In 2013, the e-Governance Academy of Estonia and the e-Government Center  of the Republic of Moldova implemented a cyber security project. Raul Rikk, Program Director, e-Governance Academy of Estonia, explains how important the awareness of cyber risks is.

How important is cyber security for the authorities in Estonia and is this issue on the priority agenda of the Government? 

The cyber security in Estonia is organized around the National Cyber Security Strategy that sets the prerequisites for ensuring the security of our networks and devices, as well as roles and responsibilities for every ministry and organization involved, and defines “the rules of the game”. Based on this strategy, we developed laws and regulations relating, inter alia, to international cooperation and the role of police and military. In other words, everybody has a role in this “game”.

You offer expertise and consultancy to the Moldovan authorities in developing the Cyber Security in Government Roadmap Project . Can you give us more details about this document?

The Roadmap Project was basically a preparation for the Moldovan National Cyber Security Strategy. The e-Government Center did the preparation work for the official document, so we started with quite simple things - we defined the area and then we talked about the threats. It was like a strategic planning process. The Roadmap describes the situation, the new reality and gives an idea of the measures to be taken in order to solve the problems of the Government institutions and private sector organizations. 

Estonia is the world leader in this field. Countries like the United Kingdom, Finland and other learn from Estonia how to ensure cyber security for their citizens and for the national critical infrastructure. How did this happen? 

People always ask this question, but we didn’t do anything special, we just followed the technological development. We often joke about this - Estonia is a small country, with cold weather, so people don’t want to get out from their homes or offices. But, of course, when you are a small country and you wish to be economically competitive, you wish to raise the Government efficiency and your people wish to live well, you have to use technologies to do that. In our days, everybody wants to do everything quickly, so that was the trigger. We wish to be more efficient in everything; we wish to use technology in a smart way. And when you start using the new technology, you either think about security in the beginning or a little bit later, it doesn’t matter. We thought about security as well and we do everything to be even more efficient, even more secure. 

What is the role of private companies and universities in this field?

In Estonia, most people who work now for the e-Governance Academy or some large companies operating in this field or state institutions started learning all these things at the university. Of course, that is not the only way to do it, but universities should look 10 or 15 years ahead and prepare specialists for this field. With cyber security, it’s also very important if you think about all the main networks provided by telecom companies. International traffic comes through computers that people use at home, at work and in government, so the private companies should be very much involved in ensuring cyber security. Government cannot guard all the international channels or monitor them - it is not the government’s job to do this, so telecom companies should ensure a high level of security for their clients, while allowing for  cooperation and information sharing. This is very important. Secondly, definitely the main technological innovations are made by private companies, not by the government. Cooperation between private companies and the Government is also very important for cyber security. Thus, what we learned in Estonia is that private sector companies and government need to meet each other and cooperate. If there is an attack against a bank, it is more probable that there can be an attack against the Government and against citizens, so there should be a natural cooperation. 

In Estonia, are children taught very early how to protect themselves in the cyber space?

I think the most important thing is that they understand how to behave on the Internet, in the digital world. In order to inform parents and children about the risks in Internet, we do video campaigns about how to become secure in Internet, publicity in newspapers and, mainly, we try to catch their attention in Internet. Also, we organize workshops and discussions with them on what to do in Internet and we have a virtual police officer on Facebook, who is actually a physical one. You can contact him through Facebook just to ask him questions and you can ask his help if there is a problem. And, of course, we use the traditional measures - we teach children in the kindergarten. But I also think that some things come naturally as well. All parents teach their children how to survive in traffic, on the streets and it is the same thing about cyber security. We are in a much better situation now than five or ten years ago when nobody had a clue about threats in the Internet and how to address them. Now, people more or less understand what is happening in this field, there is news about it and you know how to teach your children in a natural way. 

What are the priority actions that the Moldovan authorities should undertake in order to ensure security for its citizens in the cyber space?

I think there are three main things - one of them is that you have to be aware about what is going on in your network. Monitoring how your networks are being used is very important, and when we talk about monitoring, we refer to being prepared for emergencies and that is already set up in Moldova. The second thing is to take the strategic approach, specifically the National Roadmap and the cyber security strategy, because everybody has to have a clear understanding of their role in this process. The third thing is raising awareness in order to educate not only citizens and children, but also opinion leaders, politicians, directors and all the decision makers. So, awareness, awareness and again, awareness.