In 2007 the first ever widely acknowledged cyber war took place in Estonia and at the peak of these attacks 58 government, newspaper and bank websites were down at the same time. Prior to this incident cyber security had not been taken as a serious threat to a country and it's citizens. There was not common code of conduct against such attacks and nobody knew if a cyber attack against a NATO nation would activate collective defense under Article 5. It wasn't even clear if a state could legitimately respond to cyber-attacks.
Now let's jump 10 years into the future and Estonia is known around the world as a cyber security heavy-weight and advises a lot of nations around the world about cyber security related matters. The NATO Cooperative Cyber Defense Centre of Excellence (CCD COE) is also located in Tallinn, the capital of Estonia and it focuses on research, development, training and education in both the technical and non-technical aspects of cyber-defense. Let's take a look at the different aspects of how Estonia manages their cyber security.
Technology
Estonia has created intrusion detection and prevention systems and Estonia's current cyber security is made even better by their e-government infrastructure, reliable digital identity and a central system for reporting and resolving cyber incidents. New technology is being developed constantly at the CCD COE and spread across the globe to make the whole world a safer place in terms of cyber security.
In 2019, the issue of 5G networks captivated governments around the world. The technology in question will, in the coming years, revolutionize the digital economy and society. To that end, a special expert group was set up by the European Commission. In October 2019, this group published a coordinated 5G risk assessment. This document focused on the threats, assets, vulnerabilities, and risk scenarios of 5G. In January 2020, a toolbox of possible measures followed.
Training
Estonia practices cooperation with both public and private institutions, which significantly increases the awareness of users on cyber security related issues. Each year Locked Shields, an annual scenario-based, real-time network defense exercise is held, where intense pressure is put on competing teams to maintain and secure the networks and services of a fictional country. To stay relevant Locked Shields focuses on realistic and cutting-edge technologies, networks and attack methods. For example in 2017, the exercise took place in a fictional military airbase, where participants had to defend against attacks on the airbase's electrical power grid system, unmanned aerial vehicles and military command and control systems.
Policy
Estonia has a mandatory security baseline for all government authorities and vital service providers have to assess and manage their information and communication technology (ICT) risks. The president of Estonia Kersti Kaljulaid said at the international conference on cyber conflict (CyCon) 2019: "If we want cyberspace to become a safe, secure, and stable
domain, then malicious cyber activities should have similar
consequences as attacks carried out in the ‘analogue’ world."
The Tallinn Manual is an academic, non-binding study on how international law applies to cyber conflicts and cyber warfare. Between 2009 and 2012 the manual was written at the invitation of the Tallinn-based NATO CCD COE by an international group of approximately twenty experts. As such, it was the first effort to analyze this topic comprehensively and authoritatively and to bring some degree of clarity to the associated complex legal issues.
References:
- https://e-estonia.com/how-estonia-became-a-global-heavyweight-in-cyber-security/
- https://www.ria.ee/sites/default/files/cyber_aastaraamat_eng_web_2020.pdf
- https://ega.ee/wp-content/uploads/2020/05/Kuberturvalisuse_kasiraamat_ENG.pdf
- https://vm.ee/en/cyber-security
Kommentaarid
Postita kommentaar