Ukraine, international partners launch Tallinn Mechanism tool for cyber cooperation

A coalition of ministries of foreign affairs, including Ukraine, Canada, Denmark, Estonia, France, Germany, the Netherlands, Poland, Sweden, Great Britain, and the U.S., has announced the launch of a new cybersecurity cooperation tool called the Tallinn Mechanism, also known as ‘The Mechanism.’ The initiative aims to enhance collaboration among partner countries in the cyber industry, particularly in response to Russia’s aggression against Ukraine. 

The primary goal of The Mechanism is to coordinate and support the development of Ukraine’s civilian cyber capabilities, ensuring its ability to defend itself in cyberspace and address long-term cyber resilience needs.

Within the framework of the Tallinn Mechanism, assistance to Ukraine will be coordinated to support and strengthen national cybersecurity and cyber resilience, protect Ukraine’s critical infrastructure, and prevent Russian cyber operations. The new international instrument will also complement existing international efforts to build cyber resilience and cyber defense of Ukraine’s civil infrastructure. In addition to the partner states, non-governmental organizations and the private sector are invited to participate in the work of the Tallinn Mechanism.

The introduction of the mechanism is the result of the joint work of the Ministry of Foreign Affairs, the National Cyber Security Coordination Center, the Ministry of Digital Transformation of Ukraine, the State Service for Special Communications and Information Protection of Ukraine, the Security Service of Ukraine and other involved cybersecurity entities of the country.

The Mechanism acknowledges that the ongoing destruction of Ukraine’s critical infrastructure and the disruption of essential services caused by Russian cyber operations will require substantial multi-year assistance for Ukraine to maintain and strengthen its cybersecurity and cyber resilience capabilities. It also recognizes that disruptive Russian cyber operations and cyber activity are expected to continue well beyond any formal cessation of hostilities, the Mechanism is committed to supporting Ukraine’s cyber capacity-building needs over the long term.

Additionally, the Mechanism is intended to serve as a focal point for Members’ civilian cyber capacity-building support to help integrate/coordinate with other related areas of multinational support to Ukraine and overall increase situational awareness. It also does not inhibit Members from engaging in other bilateral and multilateral cyber capacity-building support to Ukraine in either a formal or an informal manner. Decision-making on general operational matters such as public statements and membership requires consensus.

The Mechanism’s efforts to deliver cyber capacity-building assistance to Ukraine should be coordinated and delivered across three mutually supportive Lines of Effort (LoE) to be effective: short (support), medium (build), and long-term (sustain). Cyber capacity-building support is carried out with respect for international law and in full coordination with relevant Ukrainian counterparts. The principle ‘nothing about Ukraine without Ukraine’ should be the guiding principle for the Mechanism.

The document also identified that the Mechanism is structured as a deconfliction and coordination group, voluntarily composed of members and Observers relying on a rotating lead nation mechanism consisting of a front and back office, and a coordination group. Members of The Mechanism intend to improve coordination and delivery of civilian cyber capacity building across the three LoEs, focused on assistance, recovery, and resilience.

The Mechanism’s LoE is intended to be separate, yet complementary, to military cyber capacity-building efforts and civilian efforts on digital development. The Mechanism aims to interface routinely with other donor initiatives around those efforts to coordinate and de-conflict. Members are encouraged to share information on assistance not affiliated with The Mechanism voluntarily and in coordination with the front and back offices. 

Furthermore, private sector and non-governmental actors are encouraged to contribute to The Mechanism. Contributions provided through The Mechanism must align with its objectives and goals and complement member-based efforts. The coordination group intends to carry out regular lessons learned to develop recommendations to review and improve its functions. 

The Members recognize the potential applicability of The Mechanism to future cyber assistance efforts. Decisions will be taken by members of the Mechanism, whereas Observes are limited to active participation in discussions. Membership applications will be considered on an ad hoc basis, while being considered, candidates may be afforded interim Observer status.

Last month, about fifty member countries from the International Counter Ransomware Initiative (CRI) convened for their third meeting in Washington. The primary focus of the CRI members at this year’s gathering was to enhance capabilities in disrupting attackers and their infrastructure, fostering improved cybersecurity through information sharing, and taking action against ransomware actors.

The U.S. National Institute of Standards and Technology (NIST) has also identified that international engagement plays a crucial role in several ongoing efforts which include the update of the ‘Journey to the Cybersecurity Framework (CSF 2.0),’ revision of digital identity guidelines, and boosting awareness on the NIST Privacy Framework and IoT cybersecurity work. The agency has also undertaken several meetings and held workshops with international participants.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.