Estonia: how the country became ‘poster child’ for national cyber security.

By Aqsa Hussain

Estonia is considered one of the world’s most digitally advanced societies. Much of the country’s state and financial infrastructure is online with ICT being considered one of the central pillars of nation-building by the country’s government. In 2005, it became the first country to hold its elections online and soon after, the first nation to provide e-residency for its citizens. Today, the government is virtually paperless with 99.6% of banking transactions done electronically and 94% of taxes declared online.

Without a doubt Estonia has a keen interest in ensuring its cyber security is up to date. Any hack could result in democratic elections being incorrectly managed or private citizen data being exposed – not that non e-governments are immune to this…

The grand attack…

In 2007, Estonia experienced a cyber attack on an unprecedented scale crippling the banking sector to the media. Known as the ‘digital Pearl Harbour’, it was the first time a country was targeted in an international large-scale cyberattack. The hacks were allegedly committed by Russian authorities after Estonia decided to move a Soviet war memorial. According to the BBC, “Estonians say the memorial symbolised Soviet occupation of the Baltic state. Russians say it is a tribute to those who fought the Nazis.” This was supposedly enough to lead to a full-scale cyberattack on Estonia’s online infrastructure.

The technicalities

The bulk of the attacks were in the form of a denial-of-service attack (DoS attack): this is when the perpetrator disrupts a network connected to the internet by flooding it with superfluous requests which overload the system and ultimately make it unavailable to its intended users.

Although the nature of the attacks were not all that crippling, it did leave users unable to access certain services for several weeks.

Since the attacks in 2007, the government has worked tirelessly with the public and private sector to increase the IT infrastructure’s resilience to another cyberattack. Moreover, it sought to create constructive dialogue within the international community about the imminence, damages and potential prevention of cyber warfare. Several measures the country has taken since the attacks include building stronger ‘authentication services, firewalls and back-up systems’.

Estonia has great motivation in making sure that better solutions to protect their cyberspace are found and that it never has to deal with a crippling online attack again. With a reputation as a leader in e-governance and cyber security across EU and NATO states, Tallinn is now home to the NATO Cooperative Cyber Defence Centre of Excellence whose mission is to “enhance the capability, cooperation and information sharing among NATO, NATO nations and partners in cyber defence by virtue of education, research and development, lessons learned and consultation”.

And this is the bitesize version of how the country is considered the poster child for national cyber security.