State agencies, the Estonian National Museum, certain bridges, server rooms, and backup generators of hospitals are just some of the things to be added to the government's new list of objects of national security relevance. The latter will have to take more stringent security measures against potential attacks.
Government to boost security of hundreds of buildings
The plan that is being carried out by the interior ministry constitutes a reform of protecting Estonian infrastructure. As surprising as it sounds, security has been an in-house matter of state agencies so to speak since Estonia regained its independence 25 years ago. Investments – full perimeter, laminated windows, security doors – were only made in cases where there was a will and enough money.
This will change tomorrow, should the government approve the corresponding draft resolution. The recent list of objects sporting a greater risk of being attacked – that currently includes a small number of security institutions and some critical infrastructure objects – will be replaced with a new one that will encompass far more, from Stenbock House to the Blood Center.
The new list will have six categories to which the Internal Security Service (KAPO) can assign sites, objects, or parts of the latter after carrying out a threat assessment. Next to security, national defense, and critical infrastructure, the list will have an entirely new C-category – buildings attacks against which could endanger the lives and well-being of a lot of people or result in destruction of national heritage.
The final list of objects will not be made public. The aim of singling out objects of importance in terms of national security is to introduce standardized security requirements with which objects in different categories must comply. While the content of these requirements is classified, they could include a 25-meter perimeter, security guards, security glass and doors, or laminated windows.
«It will largely cause institutions to update their security protocols and access procedures,» said adviser at the ministry Andrus Tamm. «Agencies need to make sure doors stay closed at certain hours or introduce a gateway system where people would have to go through two separate doors or a tourniquet that only allows a single person to pass at a time.»
Deputy Chancellor in charge of security policy Erkki Koort made no attempt to deny that the new requirements follow the crisis in Ukraine and terrorist attacks in Central Europe.
He said that attackers found agencies very easy to take over in Ukraine. «Because doors were basically open all the time, they just walked in. We want to avoid the possibility that a group of people could easily hijack an object that has importance in terms of the functionality of the state and society,» Koort explained.
Even though such a scenario might sound fantastic, it is not the case. KAPO and the Police and Border Guard Board (PPA) checked the security of all ministries and delivered their recommendations immediately after gunman Karen Drambjan's attack on the Ministry of Defense in 2011. When the survey was repeated in 2014, it turned out only the defense ministry had made considerable progress regarding security.
Postimees has written about the security at the foreign ministry, while there are also problems with the Tax and Customs Board and other strategically important state agencies attacks against which could seriously wound administrative capacity.
Koort said that security is currently tightest in internal security agencies as opposed to military objects. Random people have strayed onto both police and Defense Forces objects after climbing the fence, usually in a state of intoxication.
Koort added that the aim of the new regulation is not only to strengthen buildings' imperviousness but also make sure people without proper clearance couldn't access sensitive information. «Were we to ask whether it is possible for a janitor who happens to be a Russian citizen to gain access to a minister's office at night today, the answer would probably be yes. I even believe it is is happening,» Koort said.
After an object is classified as important for national security, its manager has 18 months to comply with corresponding security requirements. That calls for a risk analysis and designation of more likely potential attack scenarios.
The analysis will be used to put together a security plan that includes a rapid response map for when security measures really have to be employed.
Finished objects will correspond to three threat levels: yellow, orange, and red. While the internal security service can evoke the first level only for heightened attention, the latter stands for immediate danger – an attack has already taken place or is about to.
While the interior ministry has found that potential sites that could be qualified as national defense objects number in the thousands, not all of them will be included in the list, and the choice will be made based on likelihood of attacks, their potential effect and estimated damage.
Objects previously classified as likely targets will be added to the new list first, whereas the total number of objects on the list could grow to several hundred in the coming years. It is also possible to designate as relevant to national security parts of buildings, like server rooms, or backup generators. That could be the case regarding major hospitals.
Even though minimum requirements will be laid down for each category, complying with most requirements will be deemed sufficient. The reason for this is that some objects are located in places where not all requirements can be fulfilled. The defense ministry wanted to construct a separate access control building in front of the ministry's main building after Drambjan's attack in 2011, which the Tallinn Cultural Heritage Board did not allow, however, following heritage protection considerations.
The Ministry of Internal Affairs admits that compliance with requirements will result in certain expenses but claims these are not major. However, some agencies might be forced to move. «We do not expect everything to change tomorrow and institutions to drop everything else on their plate. We perceive no need for major additional investments for state agencies: it is largely a matter of cast of mind,» Koort said.