Language switcher

You are here


'CERT-EE, established in 2006, is an organisation responsible for the management of security incidents in .ee computer networks. It is also a national contact point for international co-operation in the field of IT security.

Its duty is to assist Estonian Internet users in the implementation of preventive measures in order to reduce possible damage from security incidents and to help them in responding to security threats. CERT-EE deals with security incidents that occur in Estonian networks, start there, or which it has been notified about by citizens or institutions either in Estonia or abroad.

The support provided by CERT Estonia depends on the type and severity of a security incident, on the number of users potentially affected by it and on resources available for the organisation.

Aims of CERT-EE:

  • monitoring of the state of information security in Estonia by using received reports and collecting information about information security incidents;
  • preventing security incidents and reducing security risks, mainly by raising awareness and through communication work;
  • assisting institutions regarding security incidents and advising them if they want law enforcement agencies to start an incident investigation.

CERT-EE is a member of the CSIRTs Network.

CERT-EE written on a jacket.


Activities of CERT Estonia

Handling incidents: receiving incident reports, assigning priorities to incidents according to their severity level, performing incident analysis, responding to incidents, giving assistance in incident response, coordinating incident response activities.

Giving warnings/notices: gives the users information about security gaps, which have been discovered in most popular systems and applications in Estonia. Warnings are mainly given to the attacks and security gaps with a high criticality level and for extremely widespread viruses.

Support for institutions and Internet service providers: support for system administrators, network administrators or customer support that the end users should contact in case of security incidents. The extent of CERT Estonia support depends on the type and criticality of the security incident, the extent of the influenced environment and the resources available in the team.

Preventive measures: periodic events and media campaigns for raising awareness about information security.

CERT – what is it?

CERT is an organisation that handles security incidents in the framework of CERT activity. CERT organisations exist worldwide and they cooperate closely, share information about information security incidents and give notifications about security hazards.



About security incidents

Security incident is a situation where the confidentiality, integrity and the processability of the information system and/or the information of an organisation, institution or a person is being violated. Security incidents are also situations where somebody else’s information system is used without an authorisation or its functionality is being deliberately interfered with.

Security incidents are prioritised according to their potential severity and scope. The following aspects are taken into account in the prioritisation of security incidents:

  • the number of affected users;
  • the type of an incident;
  • the target of an attack as well as the attack’s point of origin;
  • resources required to handle the incident.

High-priority incidents include, for instance: attacks that may jeopardise people’s lives, attacks on Internet infrastructure (name servers, major network nodes and large-scale automatic attacks on web servers), etc.

Sharing information with CERT-EE regarding cyber incident is protected as information intended for internal use in accordance with Cybersecurity Act and Public Information Act.

As CERT-EE does not render services to end users, the latter should, in case of security incidents, turn to system administrators either at their Internet service provider or in their organisation, to network administrators or customer support.

Any malicious activity believably originating from the Estonian networks/resources should be reported directly to the resource owner (eg ISP or web hosting provider). If you cannot find the contacts of this resource owner or they do not reply, please escalate the issue to CERT-EE. Large scale incidents involving Estonian resources can be reported directly to CERT-EE.

Contacts of CERT-EE

CERT-EE is operating 24/7
Phone: 663 0299
E-mail: cert [at] (cert [@]

You can use the following methods to send us encrypted messages:

  • CERT-EE’s organisations certificate (CDOC): Riigi Infosüsteemi Amet: CERT
  • PGP public key: 7B96 A5C7 079D 0CAF 9BEA C713 B05D BD10 A32A FB7D



Tools and services of CERT-EE

File transfer environment »
The tool enables to send suspicious files to CERT-EE for analysis. Suitable for phishing e-mails and attachments, malware samples, etc.

The ‘Sandbox’ of CERT-EE »
A file analysis tool for IT professionals. Allows the professionals to monitor, in a secure environment, how operating systems on different virtual and physical platforms behave when opening a suspicious file.

The Encrypted DNS app protects against phishing and malware

The Encrypted DNS app protects smart devices against malicious web links and malware. The solution can protect against domains that contain malicious content about which the RIA is aware of.

The application blocks malware and phishing attempts and uses DNS to filter out malicious links for the user. The solution works on smart devices running both on iOS (iOS 14 and later) and Android (Android 9 and later) operating systems. For Apple smart devices, the application called Encrypted DNS (by RIA) must first be downloaded from the AppStore and then activated. To do this, go to Settings – General – VPN & Device Management – DNS and select Encrypted DNS.  

Android has a similar built-in application which does not need to be downloaded separately. To use the solution, you must activate Private DNS under the network settings and set the location of the service to Please note! The solution does not work on Android devices if you want to use a private DNS and VPN service at the same time.

Learn more about the app here.

IRMA – an online virus scanner »
A tool for the data network users at public authorities and for private cooperation partners which is designed for scanning suspicious e-mail attachments and other files of an uncertain origin. The advantage of the tool compared to other similar tools found online is that the files entered are not left hanging in unknown places but are located in the file server of an Estonian public authority and are regularly deleted.

Warnings and notifications of CERT-EE »
The fastest way to stay informed about CERT-EE’s notifications and warnings.

Automated monitoring solution Suricata4All (S4A) 

The solution consists of a central system managed by CERT-EE and sensors that network owners can install at their companies or authorities. The central system distributes rules to the sensors which are used to identify attacks. The sensors, in turn, send alerts to the central system when they detect malicious traffic. The system also allows its users to record, index, and analyse network traffic. Ask CERT-EE if your company would benefit from using S4A!

Those interested in subscribing to the system must obtain proper hardware and ask CERT-EE to provide them with the sensor installation software (cert[@]

Cyberspace newsletter

CERT-EE produces a daily cyberspace newsletter that summarises cyber and IT news from public sources. As of September 2021, this also includes daily overviews of what has happened in the Estonian cyberspace.

To subscribe to the newsletter, send an e-mail with the subject ‘Subscribe’ to certnews [@] Only the e-mail addresses of authorities/organisations can be used to subscribe (i.e. not Gmail, Hotmail, etc.).


Last modified: 29.06.2022

Did you get the answer to your question?

We thank you for your feedback.