- [2019-11-12] RIA organized information day. The topics covered: new Mobile-ID procurement, closure of DigiDocService, authentication gateway, developments in eID field, signature service, X-Road and others. Full video recording available online (in Estonian).
https://www.ria.ee/et/uudised/tana-toimub-ria-koostoopartnerite-infopaev.html
https://riainfopaev2019.publicon.ee/paevakava/ - [2019-11-11] RIA decided to support with EUR 5,550 grant the association for the visually impaired as a compromise for RIA’s failure to support screen readers in DigiDoc4 client.
https://www.ria.ee/et/uudised/ria-solmis-nagemispuudega-inimestega-hea-tahte-margiks-kompromissi.html
https://digi.geenius.ee/rubriik/uudis/kohus-hakkab-vaagima-kas-riik-peab-nagemispuudega-inimestele-vigase-tarkvara-parast-maksma-10-000-eurot/ - [2019-11-11] Supreme Court is discussing EDF law expanding surveillance rights. Chancellor of Justice Ülle Madise has found that the amendments are constitutional, because they do not allow for the restriction of individuals’ fundamental rights any more than the legislation currently in force.
https://news.err.ee/1001642/supreme-court-discussing-edf-law-expanding-surveillance-rights
https://news.err.ee/982963/justice-chancellor-law-expanding-edf-surveillance-rights-constitutional - [2019-11-11] Telia offers NFC-enabled SIM card that can be used in the phone to validate ride on public transport in Tallinn.
https://digi.geenius.ee/rubriik/uudis/tallinna-bussis-saad-nuud-oma-soidu-valideerida-ka-nutitelefoniga-viibates/
https://digi.geenius.ee/rubriik/uudis/juhend-kuidas-kaib-labi-nutitelefoni-uhiskaardiga-valideerimine-ja-palju-see-teenus-maksab/
https://news.err.ee/1001643/what-the-papers-say-accessible-tartu-baby-boom-in-paide - [2019-11-07] SK ID Solutions annual conference was held second time in English. Presentation slides available.
https://www.skidsolutions.eu/en/about/sk-annual-conference/sk-annual-conference-2019 - [2019-11-04] Estonia is planning a system that would collect data from hotels to alert the authorities when somebody on a watchlist checks in. Dan Bogdanov discussed how to build a totally anonymous electronic accommodation card.
https://twitter.com/danbogdanov/status/1189805333146935296
https://digi.geenius.ee/rubriik/uudis/andmeteadlane-kuidas-ehitada-taiesti-anonuumset-elektroonset-majutuskaarti/
https://digi.geenius.ee/rubriik/uudis/testimisse-jouab-riiklik-e-majutuskaart-mis-informeerib-politseid-tagaotsitavatest/ - [2019-11-04] UT researchers performed interdisciplinary research studying Estonian digital signature compliance to national and EU legal requirements. The finding is that the “Signed on” time displayed by DigiDoc software cannot be trusted to establish the actual time of signing. Other finding is that due to the certificate validity suspension option, vast majority of digital signatures created as of now cannot be verified according to legal requirements.
https://cybersec.ee/timesign/ - [2019-10-31] From next year, the Consumer Protection and Technical Surveillance Authority (TTJA) will have the rights to restrict access to e-shops and mobile apps, and will have the right to find out who are the customers of the telecom operators.
https://digi.geenius.ee/rubriik/uudis/ttja-hakkab-e-poodide-ja-appide-kasutust-piirama-kui-muud-meetmed-ei-aita/
https://digi.geenius.ee/rubriik/uudis/riik-saab-hakata-piirama-ligipaasu-e-poodidele-ja-appidele-ning-naeb-operaatorite-klientide-andmeid/ - [2019-10-28] Storm caused extensive power outage that disrupted internet connection in south of the country. Border crossing was disrupted for several hours. Better preparation for next storm needed.
https://news.err.ee/996771/storm-disrupts-agencies-internet-connection-in-south-of-country - [2019-10-25] Justice ministry conducted an audit into whether judges had accessed documents in the court information system regarding cases in which they do not take part. Judges warned that such audits would undermine judges’ confidence in and willingness to use the information systems.
https://news.err.ee/995904/judges-protest-justice-ministry-court-information-inspection - [2019-10-25] Märt Põder shared a photo from IT minister’s i-voting work group and discussed the risk of i-vote selling.
https://gafgaf.infoaed.ee/posts/myya-v3hekasutatud-kryptogramm/ - [2019-10-23] Tele2 blocked foreign phone numbers associated with massive fraudulent call wave. By contrast, Telia and Elisa are not yet blocking the numbers, claiming that intervention of a regulatory body is required.
https://digi.geenius.ee/rubriik/uudis/ootamatu-kaik-tele2-blokeerib-massilise-petukonede-lainega-seotud-valismaised-telefoninumbrid/ - [2019-10-23] IT and foreign trade minister Kert Kingo submited resignation. MKM workgroups will keep working. The new IT minister is Kaimar Karu. In his view the transparency of i-voting should be improved.
https://news.err.ee/995118/it-and-foreign-trade-minister-kert-kingo-submits-resignation
https://digi.geenius.ee/rubriik/uudis/endise-it-ministri-kert-kingo-algatatud-tooruhmad-jatkavad-tood/
https://news.err.ee/1002119/new-ekre-minister-kaimar-karu-in-first-interview-the-weak-need-protection - [2019-10-21] Full list of all concerns raised by the IT Minister Kingo’s i-voting working group has been published.
https://digi.geenius.ee/rubriik/uudis/taispikk-nimekiri-it-minister-kingo-e-valimiste-tooruhma-koik-valja-toodud-murekohed/ - [2019-10-18] The Estonian state will form a large cyber security policy council. MKM wishes to involve 32 different parties. The tasks of the council will include sharing information on sectoral developments and challenges, building situational awareness on cyber security, and addressing cyber security policies.
https://digi.geenius.ee/rubriik/uudis/eesti-riik-moodustab-suure-kuberturvalisuse-poliitika-noukogu/ - [2019-10-09] Data Protection Inspectorate issued memorandom inviting public authorities to not store data on public cloud services, because the confidentiality of the data may not be guaranteed and also the access to data in case of emergency may not be provided.
https://digi.geenius.ee/rubriik/uudis/ameti-margukiri-eesti-riigiasutused-ei-tohi-andmeid-hoiustada-avalikes-pilveteenustes/
https://www.aki.ee/et/uudised/it-kulutohususest-olulisem-turvalisus - [2019-10-05] Research article by TalTech researchers: On Positive Feedback Loops in Digital Government Architecture. The case of Estonia is presented.
https://www.researchgate.net/publication/336362287_On_Positive_Feedback_Loops_in_Digital_Government_Architecture - [2019-10-03] The state wants to reduce the dependency on a single trust service provider and considers running their own trust service provider. Currently ID card and Mobile-ID both depend on SK ID Solutions. SK is ready for competition – Smart-ID provides them with alternative markets.
https://digi.geenius.ee/rubriik/uudis/riik-soovib-vabaneda-riskist-et-id-kaart-mobiil-id-ja-smart-id-on-soltuvad-uhest-firmast/
https://digi.geenius.ee/rubriik/uudis/sk-tahame-enda-valdkonnas-rohkem-konkurentsi-naha/ - [2019-09-30] In September, Smart-ID downtime exceeded the allowed limits due to the problems with failing hardware. This year, three Mobile ID interruptions have exceeded allowed limits.
https://digi.geenius.ee/rubriik/uudis/sel-aastal-on-kolm-mobiil-id-katkestust-uletanud-lubatu-piire/
https://forte.delfi.ee/news/digi/mobiil-id-torkus-jalle-kas-ppa-kehtestab-lopuks-sanktsioonid?id=87888275
https://forte.delfi.ee/news/digi/smart-id-teenusega-esines-torkeid?id=87389433
https://forte.delfi.ee/news/tarkvara/mobiil-id-teenus-hetkel-ei-toota?id=87357159 - [2019-09-30] DigiDocService will be shut down in October 2020. Mobile-ID service will be provided over REST API similar to Smart-ID. Other services (signature and certificate validation) will not be supported.
https://www.skidsolutions.eu/en/News/the-digidocservice-service-will-be-shut-down-in-2020/
https://digi.geenius.ee/rubriik/uudis/mobiil-id-on-vaikselt-saanud-selle-kasutust-mojutavaid-uuendusi-ja-neid-tuleb-veel-juurde/ - [2019-09-26] LHV bank decided to enable Smart-ID API call that requires their clients to choose in mobile app the correct Smart-ID verification code from the three suggested ones. The change is aimed to force their clients to compare the verification codes shown by the Smart-ID application. Unfortunately, such measure helps only against phishing attacks using static phishing pages.
https://www.lhv.ee/et/uudised/2019/29
https://tehnika.postimees.ee/6787356/enneolematu-lhv-pani-smart-id-kasutamisele-lisakontrolli-peale
https://raha.geenius.ee/blogi/lhv-blogi/lhv-muutis-smart-id-kasutamise-veelgi-turvalisemaks/ - [2019-09-25] The state is looking for next generation Mobile-ID. This is partly motivated by the eIDAS requirement for expensive security certification of currently non-certified SIM card platforms.
https://digi.geenius.ee/rubriik/uudis/riik-tahab-mobiil-id-paremaks-muuta-laual-on-mitu-varianti/ - [2019-09-24] Software error disrupted emergency calls for 20-minute period. In total, 26 people called emergency services during the affected period but were called back later.
https://news.err.ee/993893/ria-number-of-cyber-incidents-in-september-slightly-above-annual-average
https://www.ria.ee/et/uudised/olukord-kuberruumis-september-2019.html - [2019-09-19] Researchers discovered “Simjacker” vulnerability that exploits technology embededed on SIM cards used over the world. According to representatives of Tele2, Elisa and Telia, the SIM cards issued in Estonia do not use technology that would enable the attack.
https://www.adaptivemobile.com/newsroom/press-release/adaptivemobile-security-uncovers-sophisticated-hacking-attacks-on-mobile-phones-exposing-massive-network-vulnerability
https://digi.geenius.ee/rubriik/uudis/mobiilioperaatorid-kinnitavad-sim-kaartide-pohine-haavatavus-ei-mojuta-eestlasi/ - [2019-09-13] RIA plans to eventually remove the bank link as an authentication option in government e-services.
https://digi.geenius.ee/rubriik/uudis/ria-plaanib-riigiteenustes-autentimisvoimalusena-pangalingi-ara-kaotada/ - [2019-09-13] RIA finished price negotiations with SK ID Solutions and have introduced Smart-ID for authentication to government e-services. RIA has assessed that Smart-ID authentication solution provides eIDAS security level “high”. Support for signing using DigiDoc client will come in the future.
https://www.ria.ee/et/uudised/ria-votab-riiklikes-teenuses-kasutusele-smart-id.html
https://news.err.ee/980219/public-services-can-soon-be-accessed-using-smart-id
https://leht.postimees.ee/6776871/eesti-vottis-ametlikult-kasutusele-smart-id - [2019-09-12] Ministry of Foreign Affairs will launch a cyber diplomacy department headed by Heli Tiirmaa-Klaar, a diplomatic representative with special powers in the field of cybersecurity.
https://news.err.ee/979941/department-of-cyber-diplomacy-to-launch-later-this-year - [2019-09-10] EuroPark has obtained the details of 6000 vehicle owners who have not paid the parking fee. Previously the court ordered Estonian Road Administration to share car owner personal data with EuroPark.
https://kasulik.delfi.ee/news/uudised/europark-on-katte-saanud-6000-soidukiomaniku-andmed-kellel-on-parkimistrahv-tasumata?id=87391211 - [2019-07-09] Research article by Emin Caliskan, Risto Vaarandi, Birgy Lorenz (TalTech): Improving Learning Efficiency and Evaluation Fairness for Cyber Security Courses: A Case Study. They present a case study on the Cyber Defense Monitoring Solutions course from TalTech Cyber Security MSc program.
https://link.springer.com/chapter/10.1007/978-3-030-22868-2_45
Cyber Security Newsletter 2019-11-14
Leave a reply