Women in Cyber: Setting the rules of a borderless world

By Shirley Tay

Heli Tiirmaa-Klaar, Estonia's Ambassador-at-Large for Cyber Diplomacy, shares how she helps develop international coordination to cyber attacks.

The digital world is borderless, interconnected and difficult to govern. This new world only came into existence in the last few decades, and governments are still figuring out how to coordinate international efforts in it.

Heli Tiirmaa-Klaar, Ambassador-at-Large for Cyber Diplomacy, Director-General of the Cyber Diplomacy Department at the Ministry of Foreign Affairs of Estonia, shares how she helps forge a new path for European digital diplomacy. She discusses her role developing the EU's coordinated cybersecurity response and what it means to be a cyber diplomat.

Tell us more about your role. How do you protect the digital realm and improve citizens’ lives?

As Estonia’s inaugural Ambassador-at-Large for Cyber Diplomacy, a large part of my role is making sure that the global, open, free and interoperable cyberspace is preserved. Cyberspace does not know borders so it is all the more important that the various actors follow the rules in place. Therefore, over the past decade at the UN we have developed and agreed a normative framework for responsible state behaviour. Another important element of my role is also to do with thinking of ways to raise the cost of malicious activity in cyberspace through diplomatic measures. And of course, I am representing Estonia at international cyber conferences and official fora.

What sparked your interest in cybersecurity?

I have been involved in cybersecurity and what we now call cyber diplomacy for more than a decade. In that time I have seen it evolve from a very nascent field without any international political consultation mechanisms in cyber issues into an area which features in the news daily and is top of mind for an increasing number of governments, companies, citizens.

My own journey is closely related to the events of 2007 when Estonia got tested in cyberspace with the first-ever large-scale coordinated cyberattacks in history against an entire nation. This was also a turning point for Estonia’s internal cybersecurity policy development. I was working in the Estonian Ministry of Defence back then and got the task of preparing Estonia’s first cybersecurity strategy. Estonia was actually the first government in the world to adopt a whole-of-government national cyber security strategy in 2008. Many of the developments we initiated then to ensure Estonia’s cyber resilience are still relevant today – for example, our dedicated cybersecurity agency, the Estonian Information System Authority, celebrated its 10th anniversary this summer.

What has been the most impactful project of your career?

I have had the great luck to be able to initiate and lead a number of interesting projects throughout my career in Tallinn and Brussels, so it is hard to choose one. If I had to pick, I would probably say that building cyber diplomacy posture for the European Union, including the development of the EU’s Cyber Diplomacy Toolbox, and initiating EU strategic dialogues with the US, India, Brazil, China, Japan, South Korea, and a number of international organisations, from when I was still working as Head of Cyber Policy Coordination at the European External Action Service. Three years after leaving the External Action Service and now working in the Estonian foreign ministry, I can see just how impactful and relevant it is today that the EU is able to coordinate responses to malicious cyber activities. The EU Cyber Diplomacy toolbox has a number of different tools – ranging from dialogues to possible responses such as restrictive measures in the case of malicious operations. The logic here is that malicious actors need to understand that irresponsible behaviour in cyberspace is not without consequences.

What challenges would you like to take on in the next year?

Cyber diplomacy is one of the priorities of Estonia’s foreign policy and we are involved in a number of global and regional initiatives to advance responsible state behaviour in cyberspace. For example, this year Estonia hosted the first official meeting on cybersecurity in the UN Security Council. Next year, I would really like to focus on enhancing cyber capacity building – we are part of the World Bank’s newly launched Multi-Donor Cybersecurity Trust Fund and leading the EU CyberNet project to boost the EU’s external capacity building projects. The application of international law in cyberspace also continues to be a most crucial topic, so it will be important to support exchanges of views between states and experts in this field. This year’s official compendium of voluntary state contributions published alongside the consensus report of the UN Group of Governmental Experts was a welcome development.

Who or what inspired you this year, and why?

This year, I was mostly inspired by the very vibrant start-up tech community in Estonia. Estonian tech experts have initiated seven unicorns over the years: Skype, Playtech, Wise, Bolt, Pipedrive, ID.me, and Zego. This constitutes the highest ratio of unicorns per capita in the world as we are a very small country. It is most inspiring to hear the stories from the entrepreneurs of how they made their first steps and built their companies.

What advice would you give to women looking to start a career in cybersecurity?

Do not be afraid to enter this field, even if it might seem complex. Cybersecurity is not only about technology but also about people, processes and procedures. So we need experts from all walks of life, not just technical experts. We need lawyers, strategists, people with a background in political science and history, in order to address the challenge of building trust in cyberspace.

If you could sum up your life motto in one sentence, what would it be?

Innovation and change happen if you see new aspects within an existing field and/or new ways forward, and are able convince those around you on the necessity of change.