April 2, 2015

The State of Estonia’s Cyber Security in 2014


The computer networks of ministries and agencies are being probed for vulnerabilities by foreign security agencies. Cyber criminals are spreading malware that encrypts your files and holds them for ransom. The complexity of the Estonian language is no longer a high enough barrier to prevent effective phishing. Irregularly monitored websites are being breached and loaded with malware. If you didn’t think cyber security affected every individual and every institution, think again.

The Estonian Information Systems Authority (RIA) has once again released its annual overview of the state of Estonia’s cyber security, this time 3 months earlier than last year. This report is among the best sources of evidence regarding cyber security trends in Estonia as well as an excellent way to improve understanding among members of the public and of various industries. It provides an accessible and cogent view of the overall threat environment and the steps that are being taken to mitigate the effects of those dangers at the national level.
In 2014, some of the most globally publicized cyber security problems had a significant impact on Estonia as well. The discovery of security vulnerabilities in extensively used software, such as Heartbleed and Shellshock, required alacrity on the part of RIA specialists as well as the IT managers of companies and governmental institutions in order to minimize the risk that these dangers posed. 2014 also saw the spread of the dreaded Cryptolocker ransomware in Estonia, which, upon infection, encrypted a user’s files (and in some cases institutional hard drives) and demanded a fee for the unlock code. While the GameOver Zeus botnet that spread Cryptolocker was taken down in a joint international public-private operation last summer, other ransomware strands continue to menace users in Estonia and elsewhere. In this context, RIA continues to stress that fast patching and a responsible data backup policy are essential.
One of the most notable facts of this year’s publication is that while the overall number of incidents did not change much year-on-year from 2013, the share of incidents reported by governmental institutions nearly quadrupled from 135 to 486. This does not necessarily mean that there was a dramatic rise in attacks on governmental networks, but rather that ministries and agencies are being more proactive and effective in detecting and analysing incidents as well as sharing that information with RIA. As last year’s report mentioned, as of 1 January 2013, a Government regulation entered into effect that obliges state institutions to inform RIA of important incidents and produce quarterly information security reports. Significantly, among the reports that were received by RIA in 2014, the most common category of incident was “attack” and a greater proportion of incidents than last year were labeled as “high” on the criticality scale (though their share of total incidents fell). The security of websites was also of particular concern for RIA, with the danger being highlighted by the website of Elron (an Estonian transportation provider which was the subject of the most Google searches in Estonia) being breached several times to spread malware. Phishing also took a qualitative leap forward in terms of Estonian language accuracy and other factors, eliciting further words of caution from RIA.
Perhaps the most intriguing pieces of information were those that received minimal elaboration. In his compelling introduction, RIA’s Director General for Cyber Security Toomas Vaks asserted that the changed security situation in Europe was reflected in the cyber domain with a noticeable rise in the proportion of incidents that involved the intelligence agencies of other countries. Furthermore, the report mentioned denial of service attacks testing the borders of Estonia’s e-services and fact that the functioning of Estonia’s border and internal security is dependent on the security of the governmental networks and the data exchange between them. Clearly the details are of a sensitive nature yet these acknowledgements themselves, while maybe not surprising, are still quite noteworthy. Perhaps the upcoming yearly overview by KAPO, Estonia’s Internal Security Service, will also provide further insight by touching upon the counterintelligence and influence operations aspects of cyber security, as they did in last year’s report.
In conclusion, RIA’s 2014 overview of Estonia’s cyber security reinforces and provides concrete evidence for many on-going trends, including 1) the interconnectedness of cyberspace, where problems abroad can quickly become problems at home; 2) cyber threats are becoming more technically sophisticated and specifically targeted, and; 3) cyber security merits a prominent place in both internal and international security policy discussions. The report also prominently both embodies and stresses the need for raising awareness at all levels, from the average citizen to the highest-level policymaker. As the report mentioned, Estonians are more knowledgeable and comfortable than most other nations with these questions, but there is still substantial room for improvement. RIA deserves to be commended for their technical work as well as the transparency and accountability with which they undertake it – that underscores all the more why the suggestions in the report need to be taken seriously.
The full report can be found here – www.ria.ee/public/Kuberturvalisus/RIA-Kyberturbe-aruanne-2014_ENG.pdf

Filed under: CommentaryTagged with: