European Union Encourages Technology Adoption via Commission's New Program
In the rapidly evolving landscape of global politics, the significance of cybersecurity is increasingly being recognised as a critical factor in new conflict scenarios. This is particularly true when a state finds itself drawn into the conflict of another country, as was the case with Georgia and Estonia.
During the conflicts involving Russia, both Estonia in 2007 and Georgia in 2008, witnessed significant cyberattacks. These digital assaults underscored the potential for geopolitical tensions to spill over into the digital domain, causing disruptions to critical infrastructure and government services [1][4].
For states, this means increased vulnerability to cyberattacks and the need to prepare for potential cyber aggression. Heightened risk of service disruptions is another concern, as seen in Estonia where government websites and banks were targeted [1]. To counter these threats, states must invest in advanced cybersecurity technologies and strategies, strengthen their cybersecurity frameworks, and ensure robust measures to prevent disruptions and maintain continuity of critical services.
Businesses operating in or with partners from affected countries may also face indirect cyber threats. Local infrastructure and services disruptions can impact business operations even if they are not directly targeted [1][4]. Companies must assess their supply chain risks and ensure they have contingency plans in place. Compliance with local and international cybersecurity regulations becomes crucial to mitigate risks and maintain operational continuity.
Moreover, companies should view cybersecurity as an integral part of their strategic planning, investing in cybersecurity talent and technology to stay ahead of evolving threats.
Our company, with its international cyber expertise and role in the critical infrastructure sector, recently participated in a war game organised by the European Defense Agency (EDA). The exercise involved actors from administration, national defence, and economy, demonstrating the need for joint training for worst-case scenarios.
However, such situations present a challenge for cooperation between states and the economy due to differing interests. Escalation can occur due to these differing interests between actors. Clear rules are needed for all actors involved to prevent escalation and ensure effective cooperation.
The insights gained from this war game are being used for internal crisis and emergency management, particularly for factors outside our own sphere of influence. The war game provided our experts with a comprehensive picture of individual approaches and strategic considerations.
Conflicts similar to those in Georgia and Estonia demonstrate the relevance and potential severity of such threats. The lessons learned from these incidents underscore the importance of robust cybersecurity measures for states and businesses alike.
References: [1] CNN (2007) Estonia under cyberattack. https://edition.cnn.com/2007/TECH/internet/04/26/estonia.cyberwar/index.html [2] BBC News (2008) Georgia: Cyber attacks hit government websites. https://www.bbc.com/news/world-europe-45637823 [3] European Union Agency for Cybersecurity (2021) Cybersecurity for small and medium-sized enterprises (SMEs). https://www.enisa.europa.eu/publications/cybersecurity-for-smes [4] European Commission (2021) NIS2: New rules for cybersecurity in the EU. https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12524-Cybersecurity-for-the-digital-age-NIS2_en
- In light of the cyberattacks during the conflicts in Estonia (2007) and Georgia (2008), which involved significant digital assaults, businesses must prioritize cybersecurity and invest in advanced technologies to counter potential cyber threats and safeguard their critical services.
- To maintain operational continuity and avoid indirect cyber risks, companies engaging with partners from countries affected by geopolitical conflicts, such as Estonia and Georgia, should conduct risk assessments, ensure compliance with local and international cybersecurity regulations, and have contingency plans in place as a proactive measure.
