President Alar Karis talked to Ramia Farrage of Forbes about the digital journey Estonia has gone through, stressing how easy it is to start and run a business in Estonia and explaining why we have the largest number of unicorn companies per capita.
“It has been a long journey – or actually not that long, a bit more than 20 years,” president Alar Karis said talking to Forbes about the success of Estonia’s digitalisation journey. He explained that both, the leadership’s consistent digital-mindedness and the school system that according to Karis is extremely good in IT teaching, have largely contributed to the success. At the same time, Karis pointed out the role of Estonia’s digital ID system and good cooperation between private and public sectors, developing the services.
Having a digital ID card makes it possible for Estonians to give digital signatures and even vote online. “Basically, you can do every service online, apart from marriage,” Karis said, adding that at one point even this could also be added to the list of online services.
10 unicorn companies hatched from education and ease of doing business
With 10 unicorn companies (two of them being quite recent additions), Estonia is at the world’s top in number of tech startups valued at a billion dollars or more, per capita. “There are several reasons why we are extremely good at that [creating billion-dollar companies],” he said, stressing both, the role of ease of doing business in Estonia and, again, the country’s school system. “Behind these unicorns is our school system,” Karis stressed, mentioning the great results Estonian students have had at the PISA tests, setting Estonia’s education system at the world’s very top and the role of applied IT schools, contributing to the workforce needed by successful tech companies.
Ease of doing business in Estonia
Another reason for Estonia’s recent business success may be a simple one – it is very easy to start and run a company in Estonia. With an ID card or an e-Residency card, this can be done fully online. “Startups are growing – even myself, when I was a professor at the university, I started a new company,” Karis concluded. Estonia is the first country to offer e-Residency, a government-issued digital identity and status that provides access to Estonia’s transparent business environment: a new digital nation for the world.
These are transformative times for Estonian cyber security companies. For weeks, all eyes in the country have been fixed on the ongoing war in Ukraine, but to listen to Raul Rikk, director of national cyber security for the Estonian government, the threat of cyberattacks has only been growing immensely over the past few years, challenges only now magnified by the new war.
“There have been bigger and bigger cyber attacks with a massive impact,” says Rikk. “And of course now the war in Ukraine has put a lot of pressure on cyber management capabilities.”
The solution will be greater vigilance and better solutions, says Rikk, not only from companies already established in the cyber security space, but from all organizations and firms that will need to step up to address these new risks. And as companies invest, providers will need to innovate.
Raul Rikk, Director of National Cyber Security for the Estonian government.
“Companies have to allocate more resources from their ICT budgets to cyber to ensure the sustainability and security of the systems,” says Rikk. “Because cyber attacks will not disappear. They will only become more influential.”
Solid foundations
Estonia has a multitude of companies that either focus directly or partially on cyber security. In the case of Cybernetica, the story of the firm is in some ways the story of Estonian cyber security itself. The firm traces its origins to the founding of the Institute of Cybernetics at the Estonian Academy of Sciences in 1960. The institute evolved into Cybernetica in 1997. As such, Cybernetica could be considered the predecessor of the Estonian cyber security community. When the government embarked on digitisation projects in the 2000s, it didn’t have to look farther than Cybernetica for help. This led to the creation of X-Road, the backbone of Estonian digital services. “I like to tell people that Cybernetica is even older than Microsoft,” says Rikk.
According to Sander Valvas, head of the cyber security department at Cybernetica, this background in cryptography, cybernetics, advanced mathematics, and computing, provided a “solid foundation” for Cybernetica and likeminded firms. “From this situation Cybernetica also arose as a strong cyber security player,” Cybernetica also played a role in the development of the Estonian IT Baseline Security System, Valvas points out. And the innovation in cyber continues.
Sander Valvas of Cybernetica.
In 2020, the firm announced a cyber threat intelligence sharing platform between the US and Estonia, and continues to work on the platform for the Estonian Ministry of Defense, he says.
There is also the domestic market in Estonia, and Cybernetica is now offering cyber security as a service for companies that lack the know-how to keep an in-house cyber security team, he says.
The new kids
If Cybernetica is the grandfather of Estonia’s cybersecurity sector, then companies like Veriff, CybExer, and RangeForce are some of the new kids. All three were founded in the mid-2010s and, like Cybernetica, evolved out of the country’s existing competencies in cybertechnologies.
Veriff, in some ways, is the quintessential Estonian IT success story. The global online identity verification company started off as an idea in 2015, and is now one of the country’s unicorns, with a market valuation of $1.5 billion, and clients in the fintech, cryptocurrency, gaming, and mobility sectors. Veriff now employs 400 people across sites in Estonia, the US, UK, and Spain.
“As businesses have moved online, identity verification has become an integral part of any business, they need to know who is the person at the other end of the line,” says Kaur Virunurm, its chief information security officer. He notes that the country’s technical higher education and scientific research institutes have also helped to prime the market for innovation, and that some other factors, such as a lack of legacy technology platforms following the Soviet collapse, plus a “surge in patriotism” in the post-1991 years have continued to fuel this development in the area.
This uptake of cybertechnologies also led to security solutions. “The new digital companies had to protect their electronic services from the new and emerging cybercriminal society,” he notes.
The Bronze Night and its aftermath
If Estonia was well positioned to innovate in the cyber security arena at the start of the 2000s, the sector received a jolt in April 2007. After the Estonian government removed a controversial Soviet-era war memorial referred to as the Bronze Soldier to a military cemetery, widespread rioting erupted in the Estonian capital, and some other cities, and the country’s parliament, banks, and media were hit by distributed denial of service attacks, still widely considered one of the most intensive instances of state-sponsored cyber warfare ever. The event led to the establishment of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn in 2008.
“It was natural that after those events we had to start thinking about how to be resilient as a society also in the cyber domain,” says Andrus Kivisaar, the CEO of CybExer Technologies.
Founded in 2016, CybExer provides cyber security training platforms with a focus on cyber capability development. The firm, headquartered in Tallinn, also offers a plethora of workshops and exercises aimed at a cross section of users, from ordinary users to strategic leadership. Its flagship platform, called Cyber Range, allows users to simulate and respond to cyber attacks.
Andrus Kivisaar of CybExer Technologies.
“Cyber security exercises before 2015 pretty much looked like a bunch of guys sitting in the room sending e-mails,” notes Kivisaar. “We saw clearly what was wrong with those exercises — the difficulties, the inefficiencies, the lack of technological solutions, the lack of awareness.”
The human element
In February, CybXer raised €5 million to develop its Cyber Range platform further, an event that the firm sees as confirmation that more people are appreciating the importance of cyber security.
“The fact that most technical devices around us are computer-controlled and can therefore potentially be manipulated is becoming a common understanding,” says Kivisaar. “Not only defence and critical infrastructures but smart cities, banking, industry, commerce, supply chains – everything needs to be protected and therefore we see a rapid growth of the market,” he says.
Jaanus Kink, COO of RangeForce, which also provides a cyber readiness platform, agrees. The company, founded in Estonia but now headquartered in the US, offers a variety of tools for cyber security skills development. “Our mission is to be the world’s leading human cyber readiness platform,” says Kink, noting that RangeForce engages companies to gauge and improve their cyber security organizations through a “gamified and hands-on experience.”
According to Kink, this human element is key to cyber security. “Everyone is talking about AI at the moment,” he says, “but it is literally the responsibility of every IT professional to ensure security in the cyber world,” he says. Kink notes that there are not enough IT cyber security professionals out there, a shortage of which CybExer’s Kivisaar also says needs to be addressed.
Collective strength
What are the most pressing threats? According to Cybernetica’s Valvas, they are the same that have always existed, only more sophisticated attacks. These can strike either the state or the private sector to paralyze services or extort money from individuals. “We cannot really separate the state’s readiness to withstand cyber attacks from the private sector – the stronger the collective strength of all organizations and institutions, the more resilient we are,” says Valvas.
“The goal of the cyber security industry is thus not to save you, or me, or your business from the villains,” points out Veriff’s Virunurm. “The goal is to provide an environment for everybody that is sufficiently safe to operate in.” Virunurm likens cyber security to law enforcement. “They never try to catch all petty thieves,” says Virunurm, “but they must create a society where people can start a business, earn money and spend it without being afraid of robbers and thieves.”
He notes that just as cyber security firms innovate, criminals and rogue states are working to improve their attacks. Protecting digital assets at the company or state level will require oversight, data mining, service discovery, and automated incident response, says Virunurm. “The attacking side is, of course, working on the same tools and topics, with the same technology applied for the opposite goal,” he says. “It is an arms race with high money and power at stake.”
social scientist at the university of helsinki and the estonian university of life sciences
Cyber-attacks against Estonia in 2007 pushed Estonia at the front line of cyber security. One of the results of this cyber-warfare was the wide acknowledgment that cyber security knowledge and skills are part of the information society’s blood circulation.
Today we can report that the Centre for Digital Forensics and Cyber Security at TalTech provides the highest level of cyber security education…starting from first-graders!
Arena for strong cooperation with the world’s best
In general, TalTech’s Department of Software Science, especially its Centre for Digital Forensics and Cyber Security, is materializing the ambition to be the best provider of cyber security bachelor, master’s, and doctoral education in the Nordic countries and the Baltics. Several factors support it: Estonia’s history in leading the mindset that cyber security must grow along with the digitalization of the society; establishment of NATO Cooperative Cyber Defence Centre of Excellence in Tallinn; support from the Estonian Ministry of Defence and a vast network of enterprises that are developing top-end cyber security solutions. Through cooperation with this capable network, the Center can provide each student with the knowledge and skills necessary to excel in cyber security jobs in Estonia and elsewhere. For example, when this article is published, the annual NATO cyber security exercise Locked Shields, the world’s largest of its kind, is taking place in Estonia with students, professors and professionals engaged.
Professor Rain Ottis.
Professor Rain Ottis, Head of the Centre for Digital Forensics and Cyber Security, stresses the strength of this cooperation: “Cyber security requires a holistic approach that covers people, processes, as well as technology. To ignore even one of the three is inviting disaster. Therefore, we tackle the topic from the perspective of different fields and scientific disciplines”.
The Centre’s multidisciplinary and diverse team conducts research along the spectrum of cyber security – from cryptography to network security to education. The Center staff is routinely engaging in cooperative projects with the private sector. One of the examples Mr. Ottis highlighted was the development of “Cyber Range” – a field for exercising defence of cyber-attacks without setting up designated servers. This is a product that a wide range of companies and public entities can use to ramp up their cyber-skills.
Cyber-hygiene starts from childhood
To create a cyber-aware society, Estonian education guidelines suggest students start taking the first steps in kindergarten. Besides official curricula and teaching materials, nonformal informatics curricula and training competitions support the use of digital safety awareness in schools and homes. The Centre for Digital Forensics and Cyber Security has had a significant impact. More than 150,000 students from the age of 7 onwards and 5,000 school teachers have participated in their programs from 2017-to 2021.
They have created (along with their partners) a system of interlinked competition for various school levels that help to educate, support, and inspire young people to be more aware of cyber security. Kids are expected to start with simple sentence calculation tasks at the CyberPin competition for 7-13-year olds and continue with security in social media and programming at CyberDrill and CyberCracker competitions.
A Mechanism to recognize talents
However, Dr. Birgy Lorenz, Senior Researcher and Head of the Cyber Olympics talent program, stresses that with these programs, they aim towards selecting the brightest heads and supporting them in their career paths.
“We are educating about 20 000 young people annually, but our dream is to find 10,000 cyber security talents in the next 10 years, which will help Estonian society become safer and more skilled,” Ms. Lorenz explains.
Dr. Birgy Lorenz.
Talented students are directed to take part in the CyberSpike competition, where the best hackers will also get a boost through cybercamps, meeting with companies, and international experience like Magic CTF or CyberPatriot (USA), European Cyber Security Challenge (EU), and Cyber Security Defence Camp (Singapore). The competitions are topped up with CyberOlympics, which functions as the preliminary round for European Cyber Security Challenge.
From competitions to community leaders
Johannes Kadak is one of the talents that has passed through the variety of programs of the Centre for Digital Forensics and Cyber Security. After successful competitions, he was the captain of the Estonian CyberOlympics team until 2021, when he was selected as the coach for the European team for the International Cybersecurity Challenge (ICC). Now the founder of two IT companies, he has confessed that participation at the competitions inspired him to get involved with the field.
“I think the most important step for young people is to influence their way of thinking, not just providing knowledge because the Internet is full of expertise, but if you don’t have a curious mindset, it is useless,” Mr. Kadak suggests.
The Estonian CyberSpike competition that Mr. Kadak won definitely appeals to young people. The “Capture the Flag”-type exercise simulated a cyber-attack against various organizations at an imaginary City of Blueberry. Tasks ranged from accessing hacked e-mail servers to reverse engineering.
“In addition to guiding talents towards further studies at our programs, we are on the lookout for hackers — young people with the highest skill level in programming. Throughout the years, we have found about 500 hackers through these competitions,” Ms. Lorenz reports. “We focus on them because they are leaders in their communities – schools, and friends – and we see that after participating in our programs, they help their peers steer away from the “grey” or even illegal hacking towards legal activities, like increasing cyber-security.”
Hence, according to Ms. Lorenz, the stakes involved with young people are high.
“The sustainability of every digital country depends on our ability to harness the competence of the young people,” Ms. Lorenz concludes.
TALLINN – During a video meeting on Wednesday, speaker of the Riigikogu Juri Ratas and the president of the Chamber of Deputies of the Czech Republic, Radek Vondracek, discussed developing of e-governance services and ensuring security in the use of digital data.
At the beginning of the meeting, Ratas emphasized that Estonia and the Czech Republic enjoy excellent mutual relations, and recalled that this year is a special year in the relations between the two countries, as they celebrated 100 years since the establishment and 30 years since the re-establishment of diplomatic relations, spokespeople for the Riigikogu said.
Ratas expressed hope that it is possible to do even more in the field of digital cooperation.
The speaker of the Czech parliament noted that their country is interested in developing e-services and in the experiences of the Estonian X-Road.
Ratas talked about the importance of the security of data use, and about cybersecurity in a wider context. He described the participation of the Czech Republic in the NATO Cyber Security Center of Excellence in Tallinn as another good example of fruitful cooperation.
The speaker of the Riigikogu thanked the Czech Republic for their contribution to ensuring the security of our region and for the contribution of Czech troops to NATO’s enhanced Forward Presence in Lithuania. Ratas described the first air policing mission of the Czech Air Force at Amari Air Base as historic, and said that Estonia would be very grateful if the Czech Republic again participated in the Baltic air policing mission.
Ratas invited his Czech counterpart to participate in the Three Seas Parliamentary Forum, which will take place in Estonia in June. Ratas said that since the Three Seas Initiative (3SI) has evolved as a practical cooperation format, it is important to also increase cooperation between parliaments.
“We see an opportunity for the parliaments in facilitating achieving the practical goals of the Three Seas Initiative,” he said. “Wider involvement of parliaments can also add an important contribution to raising the visibility of the format and provides an excellent opportunity to reconfirm the countries’ commitment to the format.”
The speaker of the Czech Chamber of Deputies gave an overview of the latest developments in relations with Russia. Ratas assured his counterpart that Estonia follows the situation closely.
“Estonia has expressed its solidarity and full support to the Czech Republic. We think that with its actions, Russia have manifestly violated Czechia’s sovereignty,” the speaker of the Estonian parliament added.
Few fields generate divisive trends internationally as much as the cybersphere. With the emergence of information society and its establishment reaching full maturity, advantages come together with risks.
As the digital becomes more and more positively pervasive in our everyday existence, malicious actors also have the chance to exploit eventual weaknesses of vulnerable cyber subjects to shake the stability of our democracies at their very core. Developing strategies and antibodies against such threats become fundamental not only to shield the society on the outside but also to strengthen our own digital way of life.
Introductions should not be necessary in this case, but sometimes we can let pride prevail. Heli Tiirmaa-Klaar is the Ambassador-at-Large for Cyber Security at the Estonian Ministry of Foreign Affairs. Over ten years of high-level experience in cyber-affairs on her side, including positions at NATO and the EU, made her one of POLITICO’s game changers likely to shape our world in 2019.
In a world that sees alliances and blocs realign along specific patterns, Ambassador Tiirmaa-Klaar can help us collect our thoughts and get a grasp of what awaits advanced democracies this year. When big political actors join the playground, there’s always a lot at stake.
Heli Tiirmaa-Klaar, Estonia’s Ambassador at Large for Cyber Security
When it comes to cyberspace regulation, Western powers seem to head towards a certain direction, other countries to another. Are we witnessing the emergence of a new, cyber cold war?
I would not say that there is a new cyber cold war emerging. However, it is true that, when it comes to global cyber issues, countries often project their existing political views to this relatively new field. Authoritarian countries promote government control over the free Internet, and democratic countries would like to see an open and free cyberspace with free flow of information. It is clear that the conventional power dynamics from the last century are still visible. However, we are seeing many emerging powers in the global arena that are making the polarisation less clear. This is also illustrated by the fact that many nations see the value of the open cyberspace for their social and economic development, indicating a clear interest in making their voice heard, as well as their willingness to contribute to the global discussions on cyber issues.
What are the main threats that states and democracies see ahead, today, to their cybersecurity?
There are many issue-areas that states are currently working to solve. Since 2016, election security, disinformation and large-scale cyber operations have shifted the focus of what states are now trying to regulate in cyberspace. The common denominator is the fact that we need to assure that state actors know that what they are doing in the cyberspace is taken seriously and, in case their actions and intentions could be considered harmful to other states, that there is a clear response. Therefore, many states have already developed – or are in the process of developing – robust attribution and response mechanisms.
Since cybersecurity breaches can have serious consequences, the response to the perpetrator should aim at reducing the possibility of occurrence of any among such actions, which is why the response mechanisms should not only be limited to cyber means but also include political steps.
Additionally, cybercrime is a growing concern, particularly in light of the recent large-scale cybercrime cases, such as NotPetya and WannaCry. Although the two named incidents have been attributed to state actors, cybercrime on a smaller scale can also be a threatcoming from non-state actors. This is the primary reason why the EU is constantly advocating the recognition of the Convention on Cybercrime, as well as the establishment of domestic cybercrime legislation in countries where the current legislative system would be powerless against cybercrime.
With the elections to renew the European Parliament in spring this year, do you feel like European countries need to increase the level of readiness towards cyber threats?
The upcoming European Parliament elections in May this year will definitely bring election security and, within it, internet-enabled election meddling into the limelight. The key elements of concern also addressed by the European Commission already in September 2018 included preparedness for online manipulation. This is why greater transparencyin online political advertisements is needed. At the same time, awareness of the micro-level of news consumers is necessary.
In some of the previous elections in the EU, and also outside the Union, we have witnessed some scandalous stories emerging only shortly before the elections. Any signs that look out of the ordinary should be treated cautiously. Now more than ever people need to use common sense when coming across stories online from unverified sources.
On the other hand, the strong suit of the European Parliament elections is the fragmentation of the election structure – it is more difficult to influence elections in the EU as a whole because each member state requires a different approach, although the potential threat against some of the key member states is always there and greater than in others.
Estonia has witnessed already what it means to experience a cyberattack (2007). Is this a chance for us to establish or reaffirm our position internationally at the forefront of the fight, legal and technical, for safer cyberspace?
The 2007 cyberattacks were the turning point for Estonia’s internal cybersecurity policy development. Although we had set up our own national Computer Emergency Response Team (CERT) already in 2006, the events indicated many of the key elements that had to be either built up or improved significantly. Does the fact that we have contributed to improving our systems set us before other countries in the field? I believe that somewhat yes.
We have developed hugely since 2007 and due to our relatively small and dynamic digital ecosystem, it has been easy to keep our systems up to date and running even at times of some global large-scale cyber ransom cases. Which, however, did not affect Estonian organizations and this shows our strong effort to prevent cyber disruptions has been successful.
Some of our domestic structures have been constantly modified according to the changing threat environment. We have adopted the third generation Cybersecurity Strategy for 2019-2022 that is focusing on increasing the technological and organizational capacities throughout our entire digital ecosystem. We have already a list of elements that are being improved not for the first time and we are glad to share the experience with countries that are in the starting point with their own cybersecurity developments.
Let’s end on a lighter note: how does it feel to be included in Politico’s Class of 2019 among next year’s doers?
POLITICO’s news came as a very positive surprise to me. 2018 ended with an exceptionally busy period that has hopefully paved the way forward for our plans for this year. Cybersecurity isnot an issue that will go away, but only grow in importance. We’ll need to make sure existing international law is applied in cyberspace and the norms of responsible behaviour for countries are clear and rigorously upheld.
Changes at the helm of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Col. Jaak Tarien, previously Commander of the Estonian Air Force from August 2012 through July 2018, is the new head of the Centre of Excellence in Tallinn. As former Director Merle Maigre leaves the office, Col. Tarien wants to make sure that continuity and further developments are granted in the coming period of activities.
Dealing with cyber threats that our democracies and nations face has been one of the talking points also during last year’s Tallinn Digital Summit – sign that European leaders are well aware of the necessity to protect the digital way of life or our paths to a fully digital society. Estonia is a striking example in this sense: not only we are considered the most advanced digital society in the world, but we’ve also been the first recipients of a large-scale politically motivated cyber attack directed to a country in 2007.
One year ago, we sat down with professor Jarno Limnéll to get to know more about the state-of-the-art in cyber security at a European level. Newly appointed Col. Jaak Tarientakes us a step forward, explaining the duties and action plans of the NATO CCDCOE in providing core, critical expertise and training to Member States and Allies on how to keep our cyber sphere safe.
Col. Jaak Tarien, Director of the NATO CCDCOE
Col.Tarien, you have just this new high-level position in Tallinn. Someone could think that the NATO CCDCOE is an operational unit, but things are quite different: how did it all start, and what are the main activities of the Centre?
The NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, and the relevance of the cyber domain in our daily lives, have both evolved rapidly in the last ten years. Estonia proposed to create a cyber defence hub that could be included in the network of NATO’s Centre of Excellence already when it joined NATO, in 2004. At the time, however, the entire topic of cyber attacks on a nation and their connections to NATO were an unexplored area. We could say that nations didn’t take cyber defence seriously enough back then. The first politically motivated cyber attacks on Estonia, in spring 2007, changed the perspective of many countries and of the Alliance – a wave of DDoS attacks on various governmental, media, banking, and other sites, acted as a wake-up call and accelerated the process of establishing the CCDCOE in 2008. In ten years, we have grown from 7 founding members to a 21-nations-strong cyber defence hub with prominent world-known flagships, and several more nations lined up to join our community.
Our core mission and unique role are to foster cooperation among member states and to offer an interdisciplinary approach to the most relevant issues in cyber defence. We conduct research, trainings, and exercises in four core areas – technology, strategy, operations, and law.
We bring together researchers, analysts and trainers from the military, government, academia and industry. As a think-thank-type of organization, our mandate is to come up with new innovative approaches and to raise awareness and share this new knowledge in cutting-edge training and exercises. We’re not to be considered as an operational unit, indeed: we do not defend any networks nor act as a rapid response team when trouble strikes.
Does this change represent a new challenge for you too, in relation to your previous experience in the military and defence field? What are your goals as a Director of the Centre?
My experience as the Commander of Estonian Air Force has prepared me quite well to work with smart and dedicated people, who are in high demand both in the public and private sector. It is challenging to involve and keep motivated highly qualified cyber experts, but fortunately the unique tasks and projects carried out at CCDCOE have brought together an exceptional team. The demand for high-quality research, training, and exercises based on the most prominent trends in the cyber sphere is growing. My aim at CCDCOE is to continue the good work done over the past years, strengthen ties with the defence industry, and to develop further best practices and tools useful to the militaries of our member nations. Cyber defence skills should be elementary for military service in all ranks and domains.
The vision is to make the Tallinn CCDCOE one of the main points of reference when it comes to talks about cyber defense and security. What kind of expertise does the Centre already offer to its affiliated Member States?
CCDCOE has earned recognition in the international cyber community with three main flagships.
We are home to the Tallinn Manual 2.0, the most comprehensive guide for policy advisors and legal experts on how International Law applies to cyber operations carried out between and against states and state actors. It’s invaluable analysis by an international group of renowned scholars published in 2017, and it keeps inspiring both academic research and state practice. The Tallinn Manual process continues with a legal, technical, strategic and operational assessment of cyber scenarios with an aim to publish a practical reference material for Cyber Commands
Every spring we organize Locked Shields, an international cyber defense exercise offering complex technical live-fire challenges in the world. The annual sessions enable cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies, and simulating the entire complexity of a massive cyber incident – including strategic decision-making, legal and communication aspects. More than 1000 cyber experts from 30 nations took part in Locked Shields 2018, the exercise involves around 4000 virtualized systems and more than 2500 various attacks altogether
We organize an annual international conference on Cyber Conflict, addressing the most relevant issues concerning the international cyber defense community. CyCon has become a community-building event for cyber security professionals, adhering to the highest standards of academic research and bringing to Tallinn around 600 decision-makers, opinion-leaders, top military brass, law and technology experts, from the governments, military, academia and industry representatives from about 50 countries. Notable keynote speakers included: H.E. Kersti Kaljulaid, the President of Estonia; Alex Stamos, Chief Security Officer of Facebook; Dr Antonio Missiroli, NATO Assistant Secretary General on Emerging Security Challenges; Thomas Dullien, Staff Software Engineer at Google Zero, and many others distinguished experts. In 2019 the 11th CyCon will take place from 28 to 31 May on the theme “Silent Battle”. For the third year, this time on November 14th-15th, the Army Cyber Institute at West Point organizes CyCon U.S. in Washington D.C., in collaboration with CCDCOE. CyCon U.S. complements and broadens the reach of CyCon by promoting multidisciplinary cyber initiatives and furthering research and cooperation on cyber threats and opportunities.
What are, right now, the main types of cyber threats that our society and nations are exposed to? Are we ready to effectively respond to them?
Technologies and threats in cyber space are in constant change, our dependence on a digital lifestyle recognizes no geographical borders, nor it draws differences between civilian and military, private and public domains – any technology or system is a potential target for cyber attacks. While businesses and the industry might be more concerned with cyber crime and espionage for economic gains, nations and international organizations such as NATO are dealing with the growing threats from state actors in cyber space. Some of these attacks are becoming more complex, better coordinated and financed. For example the attempts to influence elections, serious data breaches – such as the hacking of the US Office of Personnel Management (OPM), that revealed a data breach targeting the records of as many as four million people. A growing concern for nations is potential targeted attacks aimed at our critical infrastructure – power supplies, clean water, emergency communications, and other vital services functioning properly. This is why Locked Shields in 2018 also focused on the protection of some of these key systems.
An assessment of the readiness against cyber threats of Estonia, and of the Member States that joined the Centre: keeping in mind the national differences, could unity make the cut in a new type of warfare?
The systems running our critical infrastructure and other modern services are in constant development, we have to test and drill our resilience and defense strategy on a regular basis. Our cyber defenders have to keep learning and practicing cooperation with Allies on a regular basis too.
estoniadigital.wordpress.com 