- [2019-05-30] In the EP elections the long time i-voting observer was asked to stop filming the vote counting on the grounds that his camera is a communication device, which could leak the results of i-voting before the allowed deadline. The observer wrote formal complaint, will see the response. It is quite naive to believe that some organizational measures could prevent leaking the results if someone from the observers really wanted to do so.
- [2019-05-27] Bernhards Blumbergs (TalTech) defended his PhD thesis on “Specialized Cyber Red Team Responsive Computer Network Operations”
- [2019-05-26] In the EP elections 2019, 25.4% of voters cast their vote using i-voting method. There was a technical glitch concerning candidate data on the electoral website, which lasted for about 12 hours and meant that candidate searches did not yield a result on names which included diacritical marks.
- [2019-05-17] Mobile-ID users have experienced phishing attacks, where the victim is tricked into authorizing creation of Smart-ID instances, which then can be used by the attacker without victim’s consent. Some victims lost money, the police investigation is ongoing. In the beginning of the year, users of SEB, Swedbank and LHV bank experienced similar phishing attacks, where the victims were asked to authorize Smart-ID transactions made by the attacker. According to authorities, Mobile-ID and Smart-ID is secure, the negligent users are to be blamed.
- [2019-05-17] SK’s Mobile-ID service again experienced unexpected downtime. This time the downtime was for more than 24 hours. Due to downtime EMTA decided to extended deadline for submitting declarations. PPA is considering imposing some contractual fines against SK. The contract is confidential and it is not known how much the state pays to SK and what is the benefit for the state to be formally involved in the “issuance” of Mobile-IDs.
- [2019-05-13] The new IT minister announced that there are plans to conduct an analysis of the i-voting system and independent international audit to make sure that the process of i-voting is transparent and ultimately verifiable. The previous IT minister, who resigned shortly after being appointed, stated that coalition considers ending i-voting if it does not resist “the toughest tests”.
- [2019-05-09] RIA and MoD is offering 1.1 million to study: “Simulation of Critical Information Infrastructure Protection in the Cyberspace”. The purpose is to develop a virtual environment in which to simulate situations in the area of vital critical information infrastructure.
- [2019-04-23] Estonian Foreign Intelligence Service has published job ad looking for Microsoft administrator and IT support personnel. It is not common for intelligence agencies to publish job advertisements.
- [2019-04-03] Baltic Security and Security Summit took place. Among the Estonian speakers were Liisa Past and Uko Valtenberg.
- [2019-04-01] RIA released “Annual Cyber Security Assessment 2019”. Among other things it includes interview with Dominique Unruh (UT) about post-quantum cryptography.
- [2019-04-01] In the “Annual Cyber Security Assessment 2019” RIA disclosed details about the vulnerability in eesti.ee authentication system discovered in June 29, 2018. Turns out that bank link implementation on eesti.ee side did not verify signature, which allowed the attacker to bypass authentication. According to RIA, they checked logs and did not find evidence of the flaw being exploited. It is not said whether the logs actually contained full parameters to retrospectively verify the signatures.
- [2019-04-01] RIA plans to expand i-voting system to referendums and other types of elections.
- [2019-03-22] Ministry of Interior published code of conduct for crisis situations, among other things, recommending to be prepared for disruptions in e-services, including the ID card, Mobile-ID, and other means of authentication.
- [2019-03-22] Margus Noormaa was appointed as the new Director General of RIA by Minister of Economic Affairs and Communications (MKM).
- [2019-03-22] From the leaked password dumps journalists found at least 356 passwords belonging to people working in the public sector.
Head of CERT-EE claims that the cyber hygiene of state officials has improved in the recent years.
- [2019-03-20] Mihkel Solvak (UT) gave presentation “Anonymized i-voting log data: how can it be used or abused to understand voter behavior?” (time: 1:15:07).
- [2019-03-14] Authorities plan to perform security analysis to decide whether to implement i-voting with mobile phones starting 2021.
- [2019-03-13] Aivo Kalu (Cybernetica AS) gave presentation on SplitKey technology used by Smart-ID solution.
- [2019-03-13] Cybernetica released now cryptography study commissioned by RIA. This time the focus is on post-quantum cryptography.
- [2019-03-07] Estonian pet register used 15-digit chip identifier which was not random. This allowed to download data about thousands of dogs and cats and their owners.
- [2019-03-07] President refused to promulgate the new law that would grant the Estonian Defence Forces (EDF) the right to secretly gain access to data of the state, legal as well as private persons, clandestinely follow individuals, and carry out other surveillance activities against persons.
- [2019-03-05] CERT-EE warned about malware emails originating from @swedbank.ee domain. Part of the blame, however, must be taken by Swedbank, because it has not enabled DKIM email authentication for swedbank.ee domain.
- [2019-03-02] In Riigikogu elections 2019, 43.8% of voters cast their vote using i-voting method. One antivirus software considered the i-voting application a virus. There were many appeals. Two appeals related to i-voting procedure reached Supreme Court, but were rejected. However, the Supreme Court found that the rules in place for identifying, counting and mixing up the votes, as well as signing the results, should be clarified in regulatory acts.
- [2019-03-01] RIA is planning public procurement for developing Estonian information security standard.
- [2019-02-28] Starting from March, SEB and Swedbank will stop providing ID card support services. PIN code replacement will be possible only in PPA customer service points.
- [2019-02-28] Data Protection Inspectorate ordered to close down website of math exercises for minors, because no data protection conditions were published and processing of personal data for persons under age 13 was done without consent of the parents.
- [2019-02-25] Estonian social network rate.ee is storing plaintext passwords and recently a critical flaw was found which allowed to read private messages.
- [2019-02-09] Tallinn public transport ticket system, which allows passengers to pay with contactless payment cards, has no realtime communication with banking systems, debiting the amount when it gets online. As a result, it is possible to pay also with these bank cards where contactless payments have been disabled. The good news (for passengers) is that debiting payments for these cards will fail. To fight against free-riders, such payment cards after their use will get blacklisted by ticketing system terminals.
- [2019-02-07] Apparently in Estonia the information what property a person owns is a public information.
- [2019-02-07] Estonian Foreign Intelligence Service released annual report describing cyber threats on page 52. No crypto puzzle this year.
- [2019-02-04] Former State Prosecutor Steven-Hristo Evestus will continue his career in the cybersecurity company CybExer Technologies. CyberExer has already hired top personnel from NATO CCDCOE, CERT-EE, SK, and others.
- [2019-01-31] All three major Estonian banks: SEB, Swedbank and LHV have joined the flash payment system today, which means that up to 95% of payments within Estonia will reach the recipient in just a few moments.
- [2019-01-31] The court has ordered PPA to take down video showing detention of crime suspect. The court found that even though the important details that would allow the person to be identified were blurred, the person had become identifiable by means of additional information available.
- [2019-01-30] On January 17, data leak with 280 000 email addresses and passwords containing Estonian domains (.ee) was published.
- [2019-01-28] From 1st to 5th July 2019, the annual Cyber Security Summer School will take place. The focus this year will be on blockchain technologies and its impact on digital transformation.
- [2019-01-28] The 5th Interdisciplinary Cyber Research (ICR) Conference 2019 will take place on 29th of June 2019. Deadline for abstracts is 15 April 2019.
- [2019-01-25] Card payments rise as ATM withdrawals fall. In Estonia around €1.50 are spent by card for every €1 withdrawn.
- [2019-01-23] Martin Paljak found that the entire electronic functionality of new Estonian ID card can be used also over the contactless interface. To establish the connection only the CAN code printed on the ID card must be known.
- [2019-01-21] Geenius raised attention to a registration form in school’s website, which was not served over a secure connection. Good to see that non-TLS forms are not anymore accepted as a norm.
- [2019-01-16] Court decided that private company “Europark Estonia” has the right to obtain personal data of car owners from traffic register maintained by Road Administration. Road Administration decided not to appeal the decision.
- [2019-01-14] The use of Smart-ID in state services is behind price negotiations, Smart-ID being twice expensive than Mobile-ID.
- [2019-01-12] From February three major banks SEB, Swedbank and Coop Bank will discontinue code cards, Smart-ID being the most popular tool for authentication.
- [2019-01-11] MKM issued regulation specifying requirements for Trust Service Providers who provide certification services for certificates included in Estonian identity documents. According to the regulation, OCSP certificate validity service is currently recognized as vital service, while time-stamping and Mobile-ID service is not.
- [2019-01-10] Scientific study of Estonian X-Road usage log patterns suggests that e-governance adoption is linear.
- [2018-12-27] RIA released white paper “Identity Management and Identity Documents 1.0”
- [2018-10-23] Bank of Estonia has published interesting statistics about bank card fraud in 2016. The majority – 76% of fraudulent transactions are related to e-shopping on the Internet, 18% using payment terminals and only 6% using ATMs.
- [2018-12-21] Estonian criminal police has once again published job advertisement that requires to solve some puzzle. This time there is a cryptic MySQL database published.
- [2018-12-20] Martin Paljak discovered that PIN envelopes for the new generation Estonian ID cards (issued by IDEMIA) have a security flaw which allows to see through the envelope with flashlight.
- [2018-12-19] Due to some human error, several confidential contracts were available publicly on the Ministry of the Environment file management system.
- [2018-12-12] RIA has announced EUR 315k procurement to create SIGa (Signature and Signature Validation Service) which will enable public authorities to add digital signature support to their e-services with minimal development costs. RIA has already created a federated authentication system (supports ID card, Mobile-ID and bank link authentication) which can be used by the public sector.
- [2018-12-04] Cryptography professor Dominique Unruh (UT) has been awarded a 1.7 million grant by ERC to develop quantum cryptography solutions and their computer-based control methods.
- [2018-12-03] The new generation ID cards are being issued by IDEMIA. The cards have color photo and new physical security features. Contact-less interface is disabled by default – requires security analysis before enabling. New cards uses different API (IAS ECC standard), therefore software has to be updated. In the new specification the “Card Management Key” has been renamed to “Police Key”. This has raised suspicion about possible backdoor key in the ID card.
- [2018-11-28] Estonian Defence Forces Cyber Command (military unit performing also offensive cyber operations) is hiring. The competitive advantage for work in Cyber Command is that people are given quite free hands (because there is no money to be made) and access to exclusive weapon systems not seen in the private sector. The unit has been assembled from the existing staff and communications battalion. The primary recruitment point is the conscripts.
- [2018-11-28] The head of the Institute of Estonian Academy of Security Sciences (SKA) wants to hold a debate about making the state’s work easier by allowing it to analyze masses of cell phone data. There is an opinion that the state is already using far more cell phone data than is admissible for ensuring privacy.
- [2018-11-09] RIA’s Director General Taimar Peterkop has been appointed by the Prime Minister Jüri Ratas as Secretary of State. Peterkop played a key role in solving the 2017 ID card crisis. New head of RIA is to be appointed.
- [2018-11-08] Smart-ID solution has been certified by German TUViT as a qualified signature creation device (SSCD), hence Smart-ID signatures now are legally equivalent to handwritten signature. From service provider’s perspective, however, the transaction cost for Smart-ID is double the cost of Mobile-ID. Smart-ID still cannot be used for I-voting, because currently the law requires electronic voter identification using a document issued by the Estonian state.
- [2018-11-07] Estonians working in airports and airplanes must fill out a ten-page KAPO form, which requires them to specify, among other things, the names of Facebook, Twitter, Instagram and other social accounts, all telephone numbers, and even the current place of residence and contact details of “previous spouse or person similar to marriage”. It is estimated that up to 3,000 people may be subject to a such background check required by the Minister of the Interior from October 30.
- [2018-11-07] Personal identification code for the woman was updated due to the change of date of birth. The state information systems were not ready for such change. Around 300 persons will get new personal identification code because of updated date of birth.
- [2018-11-06] PPA submitted one more claim against Gemalto asking 300k EUR for not informing PPA about the ID card ROCA vulnerability.
- [2018-11-06] RIA plans to create few 2-3 minutes long educational videos showing how cyber attacks happen.
- [2018-11-06] Criminals took over transaction partners’ email accounts and phished out from Estonian company 80k EUR.
- [2018-10-31] Owners of 3-year valid digital ID cards can remotely extend their Digi-ID validity to 5 years.
- [2018-10-25] Gemalto has submitted counter-claim against PPA for PPA being in bad faith (whatever it means) in the compromise negotiations in September.
- [2018-10-19] CERT.LV organized international cybersecurity conference “Cyberchess 2018”. Webapp pentester from Estonia Silvia Väli (Clarified Security) talked about the vulnerabilities she found in the Electron framework.
- [2018-10-18] SilverTicket system had a flaw which allowed to buy tickets without paying for them. The user had to simply access the return URL visible in the bank link request.
- [2018-10-15] Due to unknown error, for years sensitive personal data of children was publicly available in the Estonian Schools Information System (EKIS) document register.
- [2018-10-10] Interview in jail with Russian student Aleksei Vasilev accused of penetrating state systems on the orders of FSB. According to him, he wrote a code to access the internal wireless network of an unnamed state agency. He is disappointed that Russian authorities show no interest to help him in his situation.
- [2018-10-10] In the Riigikogu scientific policy conference Professor of Information Security Ahto Buldas (TalTech) in his presentation “E-government base-technologies as a secure protector” stated that current e-government information systems have not been built with the knowledge of engineering based on scientific worldview and attack resistance of systems and components has not been measured. He invited the state to cooperate with universities.
- [2018-10-05] Starting from November it is possible to buy tickets in Tallinn public transport using contact-less bank cards.
- [2018-10-01] Estonian police is using license plate recognition cameras on the Estonian roads (scale not known). Large part of cameras used by police have known security vulnerabilities.
- [2018-09-27] Police (PPA) sued Gemalto claiming 152 million for generating keys outside Estonian ID card.
- [2018-09-21] Last year Estonian security authorities eavesdropped on a total of 4,596 calls made in Telia’s network. This is ten times that of Sweden (taking into account countries’ population). Judges sign off on an average of 90% of the wiretap requests. Of all wiretaps 30% concern drug crime investigations, and another 30% suspected corruption cases. Number of wiretaps has stayed the same in recent years. For the purpose of counterintelligence the Office of the Prosecutor General does not need to suspect someone of having committed a crime to order a wiretap. Frequently the information obtained is in turn used to open actual criminal proceedings against individuals.
- [2018-09-20] Professor of eGovernment Robert Krimmer (TalTech) calculated price for voting, i-vote being the cheapest (2.32 EUR) compared to voting on election day (4.37 EUR).
- [2018-09-19] eID Forum 2018 was held on 19-20 September. ID card 2017 crisis was among the discussed topics.
- [2018-09-18] In the context of upcoming elections, RIA will provide personalized cybersecurity counseling to political parties and will pentest their websites. RIA has also significantly contributed to the ENISA handbook on election security “Compendium on Cyber Security of Election Technology”.
- [2018-09-17] Cybernetica AS and TalTech organizes Second Workshop on the Protection of Long-Lived Systems (17-18 September, Pärnu, Estonia).
- [2018-09-12] Draft regulation has been prepared for allowing the face recognition robots to identify people who apply for Mobile-ID. The purpose is to enable enrollment for Mobile-ID without the need to confirm the application using the ID-card. It would be necessary to visit the PPA only if identification by robot fails.
- [2018-09-07] Cybernetica AS won the defense ministry’s procurement to prepare study to identify opportunities in the Estonian economy in the field of cryptography and to develop concrete proposals to enable the development of the field at national level.
- [2018-09-06] Apparently Gemalto leaked to local journalists some internal presentation trying to convince the public that Gemalto informed the Estonian state about the ID card vulnerability (ROCA) already in June 15, 2017. In the response PPA concluded that Gemalto is not interested in compromise and will settle the dispute in court.
- [2018-09-05] Märt Põder in Civic Tech Stockholm #2 explains Estonian I-voting.
- [2018-09-04] Article “Key Factors in Coping with Large-scale Security Vulnerabilities in the eID Field” by Silvia Lips, Ingrid Pappel, Valentyna Tsap, Dirk Draheim. Describes few positive and negative effects of the vulnerability and key factors that helped to cope with the Estonian ID-card crisis 2017.
- [2018-09-04] Heli Tiirmaa-Klaar has been appointed cybersecurity ambassador (Ambassador at Large for Cyber Diplomacy), being responsible for developing Estonia’s foreign policy on cyber security, ensuring its coordinated implementation, representing Estonia in international organisations and contributing to international cooperation in the field.
- [2018-09-01] Jaak Tarien takes over as director of NATO CCDCOE. The current director Merle Maigre will go to work for CybExer Technologies.
- [2018-08-31] Significant DDoS attack by unknown actors for half an hour hit news portals owned by Express Group (Delfi, EPL, Eesti Ekspress, Õhtuleht) and PPA website.
- [2018-08-08] There are ideas for the next generation ID card to replace PIN-based cardholder verification with fingerprint verification.
- [2018-08-06] Tele2 could not provide roaming service for its customers due to faulty software update by Comfone. The failure lasted for several hours. As a compensation Tele2 will cancel the monthly bill for the affected customers.
- [2018-07-22] Card payments and ATMs for two hours were down on Sunday due to malfunction on Nets Estonia side.
- [2018-07-06] Smart-ID is soon to be certified as qualified signature creation device (QSCD). This will require change from 4096-bit to 6144-bit RSA keys (providing 3072-bit RSA security).
- [2018-07-06] There are plans to simplify application for Mobile-ID. Currently, to enable Mobile-ID the person has to authenticate in PPA web environment. In the future this security feature will be implemented using face recognition. The solution is developed with MindTitan.
- [2018-07-06] RIA temporary removed banklink authentication from eesti.ee due to some vulnerability being found in the implementation of authentication mechanism.
- [2018-07-03] New version of DigiDoc 4 client has been released. The changes are mainly in the frontend. The functionality of DigiDoc3 Client, DigiDoc Crypto and ID card utility is now merged in a single application.
- [2018-06-29] It is now possible to order test cards of new generation ID card chips. New generation will be introduced in identity documents in the end of 2018. While the software and drivers are available, the technical documentation is not yet public. The card will also have a contactless interface, but not clear yet what functionality will be accessible over it.
- [2018-06-27] The maintenance of ID card helpline moves from AS SK ID Solution to Tieto Estonia AS. The new helpline will have new number, but will not provide support 24/7.
The certificates can be suspended 24/7 calling SK ID Solutions using the current number.
- [2018-06-22] Government discussed the results of implementing cybersecurity strategy 2014-2017. The report shows that 70% of the activities were completed, 16% of the activities were completed in the next period, and 14% of the activities were either not completed mainly due to lack of financial or human resources.
- [2018-06-22] CyberSpike 2018 has finished and winners are known: 1st place – Artur Luik (TUT), 2nd place – Georg Kahest (TUT), 3rd place – Martin Širokov (Tallinn Technical Gymnasium).
- [2018-06-18] Tõnu Tammer is the head of Estonian CERT from the beginning of June 2018. Interview (in Estonian):
- [2018-06-15] Geenius has analyzed transparency reports of biggest service providers for information requests from Estonian state authorities. Google has received requests about 85 user accounts, delivered data 75% of cases. No requests received by Apple. Microsoft has received requests for five user accounts. Facebook received request for 143 users, delivered data in 67% cases. No data requested from Twitter.
- [2018-06-14] CyCon 2018 videos of keynotes and panels are online:
- [2018-06-13] National Audit Office has done some audits in Estonia’s local governments and have found that IT security requirements still aren’t implemented.
- [2018-06-11] Estonian man arrested for stealing Bitcoin wallets by accessing victim’s e-mail accounts. Large database of user account credentials found on the suspect’s computer.
- [2018-06-11] Estonian criminal police has added databases of compromised user accounts found in their investigations to the publicly searchable service “Have I Been Pwned” which will help the victims to get informed.
- [2018-06-08] The state supports UT and TUT cyber security studies with 1.5 millions. The universities are expected to open up research teams for cryptography, digital expertise and cyber defense.
- [2018-06-08] Swedbank implements limitations for code card use in internet banking. From February 2019 code cards will be abandoned. Currently around 200 000 users are using password card.
- [2018-06-06] RIA’s “Annual Cyber Security Assessment 2018” has been translated to English. Section about ROCA flaw and Internet voting included.
- [2018-06-01] Vulnerability has been found in AS Ühisteenused self-service portal parkimine.ee. The flaw allows to browse parking tickets issued to other persons by changing ID in the URL.
- [2018-05-24] National Audit Office has identified problems with critical state databases: they lack risk analysis, action plan, only minimum needed audits are conducted, backups have not been tested, but no reason to panic.
- [2018-05-24] Anto Veldre published harsh opinion article in the response to the seminar held by National Electoral Committee about the possibility to introduce i-voting using mobile device.
- [2018-05-23] RIA is performing security assessment of Smart-ID to decide whether it should be allowed for authentication to state services.
- [2018-05-17] It has been found that ID card manufacturer Gemalto has generated private keys outside the chip. As a result, PPA is recalling 12’500 ID cards and revoking the affected certificates on 2018-06-01. Gemalto denies accusations.
- [2018-05-10] RIA has published TUT study about lessons learned from the ID card case. The translation to English is in progress.
- [2018-04-25] State will allocate 1.1 million to RIA to cover expenses due to ID card crisis.
- [2018-04-19] RIA managed to factor one vulnerable RSA authentication key to prove that the ROCA flaw was not only a theoretical threat and the steps taken to eliminate the risk were justified. The factorizing software was provided by Cybernetica AS. Not known how much processing resources the attack required.
- [2018-04-11] Digi-ID validity term will be extended from 3 to 5 years.
- [2018-03-26] Police has posted a job offer which involves solving puzzle of cat GIF.
- [2018-03-23] RIA has announced EUR 150k worth procurement for design of new eID logos.
- [2018-03-23] Geenius has listed what data by law the law enforcement agencies in Estonia can ask from mobile operators and Internet service providers:
- [2018-03-20] The videos from Nordic-Baltic Security Summit 2018 are online. Some selected presentations:
Andres Elliku – CERT-EE S4A: an Open-Source Solution for Distributed Network Security Monitoring
Merike Käo – Estonian 2007 and 2017 Incidents – Have We Learned to Respond Better?
Elsa Neeme – Estonian Cyber Security Act – Ensuring Public Order In Cyber Domain
Rain Ottis – Selected lessons from the 2017 ID-Card case
Oskar Gross – What are the Challenges of Handling Cyber Crime?
- [2018-03-05] According to the head of cybercrime bureau Oskar Gross, secure encryption capability improves the security for ordinary users. The technological environment has not caused a particular headache for PPA in solving crimes.
- [2018-02-13] Due to human error on mobile operator Elisa side, emergency line 112 could not be reached for several hours. In total 151 persons were affected. SMIT discovered the error and Elisa fixed it in 20 minutes. Elisa as a provider of vital service failed to report the fault to RIA.
10:00-10:30 Registration, cofee and cookies
10:30 Opening words by TUT rector Jaak Aaviksoo;
Kusti Salm, Ministry of Defense and Maarja Kirtsi, Estonian Internet Foundation
10:45-13:00 “Does Estonia needs cyberinsurance?”
Moderator: Anto Veldre
10:45 Cybersecurity Challenges. Lauri Luht, RIA
11:15 In the feature everything will be better? or more horrible? Aare Reintam, NATO CCD COE
11:45 Kalev’s active and professional activities with technological means to preserve health
12:00 Is self-driving cars a real danger to society? Krister Kalda, TUT Mektory
12:20 Cybercrime does not cry on arrival! Karen K Burns, CGI
12:40 To buy cyber insurance or not? Helen Evert, IIZI Kindlustusmaakler AS
13:10-13:35 CyberSecurity TV-game show at American corner with Ralph Echemendia, Seguru and Marily Hendrikson, Startup Estonia (ENG)
13:40-13:55 MWB LAB Launch@TTÜMektory
14:00-15:10 Parallel sessions on various topics:
• Main hall: Human factors & OSINT by Jenny Radcliffe, Host of The Human Factor Podcast, UK & Lisa Forte, Red Goat Cyber Security, UK (Cyber Security SummerSchool) (ENG)
• How to build a cyber defense plan for your institution? Raido Orumets, BCS Training. Room: 108 Labor Market for Business Models.
• How to learn to think in the way rafter thinks and protect yourself from evil eyes? Peeter “Technocrat” Marvet, Zone Media resident hacker. Room 111 “Learning to Play”.
• Failure of one rafter due to the digital forensics, Toomas Lepik, TUT and How to hack contactless cards? Kadri Lenk, Eesti Energia and Raido Roben, Datanor. Room 125 Logistics.
• Ransomware simulation and MWB LAB launch@TTÜMektory, Malwarebytes (ENG). Room 109 and 209 – MWB Labs.
15:10-15:20 Kalev Kahoot game (ENG) (please be ready! https://kahoot.it/)
15:20-16:00 Main hall: Panel Discussion on Maritime Cyber Security (ENG).
Moderator: Kieren Nicolas Lovell, University of Cambridge, UK. Panelists: Adrian ‘Tel’ Venables, Lancaster University; Jenny Radcliffe, Host of The Human Factor Podcast, UK; Jeff Moulton, Stephenson’s National Center for Security Research and Training and the Transformation Technologies and Cyber Research Center at Louisiana State University, USA; Marina Martinez (TBC), The Spanish Office for Science and Technology (SOST), Spain.
• CyberSpike Competition Award Ceremony (EST / ENG)
11-15 June 2018, Tallinn, ESTONIA, Estonian Maritime Academy
This year’s Cyber Security Summer School will focus on maritime cyber security. With experts from maritime sector, marine technology industries and cyber security establishments, the Summer School will give an overview of the tools and communications used in shipping industry, discuss their vulnerabilities and also introduce new trends in autonomous shipping and its dangers and risks.
MONDAY, June 11th
8:00-9:00 Registration. Breakfast
09:00 Welcoming words and opening of Summer School by Organizers
10:00 Opening keynotes: TBD
13:00 – 15:30 (room I) Track 1: Traditional maritime communication and navigation methods for Cyber Security Students (including GPS spoofing, Navigation messages, AIS etc).
13:00 – 15:30 (room II) Track 2: Ship Hacking Demo & introduction to cyber security for seafarers.
15:30 Coffee break
16:00 – 16:45 Practical exercises (e.g., HF call interception)
16:45 – 17:00 Feedback and closure for the first day
TUESDAY, June 12th
09:30 Modern methods – autonomous ship, sat voms, loT by D4V team
13:00 Afternoon at Mektory joint event with Cyber Spike Competition. Tour in Mektory
14:00 Human factors & OSINT by Jenny Radcliffe & Lisa Forte
15:15 Panel Discussion on Maritime Cyber Security by Jeff Moulton and Jenny Radcliffe
16:00 Winners of CyberSpike and cake by Birgy Lorenz
WEDNESDAY, June 13th
A broader look at other sectors with experience:
09:30 Car hacking & forensics
10:15 Cyber Security in Aviation and joint efforts to secure the transportation industry from a regulator perspective by Gerry NGU EASA & European Centre for Cybersecurity in Aviation (ECCSA).
10:45 Coffee Break
11:00 Real-world malware stories by Anders Carlsson & Alex
13:00 Political and cyber-warfare aspects of maritime cyber security by Joe Burton
14:30 Coffee break
15:00 Fake-GPS and Fake-Nav-chart attacks
15:30 TBD by Jeff Moulton
16:00 Practical exercise: cyber warfare exercise preparation by Mentors
19:00 Gala dinner
THURSDAY, June 14th
09: 00 Breakfast
09:30 Practical exercises in EMERA simulators
13:00 Practical exercises in EMERA simulators
15:00 Coffee break
15:30 Practical exercises in EMERA simulators
16:30 Feedback and discussion by Organizers
FRIDAY, June 15th
09:30 Friendly student competition in EMERA simulators. Mentors
13:00 – 14:00 Feedback and conclusions of the summer school by organizers
On Tuesday, “Ringview” had the episode in which the reporter Jüri Muttika traveled around the editorial office of ERR and asked ETV TV presenters to demonstrate their handwriting. An embarrassing error by the video editors allowed the frame to be broadcasted, which contained “Terevisiooni” file transfer protocol (FTP) username and password, hence allowing everyone to view the content on the servers.
The clip shows that the TV presenters tried to hide their notebooks and computer screens from the camera, which makes it especially embarrassing – basically everyone was able to watch broadcast materials.
The error in ERR was quickly recognized and now the password should be changed. The topic is also up in Facebook IT-man’s group, where the IT people write jokingly: “No such user and password do not really hide anything.”
Wouldn’t we expect the ETV internal FTP server to be firewalled from the external world?
The President decided to recognize with decorations three people who helped to solve the crisis of the ID-card that struck Estonia last year. The Order of the White Star, 5th Class will be handed to Margus Arm, the head of the State Information System Agency eID field, Kaija Kirch, who led the crisis management team at the Police and Border Guard Board, and Kaarel Raspel, a Nortal employee, who helped RIA to develop a solution to solve the ID-card crisis:
Margus Arm, promoter of information society. Margus Arm, as head of the eID field of the State Information System Authority, played a key role in removing the security risk of ID-card. He worked out key proposals for resolving the crisis and led the work of the team who developed the technical solutions.
Kaija Kirch, promoter of internal security. Kaija Kirch was in charge of a crisis team formed to eliminate the security card ID card at the Police and Border Guard Board. Under her leadership, both the completion of the new ID-card production line and PPA’s customer service, as well as cooperation with other public authorities, the private sector and citizens took place.
Kaarel Raspel, promoter of field of e-services. Kaarel Raspen, as a staff member of AS Nortal, made a great personal contribution preventing the security risk of the ID-card from realizing. He had a leading role in developing a fundamental solution that allowed the ID-card ecosystem to be replaced with elliptical curve encryption algorithms, which prevented the ID-card chip from encountering security risk.
The Order of the White Star, 4th Class will be also handled to:
Raimo Peterson, promoter of cybersecurity cooperation. Raimo Peterson has helped the NATO Cyber Defense Center to become an internationally recognized center of expertise. Under his leadership, the Locked Shields cyber defense exercise has become one of the world’s largest among its kind. He has also developed a critical information infrastructure capability in the form of a laboratory that is used by both Estonian state authorities and large private companies.
Brokers have collected information on real estate transactions including addresses in the password-protected tehingud.ee database for years. The database includes information on sale of apartments, including dates and prices. It is strange that the portal has been allowed to operate for years. A quick internet search shows it was founded in 2011 by self-proclaimed real estate expert Kristjan Gross. An article from years ago suggests that the portal charged 99 cents for a query. It also reveals that the database had information on more than 5,000 transactions from all over the country when it was launched and that data was added regularly. Searches of price information could be based on county, parish, town, borough, street, size and condition of real estate object.
«We have reason to suspect that the website uses data from the Land Board’s transactions database,» Jürgens adds. «We do not know how the data ends up in the brokers’ portal; however, current legislation states it can only be accessed by licensed valuators,» says Tiia Redi, executive manager of the Estonian Association of Appraisers. The matter is made more peculiar by the fact that the portal’s owner works as a valuator of land and admits he has access to the Land Board’s database.
«It is possible to use transaction and land register data to indirectly identify persons who have participated in transactions,» Jürgens explains. The state has so far kept to the principle that people’s income is not public information, and that includes proceeds from sale of real estate. «The trend is towards openness elsewhere in the world. The Land Board will analyze the possibility of amending laws that regulate use of transaction data. The main question is whether and to what extent society is ready for all real estate transactions to be made public. Disclosing sale prices could constitute sensitive information as it ties into people’s financial interests,» Jürgens adds. She says that the board feels corresponding public debate is necessary.
Estonian President Toomas Hendrik Ilves Wednesday signed the decision to decorate 99 persons for services to Estonia on the eve of the country’s 98th Independence Day celebration.
«The decorations are a testimony to Estonian people and our supporters outside Estonia for their determination in their actions and loyalty to the principles on which modern Estonia stands — openness, democracy, knowledge, innovation,» Ilves wrote in the decision to award the decorations.
Our country is grateful to scientists whose research has helped to make Estonia greater. Decorations of the White Star are given to […] the founder of NATO CCDCOE and later the TUT Centre of Digital Forensics and Cyber Security, information technology scientist Rain Ottis.
The White Star decoration was awarded also to the information security expert Toomas Nurmoja, but the Internet does not have much information about his merits.
Minister of Economic Affairs and Infrastructure Uve Palo signed a decree to appoint Taimar Peterkop for the Estonian Information System Agency (EISA) director-general. Taimar Peterkop is currently working in Ministry of Defence as Undersecretary for Legal and Administrative Affairs. He begins his work at EISA this May.
From the CV:
Taimar Peterkop was born on 20th January 1977 in Tallinn. He has graduated from the University of Tartu Faculty of Law and he has completed many in-service trainings, including the Higher Command Studies Course in Baltic Defence College. Mr Peterkop holds a Master`s degree in Strategic Studies from the United States Army War College. He is also a reserve officer.
During 2000–2001 Taimar Peterkop worked as a lawyer in the Government Office. During 2001–2005 Mr Peterkop worked in the Ministry of Defence as the Director of International Law Office and during 2005–2008 as the Director of Operations and Crisis Management Department. From 2008 until July 2010 he worked as a Defence Counsellor in the Estonian Embassy in Washington.
Taimar Peterkop has also worked as a national defence teacher in several high schools and as an international law lecturer at Estonian Business School.