How cyber war games in Estonia looked at future Russian threats

The U.S. embarked on a Cyber Command mission in Estonia this fall to support the Baltic nation, which has in years past been a target for Russian hackers, and also to gain insight on Russian operations.

Patrick Semansky/AP
The National Security Administration campus is seen on June 6, 2013, in Fort Meade, Maryland. The U.S. Cyber Command operation in Estonia was part of an election-season effort to preemptively identify cyber threats from Russia and other adversaries.

In a modern twist on old-fashioned war games, the United States military dispatched cyber fighters to Estonia this fall to help the small Baltic nation search out and block potential cyber threats from Russia. The goal was not only to help a NATO partner long targeted by its powerful neighbor but also to gain insight on Russian tactics that could be used against the U.S. and its elections.

The  U.S. Cyber Command operation occurred in Estonia from late September to early November, officials from both countries disclosed this week, just as the U.S. was working to safeguard its election systems from foreign interference and to keep coronavirus research from the prying reach of hackers in countries including Russia and China.

Estonian officials say they found nothing malicious during the operation.

The mission, an effort analogous to two nations working jointly in a military operation on land or sea, represents an evolution in cyber tactics by U.S. forces who had long been more accustomed to reacting to threats but are now doing more – including operating in foreign countries – to glean advance insight into malicious activity and to stop attacks before they reach their targets.

The Defense Department has worked to highlight that more aggressive “hunt forward” strategy in recent years, particularly after Russia interfered through hacking and covert social media campaigns in the run-up to the 2016 presidential election. American officials were on high alert for similar interference in 2020 but described no major problems on Nov. 3.

“When we look at the threats that we face, from Russia or other adversaries, it really is all about the partnerships and our ability to expand really the scope, scale and pace of operations in order to make it more difficult for adversaries to execute operations either in the United States, Estonia, or other places,” Brig. Gen. William Hartman, commander of the Cyber National Mission Force, said in a conference call with a small group of reporters this week.

Estonia, a former Soviet republic, was in some ways a natural fit for a partnership with Cyber Command because in years past it has been a cyber target of nearby Russia, including crippling attacks on government networks in 2007.

Estonian officials say they have since strengthened their cyber defenses, created a cybersecurity strategy, and developed their own cyber command, which like the U.S. version is part of the country’s military.

While nothing malicious was found on the networks during the exercise, “what we did learn is how the U.S. conducts these kinds of operations, which is definitely useful for us because there are a lot of kind of capability developments that we are doing right now,” said Mihkel Tikk, a deputy commander in Estonia’s Cyber Command.

Mr. Tikk added: “In some areas, it is wise to learn from others [rather] than having to reinvent the wheel.”

Mr. Hartman declined to discuss specifics of the operation but said the networks in Estonia were “very well defended.”

“I don’t want anyone to leave here with the impression that Estonian networks were full of adversary activity from a broad range of nation states,” because that is not the case, he added.

Gen. Paul Nakasone, the commander of Cyber Command and the director of the National Security Agency, has hinted at a more aggressive, proactive federal government approach to cyber threats.

In an August piece for Foreign Affairs magazine, for instance, Mr. Nakasone wrote that U.S cyber fighters have moved away from a “reactive, defensive posture” and are increasingly engaging in combat with foreign adversaries online.

Cyber Command has worked in past years with countries including Montenegro and North Macedonia on similar missions. Estonian officials say they believe the partnership could be a deterrent to countries such as Russia.

“These kinds of operations, I think, they will continue,” said Undersecretary of Defense Margus Matt. But, he added, “I don’t know how much we will speak of them publicly.”

U.S. officials say they think the risks of a proactive approach – a country, for instance, could regard such an operation as a provocation toward a broader international cyber conflict – are outweighed by the benefits.

“We believe that inaction in cyberspace contributes to escalation more than reasonable action in cyberspace,” said Thomas Wingfield, deputy assistant secretary of defense for cyber policy.

This story was reported by The Associated Press.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to How cyber war games in Estonia looked at future Russian threats
Read this article in
QR Code to Subscription page
Start your subscription today