Professional Documents
Culture Documents
Estonia: Cybersecurity Policy
Estonia: Cybersecurity Policy
CYBERSECURITY POLICY
Strategy Documents
The Estonian Ministry of Economic Affairs and Communications is currently undertaking the process of putting together Estonia’s Digital Society
Agenda 2030.
The Agenda is developed in accordance with Estonia’s national long-term development strategy “Estonia 2035” and its aim that public services
would be of a high quality, intuitive and available everywhere, while ensuring the protection of fundamental freedoms.
The Agenda will also include the next iteration of Estonia’s Cybersecurity Strategy which sets out goals for national development for the coming
years.
Source
2021
Source
2020
Source Source 2
5 September 2019
1. Estonian cyber security is based on close and trust-based cooperation between the public and private sectors;
2. Estonia will continue to develop cyber defence;
3. Estonia will develop digital services and cyber security primarily by investing in them, providing a role model for the private sector; and
4. Estonian cyberspace is part of the safe and stable global cyberspace. Cyber security is founded on constant and close international cooperation.
Source Source 2
2017
Implementation Frameworks
Announces the upcoming establishment of the Cyber Command, which will achieve integration for carrying out cyber and information operations
in cyberspace and the information sphere.
Estonia Last Updated: August 2021
Source
2017
Source Source 2
January 2017
STRUCTURE
Contributes to smooth co-operation between various institutions and conduct surveillance over the implementation of the goals of the Cyber
Security Strategy;
Chaired by the Secretary General of the Ministry of Economic Affairs and Communications.
Source
2009
Key Positions
Chair
Cyber Security Council (Secretary General of the Ministry of Economic Affairs and Communications)
Source
Commander
Cyber Command
Source
Source
2012 (consolidated)
Source
2011 (formerly Estonian Informatics Centre)
Source
2008
Cyber Command
Republic of Estonia, Defence Forces
The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s
area of responsibility.
Source Source 2
2018
Source
Estonia Last Updated: August 2021
1 May 2021
Source
Governmental CERT;
1. Monitoring of the state of information security in Estonia by using received reports and collecting information about information security incidents;
2. Preventing security incidents and reducing security risks, mainly by raising awareness and through communication work; and
3. Assisting institutions regarding security incidents and advising them if they want law enforcement agencies to start an incident investigation.
Source Source 2
1 January 2006
LEGAL FRAMEWORK
Legislation
Source
12 December 2018
Cybersecurity Act
Source Source 2
9 May 2018
Emergency Act
Source
1 July 2017 (entry into force)
Provides requirements for the public electronic communications networks and publicly available electronic communications services;
Entitles Technical Surveillance Authority to require providers carry out a security audit.
Source
1 January 2005 (entry into force); 1 July 2015 (amended)
Penal Code
Source Source 2
1 September 2002
States have to make reasonable efforts to ensure that their territory is not used to adversely affect the rights of other states;
States have the right to attribute cyber operations both individually or collectively according to international law;
States have the right to respond to malicious cyber operations, including using diplomatic measures, countermeasures, and, if necessary, their
inherent right of self-defence.
Source Source 2
29 May 2019
Official compendium of voluntary national contributions on the subject of how international law applies to the use of information and
communications technologies by States submitted by participating governmental experts in the Group of Governmental Experts on
Advancing Responsible State Behaviour in Cyberspace in the Context of International Security established pursuant to General Assembly
resolution 73/266
The Group of Governmental Experts established pursuant to the he General Assembly resolution 73/266, adopted its report by consensus on 28 May 2021.
In paragraph 73 of the Group’s report (A/76/135), it is stated that, in accordance with the Group’s mandate, an official compendium of voluntary national
contributions of participating governmental experts on the subject of how international law applies to the use of ICTs by States will be made available on
the website of the Office for Disarmament Affairs.
Source Source 2
May 2021
In her speech, the President of the Republic elaborated the following five points:
Estonia Last Updated: August 2021
Source
29 May 2019
COOPERATION
Multilateral Agreements
Budapest Convention
PARTY
Source
1 July 2004 (entry into force)
UN Processes
Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security
Source Source 2
2009, 2012/2013, 2014/2015, 2016/2017, 2019/2021
Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications
in the Context of International Security
Source Source 2
2017
Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security
Source Source 2
2019/2020/2021
UN Security Council Arria-formula meeting: Cyber Stability, Conflict Prevention and Capacity Building
As part of its presidency of the UN Security Council, Estonia organised a virtual meeting focused on stability in cyberspace, cyber norms and international
law.
Source
22 May 2020
Estonia has raised the issue of maintaining international peace and security in cyberspace during its elected membership of the UN Security Council
(2020-2021). In June 2021, Estonia organised the first high-level open debate on cybersecurity in the Council.
Estonia Last Updated: August 2021
Source
29 June 2021
Agreement between the Ministry of Foreign Affairs of the Republic of Estonia and the International Bank for Reconstruction and
Development and the International Development Association concerning the Cybersecurity Multi-Donor Trust Fund
Since 2020, Estonia is a donor of the World Bank Associated Cybersecurity Trust Fund.
Source
2020
Participating States will, on a voluntary basis and consistent with national legislation, promote public-private partnerships and develop
mechanisms to exchange best practices of responses to common security challenges stemming from the use of ICTs;
Estonia is in the process of developing activities for the CBM 14.
Source Source 2
2020
The United States Army and the Estonian Ministry of Defence signed an agreement that will enable the two countries to conduct future
collaborative science and technology efforts in cyber defence;
They will establish a multi-domain operations, cyber domain working group to identify opportunities for interoperability experimentation and
demonstrations.
Source Source 2
23 September 2020
Memorandum of Understanding on the pooling and sharing of their respective cyber ranges capabilities;
Part of the Cyber Ranges Federation Project launched in May 2018: Cyber Defence Pooling & Sharing Project.
Source Source 2
28 June 2018
Cooperation, Estonia/NATO-Japan
Prime Minister
Cooperation on cybersecurity;
Japan to join the NATO-accredited cyber defence hub (NATO Cooperative Cyber Defence Centre of Excellence, CCDCOE) based in Tallinn.
Source
12 January 2018
Member;
Estonia Last Updated: August 2021
Source Source 2
11 December 2017 (decision adopted by the European Council)
Source
29 November 2017
Source Source 2
27 September 2017
Discussions, Estonia-Iceland
Foreign Minister
Discussions on cyber security and opportunities for cooperation in this area.
Source
20 June 2017
Source
20 June 2017
Source
Estonia Last Updated: August 2021
April 2017
Source
Source
4 November 2015
Source
16 April 2015
A global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity
building.
Source Source 2
16 April 2015 (Member since)
Memorandum of Understanding to promote the development of cyber security capabilities in the Americas.
Source
20 October 2014
Regional cooperation format which as of 1992 brought together five Nordic countries and three Baltic countries (Finland, Sweden, Norway,
Iceland, Denmark, Estonia, Latvia and Lithuania) to discuss important regional and international issues
Source
3 December 2013
Source
23 April 2010
Select Activities
Featured lectures and panel discussions by current and former cyber diplomats as well as experts from leading think tanks, academia and
institutions.
Source
9 - 10 February 2021
The open master class on cyber diplomacy featured insights on different aspects of cyber diplomacy, including international law applying in
cyberspace, norms of responsible state behaviour, confidence building measures, and cyber capacity building.
Estonia Last Updated: August 2021
Source
2 July 2020
A five-day course meant for diplomats as well as other government officials interested in complex cyber issues.
Source
22-26 July 2019
Together with Singapore, the Permanent Representative of Estonia to the UN co-chairs the UN Group of Friends on e-governance and cybersecurity, which
organises a range of events on pertinent issues for UN members.
Source
Membership
International Telecommunications
Union (ITU)