Cybersecurity
Bookmark

Estonia shows what an agile cyber coalition in wartime looks like

By Si Ying Thian

What happens when aid outlives the emergency? Digital and cyber diplomat Priit Turk shares how the Tallinn Mechanism has stayed lean and responsive, while taking a longer-term view of the cyber capabilities needed after the war.

Partners of the Tallinn Mechanism convened in London about two months ago to coordinate support for Ukraine’s civilian cyber resilience. Image: Priit Turk's LinkedIn

More than a year into the war with Russia, the cyber support flowing into Ukraine had been generous but chaotic – that is, fragmented and duplicated. 

 

“There was some level of support coming in... but not coordinated enough,” recalls Priit Turk, Director General for Digital and Cyber Diplomacy, Estonia’s Ministry of Foreign Affairs. 

 

A group of nations gathered in Tallinn, Estonia, to fix that: coordinating donors and matching ad-hoc support to specific cyber needs identified by Ukraine itself.  

 

Set up in 2023, the Tallinn Mechanism had carved out a specific role to coordinate civil cyber support for Ukraine, complementing the IT Coalition’s military work.  

 

The mechanism ran on a simple premise: find the need and deliver the project. 

 

Even as it scaled to 14 donors, it never lost its lean character despite its rotating chairmanship and a growing number of partners, including the private sector. 

 

Three years on, Turk shares more about what it takes to keep an agile coalition alive in the middle of a war, and what governments everywhere can learn from it. 

When diplomacy finally moves fast enough 

 

Diplomacy, by reputation, is slow. Consensus takes years, but Ukraine didn’t have that kind of time. 

 
Priit Turk is the Director General for Digital and Cyber Diplomacy, Estonia’s Ministry of Foreign Affairs.

“We have to do it very efficient and lightweight: To know the needs, jump to the projects, and link them up with the donors,” Turk says. 

 

The instinct to adopt an agile startup approach, he notes, is also distinctly Estonian.  

 

“There was a very clear need, and that's how we function. You collect a team and you start to work,” he notes. 

 

Ukraine, which was fighting a war on multiple fronts including cyberspace, came with the same urgency. 

 

But Estonia’s role in the mechanism didn’t emerge from nowhere.  

 

Long before Russia’s full-scale invasion, the country had been building its cyber cooperation with Ukraine in capacity building and technical assistance. 

 

Turk says that groundwork mattered, as “we were naturally there on cyber issues.” 

 

Ukraine drives the agenda of the mechanism, with its authorities coordinating internally to prioritise a list of civilian cyber projects.  

 

From there, donor countries pick what fits their expertise, capacity, and even presence on the ground. For example, Estonia implements on behalf of Sweden and Norway, while the Dutch does the same for the US. 

 

With a rotating six-month chairmanship, Turk says that the handover barely creates slug in the processes. 

 

 “There is a very clear understanding of light coordination and focus on delivering as quickly as possible,” he says. 

 

It turns out that urgency is the mechanism’s own governance principle.  

 

“If these capabilities, be it training or secure connections, are not developed or kept running, Ukraine just doesn’t have the time to cope with the attacks,” he says. 

Moving from aid to architecture 

 

The war was supposed to be the emergency. But years later, the mechanism faced the question of what happens when the temporary aid outlives the emergency. 

 

This gave rise to the Tallinn Mechanism platform, which is a digital marketplace connecting Ukrainian cyber needs directly with private sector partners globally. 

 
Talinn Mechanism Platform is a digital marketplace to connect global cybersecurity companies and tech providers with donor-funded projects aimed at strengthening Ukraine's civilian cyber defence. Image: platform-tm.com

The platform was launched in February this year, with 104 companies from its donor countries registered on it in its first month.  

 

It was necessary to take a longer-term view of cyber capabilities needed beyond the war itself, he says. 

 

For Estonia, “it was very natural that whatever capabilities created as a country involved the private sector,” he said, pointing to private sector involvement in digital state systems like X-road. 

 

Moving away from donations, the platform was built to attract companies to Ukraine, positioning the country more as an innovation testbed than an aid recipient.  

 

“If you want to be globally top in cyber, you need to be there,” Turk says.  

Lessons from the coalition room 

 

That gap between agile coalitions and multilateral frameworks isn’t a flaw, Turk says. 

 

But he is candid about what global processes can and cannot do. Consensus-building takes time and trust, with the process providing limited space to be “super innovative.” 

 

Estonia has been active in UN cyber norm-setting for over 15 years, and was the first to bring cybersecurity to the UN Security Council table, says Turk. 

 

“We believe the same international laws in human rights should apply in cyberspace as well,” he adds, highlighting that it takes time to shape norms and develop capacities to apply these norms. 

 

Not just to comply with norms, countries also need the capacity to understand and implement those meaningfully. This is why Estonia has been investing in the capacity building front when it comes to tech diplomacy. 

 

These efforts include running cyber diplomacy summer schools and legal workshops aimed at smaller nations and the Global South, helping them understand what is being negotiated at the UN level and why it matters. 

 

“Every country should have the capabilities to participate in these processes,” Turk says.