In 1991, when Estonia restored its independence after 50 years of Soviet occupation, it was left with very limited resources and budget. Estonia’s leaders faced a monumental challenge to build the country’s infrastructure from scratch. 

Digitalisation was seen as a chance to make up the lost ground in our development, caused by the long occupation. 

As an upside, it resulted in Estonian IT companies getting an early push at the time when e-government was considered elsewhere more like a luxury rather than necessity, thus helping our companies to become more competitive, globally. 

This is where the legendary public-private partnership between IT companies and the state started and is still one of the cornerstones of how Estonian digital society was built. 

Innovative solutions, the opportunities that the emerging internet provided, allowed government to create low-cost and cutting-edge systems based around accessibility and efficiency. 

Preparations for the modern e-Estonia began with government drafting the Information Policy in 1994, which was a strategic outline for the IT development in Estonia. 

One of the most important innovations that brought the digital society into political discourse was the Tiger Leap programme, launched in 1996. The programme focused on the ICT competences of students, teachers and educational staff and provided all the schools with computers and internet connection. 

This ensured the training of a generation of tech-savvy Estonians and the development of innovative e-services like the e-ID, i-voting, electronic tax filing system and online banking. 

We could not afford creating the most modern e-governance system without people knowing how to use it. And today the majority of our unicorn founders consider themselves a Tiger Leap generation. 

In the 2000s, research and development were of crucial importance for Estonian IT businesses. 

Despite our technological progress, the reputation of Estonian companies was of a “small, suspicious, Eastern European country with strong links to the Soviet Union” and it did not earn trust in many fields, with cybersecurity being one of them. 

It was an era where the public and private sectors worked side by side, to create solutions that were ahead of their time, such as the X-road and the first e-health developments.

Digital development, however, is strongly interlinked with cybersecurity. Success in IT can only be achieved by focusing on service convenience and trust. Without it, success cannot be possible. 

In April 2007, Estonia was hit by one of the largest co-ordinated cyberattacks against a single country. 

The attacks targeted Estonian public authorities and companies, including those of the government, most newspapers and banks. But we were able to focus on deflecting the attacks thanks to the thorough preparation. 

Regardless of the co-ordination and sheer volume of the attacks, these caused no major damage and ultimately our response proved more important than the attacks themselves, and now Estonia had gained the reputation and edge as one of the flagship countries for cybersecurity. 

Since then, multiple Estonian cybersecurity start-ups and enterprises have emerged, such as BHC Laboratory, Clarified Security, Bytelife, GuardTime, Cybernetica and others. 

Our proven competence also led to the establishment of the NATO Co-operative Cyber Defence Centre of Excellence in 2008 in the Estonian capital Tallinn. 

The centre is staffed and financed by member nations and is not part of NATO’s military command or force structure. This is one of the most important organisations dedicated to cybersecurity in the world.

Since 2012, the EU IT Agency is situated in Tallinn. Thanks to our open approach, the defence of the European Union’s critical information systems and the NATO cybersecurity think tank are led from Estonia.

Estonia’s cyber threat experience has not been a unique one – we all have faced various challenges. 

While the number and sophistication of cyber incidents grows, it is clear that ensuring cybersecurity requires an inclusive multi-stakeholder approach and co-ordination between different public authorities as well as the private sector and civil society organisations. 

Increasing the capacities of all stakeholders and making them more resilient to interference and cyberattacks, benefits everybody. 

We cannot separate the state’s readiness to withstand cyberattacks from the private sector – the stronger the collective strength of all organisations and institutions, the more resilient we are. Russia’s recent malicious cyber activities in its military aggression against Ukraine, as well as the recent cyberattacks in the Western Balkans, have proved yet again the importance of cybersecurity in the overall security context. 

These attacks have been a reminder to us all that we need to continue to work hard getting nations to act more responsibly in cyberspace. 

As there are no borders in cyberspace, more emphasis should be given to international co-operation in ensuring cybersecurity. 

The fight for open, free and secure global internet remains at the core of our principles and policies. The stronger we are collectively, the stronger we are individually.
In conclusion, the goal of the cybersecurity industry is to provide a sufficiently safe environment for everybody to use. 

Not only defence and critical infrastructures, but also smart cities, banking, industry, commerce, supply chains – everything needs to be protected. 

It is the responsibility of every IT professional to ensure security in the cyber world, because people are the key to it all.


Viljar Lubi will be a guest speaker at #DigitalScotland2022 on 25 October in Edinburgh