You are here

Cyber diplomacy

Information and communication technology has developed rapidly in recent decades. Estonia and other countries are increasingly reliant on technological solutions and digital services. Cybersecurity is the other side of the coin – there is an increased need to protect critical information systems to make sure that everyday life runs without disruptions. Malicious activity in cyberspace is testing us all in new ways, and is affecting both private individuals as well as all public areas, from energy and transport to education and healthcare.

Safeguarding Estonia’s cyberspace depends on our capability to secure our crucial information systems and a global, open, free, stable and secure cyberspace that is subject to existing international law and norms for responsible state behaviour. Cyber diplomacy is mainly focused on state behaviour in cyberspace and the principles and norms that apply to states in cyberspace. Cyber diplomats also contribute to the fight against international cybercrime and the protection of a free and open internet.

 

 

Cyber diplomacy at the Ministry of Foreign Affairs

 

Many Estonian agencies have a specific role in ensuring cybersecurity. The Estonian cybersecurity ecosystem was born out of joint actions and close cooperation with companies. For example, the coordination of cybersecurity regulations that apply to Estonia’s companies and public institutions is ensured mainly by the Ministry of Economic Affairs and Communications and the Information System Authority. The Ministry of Defence is in charge of cyber defence actions. In Estonia, the fight against cybercrime is part of the tasks of the Ministry of the Interior, the Police and Border Guard Board and the National Criminal Police that is part of its structure, and the Office of the Prosecutor General, which is under the administration of the Ministry of Justice.

The Ministry of Foreign Affairs engages in cyber diplomacy, represents Estonia’s positions in international and regional organisations and advances multilateral and bilateral relations in the fields of cyber diplomacy, international cybersecurity and cyber development cooperation.

For several years now, Estonia has been among the most active global advocates of cybersecurity. We have first-hand experience of the importance of cyber issues: we are a country that has been toughened by malicious cyber activity. When we were hit by an extensive coordinated cyber operation in 2007, there was no international political mechanism for raising the significance of the attacks, appealing for assistance from other states or condemning the attackers. Since then, Estonia has done a great deal to raise cybersecurity issues both bilaterally as well as in the EU, NATO, the OSCE, the Council of Europe, the UN and beyond.
 


Since 2022, Estonia has an Ambassador at Large for Cyber Diplomacy. Tanel Sepp is the current ambassador.

He is supported by the Cyber Diplomacy Department, established in 2019 at the Ministry of Foreign Affairs.

  • The guiding principles and policies of Estonia’s cyber diplomacy (143.63 KB, PDF) »

    The guiding principles and policies of cyber diplomacy define the role and activities of the Ministry of Foreign Affairs in ensuring cybersecurity and meeting cybersecurity objectives, both domestic and international, in advancing bilateral and multilateral relations.

 

International law and cyberspace

 

At a formal conference in 2019, President Kersti Kaljulaid presented Estonia’s official positions on the application of international law in cyberspace. In 2021, Estonia’s expert presented legal positions (PDF) under the UN Group of Governmental Experts (GGE) for inclusion in the appendix of the official consensus report.

Estonia’s position is clear: existing international law also applies in cyberspace. Both at times of peace and war, states must act responsibly in cyberspace.

The application of international law in cyberspace is among the most important topics of global cyber policy discussions. States agreed at the level of the UN General Assembly that international law and cyber norms are applicable. At the UN, states have developed and agreed the framework for responsible state behaviour in cyberspace. Its implementation is a priority. The framework is the result of the long-standing efforts of the UN and in addition to international law, it includes norms and confidence-building measures for responsible state behaviour in cyberspace.

In global terms, Estonia is also associated with the Tallinn Manual. It is an independent academic analysis by internationally recognised experts of how international law applies in cyberspace. Professor Michael Schmitt from the US Naval War College has led the work of the international group of experts. The Tallinn Manual considers the applicability of international humanitarian law during armed conflict and covers the spectrum of international law dealing with cyber operations during peacetime.

 

Cyber stability and international security

 

The most important international forum for discussing cybersecurity in the context of international peace and security is the UN Disarmament Committee.

60 countries and organisations spoke at the Security Council’s virtual meeting on cyber stability.

Estonia is an active member of the UN working groups to ensure international cyber stability. Since 2009, a representative from Estonia has been elected to be part of all consecutive UN Groups of Governmental Experts (GGE). These working groups have resulted in a framework for responsible state behaviour in cyberspace providing clear rules for states on the applicability of international law and the implementation of norms and confidence-building measures in cyberspace.

It also contributes to regional cooperation – for example, the OSCE’s confidence-building measures for cyberspace have been composed based on 2013 and 2015 GGE reports. In 2021, the most recent GGE agreed on a substantial report not only confirming previous achievements but also adding an extra layer for understanding and implementing the existing framework, including the 11 voluntary cyber norms established with the 2015 report.

Estonia was one of the most active members of the 2019-2021 UN Open-ended Working Group (OEWG). The work of this group also concluded with an important report, by which all UN member states reiterated the validity of the existing framework. These feats pave the way for further discussions at the First Committee of the UN.

Estonia is also raising awareness of cybersecurity as an elected member of the UN Security Council in 2020-2021. In March 2020, Estonia, alongside the United States and the United Kingdom, raised a malicious cyber incident against Georgia at a formal meeting of the Security Council. It was the first time the Security Council formally discussed specific cyber operations. We were also pioneers with our informal virtual meeting on 22 May 2020: the stability of cyberspace had never been discussed as a separate topic at the Security Council. The main takeaway of the meeting was the conviction of Estonia and many other countries that cyberspace was not different from other domains where international law is applied and states were subject to certain rules of behaviour.

For the first time in history, the UN Security Council officially discussed cybersecurity at an open debate during Estonia’s second presidency in June 2021.

 

Fighting cybercrime

 

The damages inflicted by cybercrime on the global economy amounted to €5.5 trillion in 2020. This exceeds the volume of global drug trafficking.
Since cybercrime knows no boundaries and criminals can often attack from the other side of the globe, fighting this type of crime requires close international cooperation. The Convention on Cybercrime of the Council of Europe, also known as the Budapest convention, is currently the only truly international legally binding agreement addressing cybercrime.

Estonia is actively participating in the work of the Open-Ended Intergovernmental Expert Group on Cybercrime (IEG) based in Vienna. The IEG is examining options for updating the Budapest convention and proposing ways of enhancing international cooperation. In December 2019, the UN General Assembly adopted the resolution on “Countering the use of information and communications technologies for criminal purposes”. This resulted in a mandate to elaborate a comprehensive international convention. Negotiations are scheduled to commence in the Ad Hoc Committee (AHC) in January 2022 and continue over a multi-year process.

Markko Künnapu from the Estonian Ministry of Justice is elected AHC bureau member.

 

Global internet governance and internet freedom


To advance global internet governance and internet freedom, Estonia is participating in several international initiatives. Internet governance is based on multistakeholder cooperation, with countries, the private sector and non-governmental organisations playing their respective roles. 
With more than 4 billion users, the internet – the network of networks – has evolved beyond a technical system and technology. Recently in particular, internet governance has become an important political topic, as a number of countries would like to bring free, open and secure internet under government control. 

Internet governance dates back to the 1970s, when TCP/IP protocol was used as a basis to develop a network that was administered without central leadership. 1998 saw the foundation of the non-profit organisation Internet Corporation for Assigned Names and Numbers (ICANN) that became the technical coordinator of public core of the internet. Internet governance made a more substantial appearance on the diplomatic agenda early this century, when the UN launched the World Summit on the Information Society (WSIS) process, where two approaches clashed: intergovernmental cooperation vs cooperation including all groups. At a 2005 meeting of the WSIS, it was agreed that global internet governance must include all stakeholders. This is why the Internet Governance Forum (IGF) was established. As internet governance is very complicated and includes many stakeholders, the machinery that is involved in this work today has grown significantly.

In 2018, the Secretary-General of the UN launched a process attempting to improve the existing global mechanism for digital cooperation. Estonia is actively participating in this process – we are co-chairs of the UN working group on digital cooperation on the issue of trust  and security.
Supporting a free, open and secure internet is also closely linked to the protection of internet freedom. Estonia considers digital rights – such as free access to the internet, freedom of expression online, privacy – an integral part of human rights. We are active participants in international discussions on internet freedom and are a founding member of the Freedom Online Coalition (FOC).

Estonia’s pioneering role has been recognised by the renowned US think tank Freedom House. According to the index published in October 2020, Estonia ranks second after Iceland in internet freedom.

Some further reading on how Estonia is protecting internet freedom.

 

Regional activities

 

Regional cooperation has a significant role in advancing cybersecurity internationally and increasing cyber capabilities.

The European Union

 

Eesti Euroopa Liidu Nõukogu eesistumise ajal võeti vastu mitu olulist küberalgatustSince the first EU cybersecurity strategy was published in 2013, the European Union and its member states have made many efforts to protect critical infrastructure and strengthen  Europe’s cyber capabilities. A joint EU framework for diplomatic response  against malicious cyber activities was agreed upon during the Estonian Presidency of the Council of the European Union in 2017. This framework is known as the EU Cyber Diplomacy Toolbox.

One possible measure is to impose sanctions that can include introducing travel restrictions, and freezing funds, against those responsible for malicious cyber operations. The European Union implemented the cyber sanctions regime for the first time in July 2020. The sanctions concerned the attempted cyberattacks against the Organisation for the Prohibition of Chemical Weapons (OPCW) and the organisers of the WannaCry, NotPetya and Operation Cloud Hopper attacks. Estonia and a small group of EU countries had a leading role in preparing this decision. In October 2020, the EU also applied the cyber sanctions regime against the perpetrators of the cyberattack on the Bundestag.

One of the central topics of the common foreign and security policy of the European Union is the global advancement of a safe cyberspace based on human rights and democratic values. This is highlighted in the European Union’s most recent Cybersecurity Strategy published in December 2020. The strategy contributes to raising awareness of cyber issues and increasing cyber resilience in European Union states, and stands for making sure the unified voice of the European Union on cyber stability and internet freedom is more prominent.

What else is Estonia doing to contribute to EU actions?

  • Since 2019, the Information System Authority has been heading the creation of EU CyberNet, a cybersecurity expertise network covering the entire EU. The network brings together the brightest minds of the European Union’s cybersecurity community to work on improving the security of our digital space, and participate in the EU’s external cyber capacity building projects in partner countries.
  • Since 2018, Estonia’s cybersecurity experts have provided training and consultancy to implement the Cyber Resilience for Development (Cyber4Dev) project designed to promote cyber-resilience in Africa, Asia and Latin America.
  • The headquarters of the European Union’s IT agency eu-LISA are in Estonia. The agency manages large-scale IT systems, including those essential for the operation of the Schengen area, and provides technological support to EU member states to make Europe more secure.
  • Estonia also has a link to the European Union Agency for Cybersecurity (ENISA) that plays a key role in developing information security in the European Union – its Executive Director is Juhan Lepassaar from Estonia.

 

 

NATO

A trademark of NATO's CCDCOE  – the international cyber exercise Locked Shields

 

Cyber defence is among the main tasks of NATO’s collective defence. Defining cyber defence as one of NATO’s main areas at the Warsaw summit in 2016 was a seminal event. Estonia is actively involved in NATO’s cyber defence activities and in drawing up the strategy for disruptive technologies.

Tallinn is also the location of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). It is a NATO-accredited independent international centre of excellence, think tank and training facility. The centre was established in 2008 and has become an important source of knowledge in the field of cyber defence, both for NATO and member states. The centre brings together experts from 29 countries.

 

OSCE

 

The Organization for Security and Co-operation in Europe (OSCE) also plays an important role. Estonia is participating in the OSCE’s Informal Working Group on cyber security and is actively supporting the implementation of the OSCE cyber confidence-building measures adopted in 2013 and 2016. The OSCE leads the way among regional organisations when it comes to implementing confidence-building measures in the field of cybersecurity. These measures can contribute to the stability of the entire OSCE region. Estonia, alongside Austria, Belgium, Finland, Italy and Sweden, is heading the implementation of an OSCE’s confidence-building measure for the cyber domain with a focus on the cooperation between the public and the private sector (also known as CBM 14).

 

Cooperation with third countries and development cooperation

 

Estonia considers it crucial to have a common understanding of the cyber threats affecting us all, the applicability of international law and norms in cyberspace and issues related to the management of a global free and open internet, and make it as universal as possible. It is also essential to contribute to reinforcing cyber capabilities in various regions of the world.

To this end, in addition to multilateral cooperation and awareness-raising, Estonia is engaging in bilateral cooperation with countries active in the cyber domain in various regions of the world. We are sharing experiences and information.

Contributing to increased cyber capabilities is also one of the priorities of Estonia’s development cooperation. This is why we are participating in several bilateral and multilateral cyber capacity building projects, mainly in countries that are Estonia’s development cooperation priority partners, as well as in several EU and NATO activities. Estonia also supports the Cybersecurity Multi-Donor Trust Fund of the World Bank, the cyber programme of the Organization of American States (OAS) and the Global Forum on Cyber Expertise (GFCE).

 

More than 80 diplomats and experts from 26 countries attended the first cyber diplomacy summer school in Tallinn

Training

 

Cyber diplomacy is a relatively new area of international relations but it is developing very rapidly. Estonia organises several training programmes for diplomats active in the cyber domain, both from the EU and NATO as well as other states. At the trainings, current and former cyber diplomats, internationally recognised academics and experts and representatives of the private sector share their knowledge.

 

Some past training events:

 

 

Last updated: 13 June 2022

About Estonia

Get closer acquainted with Estonia, coming here for a visit, studies, business or investments!

Official Estonian Gateway

Get closer acquainted with Estonia and see what are the most important facts and main areas of activity here.

Digital Society

Estonia has
transformed itself into
one of Europe’s business success stories of the last decade, mainly thanks to the sophisticated e-solutions available here.