BRUSSELS — Estonian Defense Minister Urmas Reinsalu strongly supported EU-NATO cyber defense cooperation at the Jan. 30 Global Cyber Security Conference here.
Noting that NATO had agreed on a policy in 2011 and the EU is about to come up with a cybersecurity strategy, he said it would be “unreasonable to duplicate efforts,” and called for a strategic-level vision of goals and measures.
Possible actions could include EU-NATO exchanges on standards and regulations plus cyber defense pooling and sharing, for example, in relation to cyber incident management. Joint platforms for cybersecurity exercises also could be explored, he said.
In the EU, he cited the European Defence Agency (EDA) as the best structure for work in this area, but noted that its activities were in their early stages.
“We believe the EDA and member states should make more effort in pooling and sharing,” he said. “We’re actively working on ideas for concrete pooling and sharing of ideas, and hope to elaborate them in the coming months.”
Reinsalu also argued that cyber issues should be discussed at the December EU heads-of-state meeting.
Asked if the Estonian military is thinking about cyber in an offensive context, he said he was aware that “most high-tech countries are developing these capabilities. It’s a grey zone for public discussions, but we’re aware it’s going on.”
He also raised the issue of how cyberattacks should be dealt with in humanitarian law, giving the hypothetical example of a cyberattack on a hospital that causes civilian deaths.
He pointed out that, in terms of the military capabilities among different countries, “you can’t hide a nuclear weapon, but you can hide a program in computers. Working out humanitarian principles is very important. Estonia’s center of excellence on cyber defense is working on that issue.”
He also said Estonia has a national cybersecurity strategy that takes a comprehensive view of the public sector because it sees this as being more practical and cost-efficient.
He cited energy and telecoms as examples of critical infrastructure in private hands in many countries, and warned that the impact of a cyberattack is potentially huge.
“Governments should work with companies to ensure that infrastructure is adequately protected, so that no part becomes a weak link threatening society’s ability to function normally,” he said.