Author Archives: user469294

Estonian police to set up cyber crime unit

cybercrime

The Estonian Police and Border Guard Board is in a process of forming a dedicated cyber crime unit to deal with crimes that target information technology. The unit will start in 2016 and will employ 8 experts, working under the Central Criminal Police department. It will be put in charge of the cases where the criminal motive has been to harm computers or IT. The unit will also support other police departments with know-how and skills.

Links:
http://news.err.ee/v/scitech/911d2814-b121-4c59-9d39-2c7b5d8668a6

Estonian blocked as UN’s first digital privacy investigator

Leave a reply

United_Nations_Logo

The Estonian picked as the United Nation’s first digital privacy investigator was blocked on Friday by the German president of the UN Human Rights Council, after activist groups said she would not be a strong enough critic of US surveillance.

Nyman-Metcalf said she also found it bizarre that she had been criticised for saying there was no such thing as total privacy. “We all see these surveillance scandals and of course that’s upsetting, but at the same time there’s more and more pressure to do something against terrorism. There are lots of things that are pushing in different directions.”

Estonian ambassador Juri Seilenthal told Reuters that there needed to be privacy guarantees but “terrorists and child pornographers” must not be able to benefit from a right to privacy.

It would be more prudent for Estonian policy-makers to change the rhetoric to the one laid down in the Keys Under Doormats report:

Lawmakers should not risk the real economic, geopolitical, and strategic benefits of an open and secure Internet for law enforcement gains that are at best minor and tactical.

Links:
http://www.theguardian.com/world/2015/jul/04/estonian-blocked-as-uns-first-digital-privacy-investigator

Interdisciplinary Cyber Research workshop 2015

Leave a reply

TTU_centre_for_digital_forensics_and_cyber_security

18th of July, 2015 — Tallinn, Estonia

The aim of the workshop is to bring together young as well as established scholars undertaking research in various disciplines related to information and communication technologies such as computer sciences, political and social sciences, and law. Attending the ICR workshop is free of charge and also open for participants who have not submitted an abstract (registration for non-authors is here). Travel to/from Tallinn and accommodation is to be covered by the participants.

Agenda:
9:30 – Opening words, Tallinn University of Technology
9:35 – Keynote presentation, “Data Sovereignty, Data Flow, and International Jurisdiction in Cloud Computing, Prof Christopher Millard, Queen Mary University of London
10:05 -Keynote presentation, “Gnawing Away at Internet of Things Silos”, Prof Jon Crowcroft, University of Cambridge
Session 1: State and Cyber (Room 1)
“Governance of Cyber-Security in Elections”, Prof Robert Krimmer, Tallinn University of Technology
“E-Estonia under an Actor Network Theory Perspective”, Carlos Vargas Alvarez Del Castillo, Tallinn University
Session 2: Education and Digital Safety (Room 2)
“Representation of Snowden ́s Scandal in Estonian Media: Semiotic Logic of Fear”, Mari-Liis Madisson, University of Tartu
Session 3: Privacy (Room 1)
“Tor Does Not Stink: Use and Abuse of the Tor Anonymity Network from the Perspective of Law”, Tomas Minarik, NATO CCD COE
Session 4: Tech I (Room 2)
Session 5: Law (Room 1)
“ISP Liability & the Delfi case”, Karmen Turk, University of Tartu
Session 6: Tech II (Room 2)

Registration deadline for non-authors: 10th of July 2015

Links:
http://cybercentre.cs.ttu.ee/en/icr2015/

National Cyber Security Organisation: Estonia

Leave a reply

ccdcoe_logo

The study outlines the division of cyber security tasks and responsibilities between different agencies, describes their mandate, tasks and competences, and the coordination among them. In particular, it describes the mandates of political and strategic management; operational cyber security capabilities and cyber incident management; military cyber defence; and cyber aspects of crisis prevention and crisis management. It also offers a summary of the national information society setting and e-government initiatives as well as the national cyber security strategy objectives in order to clarify the context for the organisational approach in a particular nation.

Agencies mentioned: Ministry of Economic Affairs and Communications, Ministry of Defence, Cyber Security Council of the Security Committee of the Government, Estonian Information System Authority (EISA (RIA)), Estonian Computer Emergency Response Team (CERT-EE), Estonian Defence Forces, Strategic Communication Centre, NATO CCD COE, Estonian Defence League, National Crisis Management Committee, Ministry of the Interior, Estonian Internal Security Service (ISS (KAPO)).

Links:
https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_ESTONIA_032015_1.pdf

Open Vacancy: Security Engineer in Guardtime R&D division

Leave a reply

guardtime_logo

About The Role
The security engineer is part of a team of highly skilled, dedicated individuals who support research and software/security architecture for new product developments. This role will be based in Estonia (Tallinn/Tartu) and be a part of an international organization where most of the clients and market is growing overseas.
Responsibilities:
* Research/develop new technologies applicable to our products/services
* Software/security architecture for prototypes, new product developments
* Integration of KSI with various technologies like virtualization platforms, Internet of Things, PKI-based systems, code repositories, networking platforms, big data and others.
* Document and present research results
* Participate/present in security conferences, publish research papers, follow current trends in the information security world

Profile:
* Strong background in cryptography engineering information security
* Eloquent in formal methods, mathematics and statistics
* Familiarity with security infrastructure and protocols
* Experience with distributed systems, networking, cloud deployment and virtualization
* Strong background in programming – C/C++/Java/JS
* Strong experience with Unix Scripting: shell, perl, python or equivalent
* Result oriented and eager to learn

Links:
https://guardtime.com/about/jobs/security-engineer

Open Vacancy: Officer in Swedbank Security Incident Response (SIRT) Team

Leave a reply

swedbank_logo

Your tasks will consist of:
* Gathering and analyzing of information about potential threats to Swedbank,
* Discovery and management of security incidents, including computer fraud and post-incident’s investigation,
* Proactive work to prevent security incidents.

Skills and qualities important to possess as a SIRT Officer in order to be successful in the role:
* University degree or practical IT working experience of at least 4 years,
* Ability to gather and analyse information,
* Knowledge and experience at least one of the following: Windows, Unix, or databases.
* Fundamentals of computer networks, network protocols, and applications,
* Knowledge of basic information security principles, including risks and threats to computers and networks, security vulnerabilities and attacks,
* Knowledge and experience of Java and Python programming languages would be seen as an advantage
* Software reverse engineering, or cryptography knowledge, or penetration testing (OWASP), and demonstrated computer forensics skills would be seen as an advantage,
* Knowledge of basic digital electronics would be seen as an advantage, and
* Good verbal and written communication skills in Estonian and English is a necessity; knowledge of Russian would be seen as advantage

Links:
http://swedbank.easycruit.com/intranet/ee_homepage/vacancy/1411080/70633?iso=ee

Estonian Police to start collecting personal data of air passengers

1 Reply

passenger_name_record_PNR

On January 1, 2016, Estonian Police and Border Guard Board (PPA) will start collecting booking information for all flights to and from Estonia.

“The main reason for collecting PNR data is to fight cross-border crime, because drug and human traffickers, smugglers and the rest all make use of the broadened opportunities for free movement,” PNR project leader Kristi Laul said. “The PNR system will have a direct effect on public safety and have a positive effect on state’s internal security and its ability to counter serious crimes.” The data will only be used to investigate terror threats and other serious crime. The database serves as a tool to find people who could pose a risk to public safety.

PNR, or Passenger Name Records, are, in essence, data about your flight details. Every time we travel by plane, either the airline or the travel agent needs a series of data to proceed with our reservation, including itinerary, contact details, forms of payment, accompanying guests, and sometimes food preferences.

Meanwhile, civil society groups, the European Parliament and the EU data protection watchdog, the European Data Protection Supervisor, have repeatedly highlighted the lack of evidence regarding the necessity and proportionality of this “massive and routine processing of data of non-suspicious passengers for law enforcement purposes.”

Links:
http://news.err.ee/v/politics/72da111e-be78-4c6f-9cb3-196a18b4ff24
https://www.accessnow.org/blog/2014/11/26/wishing-bon-voyage-to-pnr-agreements-in-europe

Study on the lifecycle of cryptographic algorithms 2015

Leave a reply

crypto_primitive_strength

Commissioned by Estonian Information System Authority (RIA), a new study has been completed on the lifecycle of encryption algorithms. According to Toomas Vaks, Deputy Director-General of RIA, it is important to abolish 1024-bit keys as soon as possible everywhere. For the next five years, 2048-bit keys and, in the long-term, 3072-bit keys at a minimum should be used.

Links:
https://www.ria.ee/ee/it-lahendustesse-ehitada-voimalus-asendada-kruptoalgoritmid.html

Evaluation of Research in ICT in Estonia 2009–2014: Evaluation Report 5/2015

Leave a reply

ETAG_logo
Tallinn University of Technology:

4.4.15. Research Group: Faculty of Information Technology: Cyber Security
The group is led by Prof. Olaf Maennel. It is a very young and active group, started around 2013. The main interests of the group are in intrusion detection, testing security policies, and security simulation exercises. They have gained a European FP7 project on E-Crime. The group is still establishing itself in research and its activities are promising. The number and quality of publications is still limited and should be increased. This can be done since the leader of the group is well cited. Assessment: The panel judges the research to be of high international level. The overall evaluation of the group is good.

University of Tartu:

4.6.10. Research Group: Institute of Computer Science: Cryptography and Theoretical Computer Science
This group represents a number of subunits, with 6 topics led by 5 lead PIs (Sven Laur, Helger Lipmaa, Vitaly Skachek, Dirk Oliver Theis, Dominique Unruh). The group was restructured in 2011 with the recruitment of Unruh and Lipmaa. The group addresses six key research topics, namely classical cryptography, quantum cryptography, coding theory, combinatorics and algorithms, security, and verification of cryptography. All topics are related to computer security.
The research highlights include quantum proofs of knowledge, privacy-preserving data-mining, efficient non-interactive zero-knowledge proofs, communication complexity and the rank of matrices, and permutation codes. The group claims 8 level 1.1 publications, which seems a bit low. However, it is also a bit misleading since their list of 30 best papers includes 11 articles in top or at least internationally well recognized journals (J Cryptology, European J Combinatorics, IEEE Tr Information Theory, IEEE J selected areas in communication, Theoretical Computer Science, Journal of Computer Security, Bioinformatics, European J. Operations Research), besides 7 papers in the very best conferences (FOCS, Crypto, Eurocrypt, ICALP). Remaining top 30 items are papers in more specialized cryptography and security venues like ACM CCS, PKC, SCN, CSF, Eurocomb. Publication rate of top level papers has increased significantly over the evaluation period.
Many of the students (10+) are working in related industrial SMEs such as Cybernetica. They are contributing to several practical applications such as e-voting. The group is recommended to keep its current high quality and volume of output, and to develop some additional internationally financed projects. Based on the evidence, panel judges the research to be of high international level. Because of the strong upward trend the overall evaluation of the group is excellent.

Links:
http://www.etag.ee/wp-content/uploads/2012/05/Evaluation_raport2015veeb.pdf

Call for ideas to improve Estonian Internet voting

Leave a reply

Estonian_internet_voting

Electronic Voting Committee invites those interested in Internet voting to attend the day of ideas event, which will take place on Thursday, 18 June, 2015 from 11:00 to 15:00 in the hall of commandant house at Toompea street 1, Tallinn.

I-voting in Estonia has been used already for 8 elections in 10 years. The system has been continuously developed, but since the time of the next regular elections is after little more than two years, it is an opportune time for introducing something larger and more substantial.

Hence the aim for the day of ideas: everyone will have the opportunity to present his ideas or thoughts on how to make i-voting even better, more secure, more transparent, more reliable, etc. – invited are both technical and organizational improvement proposals.

To have a smooth management of the event:
a) register your participation no later than 16 June by sending an e-mail to vvk dot ee.
b) describe in a few sentences the idea and give an estimate on the time needed for the presentation. If you wish, you can show the slides.

Invited are also those who do not have their ideas, but still would like to participate in the debate about the ideas.

Additional information: Tarvi Martens (Head of the Committee)

Presentations:

Sven Heiberg “What is possible for 2017”
Ivo Kubjas “Mixnets – why, what and how?
Arnis Paršovs “Homomorphic Tallying for Estonian Internet Voting”
Tanel Tammet “About e-election problems”
Ahto Truu “Data integrity detection KSI service”

Links:
http://www.vvk.ee/valimiste-korraldamine/vvk-uudised/kutse-ideepaev-e-haaletamise-parenduseks/
http://vvk.ee/valimiste-korraldamine/elektroonilise-haaletamise-komisjon/ideepaev-2015/