Estonian Cyber Security Strategy Document: Translated and Public

By Gadi Evron
Gadi Evron

The Estonians have a public version of their cyber security strategy translated into English (currently available offline only see update below). The concept of a national strategy for cyber security is one which I am particularly fond of (also see previous post, An Account of the Estonian Internet War).

The following is the Summary section from the document which might be of interest (Estonian Cyber Security Strategy — Cyber Security Strategy Committee, Ministry of Defence, ESTONIA, Tallinn 2008):

* * *

The asymmetrical threat posed by cyber attacks and the inherent vulnerabilities of cyberspace constitute a serious security risk confronting all nations. For this reason, the cyber threats need to be addressed at the global level. Given the gravity of the threat and of the interests at stake, it is imperative that the comprehensive use of information technology solutions be supported by a high level of security measures and be embedded also in a broad and sophisticated cyber security culture.

It is an essential precondition for the securing of cyberspace that every operator of a computer, computer network or information system realises the personal responsibility of using the data and instruments of communication at his or her disposal in a purposeful and appropriate manner.

Estonia's cyber security strategy seeks primarily to reduce the inherent vulnerabilities of cyberspace in the nation as a whole. This will be accomplished through the implementation of national action plans and through active international co-operation, and so will support the enhancement of cyber security in other countries as well.

In advance of our strategic objectives on cyber security, the following policy fronts have been identified:

Policies for enhancing cyber security

1. The development and large-scale implementation of a system of security measures

The dependence of the daily functioning of society on IT solutions makes the development of adequate security measures an urgent need. Every information system owner must acknowledge the risks related to the disturbance of the service he or she provides. Up-to-date and economically expedient security measures must therefore be developed and implemented. The key objectives in developing and implementing a system of security measures are as follows:

2. Increasing competence in cyber security

In order to achieve the necessary competence in the field of cyber security, the following objectives have been established for training and research:

3. Improvement of the legal framework for supporting cyber security

The development of domestic and international legislation in the field of cyber security is aimed at:

4. Bolstering international co-operation

In terms of developing international co-operation in ensuring cyber security, the Strategy aims at:

5. Raising awareness on cyber security

Raising public awareness on the nature and urgency of the cyber threats might be achieved by:


* * *

Updated 9/26/2008: The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. My contact there specified she'd be happy to answer any questions. To avoid spam of her inbox, email me for her address (ge@linuxbox.org)

By Gadi Evron, Security Strategist. Visit the blog maintained by Gadi Evron here.

Related topics: Cyberattack, Cybercrime, Cybersecurity

Comments

document now available online Gadi Evron  –  Sep 26, 2008 10:08 AM PDT

The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. My contact there specified she'd be happy to answer any questions. To avoid spam of her inbox, email me for her address (ge@linuxbox.org)