Monthly Archives: April 2017

Oxford Training Session: Cyberspace and the State

This 3-day training session is centred around the topics of opportunities and threats emerging in an information society, involving discussions about digital services, personal authentication methods, international cyber threats and e-elections. These discussions are not only important from a technical point of view, but also need to take into account political, governance, social and legal aspects.
This training session is mostly aimed at students with non-IT background, who, as future leaders and experts in their own respective fields should still be aware of the opportunities created by the information technology, as well as of the risks involved.
The first two days of the training session contains topical lectures, on the third day of the event, a practical cyber crisis simulation exercise will be carried out.
The training session is offered free of charge, graduates will receive a certificate from the University of Tartu (2 ECTS), as well as a certificate of attendance by the University of Oxford

DAY 1: FRIDAY, APRIL 28
09:30 – 10:00 Registration to the training session
10:00 – 10:30 Welcoming and course introduction (Lucas Kello, Oxford)
10:30 – 12:00 Lecture 1: Computing and Networks: The Basics (Ivan Martinovic, Oxford)
12:00 – 13:00 Lunch break
13:00 – 14:20 Lecture 2: Computer Security: Authentication and Biometrics (Ivan Martinovic, Oxford)
14:20 – 14:30 Short break
14:30 – 16:00 Lecture 3: An Independent Assessment of the Procedural Components of the Estonian Internet Voting System (Jason Nurse, Oxford)
16:00 – 16:20 Short break
16:20 – 17:30 Lecture 4: National and International Security in the Cyber Age (Lucas Kello, Oxford)

DAY 2: SATURDAY, APRIL 29
08:30 – 09:00 On-site registration
09:00 – 10:20 Lecture 5: Russian Cyber Operations: Disruption and Subversion (Lucas Kello, Oxford)
10:20 – 10:30 Short break
10:30 – 12:00 Lecture 6: Government as a Platform (Robert Krimmer, Tallinn Univ. of Technology)
12:00 – 13:00 Lunch break
13:00 – 14:20 Lecture 7: Law Enforcement’s Access to Extraterritorial Data (Anna-Maria Osula, University of Tartu)
14:20 – 14:30 Short break
14:30 – 16:00 Lecture 8: Strategic Dilemmas in Cyberspace (Max Smeets, Oxford)
16:00 – 16:20 Short break
16:20 – 17:00 Simulation exercise briefing (Lucas Kello, Oxford)

DAY 3: SUNDAY, APRIL 30
08:45 – 09:00 On-site registration
09:00 – 09:30 Simulation exercise set up (Oxford teaching staff)
09:30 – 13:00 Cyber Crisis Simulation Exercise
13:00 – 14:30 Lunch break and group discussion
14:30 – 15:30 Post-exercise debriefing: Decision-making in a Crisis (Lucas Kello, Oxford)
15:30 – 15:50 Short break
15:50 – 17:00 Course conclusion (Lucas Kello, Oxford)

Links:
https://sisu.ut.ee/oxfordsessions/overview?lang=en
https://www.facebook.com/events/1144747528981361/

Estonian Internal Security Service (KaPo) Yearbook 2016

KaPo annual review 2016 discusses cyber security on page 21:

In 2016, Estonia also saw some attempts to access the information of the state’s high-level decision-makers. The attacks were extremely skilfully executed from the technical point of view with the use of credible fake e-mails and previously unknown technical methods. In view of the functioning mechanisms of the abovementioned APTs, it is clear that attacks cannot be avoided entirely, but they need to be identified, and major damage needs to be mitigated.
[..]
As far as Estonia is concerned, we forecast that cyber threats will increase in 2017 due to the EU presidency and the arrival of NATO units.

The section “Protection of state secrets” covers the case of Alexander Goncharov and Ivo Jurak on which we reported before.

Links:
https://kapo.ee/sites/default/files/public/content_page/Annual%20Review%202016.pdf

PhD thesis: “Remote search and seizure of extraterritorial data”

Anna-Maria Osula PhD thesis: “Remote search and seizure of extraterritorial data”
Defense date: 17.04.2017 – 12:00, Näituse 20, room K-03

Supervisor:
Professor Jaan Ginter

Opponent:
Dr Christoffer Wong (University of Lund)

Summary:
Due to increasing digitalization, criminal procedure has to take into account the characteristics of the Internet, related technologies and digitally stored or electronically transmitted data. The objective of the dissertation is to examine, building on the example of the Council of Europe Convention on Cybercrime (CoCC), the regulation of remote search and seizure in circumstances where the targeted evidence is extraterritorially located or where it is not possible to identify the exact location of the data (‘loss of location’). Remote search and seizure entails searches that are either carried out by extending the initial search and seizure to devices accessible from the originally searched device or by remotely conducting search and seizure from other devices such as the law enforcement’s own. In addition to discussing the traditional mutual legal assistance procedures and alternative measures for accessing extraterritorial data, the dissertation scrutinizes whether remote search and seizure of extraterritorial data entails an extraterritorial application of jurisdiction to enforce and whether it can thereby be viewed as a breach of territorial sovereignty of the other state.

Links:
http://www.ut.ee/en/events/anna-maria-osula-remote-search-and-seizure-extraterritorial-data
http://dspace.ut.ee/handle/10062/55683

Conference “The Present and Future of Cybersecurity”

Conference “The Present and Future of Cybersecurity”
April 26, 2017, National Library of Estonia

13.00-13.30 – Registration and welcome coffee
13.30-13.40 – Opening words – Urve Palo (Minister of Entrepreneurship and Information Technology)
13.40-14.00 – Keynote – Jaak Aaviksoo (Rector of TUT)
14.00-15.00 – Discussion “Evolution of cyber attacks – what has changed in ten years?” Klaid Mägi (RIA, head of CERT-EE) leader. Debating: Hillar Aarelaid (Police and Border Guard Board), Jaan Priisalu (TUT), Merike Käo (Farsight Security CTO)
15.00-15.30 – Cofee break
15.30-17.00 – Discussion “Discurses, paradigms and form of cyber policy in practice” Taimar Peterkop (Director General of RIA) leader. Debating: Sven Sakkov (Director of NATO CCD CoE), Heli Tiirmaa-Klaar (European Union, Head of Cyber Policy Coordination at European External Action Service), Lauri Lugna (Secretary General at the Ministry of Interior), Lauri Almann (Co-Founder of BHC Laboratory)
17.00-17.30 – Closing words – Toomas Vaks (RIA, Head of Cyber Security Branch)
17.30-19.30 – After conference reception. Appearance of RIA band VaRIA.

Work language of the conference is Estonian.

Links:
http://kyberkonverents.publicon.ee/registreerimine/

ETV “Suud Puhtaks” debate on internet voting security

Is the cyber security in Estonia ensured? Why the government wants to change the period of i-voting and what signal with that we send to the world? Talk show host Urmas Vaino helps to set things straight.

Debating:
Indrek Saar, Minister of Culture, Social Democratic Party
Jaanus Karilaid, Member of Parliament, Center Party
Priidu Pärna, Member of Tallinn City Council, Pro Patria and Res Publica Union
Anto Veldre, RIA analytic
Kristjan Vassil, UT senior researcher
Märt Põder, organizer of journalism hackathon
Arti Zirk, TUT IT faculty student
Tarvi Martens, Electoral Committee, Head of Internet Voting
Kristen Michal, Member of Parliament, Reform Party
Mihkel Slovak, UT senior researcher
Henrik Roonemaa, Geenius.ee editor
Erki Savisaar, Member of Parliament, Center Party
Andres Kutt, RIA, IT architect
Sven Heiberg, Cybernetica AS, Project Manager of Internet Voting System
Jaak Madison, Member of Parliament, Conservative People’s Party
Jaanus Ojangu, Chairman of Free Party
Agu Kivimägi, Stallion cyber security consultant
Jaan Priisalu, TUT researcher
Silver Meikar, Adviser to Minister of Culture
Kalev Pihl, SK ID Solutions, Board Member
Oskar Gross, Head of Cyber Crime Unit of Central Criminal Police
Klaid Mägi, RIA, Head of the department for handling incidents (CERT-EE)
Heiki Kübbar, Founder of ICEfire OÜ
Birgy Lorenz, Board Member of Network of Estonian Teachers of Informatics and Computer Science
Andres Kahar, KAPO Bureau Manager
Sven Sakkov, Director of NATO Cooperative Cyber Defence Centre
Heiki Pikker, TUT Cyber Security MSc student

Links:
http://www.err.ee/587007/suud-puhtaks-kui-turvalised-on-e-valimised
http://etv.err.ee/v/paevakajasaated/suud_puhtaks/saated/8d5babc5-cc33-4ed5-9bc0-927d4293ee21/suud-puhtaks
http://news.err.ee/310788/center-party-wants-to-shorten-e-voting-period