The tiny Baltic nation of Estonia has become the free-world model for cybersecurity and online efficiency
When former Estonian president, Toomas Hendrik Ilves spoke at Harvard University recently, he was recognized for making Estonia a worldwide model of internet security and online efficiency by the Boston Global Forum and the Michael Dukakis Institute for Leadership and Innovation.
Ilves told delegates at the third annual Global Cybersecurity Day conference that Estonia's cybersecurity and access principals are based on assured identity for every online transaction. knowing who you say you are is who you really are is the cornerstone of Estonian cybersecurity. It has made this former Soviet satellite a cybersecurity model for other nations.
In Estonia, just about everything you need to do can be done online from registering your birth, to writing and filling prescriptions, to applying for a building permit, to getting a driver's license, to registering to vote. Estonia is so advanced that bank checks no longer exist there.
Estonia now ranks highest in Europe and fifth in the world in cybersecurity, according to the 2017 cybersecurity index, compiled by the International Telecommunication Union. The country also hosts the headquarters of the NATO Cooperative Cyber Defense Centre of Excellence.
Ilves observed that when it comes to the cyber world, decision makers and government leaders are too focused on technology rather than policies that will enhance our safety on the Internet. He cited Estonia as a case in point: "Estonia's cybersecurity technology is not advanced, but we are ahead on implementation," adding, "Our focus was not on the gee whiz technology, but rather implementation of a system that relies on positive identity, which is the foundation of the country's cybersecurity program."
Additionally, "With assured identity, Estonia has eliminated the need to request personal information repeatedly. Once your personal information is on file, starting at birth, Estonian law prohibits any government agency from requesting that information ever again."
This is in sharp contrast to the US. Ilves joked that even though he now lives in Silicon Valley, with Facebook, Google and Tesla a within a one-mile radius, "When I went to register my daughter for school I had to bring an electric bill to prove I lived there. It struck me that everything I experienced was identical to the 1950s save for the photocopy."
He continued, "When Estonia emerged out of the fall of the Soviet Union in 1991, we were operating with virtually no infrastructure, even the roads built during the Soviet era were for military purposes. By 1995 to 96 [however] all schools were online with labs so that every student could have access to computers even though they could not afford to buy them."
Estonia also determined that the fundamental problem with cybersecurity is not knowing who you are talking to. So we started off with a strong identity policy; everyone living in Estonia has a unique chip-based identity card using two factor authentication with end-to-end encryption. "This is more secure than passwords that can be hacked."
He admitted, "A state-guaranteed identity program seems to be the main stumbling block for security elsewhere. My argument is that a democratic society, responsible for the safety of the citizens, must make it mandatory to protect them."
Decentralized Data Centers
He added, "In Estonia, we could not have a centralized database for economic reasons. Every ministry had its own servers, but everything is connected to everything else including your identity. Even if someone breaks into the system, the person is stuck in one room and cannot get into the rest of the system."
Known as X-Road, this decentralized system is the backbone of Estonia's online environment. Claim the developers, "It's the invisible yet crucial environment that allows the nation's various e-services databases, both in the public and private sector, to link up and operate in harmony. It allows databases to interact, making integrated e-services possible."
The system is so well integrated that Pres. Ilves claims it streamlines submitting paperwork for various needs to a point where it saves every Estonian 240 working hours a year by not having to fill out tedious forms. Inspired by its efficiency, nearby Finland has joined in implementing such a system along with Panama, Mexican, and Oman."
Estonia further secures its data by having an extraterritorial server in Luxembourg where the information is duplicated outside its borders. As a result of its legal and policy approach to security, Estonia is the most cyber secure country in Europe, Russia the most secure in Eurasia and China the most in Asia. "Estonia is also the most democratic," he said.
Recognizing Pres. Ilves for his contributions, at the event were Michael Dukakis, a former Massachusetts governor, and Tuan Nguyen, cofounders of the Boston Global Forum think tank.
Here is what Pres. Ilves told Public Radio International when he was interviewed at the third annual World Cybersecurity day symposium: PRI.
By Dick Pirozzolo, Managing Director of Pirozzolo Company Public Relations in Boston and a member of the editorial board of Boston Global Forum.
