“Estonia’s security expertise has found a new application in national defence.”
Computing and digital communication have enabled people to work faster and remotely. With modern smart devices, individuals can stay connected to their homes, cars, and workplaces while on-the-go, leading to the widespread (over)use of the term "cyberspace" coined by science fiction writer William Gibson. Despite the numerous benefits of cyberspace, there are also downsides, such as cybercrimes and attacks, which highlight the need for better cybersecurity.
Estonia has a history of prioritising information protection, predating the widespread use of the prefix "cyber". The country's e-government was founded on research in cryptography and risk analysis, conducted in both the private sector and at universities. Estonian cryptographers have published articles on these topics in international conferences and magazines since 1998, with some achieving over a thousand citations.
This knowledge has been put to good use. In Estonia, citizens have been able to participate in elections remotely since 2005, and both threats and defences have evolved over time. The online voting system has become more sophisticated and now uses research-based technologies to ensure auditability, secrecy, and other necessary features. As a result, a new generation of election observers with strong backgrounds and additional training is required.
The 2023 elections saw more votes cast online than on paper, demonstrating the success of Estonia’s approach. However, this milestone means that research and development of technologies and skills must continue, while the legal space may need to be modernized to maintain the safety of the e-government.
Estonia’s security expertise has also found a new application in national defence. Although much of the military equipment currently in use is not yet fully digital, recent conflicts have demonstrated the rapid evolution of warfare. For example, in the ongoing war in Ukraine, the larger and more visible part of the fighting has been reminiscent of World War II, with massive firepower and infantry attacks. However, both sides have effectively prevented the adversary from taking control of the airspace, and activity at sea has been minimal since the cruiser Moskva was sunk. In the battles around Bahmut, which have lasted over half a year by now, cannons and soldiers are attacking each other from trenches in a classic early 20th century duel.
Nevertheless, we have also witnessed significant advances in military technology. In 2003, the United States achieved a quick victory over massive Iraqi regular army units, thanks to its superiority in intelligence gathering and processing, as well as the effective execution of a battle plan using precision weapons and manoeuvre units. Similarly, modern weapon systems have been effectively utilized in the conflict in Ukraine. The famous HIMARS, for instance, would not be able to do much more than the Katjusha (Soviet WWII-era rocket launcher) if each of its missiles was not aimed at a target identified accurately and in a timely manner based on intelligence gathered by satellites, unmanned aerial vehicles and other sensor systems.
In the modern era, all five domains of warfare (land, sea, air, cyberspace, and space) depend heavily on the force multiplier that is often commonly referred to as “cyber”. The weapons systems being designed today are highly dependent on information – specifically, the ability to collect it quickly, process it effectively, and securely disseminate it to the right users. The battlefield is now covered by a unified information space, which includes unmanned and manned vehicles, aircraft, ships, soldiers, and their weapon systems. Protecting such systems against information security threats is as important as protecting against kinetic attacks, as both can destroy a unit's ability to perform its mission. A successful attack on the digital parts of a novel drone or armour could mean that it doesn't even make it from the hangar to the battlefield, or worse, it could be directed against the wrong or friendly target.
Fortunately, Estonia has developed the ability to analyse the security features of complex information technology systems and to create and select protective measures. This will benefit not only our own defence industry but also our allies, as defence technologies continue to rapidly evolve in the coming years. Indeed, the first research and development cooperation agreements have already been concluded in the Estonian private sector, including with the Finnish Patria group. It is clear that such partnerships will continue to develop in the future, and information security will play a crucial role in protecting not only our cyber state but also our homeland.