While cyber-defence strategy was being created, a plan emerged to create backup of data and services vital for the state to function – in servers located in friendly countries.
Estonia to establish digital embassies
27th August 2014, 15:49
Please note that the article is more than five years old and belongs to our archive. We do not update the content of the archives, so it may be necessary to consult newer sources.
Even now, some Estonian embassies possess servers keeping copies of vital state data environments and registers. As the servers occupy special spaces in the embassies pressed for area, a new and ambitious plan emerged in the midst of brainstorming.
Namely, Estonia is planning to have digital data-embassies – in addition to physical ones – as backup for databases. This would mean renting space in top-security server parks in friendly nations.
At the e-Estonia council meeting yesterday, the data-embassy-idea got its green light: it’s full speed forward with the programme, and in near future the initial pilot projects may be underway in cooperation with foreign countries.
Duplicate what matters most
According to Taavi Kotka, vice-chancellor for communications and state info systems at Ministry of Economy and Communications, data-embassies will help ensure digital sustainability of the state, as well as its functionality in possible crisis situations such as cyber attacks or, as an extreme theoretical example, occupation of the territory of Estonia.
«Several registers and services do only exist in digital format; therefore, we need to make sure there will be no situation where these will not function or some data becoming unavailable,» he said in explanation for the backups.
«The original idea is that we would be able to keep functioning as a state even when Estonia’s physical territory is invaded,» added Information System Authority (RIA) director-general Jaan Priisalu. Negotiations have also been held with technicians in foreign countries, which Mr Priisalu was unwilling to name as yet.
«These options may be utilised in various levels. The first and the basic one is that you have spare copies someplace else; the second one is having databases in other places i.e. you are able to launch it (national data systems – edit) someplace else; and the third is the entire system is actually operating someplace else and is constantly available in these other places,» said he.
Things to be dubbed could include population register, land register, commercial register and other databases of national importance.
Who guarantees security?
Thanks to NATO collective defence, occupation of the Estonian territory is an unlikely scenario; even so, data embassies would make it even more complicated for the theoretical enemy.
«A task for a theoretical occupant’s military planners is suppressing a country’s state institutions and replacement thereof with its own. If, after being occupied, a state continues its operations, the goal will not be achieved and the political price for invading its territory will increase,» explained Mr Priisalu.
The so-called national monuments i.e. services not all that important for the state to function – like, for instance, the president.ee mainly used as information environment– could, according to the plan, be just as well moved into the conventional commercial clouds as offered by the likes of Amazon and Microsoft.
To see that the data stored is not altered by provider of the service or by a third party, the RIA chief says digital signatures and time stamps could be used. Being in the large commercial cloud, such services would also be immune to the DDoS-type attacks overwhelming the servers – as used during the largest cyber attack campaign so far launched against Estonia in 2007.
With digital embassies storing copies of databases and registers of national importance, the security might theoretically be the responsibility of host country – just like with physical embassies.
«A technical issue we need to discuss with the other countries is that as they take responsibility for the security of an embassy, so likewise they might also assume responsibility for the security of the virtual embassy in the network,» said Mr Priisalu.
According to Mr Priisalu, server parks providing a certain level of security come with specialists able to quickly and adequately respond to cyber attacks.
Encrypted processing
Some day in the future, could the very national registers and databases be spread out in foreign servers – not just the systems dubbing them as prescribed by the current plan?
«It would be nice for us to come to the place where we have all things distributed – that would be one step further from data embassies. That would imply the use of multiparty computations. The data ought to be processed in encrypted form so the data processers cannot intervene nor see what the data contains. Further developing that, it would be possible to reach a system which would be spread abroad, as if... there’d be no single service provider in control,» said the RIA chief while explaining the future options.
«Are we ready for that right now – definitely not. We should have applied research and solve a bunch of problems,» he added.