Accessibility

Information System Authority takes charge of EU CyberNet

On 1 August 2019 the Information System Authority and the European Commission entered into an agreement establishing the European Union’s cyber-expertise centre, otherwise known as EU CyberNet.

For Estonia, this not only means a boost to its reputation and developments in entrepreneurship, but above all even greater cybersecurity.

The virtual world is a global village in which all are neighbours. This is reflected in the words of Juhan Lepassaar, the head of the European Union Agency for Cybersecurity (ENISA). As such, European cybersecurity needs to be coordinated both centrally and along the same lines – because if your neighbour’s cybersecurity leaves something to be desired, your own security is at risk. And the central point from which it will now be coordinated is Estonia. The cyber-expertise centre, which brings together all of the Member States of the European Union, was initially established as a department of the Information System Authority. With a budget of four million euros, the centre will coordinate the launch of all of the cybersecurity projects run by the EU in third countries. By the time the EU CyberNet project comes to an end, its network is hoped to include more than 500 experts and 200 international organisations.

Cybersecurity is not always dependent on one nation

The aim of EU CyberNet is to guarantee the more effective use of training, instruction and investment beyond Europe’s borders. The network will also be tasked with advising the various units of the European Commission. “The European Union’s running more and more cybersecurity-related projects outside its own borders every year,” said former head of cybersecurity services at the Information System Authority Uku Särekanno, who has been coordinating the introduction of new, large-scale systems in the Schengen area in the EU IT agency eu-LISA since October 2019. “But honest feedback from partners has pointed out that a lot of what that involves is often duplicating what’s being done elsewhere, and that a more targeted approach is needed.”

Every year, we are recognising more clearly that cybersecurity requires effective cooperation and exchange of information with other countries. The scams and malware campaigns that sweep through Estonia are international in scope. It is vital that we are capable of keeping our networks clean, but ongoing cooperation with other countries is growing in importance all the time. Back in 2017, two malware campaigns which caused a great deal of damage were waged with just a month between them – WannaCry and Petya/NotPetya. The WannaCry ransomware infected hundreds of thousands of devices, with medical institutions, banks, telecoms, industrial companies and logistics firms in 150 countries being hit. Those who suffered most were Spain’s Telefonica, the French carmaker Renault’s domestic production facilities and the NHS (National Health Service) in the UK. The NotPetya malware spread via accounting software of Ukrainian origin and was aimed at business systems. Maersk and FedEx alone estimated the damage caused to them by NotPetya at up to 300 million dollars. Other high-profile victims included the pharmaceutical company Merck. Cyber-crime causes billions of euros in damage every year, but less attention is turned to it because the damage never seems to have as much of an impact on us as that of physical crime, whose consequences are easier to gauge.

A procurement won by Estonia

Recognising the need for a centre brimming with cyber know-how, the European Commission launched a procurement to establish one. The winning tender was the one submitted by the Information System Authority in partnership with Germany’s Federal Foreign Office, the Finnish cybersecurity centre Trafficom and Luxembourg’s cybersecurity centre Securitymadein.lu. “Basically, the management of future cybersecurity projects in third countries will be outsourced from us, because that’s a field we have experience and contacts in,” explained Särekanno. The task of the Information System Authority over the next four years will be to establish the databases it needs, bring together experts and launch training programmes. The thinking behind all of this is that if other countries are better protected, so too will Estonia be.” During its initial four-year period of operations, EU CyberNet is being provided with four million euros in funding by the European Commission. “That’s start-up money, to all intents and purposes,” Särekanno said. “The assumption being that once the network’s up and running, it’ll take on other responsibilities and projects and find other sources of funding.” The Information System Authority hopes to see the network become permanent and that it continues to support the implementation of EU projects in third countries. This will hopefully happen in much the same way as Belgium, for example, has led and supported the pan-European RAN network combatting terrorism, which today boasts more than 6000 experts from different Member States and which helps to draft and implement programmes against radicalisation. More than 94.5 billion euros is planned for foreign operations within the framework of future financial prospects. During Estonia’s presidency of the Council of the European Union in 2017 an agreement was reached at the ministerial level that at least some of the funding set aside for foreign operations should be used for protecting critical infrastructure – including boosting cybersecurity – in partner states. “Considering the context and the fact that cybersecurity is likely to be one of the biggest priorities for the new commission, the centre coming to Estonia is something that has enormous potential,” Särekanno remarked. Särekanno feels the project will be of benefit to the country’s reputation and also from the point of view of promoting entrepreneurship. “Put simply, our job is to work with the most important agencies around the world as the middleman in EU projects and funding,” he explained.

This will place Estonia at the very heart of the organisation of international cyber-cooperation. “It should be a great springboard for companies here in the country as well,” Särekanno added. All of the major cybersecurity agencies in EU Member States – including the ANSS in France, NASK in Poland and the NCSC in the Netherlands – contributed to the project during its preparatory phase, along with EUROPOL, ENISA, the European Centre of Excellence for Countering Hybrid Threats and a number of international organisations (such as AfricaCERT and ASEAN) and universities.
“We’ve got a good starting point, but there’s a huge amount of work ahead of us,” Särekanno remarked. “We need to get the project off the ground as quickly as we can, actively recruit partners and develop an environment for information exchange that supports that.” Work began on the project on 1 September 2019, led by the former head of foreign relations at the NATO Cooperative Cyber Defence Centre of Excellence, Siim Alatalu. The project team is initially planned to feature five people, one of whom will be based in Brussels. The budget for the project includes resources for the hiring of a further 50 cybersecurity experts to fill temporary positions.



Keep reading similar articles
An online workshop on the EU Cybersecurity Strategy for the Digital Decade

On 5 February, EU CyberNet held an online workshop for project implementers in cooperation with the European Commission’s Service of Foreign Policy Instruments and the European External Action Service.

By Kristo Põllu, Deputy Director, EU CyberNet
EU CyberNet part of the new EU Cybersecurity Strategy

On 16 December, the European Commission published the new EU’s Cybersecurity Strategy for the Digital Decade, which proposes guiding principles to enhance EU’s collective resilience against cyber threats, taking into account the recent developments in digital transformation.

By EU CyberNet team
Experts and organisations were invited to join EU CyberNet Network at the annual conference

On 30 October, the first EU CyberNet Annual Conference took place at Tallinn Creative Hub focussing on the cyber capacity building projects of the EU, the possibilities for more coordinated and effective delivery of development cooperation, and the role of EU CyberNet in these activities.

By EU CyberNet team
EU CyberNet’s first events in Brussels

EU CyberNet’s main goal is to bring together cyber security experts, policy officers and implementers so they could share knowledge, vision and experience in their fields. To kick-off our work we organised two get-togethers in Brussels in March.

By Kristo Põllu, Deputy Director, EU CyberNet
EU CyberNet contributing to ITU Regional Cybersecurity Forum for Europe and CIS

On the 27-28 February, the ITU Regional Cybersecurity Forum for Europe and CIS regions took place in Sofia, Bulgaria.

By Kristo Põllu, Deputy Director, EU CyberNet
e-Talks: Uku Särekanno on EU CyberNet and cybersecurity

Uku Särekanno, Director of Cybersecurity at the Information System Authority talked about the new centre, how and why it’s established and why Estonia.

e-estonia.com