TTÜ cybersecurity center director: Estonia needs more specialists
Rain Ottis, director of the Tallinn University of Technology (TTÜ) Centre for Digital Forensics and Cyber Security, said that Estonia had the specialists it needed to work through last fall's ID card crisis, however no two incidents are alike, which is why the country needs more specialists.
According to a report drawn up by a TTÜ investigative team, there are very few ID card security specialists in Estonia, and prior to the security flaw affecting hundreds of thousands of Estonian ID cards being revealed, the country also lacked an adequate system for responding to such a case.
Ottis, who led the investigative team, told ETV news broadcast "Aktuaalne kaamera" on Wednesday evening that some sort of plans had existed in Estonia regarding what to do in such a situation, but stressed that each such case is unique, meaning that existing plans must also be further developed accordingly.
As Estonia is such a small country, he said, it cannot allow itself hundreds of experts for every nuance. "Indeed, there are fields in which just a few individuals are proficient in the relevant technology," he added, admitting that this in itself was a huge security flaw.
"There is nothing else to be done here — we have to train more of these people, and establish a community that will produce more of them, whether in the private, academic or public sector," Ottis said. "This cannot all be brought under one roof. There is also nothing wrong with these specialists being in the private sector if they can be reached by the state in an emergency."
According to the center director, there were enough specialists in Estonia to overcome last fall's ID card security crisis, however, the country still needs more of them.
The next incident: when, not if
"Of course it'd be good for there to be more of them — a reserve — as no two incidents are exactly alike," Ottis said. "The next incident — and this is not a matter of if, but when — will no doubt need this reserve. This is a long-term issue, as these people cannot be trained in two weeks; this requires long-term decisions that look decades into the future."
He pointed out that similar security flaws are detected every year, whether they directly affect technology in use in Estonia or not.
"In this case, it was a global incident affecting over one billion different devices, fewer than 0.1 percent of which happened to be Estonian ID cards," Ottis said. "But such things happen constantly. And this is exactly why it is necessary to practice skills and plans, to ensure preparedness to respond quickly and reasonably."
Editor: Aili Vahtla