WASHINGTON — It was around 6 a.m. EST when Mart Noorma popped into view on Microsoft Teams.
It was still dark and relatively quiet on the U.S. East Coast as he prepared for this interview. But in Estonia, at the NATO-accredited Cooperative Cyber Defence Centre of Excellence, the day was well underway.
Noorma in August became the latest director of the CCDCOE, a Tallinn-based hub focused on cyber research, training and exercises. He succeeded Brig. Gen. Jaak Tarien, who stepped into the position in 2018. Noorma will serve a three-year term.
His spot at the helm comes after decades of experience in the science, technology and defense worlds. He has worked as a director at a robotics company, a professor at the University of Tartu and a researcher for the National Institute of Standards and Technology. He has also served as a member of the NATO Advisory Group on Emerging and Disruptive Technologies, the EEAS Space Advisory Board, the IEEE Autonomous Weapon Systems Expert Advisory Committee and the Estonian Defence League.
In an Oct. 13 conversation with C4ISRNET, Noorma discussed his goals for the cyber center — supported by the U.S., the U.K. and more than a dozen other contributors — while reflecting on lessons learned from the war in Ukraine. This interview was edited for length and clarity.
What do you hope to accomplish in your new position as the director of the NATO Cooperative Cyber Defence Centre of Excellence?
The first thing always is to get strategic priorities in place. And as our CCDCOE is in service to our nations, it’s most important to understand what our nations need.
As a slogan or subtitle of all our activities, our aim is to help our likeminded nations stand up against cyberthreats as a coalition. I would say we aim to support national cyber operational capability development. If national capabilities are in place, then we can start building coalitions.
RELATED
There are good justifications why cooperative development is better than doing it at a national level. That could be, for example, other nations having done it already, and so they can share their experience, or all nations are tackling the same problem, so we pool resources together and design together. Or it is inherently important, like combined operations.
From there, we need to focus even more on deep stakeholder engagement, which is a basic business practice. Cyber is one of these kinds of emerging and disruptive technology trends. That means nobody knows exactly what the future of cyberwarfare or cyber defense will look like.
In that kind of situation, any industry or startup would say it’s all about this iterative, continuous discussion and engagement with stakeholders to understand exactly how we can work together, how we can develop products and services. That would be the means to achieve the final goal of helping our likeminded nations stand up against cyberthreats as a coalition.
How will you improve relationships that already exist between NATO members or CCDCOE contributors, whether that’s related to cyberspace or other defense matters?
Well, we are cyber-oriented. There’s nothing new here. This is a key principle: How can we work together with a neighbor, like a person?
You first need to know the neighbor, then you need to know what capabilities the neighbor has. Can he speak English? Do we need a translator? And so on.
The second thing is: Can I trust my neighbor? Can the neighbor trust me? Knowledge is not enough. It’s establishment of trust through deeper knowledge of each other’s objectives, ambitions and capabilities.
RELATED
If we have trust and knowledge, then we need to agree on things, how we do things. We need to agree where the fence will be between our two houses or around our neighborhood, and how we organize our neighborhood watch. Again, we need to agree. Trust enables us to agree on common topics, and then to understand what is common interest and what is not common interest.
In cyberspace, exactly the same things need to be worked on. In practical terms, that means capability development, doctrines, standards, operating procedures, theoretical models, how to set up lessons learned and so on.
In all this cooperation, some nations work like they are well established; they share their experience, but maybe want to benchmark or compare to others and support others. Then there are other nations who are just in the process and are happy to learn from others and, at the same time, maybe propose innovative solutions.
Through these continuous discussions, all nations improve their capabilities while, at the same time, getting a better understanding of each other and building trust for actual cooperation.
If we take this cooperative development into education and training, if we have similar principles of how we train our cyber personnel and how we conduct operations, from there they can take it to exercises where actual multinational teams come together to practice and validate their capabilities.
Will large-scale, multinational cyber exercises — like Locked Shields, organized by CCDCOE — increase in quantity? Will they expand? How important is it to make those events larger and more frequent, given today’s threats?
Absolutely. This concern of having the ability to validate our capabilities is one important interest of our nations. In cyberspace, especially, there are all kinds of new, incoming threats, and we have to be prepared.
How can we practice? Having cyber ranges and hardware and software allows us to practice. Here, we see that cooperation — multinational cooperation — is very helpful because we can use the same cyber range, for example, to train and validate capabilities from many nations. And different nations provide their range capabilities and share with each other, and that enables us, in a cost-efficient way, to build up our capabilities, to do more training with the same money.
What are your or the center’s observations regarding Russia’s war against Ukraine? What is the CCDCOE learning, and how are you applying that information?
There are some nations looking very closely at how the world community responds to Russian activities. They think: “Can we attack our smaller neighbor as well?” As experts say, one finding from what we’ve seen in the case of the Russian war on Ukraine is that it’s very dangerous to go against all the rest of the world. That means the world needs to unite. Attacking a neighbor is a very unpopular idea, in general.
If we take this directly into cyberspace, I would say our mission is to make sure that we are able to stand up as a coalition against cyberthreats. That shows the importance of this preparedness and trust between countries that share the same values or interests and are building up their cyber defense.
We don’t want any country to be a hub for cyber terrorists. It’s our interest to work together with as many nations as possible — globally — to step up this work for a more peaceful cyberspace.
RELATED
That’s one lesson learned. The other lesson learned is that we see, in the case of Ukraine, how important it is to work in close partnership with industry and the public sector.
What is your relationship with the previous director, Brig. Gen. Jaak Tarien?
We are in constant dialogue. We’ve known each other for quite a long time, and I have a deep respect toward Jaak.
He’s taking on very important challenges. I noticed he’s leading a European Defence Fund project, which is a really important thing in Europe.
Colin Demarest is a reporter at C4ISRNET, where he covers military networks, cyber and IT. Colin previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.