The Estonian government has allocated half-a-million euros for updating the state portal, the public online interface for a whole host of state services, following last month's cyber attack which saw a lone individual gain access to close to 300,000 personal ID photos.
Of particular concern is dated security systems and the fact that the various ministries and state agencies are responsible for their own cyber security – it was the State Information System (RIA) which suffered the attack.
The government made the decision, which will fast-track the modernization of obsolete information systems on the state portal eesti.ee and improve security in the case of cyber attack, Thursday.
Tallinn is home to the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE), and is often touted as an international IT success story, with the e-residency program perhaps the jewel in the crown so far as marketing goes.
Minister of Entrepreneurship and Information Technology Andres Sutt (Reform) said that the altered threat situation in the cyber sphere makes increasing demands on the existing digital services' cyber security being kept up-to-date.
Sutt said: "What was secure yesterday in terms of cyber security may not be secure today and could be in need of updates. The events that have taken place in the cyber space more broadly and in the IT infrastructure of the Estonian state have shown that cyber risks are growing and that additional investments in security have become essential."
"For that reason, I have made the proposal to make additional investments from the government's reserve to fast-track the modernization of obsolete information systems and the closure thereof, where necessary," Sutt went on.
The minister says he is to meet with most of his ministerial colleagues within the next few weeks to gain a more detailed overview of the current situation regarding ministries' cyber security, and highlight the importance of cyber security in the current climate.
A cyber attack by a lone individual reportedly based in Tallinn on the RIA database in July led to close to 300,000 personal ID photos being hacked, while an attack at the beginning of the same month led to the portal's self-service database for entrepreneurs, where the personal data of over 300,000 people was available, being temporarily closed.
While those whose photos were obtained were contacted by email by way of warning, they were not eligible for compensation.
The photos, when added to the ID numbers and individuals' given names as obtained, would not have been enough to engage in fraudulent activity online in Estonia, though they may have been sufficient for setting up fake identities in other jurisdictions.
Sutt said that the extra investment allowed for improved security, while RIA deputy director-general Margus Arm said July's cyber incidents were in one way or another related to the software of the state portal environment being obsolete, being five years old in some cases, and not maintained adequately on a daily basis, despite EU resources being channeled there.
The older "green" portal (named after its primary color; the other portal is mostly of a blue design) is particularly dated, BNS reports.
The Ministry of Economic Affairs and Communications – Sutt's employer – called for the additional investments.
Andres Sutt added it was better to anticipate future attacks than have to pick up the pieces after the fact, while the fragmented nature of public and private sectors made the matter even more pressing.
Editor: Andrew Whyte