Week 10 - Mitnick

 Mitnick Formula

Technology

    By a long shot probably the most advanced part of Estonia out of the three tenets. Estonia is rather widely known for having been 'ahead of the curve' due to taking a very IT-heavy focus after the collapse of the Soviet Union, and it is one of the only things making our country unique and stand out. However, even though Estonia has "internet as a human right" and WiFi all over the place, the security is often very subpar, especially in terms of training/policy. The ID card is the most important document for any Estonian, and the IT infrastructure surrounding it is rather immense. I do not have any secret insight to the inner workings of the card or the network, but I know that keeping it secure is a constant priority. [Even though, that being said, the software for it is god-awful and many people I know have suffered nonstop problems with it]. No matter what precautions are taken though, it is only a matter of time before another vulnerability is found. We were lucky to have ours discovered by P. Švenda back in 2017 and be notified of it, rather than have a malicious party stumble on a security flaw that would allow malicious parties to steal the digital identity of any individual. [1]

Training

    The most vulnerable part of any system - the people using it. This is definitely not any type of exception in Estonia, either. Despite being a "technologically advanced" country, a lot of people who have access to restricted networks or just people who use the systems overall [E.g. the ID-card, which almost every Estonian is forced to use]. There is a distinct lack of personal training and I do not know how much it has advanced (given that my last four years have been spent either in the IT college or a high-end institution), but in my old school, I managed to break into the teacher wifi by literally just reading the back of a network amplifier that was in class - it simply just had the password written on it. This is.. the first law of IT security and it was so liberally breached. From more anecdotal experience, most teachers also fail to operate a projector - let alone manage proper security for their devices (often times leaving them logged on) and passwords (the back of the router).

Policy

    Attributing to the overall IT focus of the country, Estonia really does try to enforce better solutions and more awareness with their cybersec policies.. at least that is what they claim. But then again, so does everyone. Estonia is so confident in their cybersecurity solutions that two of their primary strategic objectives have to do with maintaining international credibility and shipping out our solutions to the international market. There are several acknowledged flaws in the current system, namely the lack of cross-institutional situational awareness and insufficient understanding of cyber threats [2], both of which have a significant impact on the second part of the trinity (Training). Another big problem that Estonian cybersec policies aim to solve is the lack of new talent, though I fear that may not be solvable. Clearly Estonia has a reputation to uphold in terms of its IT, and the policies, at least on paper, try to reflect that. This is all I myself can say, as I am not very versed in the legal side of things - and any policies that institutions I have been to do have are really difficult to access/never explained or never presented.

[1] Infinion library security flaw - Accessed 04/06/21 

[2] Estonian cyber security policy - Accessed 04/06/21

Comments

Post a Comment

Popular posts from this blog

Week 2 - Failure.. and success!

Image
 Academset      Technically just a more advanced version of the original Computing Center for Collective Use, the Academset was one of the only few examples of a 'decent' network structure during the Soviet era. Initially built only to serve the staff of the Leningrad Scientific Center, it began expanding during the late 70s, when various other institutions (such as factories), started becoming integrated into the network. After that point, it started growing more and more until it officially became the "Leningrad information-computer network of the SSSR" and was fully fledged into its 'final' iteration - the Academset, which also established links between the satellite countries under the Soviet reign.       The network had several issues, most notably the usage of the OSI protocol demanding a high amount of main memory from the central computers. After the fall of the Soviet union, the mainframe of the network was destroyed and Russia gained access to 'g
Read more

Week 14 - Accessibility

 Accessibility Lucy     On the same note as the forum topic mentioning eye tracking, I figured I would talk about something I have always been interested in for people with disabilities. I myself do not know any such people on a personal level, but I find this solution to be the neatest. I have always been interested in "eye tracking", but it can be a bit inaccurate at times, though I feel like it would be enough for most disabilities. However, there exists another solution as well, which works off the same principle. A specific example of this would be Lucy4. Pretty much equivalent to using eye tracking to control something, except instead of eyes, one uses their head! This is magnitudes more accurate than eye tracking and would even enable people with ticks (involuntary head control) to be able to accurately give input, lest the ticks are really extremely major.      Probably one of the main disadvantages I've encountered with eye tracking when I tested it was that it i
Read more