Last year, the Estonian Information System Authority RIA and the European Commission signed a contract for establishing EU CyberNet, the cyber expertise network of the European Union with the aim of bringing together European cybersecurity experts, coordinating their activities, and reinforcing cybersecurity with their help, including in third countries.
The objective is to include at least 500 cybersecurity experts and 150 competent institutions from all over Europe in the network in the coming years.
The cyber network was born based on a public tender by the European Commission that was won by RIA, supported by the Federal Foreign Office of Germany and the Cybersecurity Competence Centre of Luxembourg.
At RIA, the project team works with the Analysis and Prevention Department. Siim Alatalu, Director of EU CyberNet, spoke to Forte.
CyberNet is managed from Estonia – what does close cooperation with the international partners look like?
CyberNet is managed from Estonia, but our target audience includes the entire European Union on the one hand and the entire developing world that shares European values on the other hand.
We launched the project ‘from scratch’. In fact, the first steps were to map and implement the cooperation opportunities with the various partners. EU CyberNet is an international project on all levels.
For daily cooperation with our partners at the EU institutions, we have a permanent representation in Brussels. For cooperation with our closest partners in Luxembourg and Germany, the Advisory Board of the project meets regularly, several times a year (not to mention weekly contacts).
We really do cooperate with experts and other EU cybersecurity projects on a daily basis. There is always a lot going on in the cyber space and it is a good idea to have our say in the developments.
What kind of people make good experts, how do they benefit from this work, and what is the work of an expert like?
An ideal expert must, above all, have the will of making the world a better place and on increasing the security of cyber space in our country as well as abroad. They must be able to express themselves to share their knowledge, as well as to listen – to gain new knowledge partners there and to also implement it successfully here.
Working as an expert in a foreign country to develop the cyber capability of that country provides a unique experience and insight into how the same issues are solved in other countries.
Thus, it is a change from one’s daily work, as well as an opportunity to learn and to use the experience to become better in one’s work. Furthermore, gaining this experience is remunerated.
The contract for establishing the EU CyberNet was entered into last year. Why has the process of hiring experts for the network only started now? What happened in the meantime?
The idea of a project like EU CyberNet was already born and the importance of such a project identified in 2013, when the EU adopted its first cybersecurity strategy.
The idea was developed via further agreements in the next few years with twenty-eight different countries and the European Commission involved in the work. This led to a point last year in which the European Commission was able to launch an international procurement procedure for the implementation of the project, eventually won by the Information System Authority.
As a public authority, the Information System Authority has special responsibility for a transparent use of the funds of the EU, and for strictly observing the rules. The scale of a Europe-wide project, the amount of the nuts, bolts, and hinges involved, is often too huge to comprehend.
For example, in order to hire experts, carefully considered and tested solutions must be in place for securely collecting the personal data of experts, as well as decisions for why and which data to collect, over which period, and how. The technical solution for bringing together cybersecurity experts online must also be secure for the experts to trust the solution.
How does the fact that Estonia is heading this cyber expertise network affect the reputation of our country?
Estonia and RIA will be in the spotlight in the European Union together with the very significant issue of cybersecurity, which is important for many countries worldwide.
It is great acknowledgment for our team that the new EU cyber strategy, which was published by the European Commission last week on December 16, separately highlights the activities of EU CyberNet. This comes with special attention to the project, as well as with new tasks.
The European Union as a leading global economic power contributes a lot to the digitalisation of developing countries, as this facilitates faster economic development. Ensuring the cybersecurity of the outcomes of digitalisation has not been focused on this intensively so far.
Estonia has gained the reputation of a skilled expert in these issues – now, we need to maintain and develop this reputation. Figuratively speaking, in addition to hosting visitors, we must also bravely travel to places with no clear paths and help to build those paths.
Why is it so important to train so-called third countries? Is it not enough to keep everything in order here? What kind of progress has been made in this respect so far?
There are no ‘unimportant’ third countries in the cyber space. On the contrary – the cyber issues of any country may very quickly become the issues of all other countries, as there are no physical state borders in the cyber space. We must simply get used to the idea – surprisingly, keeping our own home in order often begins from other countries.
One simple example – our own people may be very well aware of cybersecurity issues, avoiding clicking on suspicious links or downloading unknown files. On the other hand, we can never be completely sure that other countries are able to prevent within their borders the innovative operation of those individuals who are primarily focused on defeating our cyber awareness and hindering the functioning of our society.
We can only achieve this by communicating with our partner institutions in those countries, by sharing our knowledge and thereby aid in solving our own issues.
What are foreign countries required to do for us to share our knowledge with them?
The European Union has developed cooperation channels in third countries – for example, the network of EU delegations covers over 100 countries.
Third countries can use those representations (that is, more generally, the European External Action Service), apply for cooperation via the DG DEVCO of the European Commission or via the development cooperation agencies of the member states, etc., to make cooperation proposals for us, for example for organising thematic cybersecurity trainings at the institutions of the respective country.
Jutta Urpilainen, European Commissioner for International Partnerships, refers to cybersecurity as one of the most important issues for the EU and believes that all Member States should contribute together to the activity of EU CyberNet. How have they been contributing so far?
We have developed a tight cooperation with our closest partners, the Federal Foreign Office of Germany and the Cybersecurity Competence Centre of Luxembourg, Securitymadein.lu, in one year and four months.
Contributing mainly means offering the expertise of the people. Once the cybersecurity institutions of the Member States join the EU CyberNet community (the Stakeholder Community), this contribution will surely increase considerably.
How much does an average individual care about cybersecurity, in your opinion?
Complete cybersecurity is not ensured for anyone – we are all inevitably involved in the constant technological development of the environment that surrounds us. Basically, people should always think more carefully about their actions, especially in the cyber space.
What is your favourite film about hackers?
I am not sure if I would call it my favourite film – but thinking of the Christmas season, I could name Die Hard 4 (originally called Live Free or Die Hard)! When the film was released in 2007 – a month or two after cyberattacks against Estonia – we were living a largely different reality.
There are, of course, some tricks in this film which an average person may not be able to complete successfully even today, but the important thing is the motif that an individual who is very familiar with coding is able to rearrange a lot in the society.
If you wish to live a free life, you need to work on your cybersecurity and understand the potential consequences of your actions.
The interview was first published in Estonian in the delfi.ee news portal, photos by Ilmar Saabas (Delfi).