The main task of Crisis Management is to ensure the readiness for implementation of the Cybersecurity Act and the Emergency Act: planning and management on a national as well as international level. In addition, Crisis Management organises the national resolution of extensive cyber incidents.
The Information System Authority (RIA) ensures readiness for resolving crises caused by cyber incidents by:
- developing and implementing preparedness procedures for internal as well as trans-institutional and international use
- organising national and international crisis and cyber exercises in cooperation with partner institutions and companies
- coordinating the prevention and resolution of cyber crises by advising companies and state authorities who provide vital and essential services
- conducting civilian-military cyber cooperation together with the Defence Forces and the Defence League.
National and international exercises are organised for testing the preparedness and rehearsing the resolution of crises caused by cyber incidents.
For example, the exercises of the European Union, which take place every two years:
- Cyber Europe »
And the annual exercises:
- NATO's 'Cyber Coalition',
- CCDCOE's 'Locked Shields' »,
- Exercises organised by the state authorities under the jurisdiction of the Ministry of Defence and the Ministry of the Interior.
Readiness for large-scale cyber incidents and the resolution of such incidents
Pursuant to the Emergency Act », the Information System Authority organises the nationwide resolution of large-scale cyber incidents.
A cyber incident is an event occurring in the system that compromises or harms the security of the system.
Due to a large-scale cyber incident, at least one of the following things will or might happen:
- a vital service is interrupted in part or in full
- the information systems essential to the functioning of the state are threatened
- there is a risk to people’s life or health
- serious environmental or material damage occurs
- the economic activity of the society decreases significantly
national security is at risk.
RIA ensures an extensive state of readiness with its routine core tasks: incident prevention, preparedness planning, and coordination of incident response.
Emergency prevention and preparatory activities include, for example:
- development of legal measures (e.g. keeping the IT Baseline Security System ISKE up to date)
- management and counselling of the network of security officers and experts of state authorities and providers of vital services
- trainings for RIA and its partner institutions, organisation of and participation in exercises, and emergency planning.
Emergency Risk Analysis and the Emergency Response Plan
Under the guidance of RIA and involving other relevant authorities and persons, regular risk analyses of ‘large-scale cyber incidents’ are conducted.
These analyses assess the likelihood and consequences of such emergencies and outline measures for preventing these emergencies and mitigating their consequences. Risk analysis is a prerequisite for the planning process and the development of response plans.
Emergency response is organised by the Incident Response Department of RIA. If necessary, CERT will involve employees from other cybersecurity departments of RIA and other authorities listed in the Emergency Response Plan (including The Estonian Defence League’s Cyber Unit »), depending on the scope and nature of the emergency.