Russia's full-scale war in Ukraine, with all its atrocities, has made us think more about the democratic values we are defending. The fight for these values has already been happening in cyberspace for some time, writes diplomat Tanel Sepp.
The cyberattacks against Estonia in 2007 shocked the world, revealing the vulnerability that accompanies the digitalization of society. Fifteen years on and our dependence on digital solutions has increased many times over, both at the individual and national levels.
We use apps to communicate with each other, order takeout from home or rent cars using apps. Our household appliances recognize us by our voices and we use them to perform simple tasks. We panic when our phone battery runs out and we seem to lose touch with the world.
At the national level, everything in the government sector has been electronic for a long time, and let's see why there aren't more services the state can offer its citizens over the Internet.
The dependence we all have on technology, innovation and networking marks the beginning of a new chapter in the context of world history.
With these new developments, it is inevitable that we are increasingly vulnerable. Today's background systems, which underpin the functioning of various services, have become more complex and, in turn, more vulnerable.
Everyday programs of various kinds are now so large that to view them you need to look at hundreds of millions of lines (of code) - so it is no wonder that there is a vulnerability somewhere that allows those with bad intentions to carry out their evil deeds. A deeper look into the subject also reveals a broader picture of the different cyber threats we need to address.
In Estonia, we now have a structure in place whereby the Ministry of Economic Affairs and Communications and the State Information System Agency primarily deal with domestic cyber security and the Ministry of Defense is responsible for military cyberdefense. Cybercrime is the domain of the Ministry of the Interior and the Ministry of Justice, with the Ministry of Foreign Affairs dealing with cyber diplomacy. While cybersecurity, cyberdefense and cybercrime appear easier to understand, cyber diplomacy requires further explanation.
The main concern of cyber diplomacy is to ensure cyberspace remains stable and reliable, as well as deterrence should anyone break the agreed-upon rules.
Stable and trustworthy cyberspace, in diplomatic talk, is a way of saying that we fight to keep the internet free, open and secure.
The internet cannot be something that is purely up to states to decide and manage, its functioning much depends on the private sector and other stakeholders to make it work. Decisions about the future of the internet must be taken with the involvement of these other parties.
The other major principle is to treat existing international law as equivalent in both the physical world and in cyberspace. The behavior of states in cyberspace cannot take the form of western-style gun-toting and assertion of own rights.
On the contrary, in 2015, the UN General Assembly endorsed 11 norms that should guide states' operations in cyberspace.
These norms outline cooperation and assistance between states, protection of critical infrastructure (and to ensure that infrastructure is not compromised), cooperation on cybercrime and counter-terrorism issues, as well as respect for human rights and principles of privacy etc.
Democratic states would generally follow the principles expressed in these norms anyway, and act responsibly in cyberspace of their own initiative. However, life has shown that not all countries behave responsibly.
As in the physical world, there is a battle of values in cyberspace: on the one side there are those who stand for democratic values and principles, and on the other, those who want greater state control over what happens there. The latter group includes Russia, China, North Korea, Iran and a few others. The cyber threats posed by these countries have already been described repeatedly in the yearbooks of the Estonian Internal Security Service and the Foreign Intelligence Service.
The role of cyber diplomacy in this context is to oppose any proposal that could, in one way or another, undermine the functioning of the current cyberspace based on democratic values.
We also need to be careful to ensure that these values are protected when deploying various new technologies, such as 5G networks, artificial intelligence and quantum computing.
In the global arena, it may seem that this kind of engagement with international law and cyberspace is something of an elitist exercise. There is some truth in that, because many countries have simply not had the capacity to address these issues.
Digitalization is generally addressed by all countries, cybersecurity less so. Just as we in Estonia have helped governments around the world with our skills and knowledge when it comes to building e-governments, or rather digital societies, we also need to share our experience and expertise in cyber diplomacy.
If we want countries to behave responsibly in cyberspace for the sake of overall stability, we need more of them to do so and to demand that others do so too. Developing cooperation in the cyber field has become a separate line of action for us.
But, what if a country deliberately disregards the agreed standards and causes serious damage to another? In such cases, these criminal acts must be brought to the public's attention. No country makes statements attributing cyberattacks [to others] lightly - attribution is always preceded by an analysis of the situation, an examination of the technical information and consultations on the national and international levels.
Attribution alone, however, is no more than a political statement - it must be followed by a response. In this respect, Estonia can greatly benefit from the EU's cyber diplomacy toolbox, which provides the opportunity to attribute cyber-attacks collectively on the EU level and, if necessary, to sanction the individuals and organizations behind them.
Any collective response in such situations is always more effective and has a greater impact in deterring further attacks. This highlights the need to maintain very good relations with our partners, with whom we can compare information on cyberattacks and consider how to proceed in the event of their occurrence.
These principles of cyber diplomacy principles and actions are all a result of the way we have built this cyber environment, or ecosystem, here. As well as the various ministries and agencies, the NATO Cooperative Cyber Defense Centre of Excellence, the e-governance academy, the cyber-expertise education project EU CyberNet, the CR14 Foundation for cyber training and exercises, and many others, have roles to play. We are still noticed, still asked for advice and still expected to help. We do all of this as much as we can.
Undoubtedly, one of the most important issues at the moment is Russia's war against Ukraine. What is happening in Ukraine is also a topical issue in cyber expert circles, with debates going on about how much of Russia's activity has been in cyberspace, whether we ourselves perhaps had the wrong expectations about the role of cyberattacks, or whether there are still major cyberattacks to come.
There are no right or wrong answers here. What is important for Estonia, however, is that we help Ukraine as much as we can when it comes to cybersecurity, and that we, along with our partners, are making plans to help Ukraine rebuild according to its potential when the war subsides. Also in cyberspace.
Editor: Michael Cole