Critical Information Infrastructure Protection
The recent years have seen a tendency for the economic systems of different countries and the society as a whole to increasingly rely on information systems. In handling their day-to-day errands more conveniently, citizens can take advantage of various e-services such as online banking, reporting electricity statements, declaring taxes in the e-tax system, using mobile parking, etc.
Our dependency on the proper functioning of IT solutions has increased remarkably. The failure of an information system can have a substantial impact on the functioning of commercial enterprises and/or state agencies, thus also affecting the way customers/citizens are able to use services. From a country's perspective, the proper functioning of vital services is of great importance.
The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations.
The Section of Critical Information Infrastructure Protection at the Estonian Information System’s Authority (RIA) mainly concentrates on questions related to the protection of such information systems that are needed for the proper functioning of vital services. The main task of the section is to arrange protection for the state’s critical public and private information systems on the national level.
On the national level, RIA arranges the protection of such public and private sector information systems that are relevant for the functioning of the state of Estonia. We mainly focus on the issues of protecting the information systems that ensure the functioning of vital services. Vital services are services necessary for organising the functioning of the society, healthcare, security and people’s economical and social well-being. Pursuant to the Emergency Act, there are 43 vital services in Estonia.
On the strategic level, the protection is handled in the field of CIIP, where data about the critical information infrastructure (CII) are collected and maintained. Additionally, risk analyses related to CII are prepared, the respective security measures are developed and the supervision for following the methods is initiated.
On the operative level, RIA’s subunit the Computer Emergency Response Team of Estonia (CERT) handles the protection of the information systems necessary for the provision of vital services.
Critical infrastructure (CI) means an asset, system or part thereof, which is essential for the maintenance of vital societal functions, and the health, safety, security, economic or social well-being of people, and whose disruption or destruction would have a significant impact in a Member State as a result of the failure to maintain those functions (see Council Directive 2008/114/EC).
Vital service means a service that is essential for the maintenance of the society, and the health, safety, security, economic or social well-being of people.
Critical information infrastructure (CII) means information and communications systems whose maintenance, reliability and safety are essential for the proper functioning of a country. The critical information infrastructure is a part of the critical infrastructure.