Dutch Ruppersberger a United States congressman once had to answer a strange question “What keeps you up at night?” And his reply was “Spicy Mexican food, weapons of mass destruction, and cyber-attacks”. In Pakistan, food and nuclear weapons are commonly discussed in different forms but the phenomenon that is generally ignored by policy circles as well as by scholars is the threat of Cyberattacks. Generally, it is believed that only major Power like the United States, China, Russia, etc. are prominent actors in the realm of cyberwarfare. But there is also a smaller state “Estonia” that has developed itself as a major power in the sphere of cyber warfare and states like Pakistan can learn a lot from it
The story began in April and May 2007, when Estonia faced a series of cyber-attacks in which many institutions were targeted using cyber weapons. This was the first example of a coordinated cyber-attack that was envisioned to achieve a political outcome. The reason was that Estonia moved a monument depicting a Soviet soldier from a busy place to a military graveyard. This move made the Russians outraged, and it resulted in the first major cyber conflict in which various institutions were targeted in a particular country with synchronized effects. With the development of information and communication technology f, Estonia has also developed itself as a modern, technologically advanced state. Due to its advancement in the Information technology sector, Institutions in Estonia, Government as well as private, are dependent on the internet and computer systems to execute daily life operations. Critical infrastructures like banking and voting system are also reliant on computer networks. This heavy dependence also brought with it many vulnerabilities and during the 2007 cyber conflict, the opposition party tried to exploit these weaknesses. These attacks put Estonia on high alert because attackers could potentially breach important strategic networks that could produce kinetic results
in 2007, after the Russian Cyber-attacks, the Estonian government realizes the need for a proper cybersecurity policy and It launched its first cybersecurity policy in 2008. These policy rules were implemented in two different phases. The first phase was from 2009- 2011 and the second was from 2011-2013. A renewed strategy is adopted for the year 2019-2022. Estonia is among the few countries, that have incorporated cybersecurity in its national security domain. Government institutions had taken different measures to produce an active cyber force over the year. Estonia has unified Government agencies, private institutions, and even civil society to develop vigorous cybersecurity arrangements. Many Government and non-government institutions are grouped because it considers cybersecurity a great threat to national security. Estonia has a very efficient cyber command and control structure. The Ministry of Economic affairs and communication was given the main task to overlook all the issues related to cybersecurity. It is supervised by the government’s security committee and supported by different ministries.
What distinguishes Estonia from other countries is the fact that the public is playing a very effective role in making robust cybersecurity arrangements. The cyber defense league is a part of the defense league that works under the ministry of defense. Defense League is a volunteer organization of Estonian people that works closely with the ministry of defense to counter any kind of threat to the national security of Estonia. Cyber Defense League is a league of experts working under the supervision of MoD. Its main task is to prevent Estonia from high-level cyber-attacks. Its activities are divided into two broad categories. The first is to increase the capacity of the local population and government institutions against cyber-attacks. The second is to carry out different operations in the field of cyberspace.
Estonia is considered among the smaller states in the world. It does not have a huge population and area. Furthermore, its small military forces and resource are less prominent than major powers. But in the field of Information and communication technology, Estonia has transformed itself into a major power and now acting as a role model for many in the world. Estonia is collaborating very effectively with other states and international organizations. This collaboration not only increased Estonian cyber capabilities, but it is also useful for other parties to learn from the experience of Estonia. The most important partnership of Estonia is with NATO member states. The NATO Cooperative Cyber Defense Centre of Excellence a premier institution to deal with cybersecurity threats is situated in Tallinn. This department has the tasks of capacity building, policy coordination, and forming a joint effective force to deal with the threat of cyber-attacks. An important agency of the European Union is also located in Tallinn. Its name is EU-LISA. Its main role is handling Information technology systems.
In comparison with major international actors, smaller states are always considered vulnerable to attack. But cyberspace gives a huge advantage to smaller states in case of conflict with major powers thus they can deal with conventional asymmetry by using cyber force. Estonia is among the very first countries that have developed a proper cybersecurity policy. It showed the world how a tiny state can play a leading role in the field of cybersecurity. Estonia is playing a leading role in the North Atlantic Treaty Organization for strengthening cybersecurity infrastructure.
In the word of Thomas Waite, “we’ve gone from the Cold War to the Code War”. Pakistan as a member of the international community and with its own interest in International Politics could not Isolate itself from the effects of “code war”. Therefore, it is high time for Pakistan to learn from the states like Estonia to draft a proper mechanism to deal with the threat of Cyberwar.