Cybersecurity cooperation – regional activities

Since the first EU cybersecurity strategy was published in 2013, the European Union and its member states have made many efforts to protect critical infrastructure and strengthen  Europe’s cyber capabilities. A joint EU framework for diplomatic response  against malicious cyber activities was agreed upon during the Estonian Presidency of the Council of the European Union in 2017. This framework is known as the EU Cyber Diplomacy Toolbox.

One possible measure is to impose sanctions that can include introducing travel restrictions, and freezing funds, against those responsible for malicious cyber operations. The European Union implemented the cyber sanctions regime for the first time in July 2020. The sanctions concerned the attempted cyberattacks against the Organisation for the Prohibition of Chemical Weapons (OPCW) and the organisers of the WannaCry, NotPetya and Operation Cloud Hopper attacks. Estonia and a small group of EU countries had a leading role in preparing this decision. In October 2020, the EU also applied the cyber sanctions regime against the perpetrators of the cyberattack on the Bundestag.

One of the central topics of the common foreign and security policy of the European Union is the global advancement of a safe cyberspace based on human rights and democratic values. This is highlighted in the European Union’s most recent Cybersecurity Strategy published in December 2020. The strategy contributes to raising awareness of cyber issues and increasing cyber resilience in European Union states, and stands for making sure the unified voice of the European Union on cyber stability and internet freedom is more prominent.

Cyber defence is among the main tasks of NATO’s collective defence. Defining cyber defence as one of NATO’s main areas at the Warsaw summit in 2016 was a seminal event. Estonia is actively involved in NATO’s cyber defence activities and in drawing up the strategy for disruptive technologies.

Tallinn is also the location of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). It is a NATO-accredited independent international centre of excellence, think tank and training facility. The centre was established in 2008 and has become an important source of knowledge in the field of cyber defence, both for NATO and member states. The centre brings together experts from 29 countries.

The Organization for Security and Co-operation in Europe (OSCE) also plays an important role. Estonia is participating in the OSCE’s Informal Working Group on cyber security and is actively supporting the implementation of the OSCE cyber confidence-building measures adopted in 2013 and 2016.

The OSCE leads the way among regional organisations when it comes to implementing confidence-building measures in the field of cybersecurity. These measures can contribute to the stability of the entire OSCE region. Estonia, alongside Austria, Belgium, Finland, Italy and Sweden, is heading the implementation of an OSCE’s confidence-building measure for the cyber domain with a focus on the cooperation between the public and the private sector (also known as CBM 14).

Estonia considers it crucial to have a common understanding of the cyber threats affecting us all, the applicability of international law and norms in cyberspace and issues related to the management of a global free and open internet, and make it as universal as possible. It is also essential to contribute to reinforcing cyber capabilities in various regions of the world.

To this end, in addition to multilateral cooperation and awareness-raising, Estonia is engaging in bilateral cooperation with countries active in the cyber domain in various regions of the world. We are sharing experiences and information.