TALLINN - The Estonian parliamentary state budget control select committee discussed an audit conducted by the National Audit Office concerning the safety and preservation of the critical databases of the state.
According to chairman of the select committee Aivar Soerd, altogether 118 million euros has been allocated in the state budget strategy for the additional funding of the information and communications technology (ICT) field for the next four years, but of this only 9.4 million euros is meant specifically for ensuring information security, parliament spokespeople said. Soerd said that the main portion of the additional funding for the ICT field will go to ensure existing services, updating hardware and new developments, which can be indirectly linked to information security. "The audit of the National Audit Office highlights serious shortcomings in the information security of the state's critical databases, which shows that more money than before needs to be contributed there," he said.
Soerd also directed attention to the audit's highlight that the data of five critical databases has not yet been backed up to foreign representations.
Soerd said that progress is the opening of a data embassy in Luxembourg, preparations for which are ongoing and the embassy should launch from July 2018.
Member of the select committee Andres Metsoja said that the critical databases of the state of Estonia are protected but as we had set ourselves strict demands as an e-state for ensuring the safety of data, we must also be able to fulfill those demands. "It is important that there are set goals and a plan of action when improving the protection of data," Metsoja said. "In addition, the possible weaknesses of critical databases must be assessed regularly."
The audit also revealed significant deficiencies in guaranteeing information security in several critical databases , such as in the analysis of logs, protecting mobile devices, encrypting hard drives. The special requirements needed for protecting critical data have not yet been established either, the audit found. It was also said that the storage of the backup copies of the databases at embassies is important.
Those participating in the meeting in general agreed with what was highlighted in the audit and promised to take the proposals into consideration and realize them.
Those participating in the meeting included Minister of Entrepreneurship and Information Technology Urve Palo, Auditor General Janar Holm and representatives of the Health and Welfare Information Systems Center, Center of Registers and Information Systems, the information technology department of the Finance Ministry, the information technology and development department of the Interior Ministry, the information technology department of the Ministry of the Environment, and the Defense Ministry.