Estonian President Kersti Kaljulaid has announced that her country must develop its cyber-security and cryptography capabilities to support the development of e-state services, and avoid a repetition of Estonia’s 2017 ID card crisis which has exposed various institutional weaknesses.
"The rapid development of technology is also putting Estonia at the forefront. In no other country is e-government a vital service, but the people of Estonia no longer accept paperwork, so we have no alternative," Kaljulaid said, as quoted in a statement released by her office. "Estonia’s e-government continues to be the best in the world, but we have to constantly compete with the best in the industry and it takes decisions. That is why we need to think, for example, of further developing cryptographic knowledge and skills in the country. Improving information security and cyber-security capabilities is also key, without which e-government cannot be sustainable."
The president said that, while Estonians are generally considered to be proud of the country’s e-government system, "it is clear that our heavy reliance on e-services has become essentially a security issue".
To overhaul the country’ e-government policies, it was agreed that the Estonian Minister for Foreign Trade and Information Technology would develop proposals to strengthen the country's cryptographic and information security areas by the end of this year, according to Kaljulaid.
Kaljulaid said the authorities should present a coherent e-government policy, and relevant roles should be divided among respective government entities.
"There is also a need for more people who understand and create security solutions, including cryptography, and for the people to control and audit their activities. Government of Estonia has acknowledged the matter and has made this a high priority in its next four-year state budget strategy," according to the president.
Raul Rikk, the cyber-security policy director of the Estonian Ministry of Economic Affairs and Communication, told SC Media UK that, to effectively support the development of Estonia’s e-state services, the country should pursue three main priorities.
"We need to raise our academic capability for understanding digital trends, analysing cyber threats and developing security solutions. Digital innovation must be thought through, be justified and the risks calculated. Academic capability must be comprehensive and sustainable," Rikk said. "We need to reform our cyber-security organisation in order to tackle new sophisticated cyber-challenges. Our society depends on cyber systems, which means, that the security system must meet the demands of the digital society."
In addition to this, by recognising that cyber-security is a developing economic area, Estonia needs to further develop "a supportive environment for entrepreneurs for creating new cyber-security products, services and start-ups," Rikk said.
Anna Piperal, the managing director of the e-Estonia Showroom at the state-run agency Enterprise Estonia, told SC Media UK that digital technologies are "at the heart of Estonian nation. Convenience, penetration of e-services and trust from the people reflect a large acceptance of that concept."
For the country’s authorities, this also means that Estonians have increasingly high expectations regarding the reliability of e-services, as exemplified by the controversies related to the country’s ID card crisis of 2017. A vulnerability identified by an international team of researchers that year forced the authorities to suspend some 760,000 Estonian ID card certificates, confirming that more than half of Estonia’s population was put at risk of identity threat. In December 2017, the Estonian police said that a software update allowed to bypass the security risk that was related to the chips used in ID cards, digital IDs, and residence permits.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout