DURING MY TENURE as the commander of U.S. Army Europe, I visited Estonia and its fledgling Cyber Defense Centre in Tallinn. What I saw there in 2012 left a lasting impression. A small nation, Estonia aspired to be an entrepreneurial country using digital capabilities. But in 2007, The Russians took aim at those new capabilities, and Estonia experienced the world’s first full-scale cyberattack directed by a hostile state. After the nearly month-long digital onslaught, the Estonians learned, adapted, and built a stronger digital fortress to resist future attacks. What Estonia taught me nearly two decades ago remains true today: Cyber resilience is not a luxury for modern nations; it’s a strategic necessity.

Which makes President Trump’s recent decision to gut the U.S. Cybersecurity and Infrastructure Security Agency (CISA) even more dangerous. After a decade of our intelligence community ranking cyberwarfare among our top national security threats, dismantling the agency tasked with defending our digital homeland is reckless and shortsighted.

Share

Russia’s 2007 attack against Estonia was, at heart, a response to a political issue. The Estonian government had decided to relocate a Soviet-era World War II monument—known as the Bronze Soldier—from downtown Tallinn to a military cemetery. For non-Russian Estonians, the statue represented Soviet occupation. For the country’s Russian-speaking minority and the Kremlin, it was a symbol of victory over fascism. Moscow seized on Estonia’s decision, portraying it as an affront to Russian history, and mounted a diplomatic pressure campaign to prevent the relocation. Violent protests by ethnic Russians resulted in hundreds of injuries and arrests and many smashed shop windows and overturned cars.

But when the real assault finally arrived, it came across the internet.

The Russian cyberattack was coordinated, sweeping, and relentless. It began on April 27, 2007, the day the monument was moved, and proceeded in stages over three punishing weeks. First came the hits on government websites—those of the president, prime minister, parliament, and key ministries. Distributed denial-of-service (DDoS) attacks crippled official communications. Citizens couldn’t access public information. Government workers couldn’t rely on internal networks.

Soon, the attack spread to the media. Major newspapers like the Postimees and television broadcasters went dark online. For a population already rattled by protests and political tension, the loss of reliable information was deeply destabilizing. The digital blackout created an environment ripe for disinformation, fear, and confusion.

Then the banks were targeted. Estonia’s largest financial institutions, including SEB Eesti Ühispank and Hansapank, were overwhelmed. Online services were paralyzed. ATMs were rendered inoperable. People couldn’t pay bills, access salaries, or transfer funds. The economic pulse of the country faltered in real time.

In the final phase, the attackers turned to emergency responders and core infrastructure. Phone lines to emergency services were jammed. Legislative portals froze. Critical databases were either wiped or locked. The tiny country was on the edge of digital paralysis.

Estonia survived. But it had learned the hard way that in the twenty-first century, the front line isn’t always geographic. Sometimes it’s algorithmic.

WHEN I VISITED THE CYBER CENTER in Tallinn, all I could think of was what if this happened in the United States.

Imagine being in an emergency room with a family member. Suddenly, hospital systems crash. Doctors can’t access medical records. Prescriptions, allergies, previous diagnoses—all inaccessible. This isn’t speculative. In 2019, a ransomware attack forced numerous systems used by the Springhill Medical Center in Alabama offline. A newborn died during the outage because staff couldn’t access critical information in time.

Picture rush hour in Washington, D.C., or Los Angeles. Traffic lights fail. GPS systems malfunction. Subway control systems stall. In 2020, a technical problem briefly disrupted 911 emergency services across fourteen states; it’s not hard to imagine that outcome replicated deliberately by the agents of a hostile power. In recent years, hackers in China and Russia have breached transit computer systems in New York City and D.C.

Imagine finding your online bank account has vanished. Your retirement fund is frozen. Your paycheck hasn’t arrived. In 2016, North Korean hackers stole $81 million from Bangladesh Bank. It could just as easily have been Wells Fargo, JPMorgan Chase, or the Social Security Administration.

Now imagine all this happening during a national election.

Your polling location’s digital rolls are wiped. Machines jam or misreport. Your county’s election website—normally the trusted source of real-time results—is offline. And as chaos unfolds, disinformation floods your social media feed, engineered to deepen mistrust.

This is what CISA was created to prevent.

ESTABLISHED UNDER the Department of Homeland Security as the National Protection and Programs Directorate (NPPD) in 2007 and re-established by an act of Congress as an independent agency with its current name in 2018, CISA has become America’s nerve center for digital defense. It works with state governments to secure election infrastructure, warns utilities and hospitals of incoming threats, coordinates real-time responses to attacks on financial systems and energy grids, and builds partnerships between government and the private sector to harden areas of vulnerability. It is not just a tech agency—it is the digital equivalent of NORAD, or the hurricane warning center in the National Weather Service.

When Chris Krebs, then the director of CISA, publicly confirmed that the 2020 election was “the most secure in American history,” he was fired by President Trump. That was a warning sign. Now the proposed cuts in funding and personnel threaten to systematically dismantle CISA’s capacity to defend the nation’s infrastructure—physical, electoral, medical, financial.

This isn’t bureaucratic belt-tightening. It’s a strategic retreat in the middle of a war.

After the 2007 attack, the Estonians rebuilt based on the lessons they had learned. They digitized the government with blockchain technology, built a secure national ID system to protect citizens’ data, and backed up the entire state apparatus with encrypted servers in Luxembourg—a “data embassy” that ensures national continuity even in a digital blackout. They also organized a “Cyber Defense Unit,” an all-volunteer corps of engineers, IT professionals, and reservists trained to mobilize during digital emergencies. Cybersecurity in Estonia became a whole-of-society effort. And it worked.

Estonia became not only a model for other democracies, but a core contributor to NATO’s understanding of cyber conflict. Their center of excellence isn’t just a think tank—it’s a war college for digital defense. When I visited, I was struck by the seriousness with which they approached what many in the United States still considered a technical or marginal concern. They knew better, because they had lived it.

While the context of cyber conflict and security is technology, the core issue at play is trust. Society depends on a foundational level of trust to function. Trust that your vote counts. That your hospital can save your child. That your bank account is secure. That the lights turn on and the water is clean. Cyberattacks aim to break that trust—not just with damage, but with doubt.

If we undermine CISA, the agency responsible for safeguarding that trust, we don’t just weaken our defenses—we invite the next attack. And we won’t be able to claim we were caught off guard. The warnings have already come—loud and often. From SolarWinds to Colonial Pipeline, from the (largely pre-empted) attempts to interfere with the 2020 election to the continuous probing of our energy grid, we’ve seen the signs.

Cyber warfare is not a tomorrow problem. Estonia faced it in 2007 and responded with unity, innovation, and urgency. The United States now risks doing the opposite—dividing, defunding, and deflecting as threats continue to grow. Slashing CISA’s capabilities sends the worst possible message to adversaries like Russia, China, Iran, and North Korea: “Come on in. Our guard is down.”

As someone who has commanded American troops, advised NATO allies, and seen firsthand the consequences of digital vulnerability, I urge the Trump administration—and the American people—to reconsider. Because in this new battlespace, it’s not just about who has the most tanks, planes, or drones. It’s about who can protect their people, their institutions, and their way of life in a world where war is already being waged with ones and zeroes.

And right now, we’re pulling our sentries off the wall.

Share