Language switcher

You are here

Cyber Security in Estonia 2020: A Comprehensive Look At The Estonian Cyber Landscape

The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia. “Cyber Security in Estonia 2020”, available at, explains the landscape, the responsibilities and activities of different public sector organizations in Estonia who all contribute to keep Estonians safe online. From setting up a cyber security standard to combating cyber crime to training military cyber defence operators, every agency has a vital role to play. 

“In the past few years it has become increasingly clear that securing our digital way of life needs to be a team effort and there is no single agency who can just “fix” cyber security,” said Lauri Aasmann, Director of Cyber Security at the Estonian Information System Authority. “It doesn’t matter if you are responsible for cyber security, information security, cyber defence or data protection, we all depend on each other and we need to know that everyone is doing their part,” Mr. Aasmann added. “It’s an honor to be part of this excellent Estonian team taking on this challenge.”

2020 has undeniably changed the way people work and study over the internet exposing a lot more people to risks in cyberspace. The risks and the threat actors are not novel, but they are now affecting more and more people and businesses. This means that mitigating cyber security risks requires more cooperation not just within one country, but throughout the world. 

The compendium “Cyber Security in Estonia 2020” includes an introductory article about the state of international law regarding cyber security by the President of Estonia Kersti Kaljulaid, and an overview of activities related to cyber security by the following agencies and organizations in Estonia:
•    Estonian Information System Authority
•    Estonian Police and Border Guard Board Cybercrime Unit
•    Estonian Internal Security Service
•    Estonian Foreign Intelligence Service
•    Ministry of Foreign Affairs
•    Ministry of Economic Affairs and Communications
•    Ministry of Defence
•    Estonian Defence Forces Cyber Command
•    Estonian Defence League Cyber Defence Unit
•    Data Protection Inspectorate
•    NATO Cooperative Cyber Defence Centre of Excellence
•    Estonian Information Security Association

Every one of these organizations sees cyber security through their own lens – whether the main focus is on the technology, the government-backed threat actors, military operators, careless service providers or cyber criminals. “Cyber Security in Estonia 2020” aims to paint a comprehensive picture at how different branches of government work together to protect Estonians and our friends all around the world. 

Some of this content has been published in the yearly assessments of the respective organizations (such as in the annual overviews by the Information System Authority, Internal Security Police or Foreign Intelligence Service). This compilation brings together those viewpoints and assessments to give our foreign audiences a complete overview of cyber security in Estonia.

All chapters in this compendium express the views of the respective institutions. For general inquiries and media requests regarding the publication please contact the Estonian Information System Authority. For specific questions regarding topics discussed in each chapter please contact the institutions directly.

An online webinar ‘Cyber Security in Estonia 2020: What Has Changed’ will be streamed live on RIA's Facebook page from 5pm to 7pm EEST (4pm CET, 10am EDT) on May 26th. The event will provide an overview of the recent developments in cyberspace by representatives from RIA, the Ministry of Economic Affairs and Communications, the Ministry of Foreign Affairs, the Estonian Police and Border Guard Board, the Government Office, NATO CCDCOE, and Cybernetica. Registration for the webinar will open soon.

Link to the compendium (PDF)

If you would like to receive a paper edition of 'Cyber Security in Estonia 2020' by mail, please let us know at press [at]

Kertu Kärk
Head of the Communication Department at RIA
5850 9665
kertu.kark [at]

More news on the same subject


Large-scale denial-of-service attacks have ended

29.4.2022 – According to the assessment of the Information System Authority (RIA), the denial-of-service attacks that began on 21 April concluded by the evening of 25 April. The purpose of the denial-of-service attacks was to disrupt the operation of 13 websites, but due to the countermeasures applied, the effect of the attacks was insignificant.


DDoS attacks against state websites had no significant effect

21.4.2022 – From 4 p.m. this evening, the security incident management organisation (CERT-EE) of the Information System Authority (RIA) identified distributed denial-of-service (DDoS) attacks against state websites. The attacks caused short-term interruptions in the accessibility of some websites, but had no significant effects.