Estonia's cyber lead urges better threat intel-sharing in NATO

Source: Getty Images

NATO allies must continue to deepen “actionable” information-sharing about cybersecurity threats and compromises as warfare domains become increasingly digital, Estonia’s National Cyber Director Liisa Past told DefenseScoop in an exclusive interview on Thursday at the Estonian embassy in Washington.

Past discussed this and other topics among senior leaders from dozens of nations during the International Counter Ransomware Summit at the White House earlier this week.  

“This is the only trip I’ll probably take this year, because I started this position a little over two months ago and it’s very clear that I have to get the ‘house in order’ in terms of strategic direction at home,” said Past, who served as Estonia’s chief information security officer for homeland security before she became the nation’s top cyber official.

Estonia is known for fast internet and its modern, all-digital approach to government services. As a former Soviet state and Baltic nation that borders Russia, it is also a vital NATO ally — particularly in the midst of the unfolding conflict between Moscow and Ukraine.

Since the Russian military invaded Ukraine in February, global trends show “there’s clearly waves” of cyberattacks impacting nations across Europe, Past said.

“A lot are these sort of not particularly sophisticated distributed denial of service attacks. There’s also phishing. Clearly that’s there. And regardless of where you are in the world, if you’re in a visible or somewhat visible position in security or critical infrastructure, you should consider yourself a target,” she noted.

Such hacking efforts, Past added, appear to be coming in “waves, which would lead you to conclude that it’s coordinated. There’s a reactive, or sort of reactions to political actions that you wouldn’t necessarily think of just randomly happening at the same time.” 

To her, it’s frustrating to hear some argue that there has been an unexpectedly low level of cyber aggression in this conflict. Challenges in the digital domain come at a time when she’s also observing a “level of physical kinetic aggression against the sovereign nation of Ukraine by a barbaric Russian Federation, that includes attacks on civilian infrastructure” that is “unprecedented, at least in Europe in this century.” 

“We thought we were better. So the fact that in cyberspace we’re not seeing massive loss of life and property doesn’t mean that there’s an unexpectedly low level of aggression,” Past said. 

Beyond the escalating phishing and denial of service attacks, she noted that internet connectivity was frozen across Europe when tens of thousands of satellite modems in Ukraine and elsewhere were hacked earlier this year.

“I would say there’s a pretty regular sort of level of cyber aggression, and an unprecedented level of kinetic warfare. So, you can’t be comparing things or saying that things aren’t as bad as they could be,” she added.

As the warfare carries on in Ukraine, Estonia is recognizing more and more how fundamental its relationships with partners in NATO and the European Union are. 

“I think it’s wider than the national defense — it’s definitely the defense of critical infrastructure as well, especially with the sabotage of the Nord Stream pipeline. That’s not currently operational anyway, but that reminds us that submarine cables and pipelines are not the taboo as a potential target. And even with no increased satellite connections, a lot of us are very reliant on those fiber optic cables. Every digital nation in the world is,” Past said.

While she was in Washington this week, the cyber leader had meetings with officials from the Defense Department and National Security Council, as well as from the Treasury and State Departments. Those discussions she engaged in largely focused on cybersecurity and cyber defense issues that are top-of-mind for the U.S. and Estonia currently.

Past also attended the Biden administration’s international summit to combat ransomware, or software that locks computers until money is paid to hackers that infect the systems. Senior leaders from 36 countries and the EU, and 13 private sector companies, deliberated on ways to collaboratively combat ransomware-associated cybercrimes.

“It was a pretty unique opportunity to move a little outside of our usual alliances,” Past noted.

The summit provided her with a chance to connect with the White House Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger and Vice President Kamala Harris. “I mean, the little things matter — especially in diplomacy,” Past said of the experience. 

“There’s a fair amount of sort of this attacker-neutral work to be done in a much wider line system than we’re used to,” she added. 

At the event, officials spoke about the need for stronger information-sharing systems to share threat information about ransomware risks. To Past, more “actionable” information exchanges about all types of cyber threats is vital to NATO security at this time.

“To be actionable, it does need to be as close to real time as possible, and it needs to include what worked and what didn’t work — or what the specific indicators of compromise are. And most importantly, … [nations] need to take a step back and get out of the national defense/civilian [mindset] and silos and take a comprehensive view because the threat actor doesn’t really care, and more importantly, our citizens don’t care whether lights are out because of an attack on military or civilian infrastructure,” Past said.

Operationally, NATO partners have to work harder in the near term to enable more seamless and advanced cyber threat intel-sharing, she said.

“I’ve found that humility is the No. 1 predictor of success — in this industry anyway. So, the moment you think you’re hot shit — the moment you become arrogant,” Past said, “that’s five minutes before you become useless.” 

Such discussions will likely continue at an international conference in Rome next week, she noted, as members of NATO are expected to revisit an existing cybersecurity agreement they signed onto before Russia’s invasion.

“We’re all waiting to see what’s happening to the cyber pledge,” Past said.

Editor’s note: This is the first in a series of stories that DefenseScoop is reporting on this interview.