Strategies of Cyber Crisis Management: Lessons from the Approaches of Estonia and the United Kingdom

  • Jamie CollierEmail author
Part of the Philosophical Studies Series book series (PSSP, volume 124)


This chapter compares the cyber crisis management strategies of Estonia and the United Kingdom—two leading nations in the field of cyber security. The two countries’ strategies differ significantly. The most important variables influencing these differences are history, size (both demographic and material resources), political philosophy, digital dependence, and the nature of the threats and adversaries each country faces in the cyber domain. Given the importance of these factors in determining Estonia’s and the United Kingdom’s cyber crisis strategies, it is difficult to draw from these two cases any generalisable recommendations that apply to other states; rather, the main significance of this study is another: it draws attention to the important role that political, historical, and cultural variables play in the definition of a nation’s cyber crisis strategy—and, consequently, the need to fit specific policy approaches within the bounds set by these factors. The chapter seeks to demonstrate that while cyber attacks may be highly technical in nature, organisational responses to them have crucial political and social determinants that may supersede the significance of technical factors.


Cyber Security Strategy Critical Infrastrucutre UK Estonia 


  1. Aalto, Pami. 2000. Beyond restoration. Cooperation and Conflict 35(1): 1–24.CrossRefGoogle Scholar
  2. Areng, Liina. 2013. International cyber crisis management and conflict resolution mechanisms. In Peacetime regime for state activities in cyberspace, ed. K. Ziolkowski, 565–588. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.Google Scholar
  3. Areng, Liina. 2014. Lilliputian states in digital affairs and cyber security. The Tallinn Papers: 1–15.Google Scholar
  4. Ashford, Warwick. 2011. Is UK critical national infrastructure properly protected? Computer Weekly. March 3.Google Scholar
  5. Bada, Maria, Sadie Creese, Michael Goldsmith, Chris Mitchell, and Elizabeth Phillips. 2014. Computer Security Incident Response Teams (CSIRTs) An overview. Global Cyber Security Capacity Centre: 1–23.Google Scholar
  6. Blair, David. 2015. Estonia recruits volunteer army of “Cyber Warriors.” The Telegraph. April 26.Google Scholar
  7. Burton, Joe. 2013. Small states and cyber security: The case of New Zealand. Political Science 65: 216–238.CrossRefGoogle Scholar
  8. Caldwell, Tracey. 2014. Call the digital fire brigade. Network Security March 2014: 5–8.Google Scholar
  9. Cardash, Sharon L, Frank J Cilluffo, and Rain Ottis. 2013. Estonia’s cyber defence league: A model for the United States? Studies in Conflict & Terrorism 36: 777–787.Google Scholar
  10. Clastres, Cedric. 2011. Smart grids: Another step towards competition, energy security and climate change objectives. Energy Policy 39(2): 5399–5540.CrossRefGoogle Scholar
  11. Cyber Emergency Response Team Launched by UK. BBC News. 31 March. Accessed 12 July 2015.
  12. Davis, Milton Paul. 2008. An historical and political overview of the reserve and guard forces in the Nordic countries. Baltic Security and Defence Review 10: 171–201.Google Scholar
  13. Grobler, Marthie, Joey Jansen van Vuuren, and Jannie Zaaiman. 2013. Changing the face of cyber warfare with international cyber defense collaboration. In Case studies in information warfare and security, 38–54. Reading: ACPI.Google Scholar
  14. Harrop, Wayne, and Ashley Matteson. 2014. Cyber resilience: A review of critical national infrastructure and cyber security protection measures applied in the UK and USA. Journal of Business Continuity Emergency Planning 7: 149–162.Google Scholar
  15. How did Estonia become a leader in technology? 2013. How did Estonia become a leader in technology? The Economist, July 30.Google Scholar
  16. Jackson, Camile Marie. 2013. Estonian cyber policy after the 2007 attacks: Drivers of change and factors for success. New Voices in Public Policy 7: 1–15.Google Scholar
  17. Jundzis, Talavs. 1996. Defence models and strategies of Baltic states. The International Spectator: Italian Journal of International Affairs 31(1): 25–37.CrossRefGoogle Scholar
  18. Kello, Lucas. 2013. The meaning of the cyber revolution: Perils to theory and statecraft. International Security 38(2): 7–40.CrossRefGoogle Scholar
  19. Kotka, Taavi. 2014. 10 million e-Estonians“by 2025! Accessed 4 Dec 2015.
  20. Kotka, Taavi and Innar Liiv. 2015. Concept of Estonian Government cloud and data embassies. In Electronic government and the information systems perspective: Proceedings of the international conference EGOVIS 2015, ed. Andrea Kő and Enrico Francesconi, Valencia: Springer International Publishing, 1–3 September.Google Scholar
  21. Kotz, David, Sasikanth Avancha, and Amit Baxi. 2009. A privacy framework for mobile health and home-care systems. In Proceedings of the first ACM workshop on security and privacy in medical and home-care systems, SPIMACS, 1–12.Google Scholar
  22. Laaneots, Ants. 1999. The Estonian defence forces – 2000. Baltic Defence Review 10: 1–7.Google Scholar
  23. Laar, Mart. 2002. Estonia: Little country that could. London: Centre for Research into Post-Communist Economies.Google Scholar
  24. Landler, Mark, and John Markoff. 2007. Digital fears emerge after data Siege in Estonia. The New York Times. May 29.Google Scholar
  25. Mansel, Tim. 2013. How Estonia became E-stonia. BBC News. May 16. Accessed 5 July 2015.
  26. Maude, Francis. 2013. UK cyber security strategy: Statement on progress 2 years on. Presented as a written statement to Parliament. December 12.Google Scholar
  27. Morbin, Tony. 2013. Cyber reserves call on private sector. SC Magazine. October 4.Google Scholar
  28. Nye Jr., Joseph S. 2011. The future of power. New York: Public Affairs.Google Scholar
  29. Osula, Anna-Maria. 2015a. National cyber security organisation: United Kingdom. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.Google Scholar
  30. Osula, Anna-Maria. 2015b. National cyber security organisation: Estonia. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.Google Scholar
  31. Ottis, Rain. 2012. Lessons identified in the development of volunteer cyber defence units in Estonia and Latvia. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.Google Scholar
  32. Paet, Urmas, and John F Kerry. 2013. US-Estonian Cyber Parternship Statement. 3 December.Google Scholar
  33. Park, Andrus. 1995. Russia and Estonian security dilemmas. Europe-Asia Studies 47: 27–45.CrossRefGoogle Scholar
  34. Pernik, Piret, and Emmet Tuohy. 2013. Cyber space in Estonia: Greater security, greater challenges. Tallinn: International Centre for Defence Studies.Google Scholar
  35. Raywood, Dan. 2011. Cost of cyber crime in UK estimated £27 billion. SC Magazine. February 17.Google Scholar
  36. Rid, Thomas. 2013. Cyber War will Not take place. London: Hurst.Google Scholar
  37. Schmidt, Andreas. 2013. The Estonian cyberattacks. In A fierce domain: Conflict in cyberspace, 1986 to 2012, ed. Jason Healey. Arlington: Cyber Conflict Studies Association.Google Scholar
  38. UK Government. 2009. Cyber security strategy of the United Kingdom. London: Cabinet Office.Google Scholar
  39. UK Government. 2011. Cyber security in the UK. 2011. London: Parliamentary Office of Science and Technology.Google Scholar
  40. Williams-Grut, Oscar. 2014. London launch for “D5” alliance of digital nations. The Independent, December 8.Google Scholar

Copyright information

© Springer International Publishing Switzerland 2017

Authors and Affiliations

  1. 1.Department of Politics and International Relations and Centre for Doctoral Training in Cyber SecurityUniversity of OxfordOxfordUK

Personalised recommendations