EISA: A Collaborative Effort to Boost Estonian Cyber Security PotentialThe Estonian Information Security Association (EISA) was founded to boost cross-sectorial cooperation in Estonia between academia and the private sector as well as with the government. EISA intends to enhance R&D activities in the information security and cyber security field in Estonia.
Estonia is visited by hundreds, if not thousands, of delegations each year who marvel at our digital ecosystem. It is often not the ‘what’ that amazes them, but the ‘how’ – and sometimes the ‘why’. The ‘how’ has, for nearly three decades, stood upon the idea of unfettered collaboration between the private sector, academia, and the government. Stemming from an imminent need to find and execute solutions to urgent problems, the public-private partnership model has been in the DNA of e-Estonia since the very beginning. What once started as a close-knit community has now grown into a flourishing ecosystem, combining stakeholders across all sectors, garnering global attention.
History has also offered several good crises for Estonia to test the sustainability of its community, alongside the resilience of its cyber capabilities. From the attacks of 2007 to the more recent incidents, the crises have been overcome by the companies and universities stepping up and offering solutions to our digital infrastructure providers. History has provided us with opportunity and structure, but the focus on a unique community and competence is what distinguishes us from others.
There is potential for so much more.
In 2018, the Estonian Information Security Association was founded by BHC Laboratory, Clarified Security, Cybernetica, and Guardtime along with Tallinn University of Technology, with the aim of providing a unified platform for companies, organisations, and academia to partake in largescale international projects, to enhance and facilitate information sharing, and to provide a common forum for discussions for experts across different fields. Ecosystems are built on thriving communities, and communities are built on common goals.
Centralising decreases resilience. This is true for all systems, and the idea of distribution is engrained in the Estonian mindset. EISA follows the same principles, facilitating between stakeholders, rather than creating a central cluster. Cyber security competence in Estonia is set where it creates more value, and distributed across the private sector, academia, and the government. The limited availability of workforce (a global challenge in the IT industry) ensures that each stakeholder holds its competence for the most critical function – and collaborates where necessary.
EISA has the ability to enhance the intrinsic disposition for collaboration and to become a central consolidator for the Estonian cyber stakeholders. Partnering closely with the government allows for exchanging expertise at a new level. EISA participates as a member on the National Cyber Security Policy Council and is a member of the North European Cyber Security Cluster (NECC). While locally, our aim is to strengthen cross-sectorial cooperation, on the European level we can provide a wider impact and bring a united offering to the European cyber security ecosystem. Harnessing that potential needs a strong shared vision, but relies heavily on the trust between all stakeholders. We have long-lasting examples of these partnerships – from building the X-Road with the Information System Authority to providing input for decision-makers here, and abroad, with our cryptographic algorithms lifecycle report, published since 2011. All the founding companies of EISA have stellar examples or cross-sectoral collaboration: BHC Laboratory launched a cyber hygiene module for the MBA program of the Estonian Business School and has trained the top civil servants on overcoming cyber crises in Estonia; Clarified Security cooperates with the NATO CCDCOE, providing red teaming services for the world’s largest cyber defence exercise, Locked Shields; Guardtime provides its blockchain technology to protect the most critical logs in Estonia (e.g. health records). These are but a few of the examples of the successes already in place – but again, there is potential for so much more.
Once we take the leap from focusing on the ‘what’ and ‘how’ and starting defining and, more importantly, focusing on the ‘why’, we will be able to not only stand by but lead the processes that design the cyber arena of tomorrow. For tomorrow, not only are the established players important, but also the new ones, the entrepreneurs that can derive their experience and competences from the unique ecosystem we have here in Estonia. The map is not the territory.
by Oliver Väärtnõu - Chairman of the Board of EISA
This article is published in RIA's compendium: Cyber Security In Estonia 2020