Estonia’s Crucial Role In Tackling Growing Cyber Threats

Estonia's  presidency of the UN Security Council refreshes the debate on global cyber security just as the coronavirus pandemic exposes the consequences of failing to protect critical digital infrastructures.   

By Esther Naylor

Recent targeted cyberattacks exploiting the increased demand placed on the healthcare sector during the pandemic led to many calls of condemnation as well as a renewed focus on the connection between cyberspace and the UN’s role in maintaining peace and security.

Many world leaders and renowned experts have been urging governments to take action at the UN level to uphold the international laws being breached by these incidents. UN secretary general Antonio Guterres condemned those carried out on critical civilian infrastructure during his remarks at the Security Council in May following a wave of incidents such as cyberattacks on Czech hospitals and targeting of coronavirus medical research by hostile state actors.

At the same time, Estonia began its first ever presidency of the UN Security Council with a signature virtual event putting cyber security at the heart of its agenda and holding an event on cyber stability, conflict prevention, and capacity-building.

During this meeting member states recognised the COVID-19 crisis has created increased reliance on critical digital infrastructure, and some condemned those targeting hospitals with cyberattacks. However, one permanent security council member abstained from attending - Russia.

Russia-Estonia relations are generally often strained, but the infamous 2007 Tallinn cyberattacks - suspected to be Russian in origin - took down online services for banks, media outlets, even parts of the government, and triggered a radical change in how Estonia managed cyber security.

The lesson from Estonia for any country wishing to undergo digital transformation is simple – that threats to peace and security in the physical world can be translated to cyberspace. Through developing its cyber incident response, the government’s own cyber security capacity and its digital infrastructure, Estonia became a model and a leader on digitization and e-governance efforts.

And although those involved in developing the governance of cyberspace pay credence to a multi-stakeholder approach - involving actors from the private sector, technical community, civil society and academia - states remain the key players.

Countries agreed on a number of commitments in 2015 on norms of responsible state behaviour with the aim of maintaining stability in cyberspace. Yet these commitments were voluntary rather than legally binding and the challenge remains in the implementation of these commitments, the evolving nature of cyberspace, the threat landscape, and the widening capacity gap between those countries with developed cyber capacity and those with nascent digitization.

At the UN level, the debate on global cyber governance is currently split into two parallel processes, within which there are differing views on how cyberspace should be governed. The Open Ended Working Group includes all UN member states and hears consultations from civil society, academia and industry, while the 2019 Group of Governmental Experts contains a group of 25 member countries.

Both processes were due to deliver reports from their proceedings over the next two years to the UN General Assembly, and, although these will most probably be delayed due to COVID-19, Estonia’s decision to put cyber security on the UN Security Council agenda can at least preserve momentum gained from the processes.

But despite being the most powerful UN body, which is capable of issuing binding resolutions, and having permanent members drawn from the world’s most powerful countries – and prolific users of offensive cyberattacks – the Security Council is often criticized for inaction or being paralysed by ‘veto politics’.

Worryingly the council has been unable to even pass a resolution on the coronavirus pandemic and its threat to peace and security. Indeed, exactly what the council deems a threat has evolved over time as events trigger changes in international relations. But what is certain is the fallout from the pandemic will underscore the need for international cooperation on cyberspace to maintain peace and security.

Estonia’s election onto the council accompanied by its campaign commitment to promoting cybersecurity issues is a promising start, and its non-permanent membership does give a genuine opportunity for assertive action against cyberattacks. It has already helped set a precedent of bringing attribution of a cyberattack to the Security Council when, along with the UK and the US, it attributed an attack on Georgia to Russia.

This sets a strong example of how countries can hold each other to account for violations of international norms and reminds states that actions have consequences. State-sponsored cyberattacks are among the most threatening to peace and security, and often states are also the target of such attacks. Therefore, bringing cyber to the Security Council acknowledges the role states have in fulfilling their obligations to each other.

Estonia’s role on the Security Council is also important for small states undergoing digital transformation which may be rather beholden to more technologically dominant states. The pandemic has stretched critical digital infrastructure to its limits and increased the overall harm caused by attacks.

Small states are often heavily reliant on other countries complying with international law and norms to maintain peace and security, but Estonia has the opportunity to frame the cyber security debate beyond the usual geopolitical tensions on the UN Security Council and reflect the true reality - that every country, regardless of size or power, has a key part to play in protecting cyberspace.

Esther Naylor  Is  Research Assistant, International Security Programme at Chatham House

You Might Also Read:

Wanted: International Cyber Standards:

 

« British SMEs Are Suffering A Surge In Cyber Attacks
Artificial Intelligence Improves Business Processes »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

SAMATE

SAMATE

The Software Assurance Metrics And Tool Evaluation project is an inter-agency project between the US Department of Homeland Security and NIST.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

ETSI

ETSI

ETSI is a European Standards Organization dealing with telecommunications, broadcasting and other electronic communications networks and services including cybersecurity.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.