TALLINN, Estonia — Ukraine has surprised the world with its ability to fend off major cyberattacks from Russia. And one small country — Estonia — has played an outsized role in helping them do so.
The nation of just over 1 million, which has fought off cyberattacks inside its borders from Russia for years, is now leading many of the efforts to provide cyber threat intelligence, funding and critical international connections to protect Ukraine from Russian hackers.
In interviews in Tallinn, Estonian officials provided fresh details about how they aid cybersecurity workers in a besieged Ukraine and coordinate with more powerful allies in Europe and the U.S. in the global effort to defend against Russia’s digital attacks.
It’s a partnership that illustrates a unique aspect of modern cyber warfare — some of the most sustained efforts to protect networks are coming from smaller or less-resourced countries that have been the repeated victims of attacks and have learned the hard way about the need to invest in cyber armies.
Luukas Ilves, Estonia’s chief information officer, said he speaks with Ukrainian counterparts weekly, while some of his colleagues are in “daily contact.” Their assistance has included tasking Estonian cybersecurity professionals to help thwart attempted hacks of Ukrainian critical infrastructure such as power substations and satellites.
“We have been one of the more active European countries in working with them,” Ilves said of Ukraine. While a spokesperson for the European Commission did not respond to a request for comment, it has been reported that Estonia is leading a European Union program worth almost €11 million to provide cyber and digital privacy services to Ukraine.
In some ways, Estonia was forced to prioritize cybersecurity following a Russian cyberattack in 2007 that attempted to shut down the websites of government, banking and other critical services organizations in retaliation for the removal of a Soviet-era statue. Now, Ilves said, they aim to share the expertise they’ve accumulated.
While Estonia has boosted cybersecurity investment at striking levels, other regular victims of Russian cyberattacks have also focused on strengthening cybersecurity. Ukraine itself has strong cyber experience following a decade of Russian cyberattacks, including two incidents that turned off the lights in portions of the country in 2015 and 2016, while the Czech Republic is drafting new legislation to vet third party suppliers of IT equipment used in the country’s critical infrastructure networks in the wake of several major cyberattacks in recent years.
Ukraine’s State Service of Special Communications and Information Protection did not provide a response to a request for comment.
On the financial front, Estonia has consistently been a major contributor in fundingto Ukraine. According to data from the non-profit Kiel Institute for World Economy, Estonia ranks second in overall financial support for Ukraine according to its GDP. And while Ilves said it was hard to pin down the amount given for digital efforts, it was certainly “in the millions.”
And Estonia has tasked itsInformation Security Authority, or RIA, which works to protect critical Estonian systems against cyberattacks, with providing cybersecurity support and sharing threat information with counterparts in Ukraine.
Gert Auväärt, the head of cybersecurity and deputy director of RIA, noted that Estonia has long been a “test base” for Russian cyberattacks, such as multiple major efforts to shut down the Estonian Parliament’s websites. While he declined to go into specifics of the support due to security reasons, Auväärt said Estonia was using its “personal experiences” with Russia to help inform its support to Ukraine and that it’s in a “regular information-sharing partnership” with Ukraine.
Estonia “will continue to do everything humanly possible to help them to win this war, both in the physical and in cyberspace,” Auväärt said.
In terms of expertise on Russian cyberattacks, few nations surpass Estonia. Cyberattacks from Moscow have kept up at a steady pace in the years since the 2007 strikes, including an August attack on the Estonian Parliament’s website during the Estonian government’s effort to remove a Soviet tank from the Eastern border with Russia. According to Auväärt, the August cyberattack was 100 times higher in volume than the 2007 attack.
On another occasion, when the Estonian Parliament declared the Russian Federation a terrorist state, Russian hackers flooded the Parliament’s website with the equivalent of seven years of its usual internet traffic in a single 24-hour period. Estonia managed to fend off the attack and the platform didn’t crash.
“We’ve seen these waves of attacks, it’s calm, calm, calm and then there comes a big wave, then again there is quiet, quiet, quiet, then again it comes,” Auväärt said. “The constant threat level has not changed.”
One reason Estonia has been able to help Ukraine: Its investments in its own cybersecurity means it has the people at the ready. RIA doubled its personnel and its budget in the last year, and last week, Estonian President Alar Karisvisited RIA’s headquarters for a briefing on threats in cyberspace. According to Ilves, 50 percent of the government’s overall spending on technology goes toward cybersecurity, and Estonia added €60 million to the budget for cybersecurity this year. The goal is to increase that spending in the future.
That has turned Estonia into a leading force in NATO on cybersecurity issues. The bloc’s Cooperative Cyber Defense Center of Excellence — which provides cyber training for NATO members and allies such as Ukraine — is headquartered in Tallinn, along with its training base for cybersecurity experts. While a spokesperson for NATO declined to comment on Estonia’s level of cyber support for Ukraine versus other NATO countries, Estonia is certainly viewed as a key ally in the fight against cyberattacks from Russia.
“It’s no accident that the Cyber COE is there given the Estonian government and the Estonian people’s investment in high tech and information technology and the related industries,” David Cattler, assistant secretary general for NATO’s Joint Intelligence and Security Division, said during a virtual briefing with reporters last week. “They are a strong ally and a strong contributor on many things and especially on cyber issues.”
The nation also shares threat intelligence extensively with its NATO partners and with Ukraine. This includes regular contact with the United States’ Cybersecurity and Infrastructure Security Agency on both threats from Russia and how to secure elections. The relationship is warm, demonstrated by Auväärt during the interview as he sipped coffee from a CISA mug given to him by agency Director Jen Easterly, a closeness reciprocated by CISA officials.
Eric Goldstein, executive assistant director for Cybersecurity at CISA, would not go into details on U.S. work with Estonia, but said: “CISA has strong relationships around the globe, including in Estonia, and we regularly exchange timely and actionable information with our international partners,”
Estonia’s expertise on technology issues is also something that Ukraine and other nations have learned from, and Ilves noted that Estonia was a driving force behind the Ukrainian government’s efforts to move Ukraine toward being a “digital society.” These lessons have stuck, as Ukraine is developing tools such as a digital ID to help track refugees, an effort Ilves said Estonia is attempting to emulate.
“In some ways the teacher is outshining the master,” Ilves said.
The post Inside Estonia’s efforts to help Ukraine fend off Russian hackers appeared first on Politico.
