To keep unwelcome, malicious visitors at bay, we typically lock our doors.
However, locked doors alone will not deter the most persistent intruders; more sophisticated and intelligent deterrence, prevention and blocking mechanisms are needed. The same mindset applies to ensuring national cyber security.
Disconnecting entirely from the world, as some totalitarian regimes aim to do, might seem like the ultimate ‘door lock’, but this comes at the cost of severing vital lifelines. In cyber terms, isolation breaks the functionality of countless critical services we rely on daily.
Cyber security is everyone’s responsibility
National defence is often viewed as a shared responsibility, and the same should apply to cyber defence.
Every institution, business, family and individual can take steps to make the entire nation’s cyberspace more secure.
The state offers many opportunities to expand cybersecurity knowledge and assess one’s skills.
RIA publishes regular updates on the current climate in cyberspace, describing major incidents to help people learn from other’s mistakes rather than making their own. It also provides tools like the Kübertest e-learning platform and the itvaatlik.ee prevention portal.
State institutions have access to a range of RIA services designed to keep malicious actors out of state systems, safeguarding the availability of essential services when people need them most.
Expanding cyber borders
However, there is also a flipside. Over the past 10 years, the number of state-maintained databases has grown from approximately 500 to 1,400 – a significant increase in attack surface, nearly tripling the country’s exposure to potential threats.
This can be likened to the national border extending threefold, requiring more effective and intelligent measures to monitor and distinguish between malicious activities and legitimate traffic. The annual rise in cyberattacks compounds the challenge, as artificial intelligence drives the growing sophistication of threats.
Strength in shared solutions
The state has a multitude of institutions, each providing a variety of services supported by extensive IT infrastructure, from traditional servers and networks to bespoke software solutions.
Ideally, challenges within this vast and complex system would be resolved once and applied universally. Unfortunately, this is not yet the case.
While one arm of RIA focuses on maintaining traditional cybersecurity, the other develops and provides system components as services to institutions, offering standardised solutions for functions that are fundamentally similar or meet common needs. Examples include the national authentication service, the secure data exchange layer X-Road, the state portal eesti.ee and the national mailbox service.
These RIA services cover essential building blocks that individual institutions would find impractical to construct, maintain or operate themselves. Built once, they are designed to serve many – a principle that Estonia strives to uphold.
The widespread adoption of RIA services helps to contract the national cyber border and make its defence more manageable. As a bonus, organisations no longer need to do everything themselves, allowing them to focus on their core responsibilities.
Reusing standardised solutions and only developing institution- or business-specific tools free up resources – people, money and time – that can be redirected toward creating greater value for society and protecting it.
By reducing quantity, we can enhance quality.
Last updated: 17.02.2025
