Cyber fortress Estonia teaching the world

Political news portal Politico published its list of the most influential people in Europe next year last week, with fifth place going to Estonia’s cybersecurity ambassador Heli Tiirmaa-Klaar.

Tiirmaa-Klaar takes her place in between well-known Europeans, after Secretary General of the European Commission Martin Selmayr and in front of Ukrainian presidential hopeful Yulia Tymoshenko. Politico believes Italy’s populist interior minister Matteo Salvini will be the one to influence Europe the most next year.

Politico put you on a highly influential list. How did you learn of the fact and what was your reaction?

I became fully aware the day it was published. I had received an invitation to the event a few weeks prior, but no one had explained what exactly would be happening.

I’m used to attention and familiar with people in Brussels, so it did not baffle me as such, while it’s nice to be recognized.Problems with elections and cyberattacks have put cybersecurity on the map in the European Union. I was the one to introduce certain topics in the EU, and they are aware of that. I believe that was the reason.

You are Estonia’s first cyber envoy, and you’ve been busy for three months now. What does an ambassador at large for cybersecurity do and how does it differ from ordinary diplomatic work?

It is global thematic diplomacy. If an ordinary diplomat works in a given geographic region and seeks cooperation within, cyberdiplomacy is an important new element in foreign and security policy.

A lot of major countries already have similar positions or teams. In Europe, France has a cyber ambassador, the Brits do not have an envoy but a director and a team of 20 people. The Americans have a team, Germany has an ambassador. All our main partners have created these roles.

We remain an exception among smaller countries, but Finland also has a cyber ambassador.

There are a lot of formats within international organizations – NATO, EU, UN and OSCE. Smaller meetings between certain countries are also quite commonplace, as well as various events and conferences where it is my job to represent Estonia.

Next to that, there are professional cooperation formats the precise contents of which we do not discuss publicly. There, we discuss things within a small circle of serious cyber countries.

Do you agree that cybersecurity celebrated its tenth anniversary last year in connection with the Bronze Night?

Estonia’s digitation in the 1990s was rapid but did not place emphasis on security. The latter entered the picture with the 2006 e-elections which is when the first CERT (computer emergency response team – M. K.) was created.

The cooperation network we created in 2006 helped us survive the 2007 attack, which likely came as a surprise to the assailants. It was rather a good test for us.

It was excellent cooperation between specialists that managed to fend off the 2007 attack. It would have been much harder without such a network.

We received observers from NATO and elsewhere, but there was little for them to do. Our people repulsed the attacks, knew what they were doing and remained in contact with one another throughout the process.

If until then cooperation had taken place on an operative-technical level, we built a systematic cybersecurity system after 2007.

We could say we are protected. For example, the NotPetya global ransomware attack left Estonia virtually unscathed. Some individual organizations were at risk, but those were branches of major international companies the IT-systems of which are controlled by their parent companies.

Estonian organizations were unaffected, which means our efforts at prevention have been successful. People are aware. The State Information System’s Authority (RIA) has done great work, while private sector specialists also pursue close cooperation. Estonia is quite good at defending itself in cyber matters.

A serious crisis will not only test how quickly our units are armed but also our vital services. How well defended are they?

We passed a law designating 42 vital services that need to be defended both physically and in cyberspace back in 2009. We have been working on defending these vital objects for ten years. We have crisis-time plans for defending them and pursue constant cooperation with relevant service providers. It is the responsibility of RIA.

Telecommunications operators are obligated to maintain certain networks even in case of force majeure or a major crisis.

We consider ourselves to be a cyber fortress in global comparison, while major countries, like the United States of America for example, have much greater resources. Can we compare ourselves to major world powers in the cyber domain?

Talking about defense, then yes, we are a fortress. A small country is easier to defend than America. Major countries have massive cyberattack programs that require a lot of people and technical capacity.

It is clear that USA, Russia and China have far greater capacity than any European country. Even though some European countries may be very good at it, they are still smaller.

Estonia is very well equipped to defend itself and has a voice on the strategic level. Technical capacity alone, without seeing the strategic big picture, does not serve the right goal. Someone must put two and two together.

Talking about military defense or attack plans, cyberspace is key in all domains. We cannot rely on great technical capacity to get things done without strategic thinking.

Estonia’s peculiarity is that because we are such a small system, we have tested all possible models and reached a point many other countries haven’t in terms of strategic thinking. Our small size makes it possible for us to quickly take steps that would take others years.

Military capacity is easier to measure than things in cyberspace: there are fixed sums that can buy a fixed amount of equipment. If in the field of military defense, we would like to have medium-range anti-aircraft capacity, what would be our medium-range AA in the cyber domain? What are our aspirations?

Training. Training, exercises and tests are the most important aspects in cyberspace. Machines, computers and technology in general is not all that expensive, but we need to be able to keep the good people we have.

We have them today and must do everything in our power to keep them in the public sector. Even if they work in the private sector, they must still be tied to national defense through the cyberdefense league. That is our priority.

Of course, technical capacity must be increased at one point as we need to stay with the times, and things are developing rapidly in the field of cyberattack capacity.

How far are we in terms of the right to counter cyberattacks?

Talking about cyberoperations that fall short of armed conflict, international law states countermeasures are allowed if the country has suffered damage. These measures need to be proportional and in accordance with international law.

It has not been provided that a response to cyberactivity needs to be contained to the cyber domain. Other types of reactions are also possible, like sanctions for example.

It is very difficult to respond to cyberattacks that fall short of the level or armed conflict in a way that would manage to deter their organizers. Sanctions provide a good opportunity for a proportional response as they send a strong signal and are more than a statement. Being banned from entering the Schengen area is quite a potent sanction.

The exact deterrence effect depends on the assailant and their calculations. Statements might have an effect on countries that do not want to lose face, while they do not work on others.

Estonia’s case is simple as we usually have a single country to worry about. Major European countries also worry about China.

Russia deploys denial in conventional warfare. How to hold them accountable in much more complicated cyberspace?

We have made attempts. We started with the NotPetya attack. A group of likeminded countries, including Estonia, led by the US and the UK, ascribed to Russia the most serious global attack yet that was initially aimed against targets in the Ukraine but quickly went global.

We ascribed to Russia a number of other operations in October. Also in connection with four OPCW agents who sought to conduct a cyberoperation in the Hague but were arrested.

You need to start somewhere, and we have started with publication.

Looking at the Kerch Strait incident, did you notice a spike in attacks against Ukraine before or after the events?

Ukraine has constantly been a target, and new methods are tested there all the time. To what extent the group behind cyberattacks is associated with other groups has not been convincingly proven. We have tried to help Ukraine; for example, by helping them secure elections.

A delegation from RIA is in Ukraine this week to attend an event to teach the country’s central electoral committee adopt basic cybersecurity measures. We all have a lot to learn from what is going on in Ukrainian cyberspace.

Read more news of Tallinn on our site.
If you notice an error, highlight the text you want and press Ctrl + Enter to report it to the editor
3 views in january
I recommend
No recommendations yet


Post your comment to communicate and discuss this article.

Even though education is a matter close to the heart of Estonia 200 leader Kristina Kallas, she cannot imagine herself fighting for the post of education minister: ideas can also be realized by someone else. You just took away Postimees’ editor-in-chief. In your opinion, how is the editorial to feel? Lauri [Hussar] had to give the matter thought, and I presume he did. We talked about why he wants to go into politics. Still, to what extent do you imagine wh...
TALLINN – Russia is seeking integration in Estonia only in words, Kalev Stoicescu, researcher at the International Center for Defense and Security (ICDS) who is running on the ticket of the Estonia 200 party in the March 3 general elections, said on Wednesday commenting on the words said on the subject by Russian Foreign Minister Sergey Lavrov.  "Russia is the only neighboring state which does not wish -- due to its own interests -- progress in integration...
Former top centrist Evelyn Sepp admitted that she donated money the origin of which was unknown to her to the Center Party in 2006. The former politician claimed other members also engaged in the practice but refused to name names. Sepp’s confession on ETV investigative journalism program «Pealtnägija» does not come as a total bombshell. She first said that such covert funding of parties is a widespread practice in the aftermath of the Silvergate scandal i...
"In addition to our ongoing programme of passenger vessel renovations, we are also continuing to upgrade and modernise our cargo vessels to ensure that we continue to develop this important part of our business," he noted, adding that the relocation of the company's Estonia-Finland cargo route to Muuga on the Estonian side in October 2017 and the launch of the Smart Port solution in Tallinn's Old City Harbour in spring 2018 both contributed to improved ser...
During the final week of 2018, a total of 2,524 patients with viral upper respiratory infections sought medical attention, 47.5% of whom were children. A total of 210 cases of influenza were laboratory confirmed, nearly twice as many as during the week before, according to Health Board data. Over the past two weeks, the number of flu cases has quadrupled. The majority of these cases were laboratory confirmed at emergency medical departments, from which pat...
I actually think that B1 is too low of a bar for attaining citizenship. You still can't participate in Estonian society on anything other than a superficial level as noted above, so I'm not sure how you can constitute a "citizen" on that basis. Naturally there has to be a high degree of arbitrariness, and that's precisely the point — whilst B1 level might be sufficient in German or French (I understand that it is the benchmark level when applying for citiz...
Following a white Christmas throughout most of Estonia, Wednesday will see sleet and even rain in parts of the country, and temperatures hovering around the freezing point will means slippery road conditions. Early Wednesday morning, many major highways were salted or wet, but some patches were still icy, the Estonian Road Administration said. Eastern parts of the country will see scattered rain or sleet. Temperatures throughout the day will remain around...
Last weekend, Christmas Eve as well as Christmas Day and Boxing Day still ahead means that most chemist's shops are closed for five days in a row. Tallinners can still get hold of prescription as well as over-the-counter drugs in the 5 Tõnismägi St and 19 Vikerlase St shops. As doctors' practices are closed for the holidays as well, people will have to turn to the emergency room of a nearby hospital in case of any more serious health problems. In Tallinn,...
Irene Ilves, the mother of former President Toomas Hendrik Ilves, died on Tuesday aged 91. Irene Ilves was born on 6 January 1927. An Estonian refugee, she raised her family in New Jersey, on the US East Coast. She is survived by two sons, Andres Eerik and Toomas Hendrik, and four grandchildren, Juulia Kristiine, Luukas Kristjan, Kadri Keiu and Hans Hendrik, Mr Ilves wrote on social media on Wednesday, adding that she will be very missed by family and frie...