 So, today the topic is cyber defence, but if you allow me then I would maybe start from a more philosophical notion of what actually is cyberspace and how exactly we should treat this new domain. Cyberspace is something very new for all of us, for the governments especially and for the policy makers in the governments especially. It has been very technical domain, there is good experience around amongst the technical communities and I see many practitioners in the room and I'm very glad that we have more and more practitioners also becoming policy makers in this field. But as a public policy maker for almost 20 years I see quite interesting similarities with other new fields in cyber because we lack institutions domestically in cyber as we lack them possibly in some of the areas before. We also lack the proper coordination quite often domestically when we try to put together our cyber projects nationally. And then we lack skilled people, we lack good training programmes and then we lack awareness. So I think these are the major topics we all have to work hard and that will make in the end our cyber, let's say future or our cyber project much more resilient. Because we cannot really speak about the defence in traditional terms when we speak about cyber issues. Cyber as such is a very non-state concept, it's IT technology in a way innovation by the private sector and civil society entusias that has gone into internet in the last decades. So this is a very anti-government concept. Governments are not easy to deal with these kind of asumeric networking type of new entities because the governments are more hierarchical, governments rely on certain procedures and processes and cyberspace is something new for the governments. And therefore the policy responses that we have to choose have to be a little different than we are used to in more traditional areas, especially when it comes to national security and defence. So I would say that what we need to do in cyberspace in order to make it more resilient or defend our organisations, our computers, our information systems is to enhance the capacities at different levels. So when we talk about the national level then we need a very strong bottom part of the pyramid which is the civilian non-state strong cyber resilience capacities. It's 80% of private sector that runs our businesses and we know that none of the governments is powerful enough to tell majority of the critical providers what exactly should be done locally in order to protect the critical services running. So this has to be a private partnership and it has to be a project that involves all the private actors. Then also cyberspace is not hierarchical, cyberspace is a network. In order to have a good resilient structure, a good crisis management structure, a good defence strategy we have to start thinking as a network. It's network against network. It's not the network against hierarchy because I'm very sorry but hierarchy will lose. And this is something that we learned in 2007 in Estonia that this was the network of non-state actors that helped to fend off the attacks. It was not a government agency. It was not one organisation in a country. It was a network of different organisations that coordinated. And that's how they could resist for three weeks of serious DDoS attacks. So when it comes to a more policy response what we have seen so far, then I think European Union provides a very interesting example of different very resilient national governmental cyber models. We can see at least three or four different models now emerging inside of the European Union by the different regions, different countries there. And in the end, every nation in the world has to find its own cyber model to become more defended and more resilient in this space. What we have in EU right now, we can observe the Nordic strong voluntary public-private partnership cooperation model which also is possibly enhanced by the cultural, institutional and organisational traditions of Nordic nations where I think Estonia belongs to because we have had almost 1,000 years of the certain culture of holding the society together. And this has helped us now to define ourselves also in cyber area. Then we have a more intelligence-led gentleman agreement model which is the UK model where certain entities have good cooperation, coordination and agreements already that this coordination dates back to cold war times when the critical infrastructure was important and now this has been extended to cyber ratios. Then we have a third model which is more top-town regulatory model. This more dirigist model possibly is that continental European, central European or sometimes people say more French model but I don't think that we should associate this with one country. So there you could see them feel that we should regulate, we should tell the private sector what to do and how exactly to do it. So these kind of tendencies you see as well. So as you know the EU proposal for cyber directive is still in the European parliament right now and the policy makers are still deciding what kind of model and how and when this EU legislation will come out. So what this legislation possibly should achieve is a little more unified cyber resilience across the European Union because we have quite big differences between different regions and between different countries in the EU right now. So to wrap up the national part of my presentation and before I start with some comments on international part I would say that when it comes to national defence and national security then the successful national cyber defence model is always also multi-stakeholder model. It has to be civilian military cooperation that it is based on. It should have involvement of the private sector. It should have the support from broad civilian base and possibly the best advice would be to have good national exercise with all different national agencies and organisations involved and start doing it as often as possible in cyber and then your model comes together. So if you are looking for advice in this national part. The second very important part to make cyberspace more stable is to have a good international cyber policy. In cyberspace what we have seen in last decades is still it's a baby policy area I would call it. It's not comparable even with more traditional international policies where we know what to do. We have some sort of agreements between the governments. We have the clear understanding of the behaviour of the biggest actors in cyber which are doing the first steps. So it's good very glad news that yesterday night actually there was a very important set of cyber norms agreed to OSCE which is the organisation for security and cooperation in Europe on what exactly the countries are supposed to be doing in cyberspace. So we have the first set of cyber norms now agreed by almost 50 countries or participating states as they call themselves there. So I think this is a very great achievement and I'm very glad that this happened it's going to be a very good model globally because OSCE as we know has a large number of countries and we hope that the same cyber norms approach will be taken also by other important regional security organisations like ASEAN regional forum and where China also is a part and this is a big win for the diplomatic community internationally that we have the first set of cyber norms now agreed. What is this set of cyber norms? What exactly the states then agreed? They now agreed that they start talking on cyber business to each other officially because so far it has happened between some of the partners sometimes with some success in some cases but there is no good model or no good idea how exactly we should carry out this kind of cyber information exchanges or what should we do when cyber crisis hits us? Who should we call in another country in FIWON 2? So everything we have had so far was basically informal. Now there is a first form a little more formalised norm agreed between the countries so and it's still political military field but hopefully the norms, the cyber norms will at some point also involve more multi-stakeholder community. So the second step that we need to do internationally is to make sure that rule of law and the existing laws, not new laws apply in cyberspace. There are some calls for new treaties and new laws from now and sometimes in bigger international organisations and we the cyber people don't think that new laws can fix cyberspace, we have to apply the existing ones. We have the Budapest Convention for Cybercrime to address problems related to criminal activities in cyberspace. We have the International Humanitarian Law that has said very long time ago the principles of guiding or of behaviour of the states during the conflicts. So this just has to apply now to cyberspace because it really doesn't matter how do I hit you, I need to follow the same moral principles, right? So and then we have the other international laws like human rights laws and others that should also apply in cyberspace. So as was mentioned you already before by our US colleague we need to keep internet free and open and this has been a big debate during last year how exactly we do it and we possibly need a little better coordination between the like-minded countries and also not so like-minded countries to convince that the current model where the private sector is in the lead is exactly what we need for the future innovation and the economic growth. And this is our let's say big goal for the next coming years and how we actually convince the countries that are just very poor or not very resourceful in technology field or field that they are on the different side of the digital divide. So I think what we really have to now concentrate on is the capacity building and to find the right way to do it is also very important. Maybe we should start asking the countries that are still in the beginning of their technology development what exactly should be done to help them and how to make it more resilient already from the outset because they should not repeat our mistakes that we put all the systems up and now we start securing them. Maybe it's possible for them to have a little more resilient elements already in before they develop those systems. Capacity building is one of the areas which is possibly the biggest priority for the EU external action service because development 80 is our traditional niche. We have earmarked some funds for the next five years for this project and we are going to find the model that works for us in the European Union and of course we should coordinate this globally with our partners. So how we actually can bring together the development community and cyber community is still a question. The second question is to actually have a good understanding on the priorities in third countries what should be achieved there and also the question would be how private sector would factor into this project. So we try to organize a series of workshops and events to answer this question in next year and this will be our absolute priority to make cyberspace much more secure. Thank you.