Former Estonian president on defending against Russian cyberattacks

NASHVILLE — The former president of Estonia is sounding the alarm that, even if after Russia’s war on Ukraine comes to end, the U.S. and the rest of the world cannot ignore the threat posed by Moscow.

“We cannot let our attention wane just when the fighting ends. Neither in cyber, nor in conventional,” Kersti Kaljulaid told The Record on Thursday after her fireside chat at the Vanderbilt University Summit on Modern Conflict and Emerging Threats.

Kaljulaid, whose country was the victim of landmark digital assault by Russia in 2007 that rocked the former Soviet satellite state for weeks, came to the conference with two recent examples of the danger: Estonia’s government services experienced increased cyberattacks during the recent “Locked Shields” digital exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence. A wall of the Tallinn-based hub was also defaced with graffiti.

“Our predecessors had 50 years of strategic patience. Nowadays, the world always wants a solution yesterday. It cannot be done,” according to Kaljulaid, who served as the fifth president of the Baltic nation from 2016 to 2021, and could be the next head of NATO.

“We have to have strategic patience. Sometimes I feel this is lacking. We should have it.”

The Record sat down with Kaljulaid after her appearance at the summit (which ended with her receiving a standing ovation) to discuss the latest incident, cooperation between U.S. Cyber Command and Europe and NATO’s cybersecurity efforts.

This transcript has been edited for length and clarity.

The Record: During your fireside chat you mentioned that Estonian government services experience cyberattacks during “Locked Shields.” What happened?

Kersti Kaljulaid: We had some attempts and some attacks which, let's say, reached a higher level than we are used to, because basically everybody has all kinds of attacks every day. 

We sometimes forget that everything which happens in cyber has a tail end or head end in the analog world. This is a perfect reminder, to me, that somebody organized and orchestrated that something would happen during the Locked Shields in Estonia.

There were various [attacks]. First you have to understand how the Estonian e-government model works. It's a common platform for both the private and public sector. So it's not like you attack the government. You attack the infrastructure.

Even in 2007, we were able to defend ourselves to a certain extent against that. So you cannot say it's directed in Estonia’s case against government or private things because it is directed against society. Of course in this case, we don't have all the details and we are still analyzing what happened.

TR: Do you believe it was Russia?

KK: I don’t know right now.

We are not ready to come out with conclusions right now.

TR: Ukraine joined the center as a “contributing participant.” Should it be made a full-fledged member even though Ukraine is not a member of the alliance?

KK: You don't have to be NATO to be a member of the Center of Excellence. Japan is working closely. Australia has been for years looking for close cooperation with the center. So going down the same road, making Ukraine a more integral part, I don't see anything wrong in it. 

The different question is whether Ukraine now has time. 

Ukrainians at this point in practical terms have more urgent things to deal with. But as a sign, having them there is valuable.

TR: U.S. Cyber Command announced it deployed a “hunt forward” team to Lithuania, the second mission linked to Russia’s invasion of Ukraine. Your country hosted a team in 2020. Should the model be accelerated right now to where teams can visit, for instance, Latvia, or even Estonia again?

KK: Yes, indeed. It should. 

We actually are very much at the forefront and therefore informing. It’s not like, “Come and defend, help us defend ourselves.” It’s rather, “Let’s use these laboratory opportunities.”

Let's say the more work together where it matters most the better, of course.

TR: If the war drags on, should Cyber Command consider going beyond cooperation and give more defensive tools and offensive capabilities to allies and partners?

KK: We are ramping up our own defenses ourselves — and spending quite a lot. 

If there are good and useful technologies which could be directly transposed, we are very open to discuss, accept and work together. I know that our own agencies are adding layers of defense. 

I'm sure that if there is anything which can be done to support Ukrainians to make sure that they also win on that front, then it's all very much welcome. I'm sure other Baltic states would be ready to do it.

TR: Where do you see NATO on cyber and cooperation with the public and private sectors? Is it lagging behind?

KK: It's not NATO. I've been part of an interesting, let's say push, within the context of the Munich Security Conference, where we have been trying to get more and more cyber, artificial intelligence stuff on the table. There is also the Innovation Board of the Munich Security Conference, which deals with these matters. 

I noticed that in 2017, the first time Munich decided to have a few AI-related discussions, the understanding of political leaders on the subject matter was such that we constantly fell down. 

We didn't have at all the AI discussion. Gradually, this political understanding of, "What is cyber? What is AI? What other risks?" — this has increased.

Political leadership is able to also demand technical leadership, which is NATO, to evolve in these spheres. NATO has a very good plan and programming in place.

They are doing what needs to be done to incorporate technologies into warfare. This technology doesn't happen in the public sector, so it's inevitable that you work with the private sector, which is a shift of thinking I've been able to observe, from 2016 to today, gradually happening. 

Of course there is still room to develop, but we are on the right way. I admire what [NATO Secretary General] Jens Stoltenberg and [NATO Deputy Secretary General] Mircea Geoană have been doing on that.

TR: There has been a lot of speculation about why Russia hasn’t unleashed its cyber forces on Ukraine in the manner it did against Estonia in 2007. What are your thoughts and could we see a spike as May 9 approaches?

KK: There are various reasons, and not the smallest and not to be ignored is that they get open-source intelligence from Ukrainians online. They're probably regularly scanning whether they have any hope of seeing Ukrainians’ willingness to fight wane. 

I'm quite sure that they're also doing a lot with their capabilities to make sure that the Ukrainian willingness starts to wane. We shouldn't be naive about that. 

They also need these communications to keep going on and I'm quite sure they are also using it. It would be very weird if they didn't.

We are also considering what we see close to the 9th of May globally in Europe.

This is a far more difficult issue to tackle, attribute and quell than cyber.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Martin Matishak

Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.