Estonia spy chief calls on Europe to invest in its own offensive cyber capabilities

MUNICH, Germany — Estonia’s foreign intelligence chief on Friday called on European governments and industry to invest in homegrown offensive cyber capabilities, noting that the continent relies too heavily on non-European tools.

Kaupo Rosin, head of Estonia’s Foreign Intelligence Service (EFIS), told the Munich Cyber Security Conference that Europe is focused on defense, while modern intelligence and security operations increasingly depend on the ability to penetrate, disrupt or manipulate adversaries’ digital systems.

“My call to the European industry is not only to think about cyber defense technology, but start to think about cyber offensive solutions too,” said Rosin.

“The tools currently available to the services are mostly non-European solutions. There are other countries who actively conduct research and development and produce solutions which are very expensive, of course. I would love to coordinate and cooperate with Europeans more on that,” he added.

The proliferation of so-called commercial cyber intrusion capabilities (CCICs) is a controversial topic across the continent due to persistent concerns about these tools being abused for illegitimate purposes.

The British and French governments, both of which have their own state cyber capabilities, have launched the Pall Mall Process in an attempt to reform the spyware and commercial hacking market.

Unreformed, the fear is the market will produce more abuses of the technology targeting “journalists, human rights activists, political dissidents and opponents and foreign government officials,” as British intelligence warned in 2023.

However, without both public and private sector investment, Rosin suggested that many of the topics being stressed at the Munich Cyber Security Conference — including Europe’s ability to counter malicious activity from Russia and China — will fail to materialize.

These capabilities are needed not just to mirror what the continent’s most capable adversaries can do, but also to match Europe’s defensive posture with credible tools to gain access to target networks.

As an intelligence agency, Rosin said more than half of the raw information that EFIS handles comes from “access to energy systems, servers, IT systems, mailboxes and so on. There is a lot of information sitting there,” he said.

But even this access requires additional technology which remains, largely, non-European in origin. Rosin noted that an internal audit some years ago found that 94% of the data collected by EFIS was never touched by an analyst.

“Manually it is impossible,” he said, arguing that Europe needs its own technology stack to handle the scale of modern intelligence collection.

“Again, my message is, please provide us with European solutions for cyber collection,” he said, before repeating his earlier point: “Some services also have this mandate for cyber sabotage activities in order to shake the enemy. And these are tools which I would like to have also.”

Rise of cyber espionage

On the broader security picture, Rosin said Estonia does not see a genuine Russian effort to make peace and believes President Vladimir Putin remains convinced he can win militarily in Ukraine.

The intelligence chief said Moscow appears to be pursuing parallel tracks with Washington — dragging out talks over Ukraine while seeking to restore broader economic ties and ease sanctions.

Rosin said there is currently no sign of an imminent conventional Russian attack on NATO, but warned that Russia is likely to rebuild forces along its borders as resources are freed from the war in Ukraine, underscoring the need for sustained investment in security.

Asked about recent cyber incidents, including attacks on Poland’s energy infrastructure, Rosin said cyber espionage remains the dominant activity and that using access for disruption risks losing it. In peacetime, he said, governments must weigh whether such actions have lasting strategic effect or only short-term impact.

He also said the volume of cyber probing and attacks has grown dramatically since the widely known 2007 attacks on Estonia, though many successful intrusions still exploit basic failures in cyber hygiene rather than sophisticated techniques.

In Europe, Rosin said, intelligence cooperation is becoming more operational and task-focused, with smaller groups of services working together on specific targets — and stressed there is little patience for partners that cannot contribute capabilities.