Header image

Former Estonia President Talks Broken Collaboration and 'Useless' Response and Intelligence Capabilities

Useless response, outmatched defenses and poor intelligence sharing - Toomas Hendrik Ilves on European state of cybersecurity.


Cybercrime is operating without any consideration for borders, and no regulation is able to support nations or prevent the attacks.

Speaking at the With Secure ‘Sphere’ conference in Helsinki this week, Toomas Hendrik Ilves, former President of Estonia, talked about the move from cybercrime to cyber warfare in the past 25 years “with massive implications for all of us.”

Modern Attacks

Ilves said that it is now possible “to cause death and destruction with electrons” and we have no knowledge of who is attacking us, or even if we are being attacked.

Citing examples such as NotPetya, Stuxnet and the Solarwinds supply chain attack, and the 2007 DDoS attack on Estonia - “where the whole nation had to temporarily shut itself down in 2007 to keep the DDOS attacks from doing too much damage” - Ilves said it is clear that “commercial solutions do well for our immediate needs and they mitigate the kinds of threats we're most likely to encounter in our companies and our customers day-to-day lives,” but things get a little more serious, when hostile governments get into the act with far greater resources.

Broken Collaboration

Pointing at the European Union, where there are 27 different countries “with different levels of digital sophistication” whereas the US has collaborated with Europe on the Cyber Resilience Act to boost the power of ENISA, Ilves asked how much some countries are taking cyber defence seriously.

“After the debilitating DDOS attacks in 2007 that shut down our country, for some days our geek community got together with the government to create a cyber defence, something like the National Guard many countries have but with voluntary civilians - who are also known as Weekend Warriors,” he said.

Calling this a small step, Ilves admitted that this was not enough, as it's a local effort in a small, albeit digitally highly advanced country, but unprepared for what attacks the country could potentially face.

Ilves said the world realises that these problems need to be faced, and that we have to work together, “but we lack the interdisciplinary interagency cooperation that underlies serious cyber defence.”

“Basically Useless”

This is caused by national silos, and a lack of information sharing is done between governments, and even “Europe and NATO do not share information among their members efficiently.”

Ilves said there is only one sharing entity in the world, Five Eyes, ”that includes no other NATO allies and no EU member states.”

He said the only cross-border organisation working on cyber collaboration is NATO, for whom he claimed "cyber did not come into planning until only recently.”

While nations can report attacks to NATO directly, “but not on any single member state or else.”

“Especially since it has no operation centres they have no operational authority: they're basically useless,” he said.

Ilves said too many regulations “simply lack the funding and the personnel to be able to respond to serious attacks,” and a more fundamental problem in Europe is a complete lack of security dimension in EU legislation.

Saying too many regulations are concerned with the new threats of the 20th century, while we already are a quarter of the way through the 21st century, Ilves said there is no consideration on how geopolitical technology can be.

“We're in more trouble than you realise and the sooner we realise that we need to do something, all of us have start to do something, especially when our politicians and policy makers don't understand the nature of this conflict,” he concluded.

He finished by saying cybersecurity experts will and should have a broader role to make clear to policy makers and politicians what the threats are, and what needs to be done to protect our way of life.



Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

11
Jul

Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image