Estonia's latest cybersecurity stategy, Cybersecurity Strategy - Republic of Estonia (EN) was implemented in 2019. Covering the period 2019-2022, it defines the long-term vision, objectives, priority action areas, roles and tasks as the basis for activity planning and resource allocation. As a horizontal strategy, it involves all contributing stakeholders in Estonia: the public sector (both civilian and defence), essential service providers, sectoral entrepreneurs, and academia. The aim of this document is to agree on and create conditions for the implementation of a comprehensive, systematic and inclusive sectoral policy
It is the country's third national strategy document, having moved early in defining one of the world's first strategies (2008-2013) with a second one coming in 2014 (2014-2017), drawing on the lessons learned from the two previous strategy periods.
The Cybersecurity Strategy was prepared in a coherent process with Estonia’s Digital Agenda 2020. The role of cybersecurity in the information society is to ensure conditions for efficient and secure use of opportunities offered by ICTs. The objectives and key indicators of the cybersecurity strategy are planned in a four-year perspective, with an interim review at the end of the current Digital Agenda in 2020.
The new strategy covers 13 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: Cybercrime; security and privacy balance; citizen awareness; critical information infrastructure protection; national cyber contingency plans; international cooperation; incident response capability; institutionalised form of cooperation between public agencies; baseline security requirements; incident reporting mechanisms; R&D; cybersecurity exercises; training and educational programmes.
EDUCATION AND TRAINING IN NATIONAL STRATEGY
Role of education on cybersecurity |
The measures for cybersecurity research fall under "A cyber-literate society" (Activity 4).
Knowledge and skills of students and teachers will be measured systematically and a supply of training in the field of cybersecurity will be provided for general educational school and vocational school teachers. Documenting the level of knowledge and skills is a key prerequisite and input for planning cybersecurity trainings, while also aiming to overcome the lack of systematic comparable measurable results among teachers and students. It is important that the skills in digital competency of students and teachers are kept up to date with systematic measurirng of the competences. This would enable comparable data on elementary levels across the various target groups over time and porvide input into thematic training and the creation of curricula and materials. Development of talent corresponding to state and private sector demand (Activity 4.2) 2018 data shows that national defence studies are taught in 127 upper secondary schools and 22 vocational schools. While cyber and internal security are viewed as a natural part of national defence studies, the volume of lessons planned for conveying these topics is not sufficient for an in-depth approach.
The strategy therefore includes the development of cyber defence studies in general education schools with effort to raise the potential of talented youths. The goal is to integrate cybersecurity with information science syllabi and facilitate in-depth cyber defence studies reaching as many upper secondary schools as possible and laying the groundwork for training a future supply of cyber specialists through the formal educational system. |
---|---|
Role of research on cybersecurity |
The measures for cybersecurity research fall under "Cybersecurity, Industry, Research and Development": Objective 2.
Estonia has strong, innovative, research-based and globally competitive enterprise and R&D in the cybersecurity sector, covering the key competences that are important for the state.
Supporting and promoting cybersecurity R&D and research-based enterprise: Objective 2.0 - Creating effective cooperation and better cohesiveness between research, enterprise and government to improve the capacity to take developments in universities to applications in private sector and state services. Estonia’s small market can be seen as an advantage in the incubator phase, where a product working at the level of society can be rapidly taken to completion. The most important prerequisite for achieving the strategic goal is ensuring functioning cooperation mechanisms between academia, private business and government
Leveraging productive cooperation between private sector, state and academia (PPP) The strategy highlights the need for an optimal launch of a new cooperation based on relevant competences with an administrative support mechanism for cross-sectorial participation in bidding on international contracts and competition to create the preconditions for extending export and raising funding doe research. Another step is enabling the defence industry to take part on the EU's defence initiatives, e.g. the European Defence Fund and the European Defence Industrial Development Programme.
Preparation of a nationwide cybersecurity R&D plan that defines priority focus areas |
Performance Indicators |
A fairly unique feature of the Estonian strategy is the inclusion of performance indicators related to its measures for research and development (activity for objective 2)
Export volume of companies in the sector
Number of new start-ups in the cybersecurity sector
Number of doctorates defended in the cybersecurity sector |
Higher Education Courses on Cybersecurity |
|
Public-private Partnerships |
Leveraging productive cooperation between private sector, state and academia (PPP) The strategy highlights the need for an optimal launch of a new cooperation based on relevant competences with an administrative support mechanism for cross-sectorial participation in bidding on international contracts and competition to create the preconditions for extending export and raising funding doe research. Another step is enabling the defence industry to take part on the EU's defence initiatives, e.g. the European Defence Fund and the European Defence Industrial Development Programme. In the new strategy period, Startup Estonia will continue developing the community of cyber tech companies in cooperation with the Ministry of Economic Affairs and Communications to support initiatives for organising regular seminars and events, launch regular mentorship programmes and move ahead upon reaching a sufficient development level with creating an accelerator for companies in the cyber sector to offer value for global growth of companies that are past the first development phase.
|
IT/Cybersecurity Clusters |
EISA (Estonian Information Security Association) is Estonia's main information and cybersecurity cluster. Other key players in the ICT space include: ITL (Estonian Association of Information Technology and Telecommunications) brings together both sides to support cooperation on the development of the digital economy, the economy, education and labour. It is a member of Digital Europe. Estonian Defence Industry Association
|
EU Cyber Professional Register for national stakeholders |
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. This European Cybersecurity Professional Register is the place where professionals of any age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications. Organisations of any size or sector, from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
|
Latest update & Disclaimer |
January 2021
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. |
CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification
National Computer Security Information Response Team (CSIRT) / Computer Emergency Response Team (CERT) |
Notification obligations in the event of a data breach |
---|---|
National contact(s) |
CERT-EE
|
Guidance and Updates |
CERT EE provides regular updates on the threat landscape and other related news through its website: https://www.ria.ee/en/an-id-card-software-update-brings-several-signific.... It also provides information about the protection of critical infrastructures, https://www.ria.ee/en/ciip.html, raising public awareness through EU structural funding, https://www.ria.ee/en/programme.html, and other topics related to cyber security. |
Languages | Estonian, English |
Latest Update & Disclaimer |
January 2021 The information contained here is the result of desk research carried out by CYBERWISER.eu. |