This week our guest is Merle Maigre—senior cybersecurity expert and former director of NATO’s cyber defense hub—who brings a sharp, first-hand perspective on digital resilience. From managing Estonia’s landmark ID-card crisis to shaping cyber policy at the highest levels, she unpacks the overlooked signals in Eastern Europe, the evolving threats to democracy, and why cybersecurity is as much about political readiness as it is about technical defense.
Tell us one story from your career that taught you a valuable lesson.
One of my personal first-hand experiences with cyber security goes back to 2017, when Estonia’s digital ID card system got hit with a crisis. I was in the middle of getting inaugurated to become the Director of the NATO CCDCOE when I noticed several high-level decision makers attending the ceremony getting a crisis call. It soon appeared that Estonia experienced a cyber crisis caused by a vulnerability found in the smart card chips. Since the chip was used in the electronic identity card – our national ID-card – issued by the Estonian State to more than half of the Estonian population, the vulnerability posed a risk to the resilience of Estonian digital state and thus quickly escalated into an ID-card cyber crisis.
As a director managing the NATO cyber centre of excellence with 55 people and 21 nations, I had to daily sign several documents with my ID card. The strategy of Estonia in overcoming this crisis was first to inform everybody about the possible vulnerability. Then, after the suspension of the certificates of the cards with vulnerable chips, the state created a solution allowing cardholders to update the certificates remotely. 94% of the eID cards were renewed. Building on this experience, looking at how decision-makers can become better prepared to anticipate and understand the effects of cyber-attacks, I believe holding exercises in how to respond to cyber-attacks is one of the best ways to raise awareness at the political level.
What is a key marker about where things are going right now in Eastern Europe that is overlooked and we need to pay closer attention to? What would be a signal for good development – and for things going really badly?
Building compliance with the new NIS 2 directive in EU Member States, notably in countries where cybersecurity governance and capacities can serve as a lesson learned, such as Czechia and the Netherlands.
Through the lens of your line of work, what is one significant but under-discussed trend affecting democracy globally today?
Fake news and supply chain security.
Who is the one expert/agent/thinker you would recommend people follow closely in order to understand the world better right now and why?
For cybersecurity Thomas Rid https://x.com/RidT, (Author of ’Active Measures, ’Cyber War Will Not Take Place’, Johns Hopkins), Mikko Hyppönen, Dan Black https://x.com/DanWBlack (Cyber Espionage Analyst at GoogleMandiant).
Merle Maigre works as the Senior Cyber Security Expert at e-Governance Academy. Previously, she worked at CybExer Technologies, an Estonian enterprise providing cyber training. From 2017 to 2018, Merle served as the Director of the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) in Tallinn, which is a multinational hub of cyber defense expertise for NATO. Between 2012 and 2017, Merle Maigre worked as the Security Policy Adviser to Estonian Presidents Kersti Kaljulaid and Toomas Hendrik Ilves, being the President’s chief advisor on domestic and international security issues, including cyber defense.
