Black Hat Governments need to "turn from public private partnership slogans to real partnerships" on cybersecurity, former Estonian foreign minister Marina Kaljurand told the Black Hat infosec conference in London this morning.
In a wide-ranging speech where she talked about everything from diplomacy to the relationship between states, laws and the private sector's ability to help deliver cybersecurity policies online, Kaljurand emphasised that a nation is just one actor among many when it comes to online mischief.
"Cyber is so wide that states alone cannot be sufficient in providing security," she said. "It is a space where the private sector owns nearly all digital and physical assets and has the best experts. It's the sphere where civil society can produce norms, recommendations for responsible state behaviour, it is a space where civil society is also the watchdog of civil rights."
Kaljurand, a member of Estonia's social democratic party, drew on her experiences as foreign minister to call for closer relations between governments and the private sector on cybersecurity – a bold thing to say in the UK, where the approach until relatively recently was to look after itself and let the private sector sink or swim. Even now, the British state prefers growing its own cybersecurity talent.
"I would argue that states and governments have a unique role in ensuring cybersecurity. But for the first time in the history of my planet, states alone cannot be sufficient. It is very different from what we're used to seeing today with weapons of mass destruction, nuclear weapons weapons and so on."
The former Estonian minister also addressed the eternal question of attributing nation-state-backed cyber attacks to their originators. Though she praised the UK for attributing NotPetya to Russia; she was forthright in condemning EU countries' largely equivocal response at the same time. "That immediately raised the question, where is Germany, where's France, where is Italy? Where are others?... The [EU] statement was really poor and weak."
Kaljurand concluded by repeating her call for greater cooperation between states and the private sector, something Estonia has pioneered – to the point where the Baltic nation now hosts the NATO Cooperative Cyber Defence Centre of Excellence, building on Estonia's long history of facing down Russian cyber-naughtiness.
"State practice creates the norms by which cyber is governed. Nobody argues that international laws don't apply to cyber; the question is how." ®