Women in Cyber: Securing one of the world’s top digital nations

By Shirley Tay

Merle Maigre, Senior Expert on Cyber Security in e-Governance Academy, discusses her role advising the Estonian government on the safest ways to innovate.

The world looks to Estonia as a leader in digital government. But the country's innovation does not come without risks, as their many digital services provide more areas for hackers to target. Estonia looks to non-government organisations for support in securing its digital services.

That's where Merle Maigre, Senior Expert on Cyber Security in e-Governance Academy can help. She discusses her role advising the Estonian government and how cyber threats have had a direct impact on her life.

Tell us more about your role. How do you protect the digital realm and improve citizens’ lives?

I currently work as the senior expert on cybersecurity at the E-Governance Academy of Estonia (eGA). It is a nonprofit organization that helps governments to go digital. Active since 2002, eGA creates and transfers knowledge and best practice in the area of digital transformation. eGA aims to empower central and local government decision-makers to lead digital transformation programmes to create smart, sustainable and effective e-government, e-democracy and cybersecurity solutions. eGA makes this happen through consulting, training, networking, research and assistance of implementing technical solutions. We believe that a digital society cannot safely exist without a solid cybersecurity framework.

What sparked your interest in cybersecurity?

My own personal first-hand experience with cybersecurity goes back to 2007, when Estonia’s digital infrastructure was hit by cyber attacks during heightened political tensions with Russia over a Soviet-time war monument. Now we know that this was the first time in history that state-sanctioned cyber attacks were used to advance political goals.

At the time of the attacks, I was working in Kyiv, Ukraine, while my then-two-year of son and husband stayed back in Estonia, our home country. For several days, I was unable to get any information of what was really going on in Estonia, because the country’s governmental and news media servers were paralysed. The Estonian national Computer Emergency Response Team had cut the networks off, isolating the country’s systems to allow them to recover from the attacks.

Today, cyber conflicts are, of course, much more varied, including targeted phishing attacks and advance persistence threats aimed at our critical infrastructure, fake news, election hacking, ransomware.  Nevertheless, the attacks against Estonia in 2007 served as a wake-up call. Both for myself personally and for the society at large.  It made people realize that attacks in cyber space could be just as serious as physical attacks. It made them realize that what is happening in cyberspace is closely linked to what is happening in other domains. It also prompted a first serious public discussion on the possible impact that cyber attacks could have on national security. For myself, the personal experience made me realise how completely IT and digital services have changed our society. How almost everything we do depends on some kind of a digitized system. How digital society and e-services cannot safely exist without a solid cybersecurity framework. How cybersecurity and overall security converge. And how cybersecurity really is a strategic concern and should not be degenerated into a technical issue. What I learned from that experience was that in today's world, there is no way of understanding security and providing security without understanding the basics of cybersecurity.

What has been the most impactful project of your career?

One of the most impactful periods in my career was directing the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE) in Tallinn. This is an international NATO-accredited centre of excellence that carries out cyber defence-related research, training and exercises. The centre connects a trusted community of likeminded states who wish to share information and expertise in cybersecurity.

The  best-known projects of NATO CCDCOE are the world’s largest and comprehensive cyber defence exercise Locked Shields, its annual cyber conference CyCon, and its publication Tallinn Manual, which looks at cyber operations in the context of international law. The centre supports NATO in various activities, from providing analyses of cybersecurity trends and threats to training and doctrine. The advice provided by the centre is valued and taken into consideration by NATO members and other partners.

What challenges would you like to take on in the next year?

I would like to continue currently ongoing work on cybersecurity capacity building among emerging economies, especially among European Union Eastern partrnership states. Open conflict with Russia, a highly skilled, computer-literate pool of talent and a uniquely vulnerable political, economic and IT environment have made a number of Eastern Partnership countries a perfect sandbox for those looking to test new cyberweapons, tactics and tools. What happens in Kyiv, Tbilisi or Chisinau today could easily happen in Berlin, Rome or Amsterdam tomorrow.

Who or what inspired you this year, and why?

I’ve been inspired by meeting and knowing women who have succeeded in striking a balance between a high-flying career and raising a family. Such as Jane Harman, the President of the US Woodrow Wilson International Center and the former ranking Democrat on the House Intelligence Committee and the Homeland Security Committee’s intelligence subcommittee; Julie Smith the nominee to serve as US Ambassador to NATO and a former deputy National Security Advisor to then-Vice President Biden;  or the President of the European Commission Ursula von der Leyen. They work in demanding high-level positions and demonstrate that combining familiy and career is possible.  I’ve personally gained a lot of courage from conversations with these wise women and from knowing that I’m not the only one who leaves a small childhome with a nanny and goes to an intelligence briefing or to a security conference.

What advice would you give to women looking to start a career in cybersecurity?

In the heart of technology, there is always a human factor. Build and use networks in your sphrere and beyond. Be persistent. Personally, the best practical advice that I would like to share is something that I have received from NATO Spokesperson Oana Lungescu: "Look professional and wear bright colors because they make you feel better and you definitely stand out among the sea of grey suits.“

If you could sum up your life motto in one sentence, what would it be?

Always look at the glass half full, not half empty.

See the Tallinn Manual on International Law Applicable to Cyber Operations. Available at https://www.cambridge.org/core/books/tallinn-manual-on-the-international-law-applicable-to-cyber warfare/50C5BFF166A7FED75B4EA643AC677DAE or https://ccdcoe.org/tallinn-manual.html.