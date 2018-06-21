from the hacking-is-good dept.
(CNN)When people like the German Chancellor Angela Merkel or the King of Belgium want to learn more about cybersecurity, they go to Estonia.
The Baltic country runs on the internet. From filing taxes and voting, to registering the birth of a new baby, nearly everything a person might want or need from the government can be done online. It's an approach that's incredibly convenient for Estonia's 1.3 million people -- but it also requires high level of cybersecurity.
Luckily for its residents, Estonia is punching way above its weight when it comes to online safety. It regularly places on top of security rankings. Its capital city of Tallinn is home to NATO's cyber defense hub, the Cooperative Cyber Defence Centre of Excellence. When it took up the rotating presidency of the United Nations Security Council last year, it made cybersecurity one of the policy priorities.
"Estonia digitized a lot sooner than other countries, it was focusing on things like online schooling and online government services and it took a more proactive approach to technology," said Esther Naylor, a international security research analyst at Chatham House.
"And it recognized that it needs to be a secure country in order for citizens to want to use online systems and for businesses to want to do business in Estonia ... and I think that this is why Estonia's approach is often heralded as the model approach," she added.
[...] But perhaps most importantly, it invested into its people.
"Technology gives us a lot of tools to secure the system, but at the end of the day, the level of security depends on the users," said Sotiris Tzifas, a cybersecurity expert and chief executive of Trust-IT VIP Cyber Intelligence. "Even if you build the most secure system you can, if the user does something bad or something misguided or something they are not allowed to do, then the system is downgraded very quickly." He pointed to the fact that some of the most damaging cyberattacks in recent history were caused by a confused insider clicking on a phishing link, rather than by a sophisticated hacker using the most advanced technology.
Tzifas said the Colonial Pipeline attack attack that forced the US company to shut down a key US East Coast pipeline in April was a good example of this. "It created a lot of buzz and cost a lot of money, but there was no real complexity, it wasn't different to other ransomware attacks," he said.
The Estonian government has been investing heavily into education and training programs in recent years. From awareness campaigns and workshops specifically targeting elderly citizens to "coding" lessons for kindergarteners, the government is making sure every Estonian has access to the training they need to keep the country's IT systems secure.
[...] It also wants its teenagers to know how to hack. "We are teaching defense, but you can't learn defense if you don't know how to hack," Lorenz said. She is running educational camps where teenagers learn hacking within a secure environment. She doesn't encourage her students to go on and try to hack companies or government bodies, but if they do, she is on hand to make sure they behave in an ethical way. "I help them to put it in a package and then we send it to the company and say, look, the students have found this vulnerability in your system," she said.
(Score: 3, Interesting) by fustakrakich on Friday June 18, @04:41PM
Yeah, our big mistake is throwing all that money at the universities. Maybe because there is no kindergarten Big Ten to bet on
Ok, we paid the ransom. Do I get my dog back? REDЯUM
(Score: 0) by Anonymous Coward on Friday June 18, @05:04PM
Unless Estonia is designing and constructing its own chips and OS, then yeah, nice country you got there.
(Score: 2) by DannyB on Friday June 18, @05:08PM
Who is going to pay for all this education of young people? It sounds like . . . OMG . . . it's socialism! Where's the profit motive?
<no-sarcasm>
If you think education is expensive, try ignorance.
Maybe we should focus a bit more of our resources on education.
</no-sarcasm>
I need to spend more effort optimizing performance within while(false) loops.