Home / Blogs

Estonian Cyber Security Strategy Document: Translated and Public

Gadi Evron

The Estonians have a public version of their cyber security strategy translated into English (currently available offline only see update below). The concept of a national strategy for cyber security is one which I am particularly fond of (also see previous post, An Account of the Estonian Internet War).

The following is the Summary section from the document which might be of interest (Estonian Cyber Security Strategy — Cyber Security Strategy Committee, Ministry of Defence, ESTONIA, Tallinn 2008):

* * *

The asymmetrical threat posed by cyber attacks and the inherent vulnerabilities of cyberspace constitute a serious security risk confronting all nations. For this reason, the cyber threats need to be addressed at the global level. Given the gravity of the threat and of the interests at stake, it is imperative that the comprehensive use of information technology solutions be supported by a high level of security measures and be embedded also in a broad and sophisticated cyber security culture.

It is an essential precondition for the securing of cyberspace that every operator of a computer, computer network or information system realises the personal responsibility of using the data and instruments of communication at his or her disposal in a purposeful and appropriate manner.

Estonia's cyber security strategy seeks primarily to reduce the inherent vulnerabilities of cyberspace in the nation as a whole. This will be accomplished through the implementation of national action plans and through active international co-operation, and so will support the enhancement of cyber security in other countries as well.

In advance of our strategic objectives on cyber security, the following policy fronts have been identified:

  • application of a graduated system of security measures in Estonia;
  • development of Estonia's expertise in and high awareness of information security to the highest standard of excellence;
  • development of an appropriate regulatory and legal framework to support the secure and seamless operability of information systems;
  • promoting international co-operation aimed at strengthening global cyber security.

Policies for enhancing cyber security

1. The development and large-scale implementation of a system of security measures

The dependence of the daily functioning of society on IT solutions makes the development of adequate security measures an urgent need. Every information system owner must acknowledge the risks related to the disturbance of the service he or she provides. Up-to-date and economically expedient security measures must therefore be developed and implemented. The key objectives in developing and implementing a system of security measures are as follows:

  • to bolster requirements for the security of critical infrastructures in order to increase its resistance, and that of related services, against threats in cyberspace; to tighten the security goals of the information systems and services provided by the critical infrastructure;
  • to strengthen the physical and logical infrastructure of the Internet. The security of the Internet is vital to ensuring cyber security, since most of cyberspace is Internet-based. The main priorities in this respect are: strengthening the infrastructure of the Internet, including domain name servers (DNS); improving the automated restriction of Internet service users according to the nature of their traffic, and increasing the widespread use of means of authentication;
  • to enhance the security of the control systems of Estonia's critical infrastructure,
  • to improve on an incessant basis the capacity to meet the emergence of newer and technologically more advanced assault methods;
  • to enhance inter-agency co-operation and co-ordination in ensuring cyber security and to continue public and private sector co-operation in protecting the critical information infrastructure.

2. Increasing competence in cyber security

In order to achieve the necessary competence in the field of cyber security, the following objectives have been established for training and research:

  • to provide high quality and accessible information security-related training in order to achieve competence in both the public and private sectors; to this end, to establish common requirements for IT staff competence in information security and to set up a system for in-service training and evaluation;
  • to intensify research and development in cyber security so as to ensure national defence in that field; to enhance international research co-operation; and to ensure competence in providing high-level training;
  • to ensure readiness in managing cyber security crises in both the public and private sectors;
  • to develop expertise in cyber security based on innovative research and development.

3. Improvement of the legal framework for supporting cyber security

The development of domestic and international legislation in the field of cyber security is aimed at:

  • aligning Estonia's legal framework with the objectives and requirements of the Cyber Security Strategy;
  • developing legislation on protection of the critical information infrastructure;
  • participating in international law-making in the field of cyber security and taking steps internationally to introduce and promote legislative solutions developed in Estonia.

4. Bolstering international co-operation

In terms of developing international co-operation in ensuring cyber security, the Strategy aims at:

  • achieving worldwide moral condemnation of cyber attacks given their negative effects on people's lives and the functioning of society, while recognising that meeting the cyber threats should not serve as a pretext for undermining human rights and democratic freedoms;
  • promoting countries' adopting of international conventions regulating cyber crime and cyber attacks, and making the content of such conventions known to the international public;
  • participating in the development and implementation of international cyber security policies and the shaping of the global cyber culture;
  • developing co-operative networks in the field of cyber security and improving the functioning of such networks.

5. Raising awareness on cyber security

Raising public awareness on the nature and urgency of the cyber threats might be achieved by:

  • presenting Estonia's expertise and experience in the area of cyber security at both the domestic and international level, and supporting co-operative networks;
  • raising awareness of information security among all computer users with particular focus on individual users and SMEs by informing the public about threats existing in the cyberspace and improving knowledge on the safe use of computers;
  • co-ordinating the distribution of information on cyber threats and organising the awareness campaigns in co-operation with the private sector.

* * *

Updated 9/26/2008: The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. My contact there specified she'd be happy to answer any questions. To avoid spam of her inbox, email me for her address (ge@linuxbox.org)

By Gadi Evron, Security Strategist. More blog posts from Gadi Evron can also be read here.

Related topics: Cyberattack, Cybercrime, Cybersecurity

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

document now available online Gadi Evron  –  Sep 26, 2008 10:08 AM PDT

The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. My contact there specified she'd be happy to answer any questions. To avoid spam of her inbox, email me for her address (ge@linuxbox.org)

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum