6. Defending a highly digitalized country like Estonia from cyberattacks. Feat. Anett Numa, cyberdefense advisor for the Estonian Ministry of Defense.
TRANSCRIPT
[00:00:00] Anett Numa: When it comes to the cyber incidents, cyber threats, I always say cyber go very closely together with the information operations and miss or dis information.
Manipulating through media is one of the biggest and scariest tools that I am known. We really need to start teaching our kids since it's already early in high school, how to read the media.
How do you read the news and how do you know again, what's right and what's wrong and how to do it like super critically.
Media is playing a massive role here. The enemy wants us to have as much as confusion in the society as possible.
[00:00:33] Mizter Rad: Today beautiful people I have the pleasure to be hosting Anett Numa. Anett serves as a cyber defense policy advisor for the Estonian Ministry of Defense.
I listened to one of her talks at Gitex, which is this huge, startup tech event. And since then I wanted to learn more about how she and the team around her, build cyber policies that prevent a highly digitalized country like Estonia get attacked in the cyber space.
So Anett, welcome. Happy to have you here.
[00:01:25] Anett Numa: I'm also happy to join and it was great meeting you back in Dubai.
[00:01:28] Mizter Rad: Thank you. So I would love to start by, by you telling us how you got here, how did you become a cyber defense advisor for Estonian government? Maybe a little bit of your background in political science. And so on.
[00:01:41] Anett Numa: So I've been very lucky to, live abroad couple of times in my life. So I stayed in Slovenia for my bachelor studies, then came back home here, and then moved to France for my, for my master's studies.
I stayed in Lyon. But if you live in a country, where maybe technology is not so advanced, as it was back in, in France when I had to do everything on paper again, as in Estonia, we have been doing things online already since early, nineties. And yes, early nineties, meaning that we already started the entire utilization process back in, in, uh, 1994.
and then I moved to a country where everybody asked me to start, all my documentation and every single paper. It didn't take too much time, I would say that I just get very, I, I just got very annoyed of all of this, things that I needed to do back in on paper. And, when I finished my studies, it was very clear for me that, I wanna return back home and start promoting what we do in Estonia based in technology.
So that also the other countries, both in the EU and also, all around the world, it's, could benefit what we have learned from, from these last 30 years using technology. And, then I returned back home after my master studies, in France. And, somehow, I got so lucky that I started working at the e-Estonia Briefing Center and I was there, as the digital advisor, for the transformation process itself, for three years.
So I was promoting the Estonian and success in using technology for the last three years, going around the word. Speaking to policy makers, presidents, prime ministers, private sector people. And, and yeah, so in, in three years I I try to also find my own focus cuz um, I realized very quickly that um, uh, whenever we talk about like using technology, you can't use like, or you can't talk about using technology in the government sector without talking about the security. Cuz when it comes to the national security of Estonia, everything depends on the cyberspace.
And then I started, just reading and investigating much more about the cyber policies and I found my way to the ministry of Defense and I've been working here almost a year. And, and, my position is especially focusing on the international relations. So I'm making sure that Estonia has enough friends in cyberspace. And so that everybody could learn again, from our experience, defending Estonia, in cyberspace already since the year of 2007 when we faced the biggest cyber incidents.
And, yeah. So this is pretty much, how I got here. This was just a short story. And I feel very passionate about especially in the topic of, cybersecurity cuz this really influences, everybody's life, I would say. And if I've been talking to my, to my friends, maybe that are not so tech savvy.
So if you say that you work in the cybersecurity, feel like most of the people just get very scared. And okay, what's that? What you do? But it actually influences each one of us here and especially when we think about the impact that came from the covid times or also besides this, so now, the war in Ukraine.
We are more and more dependent on the security also in cyber space.
[00:04:38] Mizter Rad: It's interesting that you touched the topic of, when talking to friends, they don't understand or they feel scared about the word of cyber security or cyber attacks, cyber defense. I wanted to know from your side, how would you define cyber defense or cyber security, and why do you think we should all care about it?
Is it only hacking data? Because when I think my friends are maybe part of the audience that are listening to this podcast today, when they hear about cyber defense or cyber security, maybe they immediately think about some computer getting hacked or something. Wanted to hear from you what exactly is cyberdefense and cybersecurity?
[00:05:17] Anett Numa: This influences each one of us here and when I have had to explain this to you, maybe people that are, again, not so experienced in the field, I've been always saying it, it really does influence each one of us. So when you, when think about waking up in the morning, the first thing that you do is, turning on your light. Or when we think about like just, turning on, your phone, do you check what time is it. Or it just you have your alarm clock going on. When there would be like a massive incident against the infrastructure, you wouldn't have an electricity at home.
Or you can't boil yourself even water when there is no electricity. Or it would be very cold in your apartment. So it like influences everybody's life when there is a massive incident. I, and I would say the war in Ukraine right now really does reflect this. So already back in 2015 when Russia attacked also Ukraine in cyberspace, they were like, major problems also that they were kind of switching off, one of the city with more than 100,000 inhabitants there from the electricity. It was a very cold winter time. So this again shows you, perfectly here that, it can influence the way we live. And and it's just not also very typical computer hacks, but around 80% of the cyber incidents happen because people have weak passwords.
We have heard the stories and again, going just like what, every single person, should care about these, their own like social media we're using currently, Twitter here. I mean there has been massive incidents also on, on social media platforms such as Facebook or Instagram, where the accounts have been taken over. I think everybody should care about this cuz it's your private, conversations. It's about your private data, your pictures, your videos. It's so much like how we live. I would say that our entire life is based currently in our phones and the different kind of devices that we use.
So that's why I feel like this is why we should care. And, and what we do in the defense sector is of course making sure that, we wouldn't face any incidents. So also the prevention side, so that we need to build our, resilience here. Just again, making sure that our technology is advanced enough so that we would know how to respond to the incidents. Or again, like I said, would be able to prevent them to happen.
I mean there is two different, also concepts like when we think about like the cyber security itself, it's a little larger than cyber defense, meaning that, it's mostly from the military perspective, but also, more and more civil sector, we need to of course also defend, our critically infrastructure providers, in these, in the cyber, domain as well.
So it's a very large topic that it's very hard to define. But but I've been always just explaining to my friends that it's about protecting your life as a whole. We are so dependent on what technology offers, but also, besides just providing us different kind of opportunities, it also provides us, massive, or not provides, but also we are facing massive amount of, of threats.
And, and I would say just, the lessons that we need to learn, also in cyberspace.
[00:08:20] Mizter Rad: For me, it is clear that we're moving towards a more digitalized world. We are moving from a, from an internet where we, create content and share it, but then that content is owned by centralized entities, maybe in a centralized server. Let's say you, you were talking about Instagram or Twitter, where we are speaking today. So that internet era seems to be, a thing of the past and we are moving towards an internet era where we also create and share content, but now we also own it.
So now we have digital assets. People talk about NFTs and it seems to me that the trend is we are moving from a centralized into a decentralized kind of internet. And as our pool of assets become more and more digital, so the things that we own tend to be online or digitalized. What do you think is the role of the government when it comes to protecting those assets?
How can the government intervene or protect without compromising the, privacy of its citizens?
[00:09:29] Anett Numa: I fully agree with you that this is, Becoming more and more essential and, an important topic to you to tackle. I feel like just coming from the European Union. Europe really has to define values.
How do we protect, information of the citizens, and of course, how do we raise the awareness so that people would know, who owns their information. And what kind of rights do they have when they use different applications. So when it comes to, for example, just going a little bit more broad here, when it really comes to, using different applications on the phone and everything, In order to prepare for like people not suffering any kind of, again, either the incidents or just again, like who owns their data or who is like either misusing this data or just, using for maybe not so good purpose here.
So I, I feel like what we can do here is also shape the legal. The legal frameworks for this. And this is why also, I'm working here in the MoD. So mostly as my position is like I'm a policy advisor so that we need to shape this kind of policy so that, the information of our citizens both here in Estonia and also just the European Union in the largest scale would be protected.
And, and I feel like Europe is like a forerunner in terms of this, so that the big tech companies, wouldn't, again, misuse information for their own good, for their own good, and just gaining money for the information that they store. Again, the legal framework there has a lot to do and different kind of policies.
But also besides this, people really need to be aware. And that's just why also, for example, like in Estonia, we spend a lot of time on, on raising this awareness and and making sure that people really do know their rights. And of course also consequences when they use, some kind of applications or just like how they provide their data to you different, online portals.
So both these things, like I said, the policy, the legal frameworks, and then the awareness should be just going hand in hand.
[00:11:22] Mizter Rad: When you look at countries, and I know Estonia is, one of the leaders in digitalizing its processes, its bureaucracy, its defense in this case.
When you look at other countries, when you speak to other governors in different parts of the world, what do you think they need to look up to when looking at the Estonian case? What do you think are the most important things, in, in terms of cyber defense when building a strategy as a country? Besides the legal, you talked about the legal, what else do you think it's important?
[00:11:55] Anett Numa: I think Estonia is a 4runner also because we do have an experience and I've been also now reflecting this to like the Ukraine, cuz they have been under a cyber war since the year 2015 already. So what would you have that plenty of other countries maybe don't is the experience in really facing a massive amount of threats in cyberspace against the nation. We were one of the first nations that were attacked in 2007. What we have been shaping, especially in cyberspace is, that we do have a great cyber governance and, and maybe this concept is not very well known for most of the people thinking about okay, what's the cyber governance and why this is important?
But when it comes to facing different incidents and if I may compare this to the entire, like the military domain, as well, when one country attacks the other country, also in the physical space, you need to know this kind of chain of who is making decisions and who is responsible for which parts of the entire chain would be working like perfectly and efficiently.
And this is what Estonia really has been experiencing. And just playing through these scenarios so that we know exactly like which ministry, which institution is responsible for which part so this chain is working very effect effectively. And and also, we've been focusing so much on the, decentralized, or decentralization of the information so that we have just wider the risk in that way.
We do not store any of our, data centrally in, in one single like institution, like a database itself. But we have divided this to, a large number of different institutions, in Estonia. Public and private. So that, it wouldn't be just one single database, but it's, it's divided in a way.
And of course also we were the first country who started using blockchain on a national level. So it's a cybersecurity also has a lot to do with the way you use, store your information or what kind of technology you use. Besides these other things, like I said, like just the response for the incidents or just, the legal framework.
So it's how you use the technology and how securely you have built the entire infrastructure of, of technology perspective as well. So I would say this side, and of course also we have like endless exercises happening all the time. So next week, Estonia is hosting, a NATO, cyber coalition exercise physically here in, in Tallin, which is one of the largest NATO exercises.
So like nonstop we have in playing two different kind of scenarios, the worst case scenarios that could happen. And they have happened. So first of all, again, we've got our lessons from there, what to do better. But of course also with our allies, we play through different case scenarios so that, we will be ready for the next, incident to happen.
Of course, I cannot go into the details. What is the exact, defense policy in cyberspace. Just cause this is obviously more classified with information. But, but of course, we've been great partners for our friends and allies, both in the EU and in, in, in NATO as well.
So if I would just sum it up like why different countries should be listening to Estonia because, we do have a massive amount of experience, cuz Russia is making sure that we have, this kind of daily exercises almost, almost every day.
So they're always touching if the door is open or they can get things somewhere. And if you do these things all the time and then you just get very experienced in that field.
[00:15:20] Mizter Rad: Anett, you touch a very interesting topic that is the combination of the cybersecurity with the offline, more traditional security. And you talked about this meeting that NATO is having in Tallin. Talked about, preparing for maybe bad, worst, case scenarios.
I wonder what could a worst case scenario be? I'm thinking, if there is a, a crash of the satellite and then all of a sudden we don't have internet connection anymore. That sounds pretty bad to me. So how do you, how does a country or a country like Estonia or a block of countries like Europe, make sure that this doesn't happen?
I know it's not maybe a simple answer, but, what's your take on this?
[00:16:01] Anett Numa: I think it's, again, if I may, Just bring it out. One of the examples what happened in Ukraine, since the start of the war. Do you think that, Ukraine would be still connected to the world or to the internet when they wouldn't have the satellites and the, uh, starlink system?
They wouldn't cuz most of their usual methods of connecting to the internet are down. And obviously Russia was using that method in order to really cut Ukraine off from the usual networks. Luckily we had f another option so that they were able to also connect to the satellite methods.
So I've been attending also, just very recently I was attending a conference about like the space security where we also talked about the same thing. Just think about also like from the military perspective, if there wouldn't be any kind of methods to communicate through the satellite, which is the most secure way of communicating between different kind of military, people.
So they wouldn't be able to send any information to each other. They wouldn't be able to use the GPS. So it can do a massive chaos, in, and just like everyday life to not just the war side, but also here. So it is a massive impact that it could have to your life. So just thinking about again, the worst case scenarios, like I brought it up before, when there is a loss of, electricity. So we know that Russia is targeting, especially these sectors that have the biggest impact on people's lives and especially the critical infrastructure providers. We, they have in also threatening, now as winter is coming to Estonia, where it is has arrived already, they have really threaten the energy sector itself.
So I mean it can really do a massive, influence. And there has been cases for. I don't know if I can name that in English. That, this, institution that are, providing us a clean water. So if there is an attack against, something like this, we can't even drink water or go have a shower.
[00:17:54] Mizter Rad: Like a water supplier in a country.
[00:17:57] Anett Numa: Exactly. So imagine like the water suppliers, again, the energy suppliers, like all of that side. All these things that we're used to do, like every day, just by, just from waking up. They would be influenced.
And we are currently having a chat here over like Twitter, when all the social media platforms would be down. And Russia has been also, targeting is Estonia with the tis text, to take down our like media platforms. Cuz media is of course also playing a massive role here.
We wouldn't be aware of the news, what's happening currently. Obviously when it comes to the goal or the purpose of different, cyber attacks, then the enemy wants us to have as much as confusion in the society as possible. And that's why they're especially targeting, the most vulnerable sectors so that it would influence each one of us here in the society.
And then, and there would be a massive, massive amount of confusion. So this is the goal and when I would speak this worst case scenario, then it's bringing, bringing a very big, confusion in the society. That's why we need to work on this, that these incidents wouldn't happen, and I'm happy to see that also under the MoD we provide the cyber ranges, so that we can, again, they some of the solutions of our critical infrastructure providers and try to find the weakest links there. And then they can improve the system or again, play the play through these scenarios when they would be a red team attacking, the system. Like how to protect yourself, how to protect yourself and the enemy.
So this is what we do, every day. And, and support both the public and private sector, those that are fighting in cyberspace all the time. Yeah, so I don't even wanna think about, what would happen when these worst case scenarios would actually come to. And like I said, in Ukraine, we have seen this happening before. They have been more successful now, since, since that this year. But, but still, we don't know if, there could be anything still coming.
[00:19:50] Mizter Rad: Definitely. I think that, when talking about more subtle, indirect ways of cyber attacking a society or a group of countries, a territory, it is what you said very important to, to pay attention at media, at what, maybe media in X or Y country are talking about.
So just to give you an example, when you see a great divide, a strong, I would say unhealthy polarization in opinions in the West about topics such as abortion, gender rights, the Russia- Ukraine conflict, the Covid vaccines, more lately, also, the one love initiative of some players in the World Cup.
Are all these topics in a way, a scope of cybersecurity? I'm, and I'm not trying to take a position here on, on X or Y. I'm just wondering how important is to the cybersecurity of a country or a block of countries like the European Union to maintain a, in a way fake news out, but at the same time make sure that you're not, um, you know, suppressing, information.
[00:21:03] Anett Numa: The media is actually, I'm very glad to say that, not gladly to say that. But I have to admit that saying this, that, they're playing one of the biggest roles in channel one. And when we see, so when it comes to the cyber incidents or just the cyber threats, I always say cyber go very closely together with all the other hybrid threats.
So when we talk about like the hybrid threats and, when a country attacks the other country, or again, even the media side, in cyberspace, then it always goes together with the information operations and miss or dis information. So these do, these things are not even possibly to separate anymore or says that they always use this method so that when they use cyber, or just like the way they communicate the cyber incidents.
So also, just to brag about that they were successful with something. But also I would say, the other example from that perspective would be to, think about what happened, like the cyber incidents against Russia. So the other, a way around, so for their media, like the TV and so on.
So some of the hackers were successful enough to actually send a message what was happening actually in Ukraine, to the Russian national tv. So the media and TVs and the newspapers and social media platforms and so forth are the ones that are providing us a very good opportunity to send that information. And by saying a good opportunity, it can also be used very negatively.
So we have to be very careful. And then this is why also, lately, and especially since, February this year, we've been focusing more on helping the media outlets and, so the, making sure that, they wouldn't be suffering under any of these incidents cuz it can do much more of a harm.
And like I said before, when it comes to the providing this confusion in the society, then, media is the, I would say the easiest sector to use is, so this is definitely, there is, There is a lot happening there and we've been tackling and trying to support them as as much as it's possible.
So definitely it is playing, more, more essential role that it has ever done before. And when Estonia was attacked now in August, this year, in cyberspace, which was one of the largest cyber incidents that happened since 2007. So it was quite the same case, as well, so that we were, so we were, like facing this mis and disinformation campaigns on, on different kind of social media.
So that they were taking just, pictures of our state information portals, where it was actually just like the technical fix that they were doing. And then the Russian hackers said that they were super successful, in attacking Estonian cyberspace and everything is down and nothing is working.
And, the entire Estonian society was impacted by Russian hackers, which wasn't true. So there is a colleague of mine who said once in, in one of the panels that, when it comes to when it comes to the cyberspace, it is very hard to define like who is actually behind of the attack.
And there is so many different groups of hackers who are just very happy to brag that they have been successful and they manage to influence one or the other country. Yeah, it's, it's very easy to just brag about things, that you were success.
[00:24:14] Mizter Rad: Yeah. Yeah, I understand. There's definitely a lot of confusion in the space.
I can imagine that, by being inside of the space, being part of the policy makers of cyber defense of a country, you see all kinds of things and all kinds of situations of people claiming that they did X or Y cyber attack. But in reality, it's hard to pin down who actually did it.
But when you look at, this environment from the outside as a, as a person that has nothing to do with the space, with the cybersecurity space and has no connection whatsoever with the policy makers, it's even more confusing because you hear, X, in this news channel, Y on this news channel .Then you go to Twitter and the person that you follow talks about that same topic, but from a different perspective. Then you go to Instagram or watch a YouTube video, and then there's another opinion. So it's it's very difficult to understand what's right or who is right or not right actually, but who has the correct information and who to trust.
Do you think there is a responsibility of the people, of the regular citizen, to consume media in a way that they understand that there are different forces behind different, messages or rhetorics trying to push different agendas? Maybe some are good for a bunch of people and some are not. But are they, but in general, they're trying to influence, the stand of the population on X or Y topic?
How much of a responsibility do individuals like me or regular persons have?
[00:25:52] Anett Numa: Yeah.
[00:25:52] Mizter Rad: When it comes to, um, Understanding what is misinformation or what is not?
[00:25:59] Anett Numa: Yeah. So if I could change something or just provide like an idea what to do differently is that we need to start teaching our kids since it's already early in high school, how to, read the media.
How do you read the news and how do you know again, what's right and what's wrong and how to do it like super critically? Cause it, it's the same as for me. It was, I think I would say since the start of like covid crisis, I have been changing my way of like how do I consume media, like very differently now.
So I'm only focusing and reading the news from the Estonian, like the national broadcast and just this kind of news that I know that don't have any kind of emotions and these news don't want to me to just think in a way that the person who was writing the article wants to. But it gives me a chance to decide based on the facts, what's true and what's not, so that I can be a better, like how do I consume this information.
The influence for this especially why people write articles is, again, usually with the goal of making you to, to think in a specific way that, like I said, the writer wants you to. And, and we are like really manipulating with the information that we are providing to people.
Especially like you also pointed out, like the information that we use and read Twitter on, on, on different other social media platforms. There is more and more like the far institutions, political parties, who doing this even like worse. I've been like just having conversations and fighting with my, not fighting the, really, arguing with my friends even that I don't, that have this very critical way of thinking.
In terms of they sent me a video or an article saying: you see actually this person was like wrong and trying to show me what the other portal are talking about the same like case or just, what we discussed. So you can cover, the same event in a very different way.
And it's nothing that, just new that came from, like media. But even how do we cover history? In history lessons? If you would say that, let's say the World War one. If you would go to the history lesson here in, in Estonia and you would go, let's say to US or you would go to Russia, they're also covering, the same events that happen, in a very different way. And this is exactly what happens in, in media with, with things that happen today. So yeah, if I could provide like one more course or lesson to the high school, then it would be very, how to consume media in a better way. But, our, and some of our media platforms were testing, again, the covid times when the information of covid was so different, in media platforms.
They started, taking this news that were spread in some of the newspapers, and they were doing the fact check, actually controlling what the person who wrote the article wanted to say, if that was correct or no. And you can actually do this kind of fact check, very, easily.
They were just providing the facts and let everybody decide whether to trust this information or not. And this is, what I've been trying to do as well. So when I read something, then I'm like, okay, I see that I have nowadays emotions. Why do I have these emotions? And then doing a bit little bit larger background check off of the thing that I was reading.
Like manipulating through media is one of the biggest and scariest tools that I am known. And, and we really need to these people to be smarter and more political, whatever they consume.
[00:29:18] Mizter Rad: Absolutely. I think education, like you point out, is definitely a big contributor here on whether people as they grow up or we grow up, or we evolve as humans in general, we need to be more and more aware that, there is forces in the right and in the left, that are trying to convince us, in the end, we're all humans. I believe we all should, be driven by empathy and love ...
I wanted to know a bit more about your opinion on, the role of big large tech corporations in the, cyber defense space. So how do you think, how important do you think is for you as a country, as Estonia, as a leader in the European block of countries, to create alliances with software tech companies or hardware manufacturers?
I'm thinking, in the US for example, the US military banned... You know, I have a, I have a drone. Yeah. The drone, the, the brand of the drone is DJI is a brand, it's is a manufacturer from China.
They manufacture drones and other sorts of artifacts and they're very good. When you compare DJI with other, um, consumer level drones, they are affordable and they are high quality.
That was my opinion. Then I read in the newspaper that actually the US banned, the DJI drones, that were coming from China because of military reasons. And and this has happened also with other topics. You have this semi semiconductors, topic. There's this arm wrestling battle between China and the West regarding the semiconductors.
For those that maybe don't know what a semiconductor is, it's a specialized piece of technology that is essential to everything that is around you, basically your phones have semiconductors, the computers have semi, the refrigerators have semiconductors. Even cars nowadays use semiconductors.
And there is a big company here in Europe called ASML that, is essential for building these semiconductors. And so all of a sudden, I'm a user of DJI, the drone, company from China, and then I read in the newspaper that Biden, the US, encouraged companies like ASML to stop serving the Chinese with these semiconductor services or technology because of national security reasons, because the Chinese are, and I quote: "developing, weapons and surveillance technology with it".
So how important it is for Europe, Estonia, or a country in general to have a good relationship or alliance with hardware manufacturers and are companies... and I'm an entrepreneur, I stand for a economy that allows the private sector to flourish. But it becomes, at some point, it seems to me that at some point when you build technology that has such a great reach, like drones or semiconductors, your company becomes a almost like a macro political agent without knowing it.
So I guess my question goes again into ... trying to understand how, what's the role of a, of a cyber defense team in a country when it comes to forming alliances with software tech companies or hardware manufacturers?
[00:32:44] Anett Numa: It has become more and more, essential, how is the relationship like built and defined?
And when I just can, very briefly say about this, that, the, some of the biggest like incidents that also happened, in the state sector are caused because of, some kind of security vulnerabilities of a tech company. So obviously the state is not able to do everything by themself.
So they're not enough technology experts, like in, in any of the states and especially also the software or the hardware that we just use, is again, bought, by just kind we, we work together with different private institutions. And this is why it is extremely important that, our partners would be trustworthy.
And then I would turn again, back to the policy side, and I'm very happy that the EU, commission is coming out now, very soon with new policy that is also defining, this kind of security levels, that different institutions have, in order to work with them. So we want to be 100% sure that all these big, big techs that we work with, have like high enough security standards so that we can really work with them.
Cause you brought it out, especially the chinese influence and versus the West. I do trust our security institutions. Cuz they have enough information that maybe not the public has, but we've been trying to also communicate this to the public. Cuz when we discover, some kind of security weaknesses of a system or of a company, then I highly also, recommend not to work with any of these companies cuz not everybody are good people and not everybody come with, with a good, like this kind of goals in life.
So we have seen plenty of just false incidents and things going wrong because, because of a weakness in, in some other countries like, security, not, sorry, country, like the institution security system. So that's why it's, our, aim to make sure that, again, the policies would be shaping the security standards of each company, that we want to work with.
So of course like when it comes to private sector and just the private sector doing collaboration between each other, we cannot really just influence this from our side that much. But, but when it comes to the state working with private sector, then these things have to be very clear.
Cuz we are trusting again, our future and our work to somebody else's hands. And before doing this, we need to make sure that we can sleep peacefully, knowing that everything is, secure in town. So we've been very closely also working with the, with these things.
And and there are also already couple of different, companies, that we don't allow any public institution to work with, because of the risks that we have discovered. And, and we are advising at each, and every institution in the state, of the background of these companies. This is just a massive challenge that we're gonna face even like much bigger in the future.
[00:35:40] Mizter Rad: Yeah, that's an important point because I think when people think of, you know, wars and, uh, conflicts between countries, they all maybe think about what happened in the last 300 years with the different, the changing world orders, you know, we had the Spanish Empire at some point, the Dutch Empire and so all this physical borders of countries change quite a lot, and that's what people maybe think of when they think of a war, but, nowadays the war is being held online as well.
That's one of the reasons why I wanted to bring you in, of course. But do you think this cyber war or war online will end the fight for physical borders in a way or for land, or do you think it will just accelerate it as, right now maybe going into war with someone else can be done from a room, maybe with a couple of computers remotely.
And I'm of course exaggerating. I know it's more complex than this, but you think cyber war will accelerate the war within countries? Between countries in general or, or not?
[00:36:48] Anett Numa: I think, we've been discussing this a lot, like also, I would say when we, you would have asked me this question five years ago, I would have said, something differently than I do today.
So also when the war in Ukraine started, it was a massive shock to the rest of the world that actually a country can come with their weapons and tanks, to, to another country like physically and not just cyber. So this is definitely, this proved us that, there is, there are still sadly countries that do it in a, in old ways.
They go and fight and actually use their army, so I don't think it's gonna change. But the role of cyber security there is that cyber is just defining how well things go in the physical space. Cuz what we see again, and cyber also influences a lot, like what kind of new technologies do we use?
And we see that Ukraine, countries in the west have been giving Ukraine also way more new, technologies. I don't know, like just talking about like the, different, vehicles, that are much more modern or just drones or just tracking information differently. Again, like I said before, the Starlink so that they can still communicate to each other.
So cyber is, it's just helping and it's one part of methods, like just one of the methods in order to, attack the other nation. But, but having cyber methods, it's obviously much cheaper and maybe easier method to influence another country. But, but the Ukraine war really proved us that, sadly, this is not gonna end, the war in a physical space.
It's still happening and, and we're gonna see this happening. Yeah, if I compare like the World War Two or something like this, then cyber wasn't playing, a role like this that it is today. But that these components that were there also, very long time ago are still there.
Just technology has advanced and this is why also we see a more role coming from, from the cyberspace. So yeah, it's not gonna shape the entire, like conflicts, agenda, but, but just, becomes a part of this.
[00:38:48] Mizter Rad: Yeah, I understand. And it's probably, it's, it is very much more understandable from my side that, when you say that cyber, defense or cyber security is just a part of the whole thing, and it is very clear with your example of Starlink that, providing cyber aid, cyber security aid to a country like Ukraine is just a little part of the total security aid that a country in war can get from its allies.
But talking about components of cyber security, I found it super interesting when you talked about, the digitalization of the genome. And this is my last question. I wanna wrap up with this.
Nicolas, if you're still there, I'll definitely give you the mic for a minute or so, after this question. Happy to do that.
But going back to my question, when we met in Dubai, you were talking about the digitalization of the genome of Estonians. There is a thing called the Estonian Biobank. And I believe it's about taking the DNA of some of the citizens of Estonia and putting them on a database.
And, if I'm not wrong, you do that to analyze why people have different disease risks and why some medicines maybe affect them differently. So how is this important or related to cyber defense of, the cyber defense strategy of a country like Estonia. Maybe you can build up on this, Estonian Biobank a little bit more, to try to understand how this all fits together.
[00:40:26] Anett Numa: I would first of all start with just saying that when it comes to you, what kind of information do we need to protect its citizen's data? And if I may ask, if I would be in the same room with people that listening to us right now, what is the most sensitive data that you can have about the other person?
It's obviously your medical data. And this is why it is extremely important to us to really have the various secure cyberspace so that we would be able to protect people's, like such as sensitive data like, like the genome data is. So we've been using, blockchain for example in, in storing our medical information, for a long time already.
And especially also, having everything decentralized, when it comes to storing the medical data so that it wouldn't be just in one central like the database for the medical information, but it would be divided by different hospitals. So again, in order to make sure that, that this information would be safe, but.
So yeah, just internal aside, the only just connection there would be, to make sure that we protect the information that really matters to people. And if you think about the internal, like the medical data, if there would be an attack against the medical systems of Estonia and somebody would be able to delete or like edit information about people, blood types or what they're allergic to, it can influence somebody's life.
If you, if an accident happens with you and the system says that, your blood type is like A+. Or, or something like this, and this is actually not correct and you would get the wrong blood, to your body, then obviously you might die. So this is why the medical data is one of the, one of the most, protected information that we have of our people.
But why do we collect this information? Of course, to analyze, the diseases and then just to understand a little bit better what our people are suffering in. But, but besides this, also provide people, more awareness of their, medical conditions. Because there, there is a saying around like 50% of our sicknesses depend on our, teens and 50% of the environment.
And if you are already aware, like way before that you might be suffering in, in, in this kind of, health diseases in the future, then you can change the environment in order to avoid this diseases to really go serious. Become serious. So this is one of the reasons why do we provide this information so that people would be smarter, with their bodies and mental health or anything.
And of course also for the estate, in the future, hopefully it provides us a massive amount of information and data so that we can use this for, like also making decisions, in the political space, so that, people would be working out enough and eating healthy enough and we could do preventions.
So I, I would say maybe just do like to sum it up and say why it is important in general, like to collect information and data and do it smartly is because this provides us an actual information that we can use in order to make decisions for. So I been always saying like, when you are a decision maker, you just can't make a decision based on the mood.
What do you just guess what would be the right thing to do? But, as we use technology and information so that we can make a whole of our decisions be based on the information that we have been collecting. So that will be my short answer.
[00:43:44] Mizter Rad: Yeah, absolutely. And I, Nicolas, if you're still there, let me know cuz I'm inviting you to speak, but I don't know if you're getting the, invitation.
In any ways I think it's very important what you say and that, that, medical data is critical data that needs to be secured, with the most rigorous, methodology as possible. I do believe that this, needs to be hand in hand with the population, trusting the government. And I see... I have a hard time imagining, I come from South America. I have a hard time imagining, my fellow South Americans trusting the government. It is obvious that the corruption levels, of Estonia compared to many countries in South America are just, minimum. So yeah, understand and I completely agree with you that medical data is definitely, better, maybe managed by government that is trusted by its people that maybe has very low level of corruption or none. But when it comes to other countries, maybe the majority of the countries in the world, I see it hard to believe that people will just, be okay with it or if they are okay with it, hard to believe that it's not gonna be misused.
So I think I see they're a big challenge in other countries, not specifically in Europe, but let me ask Nicolas if he wants to go ahead. I think you already accepted the invite. Nicolas you wanna move forward?
[00:45:13] Guest 1: Hello? Can you hear me?
[00:45:14] Mizter Rad: Yes, please go ahead.
[00:45:16] Guest 1: Fantastic. So thank you very much Mizter Rad. I was born and raised in South America as well, so I fully understand what you just meant and many thanks, especially to Anett. This all super, super interesting.
So Estonia has been making massive steps forward in digitalization in the last decade, and today has one of the most developed e-government in the EU. Now we are all interested in politics and we know that sometimes the link between technology and politics can be a bit tricky. You talked about cyber attacks.
I would like to ask for another aspect, which is technology and democracy. Specifically the electronic vote, in Estonia has been adopted. Sorry, not Estonia, but it's been adopted and dismissed in a number of countries, especially in Europe, for instance, Netherlands or Italy. But Estonia has i-voting, which is not exactly the same if I'm not wrong.
So, Anett, could you please dive a little bit on how is this experience in Estonia? Do you consider i-voting safe? So many thanks and I keep on listening.
[00:46:11] Anett Numa: Thank you very much for the question. And, and I have to say that i-voting is one of my favorite topics to talk about because, as I said, I'd lived abroad many times and I was still able to, I was still able to just shape the Estonian politics, by even being far away, not having to go to any of embassies.
So the reason why we started providing this obviously was that, there is a lot of Estonians that live abroad, but very little, uh, embassies that we have. And if you live in a country where there is no embassy, then there has to be a method that you can still be connected and still vote.
And, and of course as everything was, Based online, we wanted to make like also voting online. And this has been now happening for like many years already. And around 50%. So meaning that half of our population is already using the electronic, voting. And, if you talked about like how security is and why so many other countries have failed in this, we're doing this differently.
So even like the US is saying that they have i-voting, which is actually not true , and I know that also, there has been like Canada, for example. They were saying that they have i- voting. So they actually, what they did was that you could, write like a just online application and say that you would want the government send you a password back home and then you could go online and just vote with this, which is not secure at all.
But in order to really make the i- voting happening, then the only option, or the secure option there to make this possible is to have an electronic identity card. We have had this already, again, for almost, I think it's even more than 20 years now. The electronic identity card, would like the information of people have to be like first in place there, because the electronic identity card is being used when we vote, so you'd identify yourself So there is no such thing as just like the username or a password that you need to provide. But, there is these two very secure numbers that are your electronic identity card and if you need to insert that, then you just provide your, security in, there. What we also do besides this is like around a few months, the election happens, we also have the tests and, exercises or just we use the hackers, the test vulnerabilities of the i-voting system so that we also make sure that it is safe to be used. So since we, we started using i-voting application, there hasn't been any of the incidents. So I can say that if it must be secure, and like I said, so we have a lot like technicians that are making sure and trying to attack the by themselves.
So to just be sure that, that they wouldn't find any of the weaknesses in the system. And of course we do also have a backup plan. So if there would be, even like a single vote that will be compromised. Then we call the elections, failed. And then because the i-voting, happens, there is like 4 days between, the i-voting, ends and then, the, actual election day happens so that we also have time to ask people to come physically to the embassy, or then to the holding stations.
So we do have that backup plan, but, luckily, it has never been used before. So yeah, we've been putting a lot of efforts in order to, build the massive resilience of the i-voting system. But but it wouldn't be possible if it wouldn't have just infrastructure there, for just, such as like having a databases where we store people, home addresses, which is also linked, like who you can vote for.
And besides this, like just the ways you identify yourself. So it's not secure doing this. So if you just get a random passwords, from the state by the actual, like postal mail. But if you have a secure pin codes, so we have two of them, one to identify, or self and the second, pin code is to, like again, encrypts your, vote or your signature. So this is something that we can call very secure. I am definitely saying I'm a massive fan of i-voting, and I've been investigating the security background of this. And if I vote online, I can sleep peacefully knowing that it's not compromised.
[00:50:08] Mizter Rad: That's fantastic. I'm very grateful, happy that, we made it, Anett. It was fun. It went smooth, and I learned a lot from you. So very happy that, we could make it. And I hope to see you around soon.
Is there anything else that you would like to add?
[00:50:26] Anett Numa: No, also just wanted to say a massive thank you from my side.
Sorry, my voice has been a little weird cuz I have a runny nose. I came from Rome last week and it's, it's, minus seven degrees here. So there is a massive change of weather. But, always happy to share what Estonia has been, has been learning in this last, 30 plus years of, of using technology in the public sector.
And if there is any further questions from anybody, then you can easily reach out to me over, Twitter or LinkedIn or any other social media platforms so that we can help to you shape the policies and make the use of technology also as a reality in your in your country.
[00:51:00] Mizter Rad: Thank you so much, Anett. I hope, you don't freeze, this winter.
It's also very cold, but, we'll manage.
Thank you everyone for being here. I see you next time and, hasta la vista. Chao Chao. Thank you. Thank y'all.