“We still have some work to do on cybersecurity”

Minister, since Estonia suffered a massive cyber-attack in 2007, the country has been driving and championing the cybersecurity agenda in the EU and NATO. In your view: have the lessons been learned?

What happened in Estonia in 2007 was a wake-up call for many countries. Just as Estonia realized that there was a need for a national cybersecurity strategy to face similar cyber-threats also in the future, many other countries followed. Within the EU and NATO now, most of the countries have their cyber security strategies, if not even second or third versions of these. 

I would like to bring out two concrete lessons that Estonia identified: first, the importance of public-private cooperation. As Estonia’s society has been heavily dependent on e-solutions and e-governance, these solutions are widely used by the private sector. This means that the 2007 attacks disturbed the activities of both government and the private sector. Managing these threats and attacks was thus in the interest of both sides. As a lesson learned, we then formalized this partnership.

The second identified lesson was about the nature of the attacks – while these were distributed denial of service attacks that we nowadays see on a daily basis, it was the first time that there was a coordinated nation-wide attack that we were not prepared for. This showed that cybersecurity clearly forms an integrated part of national security. 

 
On 7 September, Estonia hosted the EU CYBRID table-top exercise, co-organised with the EDA. What are for you the most important take-aways of that exercise?

EU CYBRID 2017 was a strategic table-top exercise where the ministers played through a scenario about a cyber-campaign against EU military structures. Our goal was to take the cybersecurity issues to political level, to show that cyber is not merely a technical matter. Rather, cyber-attacks can easily lead to the political level where ministers need to make political decisions. The focus of the exercise was on situational awareness, crisis response and strategic communications. The exercise clearly showed the importance of how we comprehend what is going on, what measures are at our disposal to mitigate these kind of attacks and how we communicate these to the public. All of these points are strategic in their nature and thus very relevant to the ministers. 

Another take-away from the exercise relates to EU-NATO cooperation. This was something that the NATO Secretary-General, who observed the exercise, emphasized as a matter of importance. EU-NATO cooperation is also a topic of general interest throughout the Estonian Presidency of the EU Council – we dedicated a seminar on 2-3 November on this partnership with a focus on cyber-matters.

Do the EU’s efforts to counter cyber-threats and the revised Cyber Security Strategy give sufficient prominence to the defence dimension?

Defence matters are generally more thoroughly dealt with by NATO, also in the cyber dimension. As the EU CYBRID 2017 exercise showed, we still have some work to do in terms of cybersecurity of EU military structures and missions. Let me make one more general observation – no matter what kind of policies we decide, including the revision of the EU Cyber Security Strategy), we need to implement them  – to make sure that the agreed policies work in practice and that we all comprehend them in the same way. 

 
What is Estonia’s assessment of the renewed momentum of European defence cooperation since the publication of the EU Global Strategy in 2016?

There is indeed a political momentum in Europe to actively strengthen European defence cooperation. This is an opportunity we must seize. European citizens want more security therefore we need to deliver concrete results.

The European Union has taken significant steps to advance defence cooperation.  We share the overall vision of a more militarily capable Europe based on more cooperation and more investment. The goals set in the Global Strategy are ambitious and we must be ambitious if we really want to take European defence forward. At the same time the ambition must remain realistic. 

 
More specifically, what role does your country intend to play in the implementation of critical new European defence initiatives such as the European Defence Fund, CARD and PESCO?

We will continue to foster discussions on these topics to lead the ongoing work towards tangible results by the end of our Presidency. The overall aim is to create more capabilities and more political will to enable the EU and Member States to fulfil the ambitions set out in the Global Strategy.

We need to make full use of existing and new mechanisms - like PESCO and the European Defence Fund (EDF). Regarding the EDF, we are chairing the Friends of Presidency group working on the European Defence Industrial Development Programme’s (EDIDP) regulation and we plan to reach an agreement on the regulation by the end of this year. Estonia places particular importance on cross-border participation of Small and Medium Sized Enterprises as well as the need to focus on competitiveness and development of innovative capabilities. Regarding PESCO, we hosted a workshop in July and we will continue to support the discussions on commitments and governance. Estonia proposed adding a commitment about simplifying the movement of troops in Europe. This would advance the EU Battlegroups and serve as a practical example of EU-NATO cooperation. For us, it is important that capability projects developed in the PESCO format are also in coherence with NATO defence planning requirements and have “regional added value”. Coherence with NATO planning processes is also important when we talk about CARD. The aim should be to use all the resources and data already made available by the member states. That would avoid duplication and additional administrative burden for the member states. We are looking forward to the trial-run of CARD and hopefully it will produce the desired results.

 
How do you see the EU/NATO relationship evolve in the future and what is your assessment of the implementation of the Joint Declaration so far?

It is both natural and essential that the EU and NATO should work towards more coherence and complementarity in defence issues. Strengthening EU defence also means a stronger NATO as 22 EU Member States are also NATO member states. Therefore the projects and initiatives should take into account NATO’s defence planning and already existing capability targets. We should seek cooperation in areas with very practical value, for instance in cyber as it is a transnational and trans-institutional issue. We will focus on strengthening EU-NATO cooperation in cybersecurity and defence during our presidency. Organizing parallel and coordinated exercises such as the table-top exercise between the EU and NATO improves situational awareness and decision making.  Simplifying military movement in Europe is another area for cooperation with tremendous potential both for the EU and NATO. Together with five countries, Estonia has proposed to start such a PESCO project.

 
The EDA’s recent Long Term Review led to the Agency’s reinforcement and a strengthened  role as the central operator for EU funded defence activities. How do you see your country’s role in the EDA evolving in the coming months and years, and how would Estonia like to see the EDA develop in the future?

The EDA is and will continue to be an important part of EU capability development. The Agency has valuable expertise and resources that can provide beneficial support to new capability initiatives. We should use all the tools available and if necessary adjust them to meet the current capability needs of the member states. The EDA has been appointed as the implementing agency for the Preparatory Action on Defence Research and it is a good opportunity for the Agency to show its competence and ability to lead such projects.