Three days in Tallinn – how Estonia does Cyber defence

From the moment Estonia joined NATO in 2004, it was warning that the alliance was not prepared to counter emerging threats from cyber warfare. According to officials in Tallinn, these warnings were repeatedly ignored.

But three years later, that all changed.

In April 2007, Estonia was hit by a succession of cyber attacks at a scale that had never been seen before. Over 21 days, seemingly coordinated attacks targeted online banking, emails, internet providers, and government bodies.

At its peak, 4 million data packets were hitting Estonia’s network every single second.

According to NATO’s Cyber Centre of Excellence, the vast majority of the malicious traffic was of Russian-language origin. The Russian government denied any involvement and subsequently refused to cooperate with investigations.

“Estonia 2007 was the first cyber attack in history that affected a country nation-wide”

Helen Popp, Estonian Embassy in Washington

The attacks were an apparent response to Estonian government’s decision to relocate a Soviet-era war memorial. Originally called the “Monument to the Liberators of Tallinn”, it signified the USSR’s victory over Nazism.

After the announcement that the memorial would be moved, Sergey Viktorovich Lavrov, then Russian Foreign Minister, simply said: “It will have serious consequences for our relations with Estonia.”

Russia had employed this tactic before. Both its 2008 war with Georgia and its 2014 annexation of Crimea began with significant unrest spurred on by actions ‘below the threshold’.

In both of those cases, the tanks followed soon after.

Shortly after 2007’s attack, NATO established a ‘Cyber Centre of Excellence’ in Tallinn. The body facilitates information sharing and research on cyber, as well as contributing to NATO exercises like Trident Juncture. It now has 25 member nations, including the United Kingdom.

“A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all”

Jens Stoltenberg, NATO Secretary General

In addition to research and education, it runs its own ‘red vs blue’ style exercise: Locked Shields. Every year, each member state assembles a ‘blue’ team to defend Berylia, a fictional island, located south of Iceland.

It’s the world’s largest cyber-war game. There’s no script; each year, nations are tested on their abilities to defend against cyber attacks.

https://twitter.com/__jajo__/status/1121452205498880000

NATO increasingly feels that the threat from cyber attacks isn’t understood evenly across the alliance. Secretary General Jens Stoltenberg, however, is clear that the threat needs to be countered. In an article published in 2019, he wrote:

“In just minutes, a single cyberattack can inflict billions of dollars’ worth of damage to our economies, bring global companies to a standstill, paralyse our critical infrastructure, undermine our democracies and cripple our military capabilities.”

By running these exercises and establishing centres to promote cyber defence, NATO is sending a clear message: it takes cyber seriously and regards it as a strategic issue. It’s too important to be left to the techies.

Despite this, officials remain clear that cyber can’t defend and hold territory. Estonia reckons Russian forces could be in Tallinn within 72 hours if they ever chose to invade. They cannot afford to focus solely on cyber.

Much is spoken about the so-called ‘Narva scenario’. Narva is small, mostly Russian speaking town on Estonia’s border with Russia. The only obstacle between Russia and Narva?

A small frozen river.

NATO's frosty border with Russia as seen from Narva, Estonia this morning pic.twitter.com/LOpmabjDpf

— Naomi O'Leary (@NaomiOhReally) January 12, 2017

The ‘Narva scenario’ dictates that at a time of its choosing, Moscow could annex Narva in much the same way as it did with the Crimean peninsula. After all, Russia supposedly has a rule which compels it to ‘protect’ ethnic Russians.

“Our country will continue to actively defend the rights of Russians, our compatriots abroad, using the entire range of available means”

Vladamir Putin, 2014

It doesn’t take much to imagine how Moscow would argue that the residents of Narva are ethnically Russian – 94.7% of Narva’s residents speak Russian natively.

If this was to happen, would NATO come to Estonia’s aid?

Whilst doubt has been cast over NATO’s resolve to defend the Baltic states, Estonian officials are effusive in commenting on the United Kingdom’s commitment.

NEW: Royal Air Force Typhoon jets have been launched twice in the past two days to intercept Russian military aircraft "flying close to Estonian airspace".

It's the 15th and 16th scramble since the RAF took over #NATO Air Policing in May. pic.twitter.com/dBbYuYOxVY

— Henry Jones (@hthjones) August 6, 2019

I was the only British journalist on the reporting tour to Tallinn. Interestedly, officials repeatedly and specifically approached me to ‘send a message’ back to the UK: “you’re incredibly important to our security.”

Estonia values the UK as a partner, far more it seems than it values other NATO members. I was in Tallinn shortly after Macron’s comments describing the alliance as “brain-dead”. This was raised as a concern, with Estonian officials referring to them with worry.

Estonia is faced by a wide range of threats. Few of us in the United Kingdom understand what it’s like to live in fear of Russian invasion. Estonians do.

They’ll never be a leading military power. Instead, they’ll have to look to their partners in NATO during times of crisis.

But what Estonia lacks in conventional military capability, it makes up for in Cyber security. By way of proof, it ranks joint first (with the Czech Republic and Greece) on the National Cyber Security Index.

It knows that cyber is important. It knows, as echoed by Jens Stoltenberg, that a single cyberattack can cripple a nation.

And it’s doing something about that. Flying back to the UK after three days in Tallinn, I was left incredibly impressed by how Estonia is leading NATO in Cyber defence.

Thank you to NATO, as well as the US Embassy in London, for their help in organising this visit.