NATO CCDCOE – Expertise and cooperation make our cyber space safer

Article content

Changes at the helm of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Col. Jaak Tarien, previously Commander of the Estonian Air Force from August 2012 through July 2018, is the new head of the Centre of Excellence in Tallinn. As former Director Merle Maigre leaves the office, Col. Tarien wants to make sure that continuity and further developments are granted in the coming period of activities.

Dealing with cyber threats that our democracies and nations face has been one of the talking points also during last year’s Tallinn Digital Summit – sign that European leaders are well aware of the necessity to protect the digital way of life or our paths to a fully digital society. Estonia is a striking example in this sense: not only we are considered the most advanced digital society in the world, but we’ve also been the first recipients of a large-scale politically motivated cyber attack directed to a country in 2007.

One year ago, we sat down with professor Jarno Limnéll to get to know more about the state-of-the-art in cyber security at a European level. Newly appointed Col. Jaak Tarien takes us a step forward, explaining the duties and action plans of the NATO CCDCOE in providing core, critical expertise and training to Member States and Allies on how to keep our cyber sphere safe.

Col. Jaak Tarien, Director of the NATO CCDCOE

Col. Tarien, you have just this new high-level position in Tallinn. Someone could think that the NATO CCDCOE is an operational unit, but things are quite different: how did it all start, and what are the main activities of the Centre?

The NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, and the relevance of the cyber domain in our daily lives, have both evolved rapidly in the last ten years. Estonia proposed to create a cyber defence hub that could be included in the network of NATO’s Centre of Excellence already when it joined NATO, in 2004. At the time, however, the entire topic of cyber attacks on a nation and their connections to NATO were an unexplored area. We could say that nations didn’t take cyber defence seriously enough back then. The first politically motivated cyber attacks on Estonia, in spring 2007, changed the perspective of many countries and of the Alliance – a wave of DDoS attacks on various governmental, media, banking, and other sites, acted as a wake-up call and accelerated the process of establishing the CCDCOE in 2008. In ten years, we have grown from 7 founding members to a 21-nations-strong cyber defence hub with prominent world-known flagships, and several more nations lined up to join our community.

Our core mission and unique role are to foster cooperation among member states and to offer an interdisciplinary approach to the most relevant issues in cyber defence. We conduct research, trainings, and exercises in four core areas – technology, strategy, operations, and law.

We bring together researchers, analysts and trainers from the military, government, academia and industry. As a think-thank-type of organization, our mandate is to come up with new innovative approaches and to raise awareness and share this new knowledge in cutting-edge training and exercises. We’re not to be considered as an operational unit, indeed: we do not defend any networks nor act as a rapid response team when trouble strikes.

Does this change represent a new challenge for you too, in relation to your previous experience in the military and defence field? What are your goals as a Director of the Centre?

My experience as the Commander of Estonian Air Force has prepared me quite well to work with smart and dedicated people, who are in high demand both in the public and private sector. It is challenging to involve and keep motivated highly qualified cyber experts, but fortunately the unique tasks and projects carried out at CCDCOE have brought together an exceptional team. The demand for high-quality research, training, and exercises based on the most prominent trends in the cyber sphere is growing. My aim at CCDCOE is to continue the good work done over the past years, strengthen ties with the defence industry, and to develop further best practices and tools useful to the militaries of our member nations. Cyber defence skills should be elementary for military service in all ranks and domains.

The vision is to make the Tallinn CCDCOE one of the main points of reference when it comes to talks about cyber defense and security. What kind of expertise does the Centre already offer to its affiliated Member States?

CCDCOE has earned recognition in the international cyber community with three main flagships.

  • We are home to the Tallinn Manual 2.0, the most comprehensive guide for policy advisors and legal experts on how International Law applies to cyber operations carried out between and against states and state actors. It’s invaluable analysis by an international group of renowned scholars published in 2017, and it keeps inspiring both academic research and state practice. The Tallinn Manual process continues with a legal, technical, strategic and operational assessment of cyber scenarios with an aim to publish a practical reference material for Cyber Commands
  • Every spring we organize Locked Shields, an international cyber defense exercise offering complex technical live-fire challenges in the world. The annual sessions enable cyber security experts to enhance their skills in defending national IT systems and critical infrastructure under real-time attacks. The focus is on realistic scenarios, cutting-edge technologies, and simulating the entire complexity of a massive cyber incident – including strategic decision-making, legal and communication aspects. More than 1000 cyber experts from 30 nations took part in Locked Shields 2018, the exercise involves around 4000 virtualized systems and more than 2500 various attacks altogether
  • We organize an annual international conference on Cyber Conflict, addressing the most relevant issues concerning the international cyber defense community. CyCon has become a community-building event for cyber security professionals, adhering to the highest standards of academic research and bringing to Tallinn around 600 decision-makers, opinion-leaders, top military brass, law and technology experts, from the governments, military, academia and industry representatives from about 50 countries. Notable keynote speakers included: H.E. Kersti Kaljulaid, the President of Estonia; Alex Stamos, Chief Security Officer of Facebook; Dr Antonio Missiroli, NATO Assistant Secretary General on Emerging Security Challenges; Thomas Dullien, Staff Software Engineer at Google Zero, and many others distinguished experts. In 2019 the 11th CyCon will take place from 28 to 31 May on the theme “Silent Battle”. For the third year, this time on November 14th-15th, the Army Cyber Institute at West Point organizes CyCon U.S. in Washington D.C., in collaboration with CCDCOE. CyCon U.S. complements and broadens the reach of CyCon by promoting multidisciplinary cyber initiatives and furthering research and cooperation on cyber threats and opportunities.

What are, right now, the main types of cyber threats that our society and nations are exposed to? Are we ready to effectively respond to them?

Technologies and threats in cyber space are in constant change, our dependence on a digital lifestyle recognizes no geographical borders, nor it draws differences between civilian and military, private and public domains – any technology or system is a potential target for cyber attacks. While businesses and the industry might be more concerned with cyber crime and espionage for economic gains, nations and international organizations such as NATO are dealing with the growing threats from state actors in cyber space. Some of these attacks are becoming more complex, better coordinated and financed. For example the attempts to influence elections, serious data breaches – such as the hacking of the US Office of Personnel Management (OPM), that revealed a data breach targeting the records of as many as four million people. A growing concern for nations is potential targeted attacks aimed at our critical infrastructure – power supplies, clean water, emergency communications, and other vital services functioning properly. This is why Locked Shields in 2018 also focused on the protection of some of these key systems.

An assessment of the readiness against cyber threats of Estonia, and of the Member States that joined the Centre: keeping in mind the national differences, could unity make the cut in a new type of warfare?

The systems running our critical infrastructure and other modern services are in constant development, we have to test and drill our resilience and defense strategy on a regular basis. Our cyber defenders have to keep learning and practicing cooperation with Allies on a regular basis too.


Visit us physically or virtually

We host impactful events both in our centre and online for government institutions, companies, and media. You’ll get an overview of e-Estonia’s best practices and build links to leading IT-service providers and state experts to support your digitalisation plans.

Questions? Have a chat with us.

Call us: +372 6273157 (business hours only)

Find us

The Briefing Centre is conveniently located just 2 minutes drive from the airport and 10 to 15 minutes drive from the city centre.

You will find us on a ground floor of Valukoja 8, central entrance behind the statue of Mr Ernst Julius Öpik. Photo of the central entrance.

Valukoja 8
11415 Tallinn, Estonia