Estonia’s emphasis on sharing its cyber defense successes and capabilities of public agencies and the private sector is a continued goal and potential example for the United States, according to governmental representatives speaking at a panel Monday on the small nation’s forthcoming role as European Union (EU) President beginning in 2018.
Representatives from Estonia’s cyber defense entities discussed lessons learned in the 10 years since the country was the victim of a massive cyber attack perpetrated by Russia in 2007, at an event held by the George Washington University’s Center for Cyber and Homeland Security.
“There is only one nation-state actor we are concerned about, Russia,” Director General of Estonia’s Information System Authority (RIA) Taimar Peterkop said. “My biggest fear is that there will be a successful information warfare campaign at some point in time.”
The RIA is responsible for coordinating one of the leading national cyber security initiatives in the world, including the development of Estonia’s near 100 percent digital government platforms and services.
Peterkop touted Estonia’s “collective brain” approach to cyber security, which combines collective efforts from academia, the private sector and the government, as its main response following the 2007 attacks.
On April 27, 2007, the information systems for Estonian parliamentary offices, ministries, banks and newspapers were subjected to Distributed Denial of Service and botnet spam attacks. Russian state-actors perpetrated the efforts following a dispute over the relocation of the Bronze Soldier of Tallinn memorial.
Lauri Luht, RIA’s head of Cyber Crisis Management, identified maximizing and coordinating state efforts, building strong public-private partnerships and building international cooperation as key goals his nation has established as components for any successful national cyber defense effort. The most critical sectors to protect immediately from cyber threats are energy and communication systems, according to Luht.
The recent announcement that Estonia will assume the presidency of the EU has cemented its role as a leader in international cyber defense advocacy, where it can build upon the lessons learned in its current bilateral digital partnership with the U.S.
The U.S.-Estonia Cyber Partnership, signed in Dec. 2013, established an exchange of best practices, enhancing the promotion of international law in the cyberspace and collaborating on capacity building efforts with third-party countries.
“If all other countries are sharing information with each other, we can be ready before we are hit,” said Klaid Magi, the head of Estonia’s Computer Emergency Response Team (CERT-EE), who emphasized the importance of eliminating consideration of borders when dealing with cyber.
CERT-EE handles cyber incidents on Estonian networks, and is responsible for stakeholder management, incident prevention and cyber awareness education efforts.
Common goals for international cyber efforts should include hiring more specialized personnel and working towards increased digital literacy for governmental managers, according to Magi, who believes the U.S. should follow Estonia’s path of regulating all standards for cyber security.
“We forget sometimes that cyber threats and incidents are occurring mostly in private networks,” said RIA Deputy Director General Toomas Vaks, who advocated for the importance of governments being transparent with its citizens regarding cyber incidents.
Estonia plans to pursue baseline cyber security standards for all EU member nations based on the Directive on Security of Network and Information Systems (NIS) when it ascends to the presidency. The NIS Directive was adopted by the European Parliament in July 2016, to meet certain requirements and promote cyberspace technological cooperation.