TALLINN - Estonian Minister of Entrepreneurship and IT Andres Sutt said that the cyber security situation in the region has deteriorated significantly and Estonia needs to be ready in case the cyber attacks made against Ukraine are also targeted at Estonia.
For that reason, the Ministry of Economic Affairs and Communications and the Information System Authority have sent recommendations on cyber security to public agencies and heads of enterprises providing vital services. The recommendations concern the cyber attacks against Ukraine and their possible impact in Estonia, spokespeople for the Ministry of Economic Affairs and Communications said.
"The threat of a military escalation in Ukraine has also greatly worsened the cyber security situation in our region, and what we need now is for the heads of businesses and authorities to think about the security of their organization's IT and communications systems -- have they done all they can to implement basic cyber hygiene measures and what happens if any of their systems becomes the target of a cyber attack?" Sutt said.
The minister noted that while no comparable attacks have currently been registered in Estonia, the country must be prepared for the possibility of its information systems and services becoming the target of an attack.
Sutt noted that the general cyber threat situation has greatly deteriorated in the past couple of years because cyber attacks have become more frequent and their impact more severe.
"Examples of the changed security environment include the Irish health care system having been paralyzed, disruption in the operation of the United States' greatest pipeline and the closure of 800 stores of the Coop chain in Sweden. An extensive cyber attack was also made a couple of weeks ago at the Ukrainian government's websites, which affected a great number of local government agencies and also the portal keeping a record of vaccination certificates," the minister said.
In their message to heads of businesses and public agencies, the Ministry of Economic Affairs and Communications and Information System Authority recommend to make sure that functional recovery solutions exists for the information systems and that the enterprises and agencies have a crisis plan for a possible cyber incident. Agencies should provide adequate resources for information security teams to be able to quickly respond to emerging security vulnerabilities or incidents, and staff should be reminded of the need for good cyber hygiene practices.
Gert Auvaart, deputy director general of the Information System Authority, said that companies should think about what happens if an e-service does not work for a while or if a website is down.
"If a successful attack occurs, it will quickly escalate into a problem that is bigger than the agency's IT department, as it could bring down the entire agency," he said. "If a medical device running on an old operating system is connected to the hospital network and it is hit by a cyber attack, it is possible that work in the entire hospital will be halted," he explained.
The Information System Authority also recommends that agencies gain an overview of the cyber security situation of their external IT service providers and agree on how to report and respond to cyber incidents. Attacks on government agencies in Ukraine were made possible through an external IT service provider.