- Reset + Print

Estonian President, Eyeing Bigger U.N. Role, Urges Government Action on Cybersecurity, Wall Street Journal

04.04.2018

By Adam Janofsky, Wall Street Journal

WASHINGTON -- Estonian President Kersti Kaljulaid said Wednesday that her government is seeking a seat on the U.N. Security Council, where it plans to push governments around the world to take a stronger role in establishing cybersecurity norms and monitoring threats.

“New Zealand took climate to the Security Council and we will take digital to the Security Council when we’re elected,” she said at a talk organized by the Atlantic Council’s Scowcroft Center for Strategy and Security.

Estonia, a country of about 1.3 million people and roughly the size of Belgium, has developed a reputation over the past decade as Europe’s digital leader.

The country’s e-citizenship initiative provides every citizen with a secure digital identity that can be used to apply for thousands of public and private online services. Estonia also launched an e-residency program for foreign businesses and individuals, and established a volunteer body akin to a national guard that’s responsible for defending banks and election systems in the event of a cyberattack.

Ms. Kaljulaid, who was elected in October 2016 as Estonia’s first female president, discussed blockchain, artificial intelligence and monitoring of nation-state cyber attacks with CNN chief national security correspondent Jim Sciutto. Here are edited highlights:

International efforts. The international community has at least two cybersecurity roles to play, according to Ms. Kaljulaid: monitoring threats and establishing global norms. So far, it’s failing on both fronts, she maintained. “I’m disappointed by the stalled [cybernorms] process in the United Nations,” said Ms. Kaljulaid, adding that the country has decided to run for a seat on the organization’s Security Council. Ms. Kaljulaid said cyberthreats should be monitored in a way that is similar to how the international community oversees the use of nuclear technology. The first step would be to agree on the elements and events that would trigger oversight, such as signs that a nation is preparing for a digital strike. Ms. Kaljulaid added that all countries will need to be involved because “it’s a global issue and we don’t know where the next attack will happen.”

Data embassies. Last summer, Estonia announced what it called the world’s first data embassy to secure government information in the event of a military attack. The embassy is located in Luxembourg and may serve as a model for other nations, said Ms. Kaljulaid. “This server block is the sovereign territory of Estonia, and this data belongs to the Estonian state,” she said. “Whether we need to have more copies, only time will tell, but I’m quite sure people will be happy to host Estonian data embassies, and other states will need data embassies, too.” The goal is to create a large data center with a backup of all citizen information, similar to how many private companies around the globe store data.

Blockchain applications. Estonia currently is testing the use of blockchain--the record-keeping system most commonly associated with cryptocurrencies--for online services such as recording traffic accidents and insurance claims, said Ms. Kaljulaid. The country sees promise in the online ledger technology’s inherent security and simplicity, she added. But the roll-out to other services likely will be gradual, and will not reach sensitive systems such as voting infrastructure anytime soon.

Low-hanging fruit. Governments should make a stronger effort to educate citizens about digital safety and cybersecurity best practices, said Ms. Kaljulaid. For example, Estonian police regularly visit schools to teach children how to identify suspicious activity online, she said. “There will never be a technology that will be able to cover for human errors,” said Ms. Kaljulaid. “The only solution is to tell people they are responsible, and the only way to do that is through education.”

Attribution issues. Nations are so frequently bombarded with cyberattacks that are difficult to attribute that it rarely makes sense to point fingers, said Ms. Kaljulaid. “In most of the cases, you don’t analyze--you just deter and neutralize the attack,” said Ms. Kaljulaid, adding that attribution is “like playing the lottery.” A cyberattack in 2007 crippled Estonia’s digital infrastructure, bringing down banking and government websites and threatening to take the country offline. Russia was blamed for the attack, but has consistently denied responsibility. “It’s just how cyber works. I don’t think it will ever change -- this is how it is forever,” said Ms. Kaljulaid.

Article on the web-page of Wall Street Journal