Cyber-attacks in Estonia by Lionel Oh (A'21)

by tuftsigl
Jun 15

It has been six days since we arrived in Estonia, and this small Baltic state and its plethora of unique problems and circumstances has really piqued my curiosity. When you have 45,000 square kilometers to share among a population of 1.3 million, there is a lot of land to go around. But that small population size also poses limitations to Estonia's economic and military capabilities. Underlying societal fault lines are evident, too. Estonian-Russian relations are challenging, as ethnic Estonians continue to live alongside ethnic Russians in an environment filled with social, economic, cultural, and even linguistical divides. This is all happening as the ever-present Russian bear watches at the border - always a subconscious factor in Estonia's policy planning.

Since landing in Estonia, we've had the privilege of meeting with senior government officials and academics to engage them in thinking about Estonia's defense policy, geostrategic constraints, multilateral strategies, and cyber expertise. With EU and NATO participation, as well as a strong niche in cyber, Estonia shows a deft understanding of the practicality needed for a small state to survive in an anarchic international environment. As our meeting with Matthew Crandall, lecturer and small-state security professor at Tallinn University, informed us, that high level of involvement in strengthening international organizations and the international rule of law is integral for creating a conducive environment for survival. Foreign troops stationed in Estonia provide a deterrent effect that, due to manpower and financial constraints, Estonia is not fully able to create alone. To complement and sustain such a foreign policy, Estonia needs to stay relevant to the international community, and does so through a keen specialization in the field of cyber. This increases its value-adding capability and serves as a bulwark against potential aggressors such as Russia.

We had the chance to speak to Lauri Almann, currently the co-founder of BHC Laboratories, an Estonian cybersecurity firm. He had previously served in various top-level civil service positions in Estonia, including as Permanent Secretary of the Ministry of Defense. Almann also served on the team that organized the response to the cyber-attacks against Estonia in 2007.

Estonia's experience with the 2007 cyber-attacks was a watershed in the use of state-sanctioned cyber-attacks to advance foreign policy goals. The attacks were in response to the Estonian Parliament wanting to move a Russian memorial statue out of the city center. Estonia has named Russia as the main actor of the DDoS attack, which crippled the government's ability to function and hampered economic and technological services. As Almann recollected the government's response to the attacks, he animatedly drew out a four-point framework that he used to guide the government approach: Time, Transparency, Cooperation, and Authority. It made me realize the difficulties cyber issues posed, not just at a theoretical and conceptual level, but also on the ground level. Decision-making and procedural protocols need to be clear and flexible enough to adapt to such a constantly changing environment.

We're currently in Finland and will continue interviews with members of the Estonian Defense Forces and other academics upon returning to Tallinn. In the meantime, we're enjoying the best of Finnish cuisine - reindeer meat!