt.2011010103-8","unstructured":"Estonian Government. (2007a). Programme of the Coalition for 2007-2011."},{"key":"ijcwt.2011010103-9","unstructured":"Estonian Government. (2007b). Explanatory Memorandum to the Draft Act on the Amendment of the Penal Code (116 SE). Retrieved from http:\/\/www.riigikogu.ee\/?page=pub_file&op=emsplain&content_type=application\/msword&u=20090902161440&file_id=198499&file_name=KarSseletuskiri(167).doc&file_sise=66048&mnsensk=166+SE&etapp=03.12.2007&fd=29.10.2008."},{"key":"ijcwt.2011010103-10","unstructured":"Estonian Government. (2009). Valitsus kiitis heaks k\u00fcberjulgeoleku strateegia rakendusplaani aastateks 2009\u20132011. Retrieved from http:\/\/uudisvoog.postimees.ee\/?DATE=20090514&ID=204872"},{"key":"ijcwt.2011010103-11","unstructured":"Estonian Government. (2010). Explanatory Memorandum to the Act amending the Electronic Communications Act (424 SE). Retrieved from http:\/\/www.riigikogu.ee\/?page=pub_file&op=emsplain&content_type=application\/msword&file_id=535868&file_name=elektroonilise side muutmine seletuskiri(424).doc&file_size=31650&mnsensk=424+SE&fd="},{"key":"ijcwt.2011010103-12","year":"2004","journal-title":"National Security Concept of the Republic of Estonia"},{"key":"ijcwt.2011010103-13","unstructured":"Estonian Ministry of Defence. (2008). Cyber Security Strategy. Retrieved from http:\/\/www.mod.gov.ee\/files\/kmin\/img\/files\/Kuberjulgeoleku_strateegia_2008-2013_ENG.pdf"},{"key":"ijcwt.2011010103-14","unstructured":"Estonian Ministry of Defence. (2010). National Security Concept. Retrieved from http:\/\/www.kmin.ee\/files\/kmin\/nodes\/9470_National_Security_Concept_of_Estonia.pdf"},{"key":"ijcwt.2011010103-15","unstructured":"Estonian Ministry of Economic Affairs and Communication. (2006). Estonian Information Society Strategy 2013. Retrieved from http:\/\/www.riso.ee\/en\/system\/files\/Estonian%20Information%20Society%20Strategy%202013.pdf"},{"key":"ijcwt.2011010103-16","unstructured":"Estonian Ministry of Economic Affairs and Communication. (2007). Implementation Plan 2007-2008 of the Estonian Information Society Strategy."},{"key":"ijcwt.2011010103-17","unstructured":"Estonian Ministry of Economic Affairs and Communication. (2009). Statute for the Development of National Information System. Retrieved from https:\/\/www.riigiteataja.ee\/akt\/13219897"},{"key":"ijcwt.2011010103-18","unstructured":"Estonian Ministry of Foreign Affairs. (2010a). Estonia Supports Council of Europe in Fight against Cyber Crime. Retrieved from http:\/\/www.vm.ee\/?q=en\/node\/9315"},{"key":"ijcwt.2011010103-19","unstructured":"Estonian Ministry of Foreign Affairs. (2010b). Foreign Minister Paet Invited EU and Southeast Asian Nations to Co-operate in Backing Cyber Defence. Retrieved from http:\/\/www.vm.ee\/?q=en\/node\/9512"},{"key":"ijcwt.2011010103-20","unstructured":"Estonian Ministry of Foreign Affairs. (2010c). National Experts Shared Cyber Security Recommendations with UN Secretary General. Retrieved from http:\/\/www.vm.ee\/?q=en\/node\/9722"},{"key":"ijcwt.2011010103-21","unstructured":"Estonian Ministry of Justice. (2010a). Guidelines for Development of Criminal Policy until 2018. Retrieved from http:\/\/www.just.ee\/arengusuunad2018"},{"key":"ijcwt.2011010103-22","unstructured":"Estonian Ministry of Justice. (2010b). Estonian Code of Criminal Procedure (unofficial translation). Retrieved from http:\/\/www.legaltext.ee\/text\/en\/X60027K6.htm"},{"key":"ijcwt.2011010103-23","unstructured":"Estonian Ministry of the Interior. (2009). Estonian Emergency Act (unofficial translation). Retrieved January 4, 2011, from http:\/\/www.legaltext.ee\/et\/andmebaas\/tekst.asp?loc=text&dok=XXXXX26&keel=en&pg=1&ptyyp=RT&tyyp=X&query=hdaolukorra Estonian Ministry of the Interior. (n.d.). Ministry of the Interior, Department of crisis management and rescue policy. Retrieved January 4, 2011, from http:\/\/www.siseministeerium.ee\/elutahtsad-valdkonnad-ja-teenused-2"},{"issue":"1","key":"ijcwt.2011010103-24","first-page":"121","article-title":"Battling botnets and online mobs: Estonia\u2019s defense efforts during the internet war.","volume":"9","author":"G.Evron","year":"2008","journal-title":"Georgetown Journal of International Affairs"},{"key":"ijcwt.2011010103-25","first-page":"182","article-title":"A Brief Examination of Media Coverage of Cyberattacks (2007 - Present)","author":"C.Farivar","year":"2009","journal-title":"The Virtual Battlefield: Perspectives on Cyber warfare"},{"key":"ijcwt.2011010103-26","doi-asserted-by":"publisher","DOI":"10.2202\/1547-7355.1780"},{"key":"ijcwt.2011010103-27","author":"B.Hyacinthe","year":"2009","journal-title":"Cyber Warriors at War"},{"key":"ijcwt.2011010103-28","unstructured":"Hyacinthe, B., & Fleurantin, L. (2007). Initial supports to regulate information warfare\u2019s potentially lethal information technologies and techniques. In Proceedings of the 3rd International Conference on Information Warfare and Security (pp. 206-207). Reading, UK: Academic Conferences Limited."},{"key":"ijcwt.2011010103-29","unstructured":"Kash, W. (2008). Lessons from the cyberattacks on Estonia. Retrieved from http:\/\/gcn.com\/articles\/2008\/06\/13\/lauri-almann--lessons-from-the-cyberattacks-on-estonia.aspx"},{"key":"ijcwt.2011010103-30","author":"K.Kaska","year":"2010","journal-title":"Building a Comprehensive Approach to Cyber Security"},{"key":"ijcwt.2011010103-31","unstructured":"Landler, M., & Markoff, J. (2007). In Estonia, what may be the first war in cyberspace. The New York Times. Retrieved from http:\/\/www.nytimes.com\/2007\/05\/28\/business\/worldbusiness\/28iht-cyberwar.4.5901141.html"},{"key":"ijcwt.2011010103-32","unstructured":"Lemay, A., Fernandeza, J. M., & Knight, S. (2010). Pinprick attacks, a lesser included case? In C. Czosseck & K. Podins (Eds.), Proceedings of the Conference on Cyber Conflict (pp. 183-194). Tallinn, Estonia: CCD COE Publications."},{"key":"ijcwt.2011010103-33","unstructured":"Liles, S. (2010). Cyber Warfare: As a form of low-intensity conflict and insurgency. In C. Czosseck & K. Podins (Eds.), Proceedings of the Conference on Cyber Conflict (pp. 47-57). Tallinn, Estonia: CCD COE Publications."},{"key":"ijcwt.2011010103-34","unstructured":"NATO. (2010). Strategic Concept for the Defence and Security of the Members of the NATO. Retrieved December 30, 2010, from http:\/\/www.nato.int\/cps\/en\/natolive\/official_texts_68580.htm"},{"key":"ijcwt.2011010103-35","unstructured":"Nazario, J. (2007). Estonian DDoS Attacks \u2013 A summary to date. Retrieved from http:\/\/asert.arbornetworks.com\/2007\/05\/estonian-ddos-attacks-a-summary-to-date\/"},{"key":"ijcwt.2011010103-36","first-page":"163","article-title":"Politically Motivated Denial of Service Attacks","author":"J.Nazario","year":"2009","journal-title":"The Virtual Battlefield: Perspectives on Cyber Warfare"},{"key":"ijcwt.2011010103-37","author":"I.Odrats","year":"2007","journal-title":"Information Technology in the Public Administration of Estonia Yearbook 2007"},{"key":"ijcwt.2011010103-38","unstructured":"Ottis, R. (2008). Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective. In Proceedings of the 7th European Conference on Information Warfare (p. 163). Reading, UK: Academic Conferences Limited."},{"key":"ijcwt.2011010103-39","unstructured":"Ottis, R. (2009). Theoretical Model for Creating a Nation-State Level Offensive Cyber Capability. In Proceedings of the 8th European Conference on Information Warfare and Security (pp. 177-182). Reading, UK: Academic Conferences Limited."},{"key":"ijcwt.2011010103-40","author":"E.Tikk","year":"2010","journal-title":"International Cyber Incidents: Legal Considerations"}],"container-title":["International Journal of Cyber Warfare and Terrorism"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=61328","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,2]],"date-time":"2022-06-02T04:25:31Z","timestamp":1654143931000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/ijcwt.2011010103"}},"subtitle":["Legal, Strategic and Organisational Changes in Cyber Security"],"short-title":[],"issued":{"date-parts":[[2011,1,1]]},"references-count":41,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2011,1]]}},"URL":"https:\/\/doi.org\/10.4018\/ijcwt.2011010103","relation":{},"ISSN":["1947-3435","1947-3443"],"issn-type":[{"value":"1947-3435","type":"print"},{"value":"1947-3443","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,1,1]]}}}