Last week I was in Tallinn to give a talk at NATO’s International Conference on Cyber Conflict. Here are some impressions.

After recent events like Stuxnet and the publication of the new US cyber strategy it was pretty clear that this year’s conference would be very well attended. Around 400 attendees filled the beautiful Drama Theater in the heart of Tallinn’s old town pretty much to the last seat. While the building itself is old, presentation technology is top notch. The conference was organized in two parallel tracks, one focusing on legal issues and policy, the other on technology. (Inside talk: “The geeks are in the attic”, as the technology sessions took place in a conference room under the roof which, due to unusual hot weather, felt at times like an Estonian sauna.) For my taste, some of the presentations that I attended in the technology track were a little bit too far away from the conference’s topic, and too much like what one can hear at any IT security conference. On the other hand, it should be kept in mind that cyber conflict and cyber warfare in the nearer sense is a very new field, and more than one discussion that I had centered on the fact that we find us thrown into a new world where even the most basic concepts and strategies have yet to be developed.

This is the only criticism I could think about. There were some brilliant talks like that from Mikko Hypponen on targeted attacks, or from Iosif Androulidakis on PBX and cell phone security. Certainly this is also the place to go for the best (unclassified) first-hand information from the military, like a presentation on NATO’s new cyber defense policy. My understanding is that recordings of the talks will be made available online, so readers can make up their own mind.

If you are like me, the best takeaways at a conference often come from informal discussions during breaks or over dinner. The organizers did their best to make that happen. For example, they had arranged a barbeque event at an outdoor rural museum, directly located at the shoreline, with live music, entertainment, good food, and lots of sun. Add to that a chat with a high ranking officer from the US 10th fleet or some of the many other interesting participants, and you can say you got a conference experience that is hard to beat. — Since the sun sets only for a few hours in the Estonian summer, nights are very short, especially if you chose to hang out with IT security folks from Israel.

The conference package that every participant receives contains, among several other useful things, an English-Estonian phrasebook “including vital vocabulary for a splendid conference experience, a successful night out and hilarious local IT slang”. During one conference session I happened to be sitting beneath the author of this phrasebook, a beautiful Estonian lady. (The consensus among male participants was that there are many beautiful Estonian ladies in Tallinn.) She recognized me, looked at my shoes and said: “Well, I should have included that phrase as originally intended: ‘Did you see Ralph’s shoes?’, along with its Estonian translation. But we were afraid you could have felt insulted – that is, until I experienced your sense of humor when listening to your talk.” So after all, that obnoxious Vanity Fair piece has unwittingly turned into one of the running gags of the trade, and I can already imagine folks like my friend Brad Hegrat, who used to keep his file of “Ralphisms”, bringing this up at the next conference he goes to.

Bottom line: If you’re concerned with the subject of cyber conflict, go to ICCC next year.

Ralph Langner