Text size

Spacing

Contrast
Settings

 

Actions and roles

The following five parties are involved in the maintenance of sustainable vital services (including the protection of information systems of service providers):

1. The Section of Critical Information Infrastructure Protection at the Estonian Information System’s Authority

The Section of Critical Information Infrastructure Protection was founded in October 2009. The CIIP Section is engaged in the protection of critical information systems at a strategic and not at operational level.

The first objective of the department is to launch the critical information infrastructure protection system in Estonia and then to maintain it. The section is to:

  • collect and maintain information on Critical Information Infrastructure;
  • carry out risk assessments on Critical Information Infrastructure;
  • draw up security measures for the protection of Critical Information Infrastructure;
  • launch a supervisory system for the proper implementation of Critical Information Infrastructure security measures.

In early 2010, a project for mapping out critical information infrastructure was initiated. As a result of the initiative, the most important business processes (so-called critical or vital activities) were identified on the basis of vital service sectors and information systems required to provide such processes were brought out as well. The results are to be the foundation of a national analysis carried out in 2011 and will also be helpful in 2011, when security requirements are to be developed.

In autumn 2010, a work group was initiated to draw up a set of solutions for cyber attacks. The work group includes representatives of the Ministry of Economic Affairs and Communications, Ministry of Internal Affairs, Ministry of Finance, Ministry of Justice and Ministry of Defence as well as the representatives of the National Defence League and General Staff of the Defence Forces.

In 2011, a state of emergency risk assessment on a large-scale cyber attack is to be carried out.

2. Department for Handling Information Security Incidents at the Estonian Information System's Authority (CERT-EE)

The department handles security incidents taking place in the Estonian computer network, attempts to develop prevention activities to avoid such incidents and also to increase security awareness among users. At operational level, the department is also engaged in the protection of information systems providing vital services.

3. Authorities organising the continuous operation of vital services

Sector by sector, organising authorities have been identified, the main task of whom is to coordinate the continuous operation of vital services and to advise the providers of vital services. Such organisers are: Ministry of Economic Affairs and Communications, Ministry of Internal Affairs, Ministry of Social Affairs, Ministry of the Environment, Ministry of Agriculture, Ministry of Finance, Bank of Estonia and the five largest cities.

A organizing authority or one of its designated sub-authorities are to supervise that the continuous operation of vital services will be guaranteed. Should there occur an interruption in the provision of vital services or a threat of interruption, the service provider is to immediately inform the state authority responsible for organising the services in its field of activity.

4. Providers of vital services

A provider of an vital service is responsible for carrying out a risk assessment of the continuous operation of the vital services and presenting a continuous operation plan. The purpose of such documents is to prevent an interruption of vital services and in case of interruption, to find measures to recover the provision of such services as quickly as possible. Should there occur an interruption in the provision of vital services or a threat of interruption, the service provider is to immediately inform the state authority responsible for organising the services in its field of activity.

The providers of vital services are identified on the grounds of criteria defined in the special laws on critical sectors. The criteria were defined, having regard that providers of all services shall be defined as providers of vital services.

5. Ministry of Internal Affairs

The Ministry of Internal Affairs is responsible for the coordination of arrangements for the sustainability of vital services at the national level. The Ministry is to provide an overview on sustainability of vital services two times a year.


Did you get the answer to your question?

Added 07.02.2011
Updated 13.04.2016

Back to page "Critical Information Infrastructure Protection CIIP"