Article content
Western countries, including Estonia, have supported the Ukrainian government with cyber security tools, services, and expertise for years. Last year, they decided to make that support a little more official. On 30 May 2023, representatives from Estonia, Canada, Denmark, France, Germany, the Netherlands, Poland, Sweden, Ukraine, the UK, and the US signed an agreement called the Tallinn Mechanism.
Under the Tallinn Mechanism, officially launched on 20th December, Ukraine’s cyber security needs will be systemised and coherently matched to donors. In addition to government support, tech firms and NGOs also participate in the Mechanism. For this reason, Estonia will allocate €500,000 to support it. Estonia is also running the front office for the Mechanism from its embassy in Kyiv with a specially dispatched cyber attaché to support the effort. (The back office is located in Warsaw.)
His name is Lauri Luht, and he arrived in Kyiv in September after serving as head of Eastern Partnerships for the Estonian Centre for International Development and head of the National Situation Centre for the Estonian government before that. Most of his career has been focused on cyber security and crisis management. So, naturally, when he got to his desk in Kyiv, he was first asked to set up the office printer. “It was just classic,” says Luht, who recently described his experiences in an interview. However, there are pitfalls to being a cybersecurity expert. All of his friends hit him up now and then for IT advice. Yet Luht majored in international relations. As such, he is particularly well suited for his role as a cyber attaché.
Other than setting up the office printer, what does a cyber attaché do?
I am here supporting ten donor countries for the Tallinn Mechanism, setting up routines and information exchanges, trying to manage any obstacles, and providing all the nations involved with relevant information. Estonia took the lead in this framework and the Mechanism itself, and there was a promise to send someone to work every day with Ukrainian government agencies and support their needs. The Mechanism requires someone to ensure that everyone is content with the support for Ukraine and that the Ukrainians are content with the support they receive. It’s very much a nascent position. Nevertheless, giving direct information daily is what should be done. We are just starting. When we go to implementation, I will support projects, maintain close contacts with the industry, and ensure everything goes smoothly on site.
Does every embassy have a cyber attaché?
I would say it’s quite rare. People in different embassies cover cyber, but there is usually no dedicated person only for that. I’m here specifically for the Tallinn Mechanism. In other Estonian embassies around the globe, some people cover cyber, among other related issues.
What is Kyiv like these days? Did you have to take the train from Poland?
There are different options. I prefer the train. Some delegations travel by car or minivan. But, of course, Kyiv is beautiful. It’s a big city, a great city. All the shops are open, and if you don’t mind the curfew or air alerts, you would consider Kyiv like any other city. But unfortunately, Kyiv, like all of Ukraine, is at war. Some things have gone on as before, but we shouldn’t try normalising the situation. It’s everyday life, as normal as it can be. I like to ask people, can you imagine air raid sirens, going into shelters, or being stopped at guards’ posts when you enter the city or government areas in your own country? Of course, the answer is no. Humans try to make our situations seem better or see them differently. It’s worth mentioning that Kyiv is different from many other places in Ukraine. It provides safety for a lot of Ukrainians who come here.
Various states have provided cyber security assistance to Ukraine ad hoc for years. What has Estonia been doing?
In bilateral terms, the US has been the biggest donor in terms of gross amount. From the Estonian side, we didn’t start our support for Ukraine when the full-scale invasion happened back in 2022; we were there long before. There has been a long-term partnership and cooperation between our cyber security agencies in training and capacity building. Of course, it is not comparable to the hundreds of millions invested by more prominent countries. Still, whatever we can give, and whenever we are able, given our experience and knowledge in this area, then that is what we have been doing.
But given this previous support, why was there a need for the Tallinn Mechanism?
Suppose the same or different authorities contact different countries with the same or different needs. In that case, the donors meet in Kyiv and have to ask, ‘Okay, are you already doing this or that?’ Then, it’s not as productive as planning and identifying the broader needs, such as technology support, licenses, and training, and doing it collectively so that everyone can check in.
Ukraine is huge—it is the biggest country in Europe. That is one reason for better coordination between the donors, so that they can see who can provide what and do it together and to ensure the Ukrainian side that different authorities will look at their common needs.
Certain services or technology are not needed by just one agency but might be used by several. Both options are valuable. The main objective is to make our assistance more efficient in the long term.
What do the Ukrainians need that they don’t have?
If you look at the market, some big vendors have different software, servers, and hardware that are not built in Ukraine but elsewhere. In terms of software and services development, of course, it’s something Ukraine can do. Still, some things are developed in security and can be contributed, including Ukrainian businesses. The best combination always wins. We try to accomplish this with our Ukrainian colleagues and donor countries. They agree on what services or developments are needed on site. There might be some things that can be done only on-site, and others only delivered from elsewhere.
Have the cyber security challenges changed since the start of the war? How?
They have become more intense toward critical infrastructure. If cyber attacks don’t take them down, they will be followed by bombs and rockets. It covers all spheres: banks and telecommunications. There was a huge cyber attack on Kyivstar, the biggest telecom company in Ukraine, which has more than 24 million clients. They had a total blackout for several days in December. And every new service they implement gets attacked immediately.
What does Estonia bring to the table?
Being on-site and supporting them on-site. That is very valuable for Ukraine, us, and our partners. Some countries still find it quite challenging to be here daily. It has been a long-term relationship, with long-term trust established, and even though Estonia’s monetary support cannot compare to the US, UK, or other larger countries, Estonia can contribute with support and activities on site. We also have very good solutions and good companies that can contribute to cyber security efforts. That’s not something to underestimate. However, regarding the Tallinn Mechanism, being in the front office is an Estonian contribution. We are here to work with the Ukrainians, meet their needs, and help improve things. It’s a very clear contribution. There is a back office in Poland, which is very important. They’re the ones, the cogwheels of the daily operations of the Tallinn Mechanism. Their role will be important in the implementation phase.
What should we expect out of the Tallinn Mechanism this year?
We aim to quickly provide Ukraine with the assets, technology, knowledge, and training it needs. Ukraine, of course, tells us what it needs. We don’t press them on what they need. They say what they need, and we quickly deliver. But we also aim to provide a long-term, stable mechanism for years to come, not only quick support on site. We can quickly provide what they need in a coordinated manner. And their needs are huge.