Story tools

Print this article

Email to a friend

Your feedback

On 1 October 2009, the Estonian Informatics Centre - EIC (Riigi Infosüsteemide Arenduskeskus - RIA in Estonian) opened its Department for Critical Information Infrastructure Protection (CIIP).

CIIP aims to create the defence system for Estonia's critical information infrastructure and to run this system. The new Department will deal with the protection of important IT systems of the public and private sectors alike. CIIP will coordinate the general protective actions while the owners of each vital service concerned will remain responsible for the daily defence of their system.

The head of CIIP, Toomas Viira, explained:

"Nowadays a large part of our daily actions is supported directly or indirectly by various IT systems. When paying with our bank card, the IT systems at the bank must function; to call on the phone, the IT systems of the phone operator must function; for the traffic lights to function, their IT systems must work; IT systems are also used in electric plants and networks, air control would be unfathomable without IT systems, etc. For example, what would happen, if the IT system for your local sewage plant would stop functioning? Or how would a long-term blackout affect various systems?"

According to Mr. Viira, a central unit was needed to analyse the State's vital services and the influence of various IT systems on one another. "CIIP will analyse the threats and risks of various services and will give recommendations on improving the systems' defence. While CIIP starts to work on a strategic level, CERT Estonia will continue working on the operative level" he added.

The idea of creating the Department was born in 2007, when the compiling of the cyber defence strategy for 2008-2013 began. In 2009, two people will start work in CIIP - the head of the Department and the head of risks. There are plans to increase the number of staff in future.