November 26, 2018

Estonian Cyber Command: What Is It For?

Estonian Defence Forces
Estonian Cyber Command creation ceremony, 01.08.2018.
Estonian Cyber Command creation ceremony, 01.08.2018.

About 30 countries were developing cyber-attack capabilities as of 2016.

Just as NATO and the EU are currently solving the issue of military mobility in the physical domain to enable allied forces to cross national borders quickly without legal, bureaucratic and technical obstacles, so should democratic states think about solutions enabling enhanced preparedness for military defence in the cyber domain, especially against authoritarian states.

State-developed cyber capabilities are considered the greatest threat to national security. Russia, China, Iran and North Korea have the best cyber capabilities among authoritarian states and these are seen as the biggest security threats by the West. Western intelligence agencies have warned that hostile states have introduced malware into the infrastructure of essential services that can be activated for a destructive cyber-attack if needed. Cyberspace has become a domain of warfare over recent decades: states conduct cyber-attacks resulting in billions of dollars-worth of economic loss during peacetime (such as WannaCry and NotPetya ransomware), and cyber-attacks are part of every armed conflict. Military experts have opined that the state that first uses electronic means of warfare will change the course of a war. Cyber operations can cause much economic and political damage and are highly likely to influence a war if military command systems or weapons systems are paralysed or the information communicated through them is manipulated.

Like many of its member states before, NATO declared in 2016 that cyberspace was an operational domain. The NATO Cyberspace Operations Centre was established in Belgium this year to plan and coordinate cyber activities. NATO allies can contribute their national cyber capabilities to NATO-led operations and the new centre is to provide the technical and procedural facilities for this. It has been proposed that, as cyberspace is a military domain just like land, sea, air and space, it should be defended by a separate service, or cyber operations should at least be planned, prepared and coordinated by an independent command acting the same way as other military commands, such as that for special operations. Among the 29 NATO members, at least eight have established an independent cyber command or service to date: France, Germany, Italy, the Netherlands, Norway, Spain, Turkey and the US. NATO states such as Belgium, Canada, Denmark, the Netherlands, Norway, the UK and the US also have cyber-attack capabilities in their military intelligence and/or national intelligence organisations.

Over the years, Estonia has maintained a leading position in developing NATO’s cyber defence policy. Our political capital and competence must be maintained while enhancing national cyber-defence capabilities; this will require both financial and human resources, as well as creative ideas. In August 2018, the Estonian Defence Forces launched a cyber command, whose mission is to defend the country’s information systems and to assist NATO allies, and to prepare for conducting active cyber defence operations. The cyber command will include an operations centre that makes preparations for cyber and information operations during peacetime and wartime. Although Estonia’s strategic documents do not define active cyber defence, it generally means counteractivities against specific threats in cyberspace. These activities include cyber-attacks, i.e. unauthorised intrusion to the information systems (hacking) of another country.

The cyber commands and forces of NATO allies perform various tasks, such as looking after the cybersecurity of armed forces’ data communication networks, information systems, infrastructure, weapons systems, etc.; procurement; and the recruitment and support of personnel and activities related to their career paths, education and training. As in traditional domains, the core task of the cyber command is to plan, prepare for and conduct cyber operations in cooperation with other military structures, especially military intelligence and operations directorates. What tasks should the Estonian cyber command perform?

Cyber operations require situational awareness and early warning. In physical domains, a good overview of the situation can be provided by airborne surveillance radar or a reconnaissance drone, but creating a comprehensible and usable situation overview in the cyber domain is a far more complicated task. The great powers are known to have advanced cyber-intelligence and cyber-attack attribution capabilities. The Estonian cyber command should therefore serve to improve awareness of the cyberspace situation and exchange related information with NATO, individual allies and other strategic partners.

Second, preparations should be made for cyber operations on the operational and tactical levels, especially to defend Estonia’s own forces and those of allies in the Baltic region. Cyber capabilities can be used on the tactical level, e.g. for influencing the local data communication network that the adversary uses in this geographical area. The third task is to provide mission assurance from the cybersecurity aspect. Commanders need assurance that military command and weapons systems, etc., provide reliable information. For example, electronic warfare and cyber-attacks can disturb the operation of GPS or alter GPS coordinates, which may lead to great damage to the armed forces. This task need not be exclusive to the command, as the land, naval and air forces have the best knowledge of their respective weapons systems and their dependencies.

Fourth, the conduct of cyber operations is based on long-term clandestine intelligence and preparation, which can be carried out by military intelligence and/or the cyber command. The vision of the US Cyber Command states that, as hostile states continuously operate everywhere in cyberspace, counter-activities have to be based on the same principles. As the scope of cyberspace is almost incomprehensible and hostile states conduct cyber-attacks, espionage and related technical preparatory activities without interruption and throughout cyberspace, continuous and geographically unlimited intelligence, surveillance and preparations are also essential for defence purposes.

An important principle in democratic states is political supervision over the activities of intelligence services and armed forces. The authority of these entities must therefore be delimited by law and adhered to. However, this is not the case in authoritarian states, which gives them an advantage in cyberspace. Democratic states have therefore begun to adjust their understanding and their legal systems. For example, the Netherlands extended the authority of its intelligence organisations to gather information in data communication networks, while the Finnish parliament is discussing a package of laws enabling military intelligence to conduct surveillance of such networks in Finland and abroad. In Germany, where the public is historically very sensitive about the authority of intelligence services, there is a debate over the need to allow them to “hack back” – which  means that an authorised government agency would, for example, have the right to destroy stolen data in a foreign network.

Democratic nations have so far vested the right to decide on the use of cyber operations in the highest political level. For example, in the US and France it is vested in the president; in the UK in the government; and in Germany and Estonia in parliament. For practical reasons, many states have now begun to delegate it to a lower level. As the success of cyber operations requires lengthy preparation and rapid and secret implementation, public debate such as in parliament is often impossible. The US Congress is currently discussing a bill that would authorise the Secretary of Defence to decide on the use of cyber operations in certain situations (such as countering cyber-attacks, the consequences of which are comparable with those of an armed attack or that seriously disrupt the continuity of essential services). The bill would also authorise the commander of the US Cyber Command to conduct surveillance outside the country’s borders and to conduct cyber and information operations to counter Russian cyber campaigns. Certain activities of the Cyber Command are also authorised under rules of engagement and other lower-level legislation.

Just as NATO and the EU are currently solving the issue of military mobility in the physical domain to enable allied forces to cross national borders quickly without legal, bureaucratic and technical obstacles, so should democratic states think about solutions enabling enhanced preparedness for military defence in the cyber domain, especially against authoritarian states. To quote General Keith Alexander, former head of the US Cyber Command: the characteristics of war in cyberspace “are so radically different that they demand significant innovation and changes to the way we organise and conduct military operations in this domain.”


Translated into English from an article published on July 24, 2018 in the Estonian-language daily Postimees. The original article is available at: