By Julyssa Lopez
Concerns about cyber threats dominate today’s domestic and international conversations. As countries grapple with how to best protect their online security, one nation offers a role model: Estonia.
The Baltic country is frequently touted as the world’s premier example of strong technological infrastructure and Internet freedom. Estonia drew lessons from cyber attacks it suffered in 2007 and leveraged its population of just 1.3 million people to quickly scale and develop defense tactics— the country even has its first graders learning to code.
Today, its workforce in the private and public sectors has come together to build up digital security. The NATO Cooperative Cyber Defence Centre of Excellence is housed in Estonia’s capital, Tallinn, and cyber strategy rests at the top of the Estonian Parliament’s agenda. At a forum hosted by the George Washington University Cybersecurity Initiative
on Wednesday, Estonian President Toomas Hendrik Ilves explained to GW how his nation’s cybersecurity has evolved and what other countries can glean from its example.
President Ilves was joined at the forum by Rep. Mike Rogers
(R-Mich.), chairman of the House Permanent Select Committee on Intelligence; Rep. Dutch Ruppersberger III
(D-Md.); Paula J. Dobriansky, former under secretary of state for democracy and global affairs; and Frank Cilluffo, director of GW’s Cybersecurity Initiative and chair of the Homeland Security Policy Institute
, who moderated the event.
President Ilves said that cyber capabilities are vast in a world that has become dependent on technology. The Internet can manage everything from a country’s power plants to milk deliveries, he said, and individuals risk revealing sensitive personal information through big data.
“We’ve gotten to the point where you don’t need to physically attack a country to debilitate it—we’ve seen this ourselves,” President Ilves said.
Estonia has addressed security dilemmas by creating protected online identities and issuing more than 100 million digital signatures that have allowed for well-guarded e-services, like e-voting and electronic tax filing. The country has also taken measures to secure individuals’ data. Still, President Ilves explained that the cyber domain is a big world where “there are no rules.” New solutions, he said, must be established between society and government, and data security must be guaranteed.
This isn’t the first time Estonia and GW have joined forces. For the past two years, World Executive M.B.A. students have traveled to Tallinn
to learn about the intricacies of cyber defense from committee chairmen in the Estonian Parliament and other national defense experts. Estonian Ambassador Marina Kaljurand, who attended Wednesday’s forum, visited a class last spring to hear student ideas on how NATO can enhance its cyber mission and response posture.
“Estonia has been an extraordinarily valuable partner of George Washington’s World Executive M.B.A. in cybersecurity,” GW President Steven Knapp said Wednesday.
Following President Ilves’ remarks, Rep. Rogers, Rep. Ruppersberger and Amb. Dobriansky analyzed international cyberthreats in today’s environment and how the U.S. can move forward with security policy. The threat matrix, the panelists agreed, looks different today than it did just six months ago.
“It’s constantly changing and the problem is you have new higher quality actors starting to come in,” Rep. Rogers explained, noting that the recent Target credit card hack was orchestrated by organized criminals who used large-scale tactics to steal financial data.
The U.S. cyber command reports that the country loses an estimated $300 billion because of cyber theft, much of which comes from China. Although five people from the Chinese military were recently indicted, Rep. Ruppersberger said an international coalition must unite to make a statement and curb this type of stealing.
“All countries have espionage, but we don’t steal from other countries — we’re not stealing to make ourselves richer, and that’s what some countries are doing,” Rep. Ruppersberger said.
The U.S. needs to set a standard for protection, Rep. Ruppersberger continued. He and Rep. Rogers have been collaborating on legislation to promote information sharing, which Rep. Ruppersberger explained is crucial since the private sector controls 80 percent of U.S. networks.
Minnesota Gov. Tim Pawlenty, who was in the audience, asked Rep. Rogers how soon an information sharing bill would move in Congress, given how quickly cyber attacks happen. Rep. Rogers said he is “cautiously optimistic” that policymakers will agree on a version of the Cyber Intelligence Sharing and Protection Act (CISPA) in the next 30 days.
Left to right: Dutch Ruppersberger III, Estonian President Toomas Hendrik Ilves, Frank Cilluffo, Mike Rogers and Paula J. Dobriansky.
The panelists also broached the topic of the Edward Snowden leaks. While they raised some significant questions, Mr. Cilluffo said, the vast majority of the material disclosed revealed national security secrets that have nothing to do with what the U.S. intelligence community is alleged to be doing domestically. Rep. Rogers added that an overwhelming percentage of the information Mr. Snowden disclosed had to do with military tactics and technologies, and mitigating the damage of those leaks could cost the U.S. billions of dollars.
“Some of this information will impact soldiers standing in the dirt in places like Afghanistan today,” he said.
The panelists closed the conversation by discussing how the international community should approach threats from Russia, where Mr. Snowden is said to reside, in the context of the conflict with Ukraine.
“We need a Western strategy and rebuttal to what Putin has put forward,” Amb. Dobriansky said.