skip to Main Content

Small State Power in the Digital Era

Insights from the Estonian experience

By Tomas Jermalavičius

The digital era has ushered in a wave of re-thinking of how international relations are conducted—including a reassessment of the very concept of power. This is in part because the pervasiveness of digitization—of data and its collection, communications, management of economic and political processes—has opened up an incredible range of opportunities, and also created a host of serious vulnerabilities. For example, growing geographic and social interconnectedness between and within states and societies has opened up new possibilities for cooperation and knowledge exchange. It has also exacerbated identity-based sociopolitical confrontations. The increased amount of and accessibility to information has democratized knowledge and produced a “paradox of plenty,” but attention has become perhaps the scarcest resource.[1] This ever-growing amount of information and speed of interactions has dramatically shortened the time available for making decisions, which often decreases the quality of such decisions, prompting people to fall back upon cognitive biases as time-saving shortcuts, or on technological solutions such as automation or data visualisation.[2]

Owing to these changes, international relations scholars note that power in the international system has become more diffused and fragmented among different actors.[3] They also note the emergence of new forms of power, such as “sharp power,” that expanded modern statecraft’s range of tools.[4] To be sure, the digital era and its underlying trends are reshaping both “hard power”—the ability to coerce others into accepting what you want—and “soft power,” the ability to make others want what you want. The exercise of both of these varieties of power—and their combination into “smart power”—has become ever more complex, nuanced, and unpredictable in terms of the outcomes.[5] Strategy—this intricate relationship among ends, means, and ways of statecraft—has always been a complicated enterprise fraught with uncertainty, paradoxes, and laws of unintended consequences.[6] The digital era has made this more the case, while also creating some exciting new opportunities, especially for the small states.

But what are those opportunities? How can the statecraft of small states such as Estonia thrive and deliver greater security and prosperity in the digital era? How do they fare in terms of their power in the international system, where digital technologies are disrupting old patterns and relationships?

Estonia is an interesting and relevant case to study. As a small nation of 1.3 million people, it has wholeheartedly embraced digitization, acquiring a reputation as a trailblazer in areas such as e-governance. But, in 2007, Estonia’s critical services and digital infrastructure were subjected to severe cyberattacks as coercive punishment for its decision to relocate a Soviet military monument. Widely believed as originating from and directed by Russia, this episode is often referred to as the very first instance of cyberwar; it features Estonia at the receiving end of hard-power exercise by digital means and through the digital medium. As a result, Estonia had to contend with the potential manifestations of hard power in cyberspace much earlier than most of other nations, small or large. As is customary for small states subjected to coercion, this experience spurred Estonia to seek protection through enhancing international normative power by taking an active role in adapting and developing new norms of state behaviour for cyberspace. Whether it comes together as a perfect example of digital era’s smart power in action remains an open question, but the key building blocks are there.

Soft Power

The concept of soft power, first formulated by Joseph Nye, captured a longstanding phenomenon of nations pursuing influence and their foreign-policy objectives through attraction and co-option rather than coercion.[7] Working to ensure that other actors want and aspire to the same objectives is a long-term undertaking. It requires projecting a certain state image or brand, continuously communicating policies, maintaining the legitimacy of those policies, building a thorough understanding of foreign audiences, and engaging them in conversation.[8] Public diplomacy and, lately, its digital extension—digital diplomacy—are regarded as potent tools of soft power necessary to reach beyond governments; social media has emerged as a particularly important conduit for soft power.[9] A multitude of non-state actors—business enterprises, NGOs, even individuals—become also active players in pursuing the scarce attention of audiences.[10] To this extent, they have become competitors of governments in a world where the nation-state is often seen as being in decline. But they can also be a national soft-power resource, becoming effective amplifiers of the government’s efforts to nurture and exercise this form of power.

Estonia’s international image has been tightly linked with all things digital.[11] This is especially so with regards to its e-government and e-society, based on, as one technology guru quipped, “blockchain technology before it was known as blockchain.”[12] Moving most of the government’s business and public services online reached the point where not only most of the government’s operations are paperless but, as the Estonians are keen to stress, where citizens need to see public servants on only three occasions—getting married, divorced, and purchasing real estate. Each national, local, and European parliament election see a growing proportion of voters casting their votes online. Moreover, Estonia’s president Kersti Kaljulaid recently pointed out on Twitter that filing tax returns online was the best way to increase tax compliance, since in Estonia this is how nearly 100% of tax returns are filed.[13]

With the widespread adoption of solutions such as secure digital identification certificates (digital signatures), Estonian society is reaping the benefits: convenience, speed of various legal, administrative, financial, and business transactions; greater government transparency, and lower levels of corruption—and the speed with which one can open a new business through the online environment is remarkable. No sector remains untouched by this profound transformation, whether banking, healthcare, education, or entrepreneurship.

This private-sector development has also shaped the mindset of government, whereby policy and regulatory framework had to become as light and open to innovative technologies as possible—prompting some to dub it “Europe’s little technology giant.”[14] In the process of building an advanced digital society, citizens also became more empowered vis-à-vis the state, as the former are able to see all data the latter possess about them, observe which public service employees access it, and instantly request to know the reasons for accessing it. In e-stonia, transparency, accountability, and efficiency of the state go hand-in-hand with citizens’ privacy and freedom.

Estonia’s embrace of digitization has been dictated by need: a small country cannot afford a large army of public servants. As a small economy open to international trade, it had to become nimble and competitive. This would not have been possible without strong political and business leadership touting the benefits of digitization domestically and internationally. It is not surprising, then, that a multitude of foreign governments—local, regional, and national—are now turning to Estonia for inspiration, advice, and support in pursuing their own digital ambitions. From the tiny Faroe Islands to populous Indonesia, from distant Namibia to Estonia’s neighbouring Finland—more than 60 countries worldwide sought to draw upon Estonia’s experience of e-government and digital society.[15]

Digitalization of governance is also becoming one of the key areas of Estonia’s foreign-development assistance, further buttressing its foreign-policy credentials. Although much of the exports of e-government solutions to the African continent, for instance, has been led by the Estonian business community—thus highlighting the importance of private sector in expanding soft power—the government has recently picked up the mantle by signing cooperation memorandum with the African Union.[16],[17]  It is also Estonia’s major policy focus within the European Union (EU), and it is carving out a niche for Estonia where it can punch well above its weight in terms of visibility and influence. Overall, given the benefits that digitization produces in terms of strengthening good governance, economic relations and democratic institutions, Estonia’s projection of soft power based on a digital agenda becomes an important mechanism for pursuing greater security and prosperity.

This projection of soft power is not limited to other governments. Estonia also reaches out to citizens, especially through an innovative and attractive scheme called “e-residency.” The scheme gives access to people from anywhere in the world to Estonia’s digital infrastructure, and allows setting up and conducting business from Estonia without physically residing on its territory. A bundle of technological, regulatory, organizational, and other solutions that sustain digital society and ease doing business domestically were made available to anyone anywhere. It is an attractive proposition for people seeking to avoid oppressive and corrupt bureaucracy, stifling red tape, or even totalitarian controls at home. While having obvious economic and societal merits of attracting to Estonia new investments and fresh talents—“digital nomads” who become enticed by e-stonia’s “digital nirvana” and burgeoning startups relocating to Estonia physically—the scheme reveals a small state’s soft-power potential to use technology to reduce national barriers and increase visibility of values it promotes internationally. [18] In this way, this digital society can become far larger and more diverse than the nation itself, while holding the nation’s values at its very core—“the new digital nation,” as the initiative’s website declares.[19]

It is remarkable that this image and power of attraction does not necessarily mean that Estonia is at the very top of international ratings when it comes to digital society development. For instance, in 2018, Digital Society and Economy Index (DESI) by the European Commission placed Estonia ninth in the EU.[20] Likewise, Networked Readiness Index by the World Economic Forum gave Estonia the twenty-second place in 2016, naming Singapore, Finland, and Sweden as most digitally savvy countries in the world.[21] Although soft power is more difficult to quantify and measure, it seems that Estonia’s ability to translate its achievements in the digital sphere into visibility, attractiveness, and influence surpasses its actual standing in the composite measurement indices.[22] While this can be explained by vigorous promotion of the digital agenda by the country’s elites, there is a distinct risk that a growing gap with the digital reality might eventually erode Estonia’s soft power—a concept where credibility is main currency.

Indeed, there are voices criticizing the lack of investment into further development of Estonia’s digital infrastructure and services, as well as pointing out that the country’s further progress will be stymied by its thin ICT science, technology, and engineering base, chronic shortages of ICT specialists, and under-investment into R&D.[23],[24] E-residency holders also begin pointing out that some important players in the scheme are not as forthcoming as its founders might have expected in enabling new businesses: banks, for instance, are pulled in a different direction by their legal duty to prevent money laundering, tax avoidance, financing of terrorism, and various scams that could exploit, among other things, e-residency arrangements.[25] One of the largest money laundering schemes ever uncovered in the world—whereby tens of billions of dollars from Russia and Azerbaijan have been laundered through the non-resident accounts at the Estonian branch of Danske Bank in 2007-2014—will weigh heavily on the willingness of the Estonian banks to render services to  e-residents.[26] Estonia has not been immune to the general trend across much of the West of rising political influence of xenophobic “drawbridge-raisers,” as the Economist has described citizens who cultivate an atmosphere of certain intolerance to migrants or to racial and ethnic diversity.[27] This, in turn, makes it more difficult to attract new talents needed to sustain and further develop Estonia’s digital ecosystem.

All of this, to be sure, is potentially damaging over a long period of time. But it pales in comparison to damage that could be wrought on Estonia’s soft power by an implosion of trust in technology underpinning its digital society. A case in point was a recent episode whereby a potential vulnerability was revealed by a group of Czech scientists in the design of the Estonian ID card chips manufactured by a Dutch company that form a critical element of digital national and e-residency infrastructure.[28] This gradually evolved into an emergency just short of a full-blown national-security crisis, with the State Defence Council (chaired by the President) called several times to discuss the situation.[29] Senior officials scrambled to reassure certificate holders that vulnerability had not been exploited and that no digital identities had been compromised. Crisis was eventually averted, though it did cause serious inconvenience to the IT-dependent members of society and various public and private sector organizations.[30] It also revealed very clearly the extent to which Estonia’s reputation and credibility rest on foreign suppliers of hardware and software from the global supply chains—on the quality of their products, integrity of processes and trustworthiness in general—as well as on timely information sharing between different parties in this chain.[31]

There is a somber realization by the Estonian policymakers that the country is always just one major digital-security crisis away from suffering serious damage to the credibility of its entire model of society’s digitisation.[32] The episode, for instance, could only reinforce beliefs of sceptics—foreign and domestic—that Estonia went too far and exposed such critical institution of democracy as voting to vulnerabilities inherent to the cyberspace.[33] While mostly born out of technological ignorance or political jokeying rather than sound understanding of the nuts and bolts of Estonian e-voting, this skepticism could spread as wildfire and diminish Estonia’s soft power based on its digital achievements and image, should a serious digital crisis hit at the very heart of its digital democracy and e-governance. Paradoxically, it is another crisis—the one that took place exactly ten years ago, in 2007, and the attendant attention of Estonia given to dealing with the hard power aspects of digital era—that should reassure the skeptics.

Hard Power

Hard power is the ability to coerce an opponent, by means of a credible threat or actual use of instruments of statecraft, into accepting your demands. It is often used as a synonym for military force, which is an important but not sole tool of coercion.[34] With the rise of the significance of cyberspace, states and non-state actors now have recourse to cyber instruments to compel their opponents to comply with demands, or to punish them for noncompliance. Given that deterrence is the other side of hard-power persuasion, strategic debate has also turned to the question of how to deter actors from exploiting cyberspace as a domain of coercion. One of the concepts in this debate is “deterrence by denial,” which could be achieved through enhancing the cyber resilience of national critical infrastructures.[35] The argument here is that it should be possible to deny the opponent’s achievement of objectives and also reduce the likelihood that they could be obtained in the future. Yet given the swift evolution of the cyberspace domain, cyber resilience will be very difficult to achieve and maintain. Deterrence might be achieved by threatening punishment in the cyber domain itself, thus increasing the cost for cyberattacks, but this is a more difficult concept given the challenges of attribution and retribution, i.e. the complexities of designing proportionate and discriminating measures that might likewise inflict sufficient pain to the opponent.[36]

Estonia’s response to two waves of DDoS attacks in April and May 2007 targeting a range of assets—from government websites and news organizations to online banking and emergency response services—has been well-documented and examined.[37] What is less widely known is how it spurred a government-wide and society-wide approach to cyber security, particularly along the principles established in Estonia’s first Cyber Security Strategy in 2008, and then successively reiterated.[38] In other words, it was not just technology but also policy and organizational solutions that were brought to bear on the problem, with broad cooperation of governmental, public, and private actors.

As a small and open nation, Estonia had to find ways for involving all competent players in cybersecurity efforts, including in preparedness for and response to crises. For instance, Estonia has set up a Cyber Defence Unit within the Estonian National Defence League, Kaitseliit, which brings together cybersecurity and strategic communication experts from all walks of life to exchange know-how, training, and act as Estonia’s digital space defenders when necessary.[39] The Estonian Defence Forces are also standing up a separate Cyber Command to be partly manned by “cyber conscripts,” who will then go on to become reservists if war—real and in cyberspace—breaks out.[40]

This broad-based, society-wide approach evolves alongside Tallinn’s efforts to mobilize its allies and partners to address threats coming through cyberspace. The most notable achievement, of course, is NATO’s Cooperative Cyber Defence Centre of Excellence, the ranks of which now even include NATO global partners such as Japan. Its annual cyber defense exercise, “Locked Shield,” is one of the most important training events of its kind within the Alliance.[41] Still, some Estonians are pushing even further: former President Toomas Hendrik Ilves is advocating a global cyber-defense alliance of democracies to mount a more effective collective response to actors seeking to exploit cyberspace and undermine democratic societies by targeting their political and electoral processes or critical infrastructures.[42] This can be construed as a snub to slow-moving NATO—whose core competence still remains managing military force—and may undermine the Alliance as a primary political framework to address security challenges to its members. However, this call is yet another example of how Estonia links its soft power of attraction—its visibility in cybersecurity realm since 2007 and more broadly in all matters digital—with its pursuit of security from hard power uses by hostile actors. Even though small-state realities do not disappear in the digital age—Estonia can enhance security only through multilateral alliances and cooperative arrangements—the bold thinking about borderless harnessing of collective hard power of like-minded actors from around the entire globe certainly befits a digital era.

This is even more pertinent if small states seek to fall back on deterrence by punishment in the case of crippling cyber-attacks against critical infrastructure or, indeed, any sort of attack. Retribution through cyberspace requires offensive cyber capabilities. At the lower end of sophistication and potency, they are available to medium and even small states such as Estonia.[43] But high-end cutting-edge offensive cyber capabilities might, with some exceptions, be beyond their reach, owing to both cost and the need for some critical mass in the national S&T competence base. Estonia’s limitations in building such a critical mass for the cyber sector, as well as its financial constraints, are not unique, but they will only grow as future technological developments, especially Artificial Intelligence (AI), puts an extra premium on the possession of requisite national S&T capabilities that underpin hard power in cyberspace. Underinvesting in R&D will thereby become a serious problem for the future for Estonia, as the race for technological supremacy in the digital era gathers pace and even large players struggle to maintain their technological edge.[44] In this regard, it will be of critical importance for Estonia to have the ability to access and utilize cutting-edge knowledge and technology of the allies and partners as well as build and harness multi-national multi-stakeholder networks of collaboration. The country will be undermined, however, without the ability to offer quid pro quo exchange. This is where Estonia’s digital and overall soft power will become extremely important: to attract talent and investment into its S&T base, be a partner of first choice on those networks, and to keep its allies on board with its vision of security in digital and real worlds.

Some of the small-state hard-power limitations in cyberspace can be overcome by creative policymaking, innovative organizational and technological solutions and global- alliances building. Offensive cyber capabilities could become available through collective security and defense arrangements, as it has already been indicated, for instance, by the United Kingdom.[45] Cyber resilience (and, thus, deterrence by denial) will be nurtured domestically through vigilance and agile interaction of all national stakeholders as well as through the collective frameworks such as the EU. Yet, all this will fall short if cyberspace becomes a principle domain of ever escalating conflict between various actors, with the quickly learning and adapting AI systems deployed not only to coerce, manipulate, and control other actors, but also to wipe out entire digital ecosystems or cause large-scale physical destruction.

There is a need for rules to avoid such extreme scenarios that would imperil not just small nations but perhaps human civilization itself. Estonia has, so far, been notable for its absence in the global debate on weaponization of AI. Perhaps it has been constrained by the focus on more immediate challenges to its security, such as aggressive Russia and cyber vulnerabilities. Still, its visibility in forging new rules for the cyber world (see next section) is bound to create pressure on Estonia to find its voice on such issues too.

Normative Power

One of the strands that emerged—largely as a result of soft-power potential and hard- power experience—is Estonia’s focus on acting as “norms entrepreneur” and pursuing efforts to place cyberspace interactions into a framework of international norms and rules.[46] The security of small states is contingent upon all actors in international relations abiding by universal principles and norms rather than falling back on the “might makes right” notion. Cyberspace is a relatively new domain of human (and, increasingly, machine) activity. It thus has been notoriously difficult to govern through multilateral arrangements, and to achieve a sensible balance among freedom, security, and efficiency. The collective normative power of multilateral institutions, including those representing large parts of the West—such as the EU—is difficult to build and harness in this domain. Many legal norms of the pre-digital era that shaped relations between states and between a multitude of other actors became either irrelevant or in dire need of adaptation. New norms have to be written up and agreed upon by all stakeholders of the cyberspace. Yet, such efforts require solid understanding of cyberspace—its architecture, technology, and impacts—by the political decision-makers as well as call for determined international leadership.

Just as in the soft- and hard-power dimensions, Estonia as a country and its representatives have been fairly visible in prodding the international community and various multilateral institutions in this direction. The relatively high competence of its policymakers in digital matters is one of Estonia’s main advantages in making a strong case for rules-based conduct in cyberspace. Although a significant part of this effort relates to advocating such issues as web neutrality or, within the EU, digital common market—i.e. it pertains to protecting and enhancing benefits of cyberspace to national welfare and individual freedom—pursuit of security remains a key consideration.

One example is the so-called Tallinn Manual, which attempts to adapt international legal principles and norms governing the use of force to cyberspace (its second volume also deals with the issue of cyberattacks falling under the threshold of what could be considered an armed attack).[47] Although it was developed within the framework of the NATO CCDCOE, Estonia’s push for and support to developing it played a major role in its appearance. Another example is the Global Commission for Cyber Stability—a body created to “develop proposals for norms and policies to enhance international security and stability and guide responsible state and non-state behavior in cyberspace”[48]—co-chairmanship of which was assumed by Estonia’s former minister of foreign affairs, Marina Kaljurand. Another former foreign minister of Estonia, Urmas Paet, is among the leading voices on cyber issues in the European Parliament and served as its Foreign Affairs Committee’s rapporteur on cyber defence.[49] In these and other instances, though, international frameworks—governmental as well as non-governmental—are being leveraged to push forward “normalisation” of the unruly cyberspace and create a more stable and secure environment for small democratic open states to operate in.

Important as it is, this push for collective normative power of multilateral institutions has its limits in the world where such institutions are being challenged on many levels and where rules-based approaches are under severe pressure from radical populists, regressive forces, and revanchist players. The EU’s power in general seems to have been in decline due to a multitude of internal and external crises as well as the rise of authoritarianism, both within and in the neighbourhood of EU. Fractures appearing in the transatlantic relationship are much defined by the diverging attitudes towards rules and norms on both sides of the Atlantic, thus undermining the ability of the West to sustain and project established norms. The ruling regime in Russia is keen to overturn the existing international order at every turn. In such a turbulent context, where Europe and many other regions of the globe seem to be sliding back into the nineteenth-century style of fluid transactional international politics,[50] it takes a leap of faith to believe that cyberspace—an important domain of rivalry, competition, and power games—can move in the opposite direction. Disintegration of the existing international order, however, is a nightmare scenario to small nations and digital high-achievers such as Estonia.

As alluded to above, one particular rapidly developing technology field, AI, will serve as an ultimate test of the capacity of small states to promote international norms and agreements. Serious concerns about the impact of various AI applications to security, human rights, and strategic stability are well established by now.[51] What is less considered is how various AI-based systems, including in cyberspace, will be infused with the cultural and political values of the nations that invest into such systems. It is a common refrain that technology per se is normatively neutral, only its applications and governance are not. AI applications developed by such cyberpowers as China or Russia will differ significantly from those developed in the West in ways they treat individual liberties, national security, commerce, or other states. Developing a few universal principles governing AI across a broad spectrum of applications—but especially in security and defense—will be an uphill struggle in the age where any universal principles are very precarious and where unconstrained technology development may offer geopolitical edge over the opponents.

Geopolitics strikes back: need for smart collective power

Digital technology has certainly empowered many non-state actors, and its control made some corporations more powerful than many states. Indeed, the nation-state itself is often seen as being in decline.[52] Yet, the basic fact of the international system remains that it is comprised of nation-states the interests of which often clash, and some of those states are ruthless in subordinating technology to their geopolitical ambitions and political agendas.[53] As the cooperative multilateral mechanisms of resolving tensions forged after the Second World War and in the aftermath of the Cold War seem to be eroding, small states are entering a particularly dangerous period. Estonia, positioned on the geographical frontier of the West as well as at the forefront of digitalization, will be an important test of the extent that digital technology makes a difference for small—and liberal—states in surviving and prospering during this tumultuous age. Although Estonia did come up with the idea of moving all its public digital services into a “cloud,” with servers outside its territory for a backup in case of a national security emergency,[54] the geopolitical equivalent of the Kurzweilian “singularity”[55]—with states and nations transcending geography rather than humans transcending biology—is not yet in sight.

There are important opportunities for becoming more visible and audible on the international stage, whether through innovative approaches such as e-residency, or via successful society-wide approaches applied in cybersecurity. By capturing and expressing what Estonia’s state and society stand for in terms of political, cultural, or economic values and principles, digital technology enhances its soft power and ability for projecting it to an extent that was hardly possible just two decades prior. It might even engender new forms of identity and loyalty that combine the characteristics of the widely spread-out global community and a geographical nation-state—a “digital nation” that bridges the gap between global and local, cosmopolitan and parochial. It also creates enormous potential for cross-national collaboration on reaching common objectives that no single nation—especially a small one—would be able to muster alone. It opens avenues for new forms of shared sovereignty or borderless governance, as the plans to merge digital infrastructure of Finland and Estonia demonstrate.[56] But there are also significant risks as geopolitical foes such as Russia leverage their own technological achievements to target a vital ingredient of soft power—trust within and between the societies—as well as incorporate malicious uses of digital technologies into the repertoire of the cross-domain coercion.[57]

The key question for Estonia is whether the alliances and relationships that form the bedrock of its increasing welfare and security will survive in the coming years and decades. All of Estonia’s efforts to advance a digital and cybersecurity agenda within NATO and the EU—and thus make them more relevant and effective in the digital era—will have come to naught if these organizations do not withstand the political winds currently buffeting them. Virtual global multi-stakeholder alliances, although necessitated and enabled by digital technologies, cannot fully replace them—and their hard, soft, and normative powers—as “force multipliers” to small nations. Unwieldy and underwhelming as they often are, NATO, and the EU remain the cooperation frameworks—including in digital affairs—that best attend to the interests of small states and create trust as well as solidarity between nations.

The digital era has not altered this reality either, and the greatest challenge for small states will be to act as agents of positive change and of core values that bind those organizations together. They will have to exercise genuine smart power, and weave together diplomacy, economy, security, defense, technology, and many other instruments of statecraft in ways that help not only preserve NATO and the EU but also enable them as smart-power actors in their own right in dealing with security and geopolitical challenges.

In this regard, Estonia has already left its mark: during its presidency of the Council of the EU, Tallinn hosted the very first cyber-defense exercise for the EU defence ministers.[58] But the furious pace of digital-technology development, and its convergence with the geopolitical trends, leave no room for complacency or, indeed, modesty of vision and ambition that often comes along with being a small state.

Tomas Jermalavičius is Head of Studies and a research fellow at the International Centre for Defence and Security (ICDS) in Tallinn, Estonia. Prior to joining ICDS, at the end of 2008, he worked at the Baltic Defence College (BALTDEFCOL), first as deputy director of the College’s Institute of Defence Studies in 2001-2004, and later as dean of the college, in 2005-2008. Prior, he worked at the Defence Policy and Planning Department of the Lithuanian Ministry of National Defence, including the position of the department’s deputy director. Since 2017, he also has been a visiting professor at the Natolin Campus of the College of Europe in Warsaw, teaching a course on terrorism and hybrid warfare to post-graduate students. His writing has appeared in Defence Studies, Bulletin of the Atomic Scientists, Lithuanian Annual Strategic Review, Austrian Security Strategic Review, Estonian Foreign Policy Yearbook, RUSI Whitehall Papers, and Riga Conference Papers as well as in the publications of John Hopkins University, Joint Special Operations University, Latvian Institute of International Affairs, ARES-Armament Industry European Research Group and NATO Science and Technology Organisation (STO).


[1] Joseph S. Nye, Jr., Soft Power: The Means of Success in World Politics (Public Affairs, 2005), Chapter 4 (“Wielding Soft Power”),

[2] Rikke Duus and Mike Cooray, “Information overload is killing our ability to make decisions,” Business Insider, July 15, 2015,; John Buchanan and Ned Kock, “Information Overload: A Decision Making Perspective”, in Multiple Criteria Decision Making in the New Millenium, edited by Murat Köksalan and Stanley Zionts (Berlin and Heiderlberg: Springer, 2001), 49-58.

[3] Richard N. Haas, “The Age of Nonpolarity: What Will Follow U.S. Dominance?” Foreign Affairs, May/June 2008,

[4] Christopher Walker, “What is Sharp Power?” Journal of Democracy, Vol. 29, No. 3, July 2018, 9-23.

[5] Ernest J. Wilson III, “Hard Power,  Soft Power, Smart Power,” The Annals of the American Academy of Political and Social Science, 2008, 110-124.

[6] Edward Luttwak, Strategy: The Logic of War and Peace (Cambridge & London: The Belknap Press of Harvard University Press, 2001).

[7] Jospeh S. Nye, Jr., Bound to Lead: The changing nature of American power (New York: Basic Books, 1990).

[8] Jan Melissen (editor), The New Public Diplomacy: Soft Power in International Relations (Houndmills & New York: Palgrave Macmillan, 2005),

[9] Olubukola S. Adesina “Foreign policy in an era of digital diplomacy”, Cogent Social Sciences, Vol. 3, Issue 1, March 2017.

[10] JP Singh and Stuart MacDonald, Soft Power Today: Measuring the Influences and Effects (Edinburgh: The University of Edinburgh),

[11] Nathan Heller, “Estonia, The Digital Republic”, The New Yorker, December 18/25, 2017.

[12] Martin Ruubel, “Government, Defence and Blockchains—Anything There Beyond the Hype?” [conference presentation], Tallinn, CyCon 2017.

[13] Kersti Kaljulaid, tweet on May 23, 2018,

[14] Claudia Patricolo, “Estonia: Europe’s Little Technological Giant”, Emerging Europe, December 14, 2017.

[15] “e-Experience export”, e-Estonia,

[16] Karin Kaup Lapõnin, “E-governance challenges in Africa”, Diplomaatia, 17 August 2018.

[17] “Estonia to allocate €133,000 for e-governance development in Africa”, ERR News, 10 September 2018.

[18] Peter Beeche, “Wandering stars: ar Tallinn’s digital nomads building the city of the future?”, The Guardian, May 15, 2018.

[19] “The new digital nation”, e-Residency.

[20] “The Digital Economy and Society Index (DESI): DESI 2018”, European Commission.

[21] “Networked Readiness Index,” World Economic Forum.

[22] JP Singh and Stuart MacDonald, Soft Power Today.

[23] “Estonia’s e-service maintenance underfunded, needs extra €60 million yearly,” ERR News / BNS, April 13, 2018.

[24] European Commission, “References to Research and Innovation in the European Semester Country Report 2016: Estonia,” Directorate-General for Research & Innovation, Brussels, 2016.

[25] “E-Residency program under threat as banks closing foreigners’ bank accounts,“ ERR News, March 23, 2018.

[26] Richard Milne and Caroline Binham, “Danske Bank chief Thomas Borgen quits over money laundering scandal,” Financial Times, 19 September 2018,

[27] Michael Mikenberg, “The Rise of the Radical Right in Eastern Europe: Between Mainstreaming and Radicalization,” Georgetown Journal of International Affairs, December 28, 2017.

[28] Richard Milne and Michael Peel, “Red faces in Estonia over ID card security flaw,” September 6, 2016.

[29] “President Kaljulaid: Estonia did B+ job solving ID card crisis,“ ERR News, Novermber 10, 2017.

[30] Kalev Aasmae, “Estonia’s ID card crisis: How e-state’s poster child got into and out of trouble,” ZDNet, November 13, 2017.

[31] “ROCA Vulnerability and eID: Lessons Learned”, Estonian Information System Authority.

[32] Aivar Pau, “ID-card certificates to be suspended tonight”, Postimees, November 3, 2017.

[33] Andres Reimer, “Grybauskaite: e-voting a security threat”, Postimees, June 1, 2017.

[34] Lawrence Freedman (editor), Strategic Coercion: Concepts and Cases (Oxford: Oxford University Press, 1998).

[35] Piret Pernik and Tomas Jermalavičius, “Resilience as Part of NATO’s Strategy: Deterrence by Denial and Cyber Defense”, in Forward Resilience: Protecting Society in an Interconnected World, edited by Daniel S. Hamilton (Center for Transatlantic Relations SAIS, 2017).

[36] Thomas Thomasen, Cyber Deterrence—A 21st Century Maginot Line (Copenhagen: Royal Danish Defence College, 2011),

[37] Vincent Joubert, “Five Years after Estonia’s cyber attacks: lessons learned for NATO?” NATO Defense College, Research Paper no. 76, March 2012.

[38] Gert Auväärt  and Kadri Kaska, “Ensuring the digital way of life in e-Estonia.” e-Estonia, December 2017,; Piret Pernik and Emmet Tuohy, “Interagency Cooperation on Cyber Security: The Estonian Model”, NATO Science & Technology Organisation, STO-MP-HFM-236.

[39] Kadri Kaska, Anna-Maria Osula and Jan Stinissen, The Cyber Defence Unit of the Estonian Defence League: Legal, Policy, and Organisational Analysis (Tallinn: NATO CCDCOE, 2013).

[40] Raphael Satter, “Cyberconscripts: Baltic draftees can choose IT over infantry”, AP News, January 24, 2017.

[41] Jose Miguel Calatayud, “Locked Shields: The world’s largest cyber-war game”, Aljazeera, June 18, 2017.

[42] Toomas Hendrik Ilves, “We need a global league to protect against cyberthreats to democracy,” Washington Post, October 5, 2017,

[43] Andreas Hagman, “Strife Series on Cyberwarfare and State Perspectives, Part I – Offensive Cyber Capabilities and Medium Powers: Two Case Studies,” Strife Blog.

[44] Craig J. Willy, “Europe’s tech race – trying to keep pace with US and China,” EUObserver, June 22, 2018.; Evgeny Morozov, “US power to rule a digital world ebbs away,” The Guardian, June 10, 2018.

[45] Ministry of Defence, “Defence Secretary’s speech at Cyber 2017 Chatham House Conference”, London, 2017.

[46] Mathew Crandall and Collin Allan, “Small States and Big Ideas: Estonia’s Battle for Cybersecurity Norms,” Contemporary Security Policy, Vol. 36, Issue 2, 2015, 346-368.

[47] NATO CCDCOE, “Research: Tallinn Manual,”

[48] Global Commission on the Stability of Cyberspace,

[49] European Parliament, “Report on cyber defence,” Committee on Foreign Affairs, 2018/2004(INI).

[50] Michael Meyer-Resende, “Europe is at risk of slipping back to nineteenth-century power games”, The Guardian, June 13, 2018,

[51] Joanna Roberts, “Digital age ‘desperately’ needs ethical and legal guidelines,” Horizon Magazine, July 13, 2018.

[52] Rana Dasgupta, “The demise of the nation state”, The Guardian, April 5, 2018.

[53] Louise  Lucas, “The Chinese Communist party entangles big tech”, The Financial Times, July 19, 2018.

[54] Peter Teffer, “Estonia picks Luxembourg for ‘ultimate backup,’” EUObserver, June 30, 2017.

[55] Ray Kurzweil, The Singularity Is Near: When Humans Transcend Biology (London: Gerald Duckworth & Co, 2005).

[56] Tuuli Pärenson, “Estonian-Finnish e-Governance without borders”, e-Estonia, August 2017.

[57] Dmitry (Dima) Adamsky, “Cross-Domain Coercion: The Current Russian Art of Strategy”, IFRI Security Studies Centre, Proliferation Papers 54, November 2015.

[58] Piret Pernik, “EU CYBRID 2017: Preparing the Strategic Level to Understand the Effects of Cyberattacks”, ICDS Blog, September 9, 2017.

Back To Top