Subscriber OnlyInnovation

Ireland should follow Estonia and get serious about cyber security

Baltic nation has not looked back since being the subject of cyberattacks in 2007

Estonia adopted a full-scale approach to cybersecurity following a crippling cyber attack. Photograph: iStock
Estonia adopted a full-scale approach to cybersecurity following a crippling cyber attack. Photograph: iStock

Cyber security representatives from Ireland recently took a trip to Estonia to see how the Baltic state has adopted a full-scale approach to cybersecurity following a crippling cyber attack.

Thisincluded representatives from Ireland’s technical universities as well as Cyber Ireland’s Eoin Byrne and Senator Gerry Craughwell, who takes responsibility for the initiative with Liisi Kirschenberg of the Estonian Chamber of Commerce and Industry.

Craughwell is a man known for his directness and one of those things is that the Irish Government needs to get serious about cyber security. “They talk about cyber, but I don’t see anything serious being done – it’s going to take a catastrophic event before we wake up,” he says.

Why Estonia is being touted as the country to learn from becomes apparent when you learn about its digital society. The vast majority of its public services can be done online, but you still need to show up in person to get married.

READ MORE

The country has also been through the cyberattack ringer, for relocating a statue of all things. In 2007, the country underwent a series of cyberattacks that impacted both public and private services for 22 days. For a small nation, the attacks were crippling and although it learned the hard way, it has learned those lessons and now nations substantially bigger than its 1.3 million population are looking to the country for guidance.

The delegation met with Cybexer Technologies, the Start Up Incubator at Tehnopol, the Estonian ICT Association, the Information System Authority, CR14, security software company Cybers and the Nato Cooperative Cyber Defence Centre of Excellence (CCDCOE). “We’ve met those people now on several occasions and the idea of bringing Irish people out there is ... I’m trying to do what the Government is not doing and that is to get people serious about cyber, cyber awareness and cyber defence,” says Craughwell.

“The National Cyber Security Centre is under the Department of Communications, which is buried in the bowels of the Department of Transport – they should be in the Department of the Taoiseach or Department of Defence.”

“We languish in the mistaken belief that we are loved by everybody in the world because we’re a neutral country involved in peacekeeping around the world and nobody would hate us,” he adds.

Back home, Ireland has a strong industry with nearly 500 companies in the cyber security sector employing 7,500 people and generating €2.1 billion in cyber security-related revenue. In Estonia, the security sector is government-led.

The e-ID digital services system and the trust the Estonian people have in the service was one thing that impressed the Irish delegation as well as their approach to educating citizens in cyber security across the board.

“It wasn’t just the technology and the technical aspects of cyber security that were impressive – they have cyber ranges for training everyone from national security and defence right down to schoolchildren, but very much around that part of the people there being the first line of defence,” says Eoin Byrne of Cyber Ireland, a national cyber security “cluster organisation” that brings together industry, academia and Government.

Byrne notes that threats to businesses in Ireland are “very much about cybercrime and criminals”, whereas in Estonia it’s ”the existential threat that’s on their doorstep and the impact of the invasion of Ukraine as well”.

“I think that very much consolidates the minds of the people there and the Government, why cyber security needs to be such a priority for the country and why they’re taking leadership of it,” he says.

Speaking about what Ireland has gained since the learnings of the ransomware attack on the HSE in 2021, Byrne says there have been positive changes.

“I think there has been significant learnings and the Government has invested a lot in the National Cyber Security Centre – they’ve grown their staff significantly over the last number of years,” he explains. “They also have challenges in recruiting staff because there’s such a demand for cyber security experts in Ireland and internationally, so on public sector pay scales, it is a challenge for them even to recruit into the NTSC – they’ve scaled up but there’s always more we can do – we still need a whole government approach to cyber security and a prioritisation of it as well,” he says.

Mark Lane, a TU Dublin cyber security academic and co-founder of the Zero Days gamified cybersecurity challenge event, described the trip as “eye-opening” and was impressed by the investment in cyber security resources.

Lane brings an Irish team to the annual European Cyber Security Challenge, which will be held in Turin. They recently received the good news that Irish team captain Cillian Collins has been selected for the European team to compete at the International Cybersecurity Challenge in Chile later this year.

Even if the Government doesn’t take cybersecurity seriously, at least our students can compete on a world stage.