Societal resilience against cyber threats and cyber attacks - Lessons from Estonia
Publish date: 2025-01-29
Report number: FOI-R--5625--SE
Pages: 78
Written in: Swedish
Keywords:
- cyber threat
- cyber attacks
- cyber defence
- resilience
- information security
- indications and warning (I&W)
- whole-of-nation
- Estonia
Abstract
This report aims to identify what constitutes societal resilience against cyber attacks. It initially provides a description of the concepts of defense and security within the cyber domain. A case study is then presented, in order to provide a closer look at how Estonia works in the cyber field to maintain a resilient society. The report is then concluded in a discussion on how the nature of cyber threats and the possibilities for early warning can influence the design of cyber defense strategies. The study is based on Sternudd's cyber defense pyramid and the whole-of-nation strategy. It contends that Estonia, a country with a high level of digitalization, has learned lessons from the cyber attacks it faced in 2007. Since then, Estonia has worked to build a robust cyber defense capable of handling repeated cyber attacks from resourceful adversaries. Some lessons from Estonia may serve as inspiration for Sweden, such as their information-sharing network, the organization of cyber home guard units, how they have incorporated cyber issues into their national education culture, and the role of the Estonian Information Security Authority (RIA) within cyber defense.