Estonia
Last Updated: December 2018
Cybersecurity Policy
Strategy Documents
Cyber Security Strategy 2014-2017
Ministry of Economic Affairs and Communication
  • Four objectives:
  1. A comprehensive system of security measures, consisting of different levels, will be implemented in Estonia to ensure cyber security at national level.
  2. Estonia is a country that is characterised by a very high level of information security competence and awareness.
  3. Proportionate legal regulations serve to support the secure and extensive use of information systems.
  4. Estonia is one of the leading countries in international co-operation to enhance cyber security.
  • Previous edition (2008-2013) drafted by the Ministry of Defence;
  • 2014–2017 edition was extended to 2018;
  • Preparations began for the adoption of a third cybersecurity strategy (May 2018).
September 2014
Digital Agenda 2020 for Estonia
Ministry of Economic Affairs and Communication
  • The development of information society will not undermine the users’ sense of security;
  • The mitigation of non-acceptable risks in information and communication systems will be guaranteed and security requirements will be taken into account when designing the systems and throughout their life cycle.
November 2013
National Security Concept 2017
Ministry of Defence
  1. Estonian cyber security is based on close and trust-based cooperation between the public and private sectors;
  2. Estonia will continue to develop cyber defence;
  3. Estonia will develop digital services and cyber security primarily by investing in them, providing a role model for the private sector; and
  4. Estonian cyberspace is part of the safe and stable global cyberspace. Cyber security is founded on constant and close international cooperation.
2017
National Defence Strategy of Estonia
Ministry of Defence; Estonian Defence League; Police and Border Guard Board
  • Identifies vitality of full development of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE);
  • Prescribes the Estonian Defence League with developing a cyber-defence capability;
  • Prescribed the Police and Border Guard Board to anticipate, identify and avert risks that endanger law and order, including from cyberspace, and remove infractions against public order.
2011
Implementation Frameworks
National Defence Development Plan 2017–2026
Ministry of Defence

Announces the upcoming establishment of the Cyber Command, which will achieve integration for carrying out cyber and information operations in cyberspace and the information sphere.

2017
IT baseline security system (ISKE)
Information System Authority (RIA)
  • Information security standard developed for the public sector
  • Includes organisational, infrastructural/physical, and technical measures
  • Made mandatory with Government Regulation no. 273 (12 August 2004)
1 October 2003
Structure
National Centre or Responsible Agency
Cyber Security Council
Security Committee of the Government of the Republic
Contribute to smooth co-operation between various institutions and conduct surveillance over the implementation of the goals of the Cyber Security Strategy
2009
Key Positions
Chair, Cyber Security Council (Secretary General of the Ministry of Economic Affairs and Communications)
Head of Estonian Cyber Security Policy, Department of State Information Systems
Ambassador for Cyber Diplomacy
Ministry of Foreign Affairs
4 September 2018 (first entered into function on)
Dedicated Agencies and Departments
Cyber Crime Unit
Police and Border Guard Board
  • Investigates cyber crimes
  • Raises awareness regarding cyber threats
2012 (consolidated)
Information System Authority (RIA)
Ministry of Economic Affairs and Communications
  • Organises protection of information and communication technology infrastructure
  • Includes Department of Critical Information Infrastructure Protection (CIIP)
2011 (formerly Estonian Informatics Centre)
Estonian Defence League's Cyber Unit
Defence Forces
Objectives include:
  • Cooperation among qualified volunteer IT specialists
  • Raise the level of cyber security for CII
  • Create a network which facilitates public private partnership and enhances crisis preparedness
2008
National CERT or CSIRT
Estonian National Computer Emergency Response Team (CERT-EE)
Information System Authority (RIA)
  • Governmental CERT
  • Aims of CERT-EE:
  1. Monitoring of the state of information security in Estonia by using received reports and collecting information about information security incidents;
  2. Preventing security incidents and reducing security risks, mainly by raising awareness and through communication work; and
  3. Assisting institutions regarding security incidents and advising them if they want law enforcement agencies to start an incident investigation.
2006
Legal Framework
Legislation
Regulation on Security Measures for Information Systems of Vital Services and Related Information Assets
Regulates the organisation of implementation of security measures for information systems used for providing vital services and the related information assets
14 March 2003
Electronic Communications Act
  • Provides requirements for the public electronic communications networks and publicly available electronic communications services
  • Entitles Technical Surveillance Authority to require providers carry out a security audit
1 January 2005 (entry into force); 1 July 2015 (amended)
Penal Code
  • §206 Interference with computer data
  • §207 Hindering of functioning of computer systems
  • See also §208, §216, and §217
1 September 2002
Cooperation
Multilateral Agreements
Budapest Convention
PARTY
1 July 2004 (entry into force)
UN Processes
Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security
2009, 2012/2013, 2014/2015, 2016/2017
Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications in the Context of International Security
2017
Bilateral and Multilateral Cooperation
Memorandum of Understanding - Austria, Belgium, Estonia, Finland, Germany and Latvia
European Defence Agency
  • Memorandum of Understanding on the pooling and sharing of their respective cyber ranges capabilities;
  • Part of the Cyber Ranges Federation Project launched in May 2018: Cyber Defence Pooling & Sharing Project.
28 June 2018
Cooperation, Estonia/NATO-Japan
Prime Minister
  • Cooperation on cybersecurity;
  • Japan to join the NATO-accredited cyber defence hub (NATO Cooperative Cyber Defence Centre of Excellence, CCDCOE) based in Tallinn.
12 January 2018
Permanent Structured Cooperation on security and defence (PESCO)
European Union
  • Member;
  • Comprises two projects on cybersecurity out of 17 projects: (1) cyber threats and incident response information sharing platform; and (2) cyber rapid response teams and mutual assistance in cyber security; 
  • Initiated one of PESCO's projects: forming Cyber Rapid Response Teams and Mutual Assistance in Cyber Security.
11 December 2017 (decision adopted by the European Council)
Memorandum of Understanding, Mauritius-Estonia
Prime Minister
Digital cooperation, which includes:
  • The implementation of national data exchange;
  • Awareness building on cyber security and protection of critical infrastructure through training and exchange of experience in areas of data protection, cybercrime and protection of critical infrastructure;
  • Support by the Estonian government for the setting up of the e-Governance Academy;
  • The promotion of coopeartion among private ICT companies for implementing e-services; and
  • Cooperation between educational institutions especially on e-governance related studies.
29 November 2017
Nordic-Baltic Eight (NB8)-US Roundtable on Cyber Security
Annual dialogue meeting on international cyber issues
27 September 2017
Discussions, Estonia-Iceland
Foreign Minister
Discussions on cyber security and opportunities for cooperation in this area.
20 June 2017
Memorandum of Understanding, Estonia-Republic of Korea
Ministry of Defence
Cooperation agreement on developing training and cooperation in cyber security
31 May 2017
Cyber Hygiene Forum
Ministry of Defence
  • Platform aimed to raise employees' awareness about cyber threats
  • Cooperation project with the Latvian ministry of defense, created with CybExer Technologies in Estonia
April 2017
Memorandum of Understanding, Austria-Estonia
Agreement on Data Embassy, Estonia-Luxembourg
Head of State
  • "Data embassy" due to open in 2018
  • Agreement on housing data and information systems
20 June 2017
Cybersecurity Alliance for Mutual Progress - CAMP Initiative, Member
Estonian Informatics Centre (EIC)
Network platform to lift up the overall level of cybersecurity of members through development experiences and trends sharing.
11 July 2016
Memorandum of Understanding, Estonia-Latvia-Lithuania
Ministry of Defence
Cooperation in cyber-security officially signed online (remotely) with electronic signature
5 November 2015
Exchange of best practices on cyber security, OAS-Estonia
Four-day training event on the development and management of national computer security incident response teams.
27-30 April 2015
OAS Cyber Security Initiative (co-sponsor)
  • Argentina, Chile, Mexico, and Estonia as co-sponsors
  • Addresses cyber security issues based on a flexible and dynamic approach, in which cyber security policies and the provision of technical training are adapted to new trends and evolving needs
16 April 2015
Financial support, Estonia-OAS
Financial support from Estonia for the Cyber Security Program.
27 March 2015
Global Forum on Cyber Expertise, Member
A global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building
2015 (established)
Memorandum of Understanding, Estonia-OAS
Director of Cyber Security of the Government of Estonia
Memorandum of Understanding to promote the development of cyber security capabilities in the Americas.
20 October 2014
Nordic-Baltic Cooperation (Nordic-Baltic Eight, or NB8)
  • Regional cooperation format which as of 1992 brought together five Nordic countries and three Baltic countries (Finland, Sweden, Norway, Iceland, Denmark, Estonia, Latvia and Lithuania) to discuss important regional and international issues
- Regional cyber cooperation set as priority issue in 2014 
2014
U.S.-Estonia Cyber Partnership Statement
Ministry of Foreign Affairs
Three elements to partnership:
  1. Cooperation in cyber security and cyber defence
  2. Bilateral collaboration in law enforcement, academic exchanges, etc.
  3. Coordination on capacity building with third parties
3 December 2013
Cooperation, Estonia-Georgia
Ministry of Defence
Cooperation in cyber security, including in capacity building, awareness raising, and supporting the development of national cyber defence capabilities.
2013
Estonia-Ireland Cyber Security Discussions
President
Discussions on cyber security between the President of Ireland, Michael D. Higgins, Prime Minister, Enda Kenny, and Estonian President Toomas Hendrik Ilves.
4 April 2012
Memorandum of Understanding with NATO
Estonian Informations Centre and Estonian Communications Security Authority
Creates a legal framework for cyber defence cooperation
23 April 2010
Select Activities
X-Road Project
Developed by Cybernetica, initiated by Estonian government
Interoperability platform to create a secure and standardized environment for interconnection or enabling data exchange between a multitude of different information systems
2001