In a first-of-its-kind trilateral cyber exercise, the Maryland Air National Guard and Estonia’s Cyber Command hosted the Baltic Blitz 23 exercise on September 17-20, 2023, at Ämari Air Base, Harijumaa, Estonia.

In a first-of-its-kind trilateral cyber exercise, the Maryland Air National Guard and Estonia’s Cyber Command hosted the Baltic Blitz 23 exercise on September 17-20, 2023, at Ämari Air Base, Harijumaa, Estonia. Maryland Army National Guard / 1st Sgt. Thaddeus Harrington

Estonia discussed sending offensive cyber tools to Ukraine after Russia invaded

Tallinn expects Moscow’s cyber attacks to increase—even after Russia is ejected.

Correction: An earlier version of this report incorrectly said that Estonia had already sent the tools to Ukraine.

TALLINN — When waves of cyber attacks struck Ukraine just before Russia launched its full-scale invasion last year, one small country familiar with such tactics rose to Kyiv’s aid: Estonia, the tech-savvy nation of just 1.3 million people. 

“We helped to overcome the first shocking moments,” said Tõnu Tammer, head of the Incident Response Department at Estonia’s Estonian Information Systems Authority. “We acted as a sort of conduit to put resources at the disposal of Ukrainians from the donors that wanted to contribute.”  

A host of public and private entities would ultimately step in to help Ukraine respond to Russian hacking. Microsoft, for example, helped Ukraine transfer data to cloud systems beyond the reach of Russian missiles.

Estonia’s role as a cyber-defense coordinator is just one way in which the small Baltic country has adapted to the new security reality caused by Russia’s invasion of Ukraine. 

Tammer’s office is at the center of this work. The Estonian Information Systems Authority is in part responsible for guarding the networks of Estonia, a country so digitized that a majority of citizens voted online in the 2023 elections. 

Estonia also discussed with other countries providing Ukraine with dual-use cyber tools that could be used for offensive operations against Russia, said Tammer. 

The tools are used to detect vulnerabilities, Tammer said, and therefore can either identify gaps in Ukraine’s defenses or identify gaps in Russian cyber defenses. But Estonia has considered giving the tools for use in defense, he said. 

The limitations on the tool mirror U.S. policies, which do not support the use of U.S.-made weapons in Russia, a National Security spokesperson previously told Defense One. 

Amid billions of dollars of Western military aid, Tammer said he considered such potential aid to be uncontroversial. “You give ammunition and then you give cannons and then things like that, and you’re worried about some piece of software? It just doesn't add up,” said Tammer. 

U.S. Cyber Command commander Gen. Paul Nakasone has said that his command conducted “offensive” cyber operations to support Ukraine. 

Tammer’s work protecting Ukraine, however, is just an extracurricular. Protecting Estonians from cyber attacks, often originating from Russia, is the Incident Response Department’s main task. 

Estonia earned its role as a cyber-partner for Ukraine the hard way. In 2007, the highly networked nation faced mass cyber attacks after it decided to remove a  monument to the Soviet Army, which occupied Estonia from 1940 to 1991. Some ATMs stopped functioning, government workers were unable to communicate by email, and media outlets were unable to publish their work. 

In response, Estonia, a nation of 1.3 million, has become a leader in cyber defense. NATO’s Cyber Defence Centre of Excellence is based in the capital of Tallinn, and regularly hosts large cyber defense exercises. Last year, when Russian hackers launched the largest online attack on Estonia since 2007, the country largely fended off the onslaught. 

Since Russia invaded Ukraine, Estonia has seen a decline in cyber attacks, said Tammer. And many of the attacks are intended less to actually impede government activities than to demonstrate a political point. 

“We see quite often that they take targets which are easily taken down because they have no value whatsoever,” said Tammer. The attacks are a “means of communication” he said, rather than designed to truly affect Estonian’s lives. 

A large part of Estonia’s cyber security isn’t just firewalls and software, but education, Tammer said. Following public information campaigns by his agency, the number of Estonians who said they had strengthened their passwords rose from 64 percent in 2019 to 71 percent three years later. 

Tammer’s team also sees changes in how Russian-based hackers operate, although he did not tie them explicitly to Ukraine.  For one, the Russian government is making more and more use of criminal hackers in operations in support of political goals. 

“There has been sort of a gradual shift, in the sense that, if you have sufficient skills, you can be beneficial to us,” he said. 

While Estonia is secure for now, Tammer warned of what might happen if and when Russia loses its war in Ukraine. With large numbers of Russians supporting the war, according to polls, he foresees a country that is eager to take revenge. 

““How do you express the frustration, if you are no longer able to express this using tanks?”  he said. “Cyber in that sense, continues to be a convenient tool.”