Estonia’s IT leaders have proposed an ambitious plan for the country: Estonia should be moved into the cloud, which would make occupying the country meaningless.
Last week, Estonia’s weekly newspaper, Eesti Ekspress, published an article about an ambitious plan suggested by a number of Estonian IT leaders – Jaan Priisalu, Linnar Viik, Sten Tamkivi and Taavi Kotka – to move critical information systems and databases into a state cloud with supporting data centres all over the world. The concept suggests storing the data at Estonian embassies in friendly foreign countries as critical data and information systems need to be located within the country’s borders.
However, embassies alone would not be sufficient for storing all the data and for that reason additional data embassies should be established. Such servers, located, for example, in the Netherlands, Canada, Germany and Australia, would include information systems and data that are necessary for the successful conservation of the country: population register, business register, land register and e-health and e-government systems among others.
Jaan Priisalu, the Director of Estonian Information System’s Authority, says that all the “technical pieces to put together a well-functioning state cloud are already available”. The data exchange layer X-road, Estonia’s technical and organisational environment, enables secure Internet-based data exchange between the state’s information systems. The same would also be possible in the cloud.
“This solution would, supposedly, make occupying Estonia pointless as the country would keep securely functioning in the state cloud.”
The state cloud would serve as an additional security measure. In case of an overwhelming cyber attack, Estonia’s public e-services would be able to function from the mentioned national or data embassies located in friendly foreign countries. This solution would, supposedly, make occupying Estonia pointless as the country would keep securely functioning in the state cloud.
Taavi Kotka, Deputy Secretary General of ICT at the Ministry of Economic Affairs and Communication, suggests it would still be possible to carry out essential state processes. People would still be able to elect the parliament and the tax authority could collect taxes. Businesses would be able to function, documents would still move and we would still be giving birth to Estonian citizens. It would prove to be very difficult to cyber attack and/or “switch off” the internet in all our friendly foreign partner states.
Consultations with potential partners have already begun. Also, no additional changes in laws or substantial investments are necessary (currently, Estonia’s IT-spending is about €50 million per year.) Furthermore, Priisalu suggests that, if successful, it could only take around two years to build a state cloud. Only political will is required to fulfil this idea.
Although a thought-provoking idea, the state cloud does not replace a strong defence army; rather, it makes it more difficult for Estonia’s enemy to “break into” the country. A representative of the Ministry of Defence insists that Estonia would still need a strong conventional defence force should the enemy attack its (physical) territory. In any case, it is possible to hack into the cloud with enough time and resources.
I
This was first reported by Estonian weekly newspaper Eesti Ekspress. You can read the Estonian version of the article here.
The cover photo is illustrative.
The idea was intriguing when I first read it, but upon more thought, this is just a gimmick.
First, by spreading out the data around the world, that makes it more vulnerable (more copies of it) as in more possible places to penetrate it. Second, in terms of preventing a cyberattack, the attacker can just cyber-attack those servers abroad. Third, a cyberattack on Estonian network infrastructure would not be impeded by this — if Estonians can’t get to their online services because their home internet connect in Estonia is broken (due to cyberattack) then it’s no good anyway.
Then there’s the bigger issue about how important this is. Yes, it’s nice if you can still vote, pay your taxes, etc. Great. But these are secondary concerns if a country is under attack from terrorists or other nations. If a foreign force were to invade Estonian territory, or terrorists staged a major attack on Estonian soil, who cares that the Estonian government can still process income tax filings? What’s more important is that the government can respond to those physical threats, on the ground, and have a government cloud would play only a minor role in that at most.
The essence of this article lies in the last paragraph, not in the first. Data embassies would not make occupying the country meaningless but:
“Although a thought-provoking idea, the state cloud does not replace a
strong defence army; rather, it makes it more difficult for Estonia’s
enemy to “break into” the country.”