What Can Estonia Teach Us about Cybersecurity?

Estonian prime minister says in speech at GW that trust and privacy are keys to the future of digital societies.

Estonian Prime Minister Taavi Rōivas. (Logan Werlinger/GW Today)
Estonian Prime Minister Taavi Rōivas leads a moment of silence for the victims of terrorist attacks in Brussels. (Logan Werlinger/GW Today)
March 23, 2016

By Ruth Steinhardt

Under the shadow of deadly terror attacks in Istanbul and Brussels, the prime minister of Estonia visited the George Washington University on Tuesday morning to discuss another type of threat: cyber attacks.

“The last few years will be written in history as years of seemingly endless conflict,” said Prime Minister Taavi Rōivas in his keynote address at the U.S.-Estonia Symposium on Cybersecurity and Defense Cooperation. “This backdrop has a lot of strategic weight in today’s seminar. We are here today with one specific goal in mind: to enhance defense industry cooperation between Estonia and the United States.”

Estonia is a relatively small country. With a population estimated at approximately 1.4 million, it has about half as many people as the city of Chicago. Yet its cyber-infrastructure, commonly known as “e-Estonia,” is second to none. Estonians can access their medical records, pay taxes and even vote online.

“When you think cyber, it’s synonymous with Estonia,” said moderator Frank Cilluffo, director of the GW Center for Cyber and Homeland Security, which is part of the Office of the Vice President for Research and hosted the event. 

Policies of openness, trust and privacy protection make these institutions possible, Mr. Rōivas said.

For instance, he explained, many Estonian citizens choose to leave their medical data open to the nation’s Electronic Health Record so doctors can view patient files or track national health trends more efficiently. However, the patient will be able to see the names of every visitor to his or her file and can block unwanted visitors or lock the information.

“E-Estonia is built on trust,” Mr. Rōivas said.

A vicious wave of cyber attacks in 2007 served as a crisis test for all these innovations. Estonia emerged victorious—and better informed about how a digital society can defend itself. Even Estonian first-graders now learn to code.

The symposium served also as a networking event with representatives from Estonian and American defense companies.

John D. Harris II, CEO of Raytheon International, also spoke at the symposium about the lessons that other nations and industries could learn from Estonia’s success in the cyber realm.

“In the current cyber domain every neighborhood is a tough neighborhood,” Mr. Harris said. “But time and again, Estonia has confronted these challenges with success and set an unparalleled example for safeguarding e-societies that others, quite simply, want to emulate.”

Mr. Harris pointed out that as the “Internet of things” expands to more systems and devices, tying personal networks to cars, televisions and even refrigerators, the possible vectors for a cyber attack expand accordingly.

“Every device, every appliance, even every car, almost everywhere—the network we rely on is growing,” he said. “It is the newest critical infrastructure.”

And as cyber threats evolve, he said, one of the most pressing challenges will be to build a skilled workforce to “innovate, create and protect that network.”

“[There is] a shortage of cybersecurity professionals in the U.S. and worldwide,” Mr. Harris said. “Of all the cybersecurity challenges we face, closing the gap on cyber human capital is the most significant.”