(Episode of “Eurointegrators” with Gert Antsu, Ambassador of Estonia in Ukraine and Head of NGO “Ukrainian Information Security Group” – (Kostiantyn Korsun) focusing on cyber security issues)
Tatiana Popova: On the territory of Estonia, there is a NATO Cooperative Cyber Defence Centre of Excellence. What does this give to Estonia? Is there cooperation with Ukraine on this? Is it effective?
Kostiantyn Korsun: Ukraine is located in the epicenter of a great cyber war of the world’s history. This fact is globally confirmed by the leading states including European Union. Estonia in April 2007 suffered from massive cyber-attacks inspired by Russia. But as far as I know Estonia had built effective system of cyber security since that time. Unfortunately, we here in Ukraine have 5 years long cyber war organized by Russia, but our country has not created any effective system to fight those cyber issues. Dear ambassador, what do you think, why Ukraine is still facing cyber challenges?
Gert Antsu: Well, Estonia indeed got off to a new restart in 2007. We have had ten years to build up our new systems. And also it is for ten years exactly now as the NATO Centre of Excellence is located in Estonia, which certainly has helped us well, because it gathers really well level know-how in the field of cyber defense in Estonia. And Estonian experts can work together with the international ones. And there is cooperation. And we talk about future cooperation between the Centre and Ukraine as well. And I hope very much it will develop further in the future as well. But I am sure of course the attacks that Ukraine has been facing for the last five years, it is all together on the different scale and those denial of service attacks that we had eleven years ago, so it is more difficult for Ukraine, including attacks on critical infrastructure. So I presume it is not so easy. Ukraine serves as a kind of testing ground for Russia, I am afraid in that field, and takes all efforts to fight against that.
Tatiana Popova: Do you see cooperation between Ukrainian and Estonian Centres of Excellence and NATO in cyber defense sphere?
Gert Antsu: Sure, there is cooperation, but I am also sure that it could be much more.
Tatiana Popova: Why do you think it is not enough?
Gert Antsu: Well, it just hasn’t developed so quickly. And all those big things take a lot of time.
Popova: Konstantin, do you agree with this version?
Kostiantyn Korsun: I am not sure, that 4,5 years is a short period that was possible to create some base for national cyber security during that period of time. I agree with the ambassador that the EU and NATO don’t pay enough attention to helping Ukraine in creating such a system. I have got one more question regarding state and private partnership in the field of cyber security. So, dear ambassador, how does it work in Estonia? How it would be made in Ukraine?
Gert Antsu: Sure, the government cannot do everything on its own. So it is a very important part of private companies in the process, they have know-how. They can contribute certainly to cybersecurity, but even more actually we have voluntary organizations, or a part of voluntary organizations – “Cyber Defense League” where people who are IT experts, doing their normal IT work during the day, and then in their free time they are contributing their skills to the cyber defense of the country. So I guess this is something that the countries could learn from Estonia as well.
Tatiana Popova: I think this is an example of how we also have a Ukrainian Cyber Alliance, which helps us to verify how secure our critical infrastructure is. But this does not really help the systematic approach, what do you think about this, Konstantin?
Kostiantyn Korsun: Yes, it is very good that volunteers do the right job. But if we want to have much more effective system, we should understand that it is not enough. For example, when the Great Britain made their cyber system, it had about one billion pounds of donation. So the system of state and private partnership should work like: the government is financing and coordinating the cyber security development and donates private companies which are engaged in process. And each company engages and makes what they can do. One provides the equipment, one deals with a soft and one is responsible for high level exports. So I would say this is a right way over state and private partnership. Dear Mr. Ambassador, do you agree?
Gert Antsu: Sure, that is how it could work. Of course in most countries like Estonia we don’t have one billion pounds. We have to manage with considerably less money, but sure.
Tatiana Popova: Well, you understand, it is a question of money first of all, Konstantin. The UK has billions of pounds, and Estonia has not. And I think Ukraine, unfortunately, does not have it either.
Kostiantyn Korsun: Yes, I do realize that Estonia had not enough money, and Ukraine also needs funds for the projects. But they helped Estonia to find money for creating a system, and there was not such assistance for Ukraine, the country that has been suffering the war. I wonder to know why?
Gert Antsu: Since in Ukraine still there are institutions responsible for cyber defense, not least the National Security Council and other, which are doing coordination part and other institutions are involved as well. So I feel that institutionally at least Ukraine is getting there. And then the substance work, whether it could be a bit faster or not, I don’t really feel that I am competent enough to comment on it.
Kostiantyn Korsun: Well, I’ve got what you said.
Tatiana Popova: But there is help from Estonia. And from Cyber Security Centre of NATO as well, do you know about it?
Kostiantyn Korsun: Yes, but as far as I know we have an assistance from NATO and from EU. Ukraine has received about 5 million euro for the past few years. But I am sure it was not enough any way.
Gert Antsu: Sure, but we build a part of the EU which indeed has been contributing quite a bit, and then I understand also there are discussions about deepening that cooperation. It certainly important as well, because defense cybersecurity of a country doesn’t only have a really hard military component, but it’s broader than that. They improved cyber hygiene and have many other things that could improve the resilience of a country in that field.
Tatiana Popova: But do you know who is actually was responsible in Estonia for your cybersecurity? Do you know this structure or not? Because I know, that you have this Ministry of Economy and Communication, and there is a Deputy Minister for Communication, under whom there is an analogue of the Ukrainian DSZE. And here is actually main cybersecurity and defense built and there are more than several hundred people. As far as I know, it was so when I was at the training in your country. But there is a difference between Ukraine and Estonia, that I saw when I had returned back from Estonia, having all this knowledge, I understand that our system is much more spread. So in Ukraine there are at least three different centers, which have some cyber components in their responsibilities. And in Estonia only one institution handles this. How did you reach this point?
Gert Antsu: Well, Estonia is a small country. And we know that in order to achieve this, we have to be really efficient. In a way it is an advantage of course, as well we don’t have thousands of people dealing with the field and we don’t have thousands of people to coordinate. But I think our institutional efficiency is one of the main strengths that we have in Estonia.
Video: Teniana Popova; program “Eurointegrators with Tetiana Popova”