RIA: No reason to believe cyberattack behind Monday morning's website disruptions
Almost 200 Estonian websites, including ERR's, were temporarily disrupted on Monday morning but the State Information System Agency (RIA) does not believe a cyberattack against Estonia is to blame.
The problems that occurred between 7 a.m. and 9 a.m. are linked to cyber security service provider Cloudflare, the agency said.
"The outages were caused by a technical issue at the data center of a company providing protection against denial-of-service (DDoS) attacks. Website functionality has since been restored in cooperation with the company. There is no reason to believe the incident was the result of a cyberattack," it said in a statement.
Almost 200 websites receiving protection through RIA were affected by the incident. Many of the pages belonged to the same institutions. For example, 30 were connected to ERR.
When asked if it is risky that only one company is responsible for the cyber security of so many institutions, RIA said: "It cannot be said that this company deals with the cyber security of all its customers. Their DDoS-protection service is just one part of a wider cyber defense network, which is important for Estonia, especially given the activities of Russian hacktivists in recent years related to the war in Ukraine."
The agency said Estonia has experienced DDoS attacks almost every day in recent years. Thanks to protective measures, they very rarely have an impact on the functioning of websites.
"However, at the same time, we also see that attackers are learning and developing their methods, which means that we need to constantly improve our counter-measures. If we did not have a defensive solution, Estonian websites would be down for hours and days at a time," the agency said.
The biggest attack so far hit Estonia on March 9 this year which affected the Police and Border Guard Board, the Tax and Customs Board and the Ministry of Justice.
"Nearly three billion malicious queries were made in just over four hours, but thanks to safeguards, there were only short interruptions to websites and services, and people and businesses in Estonia were able to continue using e-services," RIA said.
The agency said the 90-minute interruption on Monday may have been inconvenient for website users, but problems are still rare.
"Almost all software and information systems experience technical glitches from time to time, and we generally find the service provided by this company to be of high quality. RIA has studied the market situation for DDoS protection solutions and has also consulted external experts, and to the best of our knowledge Cloudflare's service is currently the most appropriate for the current cyber security situation in Estonia," it said.
Estonia uses Cloudflare's services primarily to repel DDoS attacks, but they also provide broader protection against various cyber threats, such as security vulnerabilities, the agency explained.
RIA explained that Cloudflare's service is built on the principle of distributed architecture, which means that the company has data centers around the world: "This means that if there is a problem in one of the hubs, the data traffic is usually automatically routed through another hub, so outages like Monday's are rare."
RIA manages the states' central technological platforms and ensures the cybersecurity of the country.
This article was updated to add additional comments from RIA.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Urmet Kook, Helen Wright