Patrik Maldre: The state of Estonia’s cyber security

Patrik Maldre, a cyber security expert, takes a look at the Estonian government’s recently published report, “Cyber Security in Estonia” and states that Estonia continues to take substantial strides in the cyber security field both domestically and internationally.

For more than a decade, Estonia has been focused on cyber security as a national priority. It is a topic that touches the whole country, from regular computer users to the president’s office.

As a digital society, Estonians benefit greatly from the internet, but we also need to be aware of the risks. The state, meanwhile, focuses both on protecting its citizens and institutions at home as well as pushing cyber security forward at the international level. 

That’s why the government’s recently published “Cyber Security in Estonia 2020” report is so interesting – it provides a holistic view of the country’s views, accomplishments, threats and opportunities. It’s worthwhile reading for policymakers, network defenders and individual users alike. 

Cyber security governance in Estonia. Screenshot from the report.
Cyber security governance in Estonia. Screenshot from the report.

The report starts with a piece by the Estonian president, Kersti Kaljulaid, about the importance of international law for Estonia in cyberspace. The president and the country’s diplomats contribute to Estonia’s cyber security by representing Estonia internationally, advancing global cyber policy to make the world safer and developing strong relationships with friends and allies. 

The absolute highlight for these two parties was when Estonia became the first country ever to raise the topic of cyber security at a United Nations Security Council meeting in March 2020 during Estonia’s presidency. In the report, furthermore, Kaljulaid quoted Lennart Meri, Estonia’s first post-Soviet occupation president, who says that “international law is the nuclear weapon of a small state” as she describes the interagency process she initiated to help Estonia define its views on the subject. 

Summary of Estonian positions on how international law applies in cyberspace. Screenshot from the report.

Estonian organisations and individuals frequently targeted

The foreign ministry enacts this vision on a daily basis, and its contribution to the report stresses its efforts to attribute and deter “cyber operations that pose a threat to the stability of our economies and democratic institutions”. In the last two years, the foreign ministry partnered with allies around the world to call out destructive or illegal Russia-linked cyber operations by its military intelligence agency – the GRU – as well as China-nexus operations by a sophisticated threat actor known as APT10. These bold efforts make it clear that Estonia will continue to be a strong voice in the international cyber security arena for years to come.

When it comes to direct threats, Estonian organisations and individuals are regularly targeted by various types of cybercriminals. The Information System Authority and the Police and Border Guard are responsible for technical network defence and stopping cybercrime in Estonia. Both stress the risk of phishing, where adversaries send links or attachments to compromise computers, accounts, and data. 

The most serious and innovative campaign from last year involved many Estonians being targeted by online banking-themed e-mails that also simulated a Smart-ID login to defeat two-factor authentication. Victims were likely to lose money from bank transfers after enabling attackers to log into their accounts. Another major trend reaching Estonia is business e-mail compromise. In this type of attack, phishing e-mails against corporate accounts are used to trick users into entering credentials, which enables account takeover. Attackers then impersonate the target to get business partners to transfer money to criminals’ accounts. 

“Losses ranged from 10,000 to over 100,000 euros, which may be business-ending losses for small or medium-size businesses”. In both cases, the Estonian authorities emphasise that users are the critical piece of the security equation – if users do not click on malicious links and enter credentials, criminals will be out of luck. 

Incidents registered by CERT-EE in 2019. Screenshot from the report.
Incidents registered by CERT-EE in 2019. Screenshot from the report.

Russia is the most serious foreign threat

The intelligence agencies also warn of national-level threats to Estonia as well as to international institutions. They are responsible for protecting Estonia against sophisticated espionage and criminal operations. The Internal Security Service warns that “foreign countries user their offensive capabilities consistently, purposefully, and at a high technical level”. The service identified one Russia-linked hacking group (Gamaredon) that targeted Estonian government officials and one Iran-linked group (Silent Librarian) that conducted an operation against the University of Tartu in the past year. 

The Foreign Intelligence Service, furthermore, focuses on Russia as the most serious foreign threat. It assesses that Russia uses cyber operations “to steal information, but also to undermine unity in countries, exert influence, and punish decisions unfavourable for Russia”. It highlights espionage against the European Union’s delegation in Moscow, election interference around the world, attacks against Olympics-related organisations, and Russia’s long history of targeting the military sector. Both organisations make clear that cyber threats to Estonia and its allies must be taken seriously by users, and substantial resources are needed at the national level to detect, respond to and counter these threats. 

A cyberattack threatening national security is characterised by a complex scrambling of sources. Screenshot from the report.

“Cyber Security in Estonia 2020” also highlights many roles and developments in the defence sector. The defence ministry stresses the importance of planning at the national level, especially training and international cooperation. The Estonian Defence Forces Cyber Command, created in 2018, is close to achieving full operational capability. 

The Estonian Defence League’s Cyber Defence Unit, which celebrates its 10th anniversary next year, engages civilian experts to help protect the nation during crises. Its members (including the author) won a cyber “paintball” competition (attack and defence in virtual cyber range) against many other European and US military teams in October 2019. 

The NATO Cooperative Cyber Defence Centre of Excellence (based in Tallinn, Estonia) continues to “train the alliance” with its flagship Locked Shields technical exercises, the annual CyCon conference and international law resources such as the Tallinn Manual. Estonia’s defence and military community takes cyber security seriously and is constantly preparing to defend the nation in cyberspace. 

Over a hundred breaches or leaks of personal data in 2019

The government’s report includes several contributions from organisations involved in economics, justice and elections. The economy ministry coordinates national cyber security in Estonia. In the report, it focuses on the risks related deployment of 5G technology, specifically reliance on Chinese provider Huawei, and highlights the steps being taken at the national and European Union level to manage the issue. 

The ministry also describes the work of its i-voting working group, whose experts provided various recommendations to the government to make Internet-based voting more secure, transparent and trustworthy. The Data Protection Inspectorate calls attention to 119 incidents involving breaches or leaks of personal data in Estonia in 2019 and calls on organisations to improve their processes and user awareness. 

Lastly, the Estonian Information Security Association, started in 2018 by Estonian companies and universities, draws attention to the contributions of the private sector for Estonia’s cyber security. This includes development of security products, cryptography expertise for e-government services and cyber hygiene education citizens and officials. Private-public partnerships and decentralisation continue to be useful elements of ensuring cyber security at the national level in Estonia.     

In sum, Estonia continues to take substantial strides in the cyber security field both domestically and internationally. This will be even more critical as the world recovers from COVID-19, which has accelerated the Estonia’s (and the world’s) reliance on digital technologies. 

The country’s progress is motivated by the nature of the risks Estonia faces from both cyber criminals as well as advanced nation-state level attackers. Staying ahead of these threats is key for Estonia – we must all do our part in this arena to ensure national security and economic prosperity.

The cover image is illustrative. Photo by Philipp Katzenberger.

Leave a Comment

Your email address will not be published. Required fields are marked *

Estonian World is in a dire need of your support.
Read our appeal here and become a supporter on Patreon 
Scroll to Top