Heli Tiirmaa-Klaar wants to write the rules of cyber conflict. As Estonias first ambassador-at-large for cybersecurity, shes at the forefront of a battle over what countries can and cant do in cyberspace. Her ambition: to stop repressive governments from committing acts of war and aggression online, while ensuring they cant use international law to suppress the free flow of information. “The challenge for the next five to 10 years is how to keep the global internet open, or whether it will be split,” she says.
On one side of the debate are Tiirmaa-Klaar and her allies in the West, notably the U.S. and large EU countries, who are advocating for rules of non-proliferation in cyberspace, proposing to set strict limits on how states use botnets, malware and software vulnerabilities to attack other states and domestic political opposition. On the other are members of the so-called Shanghai Cooperation Organization led by Moscow and Beijing, who advocate a different approach to regulating cyber conflict that Tiirmaa-Klaar says will make it harder for countries to crack down on state-sponsored hacking activities and cybercrime, while undermining protections for human rights online. Both sides have submitted competing strategies at the United Nations, where diplomats like Tiirmaa-Klaar will be lobbying undecided countries for support.
Cybersecurity is an area where Tallinn punches above its weight. In addition to the countrys famous tech enthusiasm, Estonia was the site of what is considered to be Russias first sophisticated cyber assault. In 2007, amid controversy over the relocation of a bronze statue of a Russian soldier, the country came under large-scale attack. Banks, government networks, newspapers and internet infrastructure were hit by an orchestrated attack that Tallinn soon attributed to the Kremlin.
Heli Tiirmaa-Klaar, during an event on “Building cyber resilience” | Friends of Europe/Creative Commons 2.0 via Flickr
Tiirmaa-Klaar is Estonias heavy-hitter in the field of cyber diplomacy. She was part of NATOs first cyber policy team, and later, as the EUs first cybersecurity diplomat, she put in place measures that would allow the bloc to impose sanctions in response to a cyberattack. The measure has yet to be used, but its not a secret who Tiirmaa-Klaar believes should be in its sights. “We have to keep in mind that armament and readiness in Russia is increasing,” she says.