national cyber security strategies the estonian approach · estonian cyber security strategy main...
TRANSCRIPT
National Cyber Security Strategies
The Estonian Approach
Piret Pernik
Research Fellow
International Centre for Defence and Security
22 June 2017
Estonia’s cyber security expertise
ITU index 2017: global rank 5, in Europe 1st
ITU index 2014: global rank 5, in Europe 2nd
NATO CCD COE 2008
Cyber Defence Unit of the Estonian Defence League 2011
Locked Shields from 2012
Cyber Coalition from 2013
NATO Cyber range 2014
Cyber conscription pilot 2016
Cyber Command from 2017
National Cyber Security Strategies
• 95+ countries
developing legislation
• 50+ countries with
defensive capabilities
• 30+ countries with
offensive capabilities
Functional strategy
• Defines and prioritizes national, strategic objectives
• Remains focused on the clearly identified core
issues
• Aligns and is harmonized with other policies and
strategies
• Clearly allocates resources and responsibilities
• Implements international best practices and lessons
learned
• Considers international cyber security directions
• Maintains a long rather than short-term perspective
Kerttunen: 2017
Estonia’s Legal Framework
National Cyber Security Strategy
• I iteration 2008-2013
• II iteration 2014-2017
• III iteration under development
Cyber Emergency response plan 2016
Emergency Act 2009, 2016
Other acts, decrees, orders
Government
Security Committee
Cyber Security Council
GovernmentOffice
Ministry of Economic Affairs
and CommunicationsMoD
Ministry ofthe
Interior Ministry of Justice
Ministry of Finance
MFAMinistry
of Science& Education
Estonian Information System Authority (RIA)
Cyber Security Coordination
Estonian Cyber Security Strategy
Main action areas
1. Protection of information systems underlying
important services
• Alternative solutions and cross-dependency
management
• Ensuring digital continuity of the state – Data
Embassies
• …
Estonian Cyber Security Strategy
Main action areas
2. Fight against cybercrime
• Enhance detection
• Raise public awareness
• …
3. Improve national cyber defence capacity
• Synchronize planning
• …
Estonian Cyber Security Strategy
Main action areas
4. Maintaining and improving the cyber security
capability
• Ensure the next generation of cyber security
professionals
• Support development of enterprises providing
cyber security solutions
• R&D
5. Supporting activities
legal framework, international cooperation, international
policy
Estonia in Comparison with the EU
22 EU/EATA countries
Baseline security requirements (16)
Identified critical infrastructure (15)
Cyber emergency response plans (15)
Institutions for inter-agency cooperation (13)
Public-private partnerships (12)
Incentives to the private sector (3)
ENISA: 2016
Challenges
• Change of culture, mindset
• Competing values, priorities
• Sufficient mandates, clear responsibilities
• Financial and human resources
• Integration with other policies
• Implementation, review, adaptation
Pernik: 2013; Kerttunen: 2017
Conclusion
• National strategy is a useful tool for capacity
building, awareness raising, investment decisons,
prioritizing, inter-agency cooperation, etc.
• Successful implementation is difficult because it
depends on numerous variables
• It reflects a particular constellation of people, values,
interest, etc., in a given time
• It’s a process, assessment, review, forecasting, planning,
etc.
• It’s inevitable for protecting cyber security at a state level