 Finally, I'm Senior Vice President for Europe and Eurasia here at the Center for Strategic and International Studies. We're delighted to welcome you here. We have a very special discussion for you this morning. I have to say a lot of CSIS's work is obviously poised on the challenges, the security crises of the moment, but this morning's discussion is actually something I wish we did a little bit more of, which was talking about best practices. What can we learn from other countries as they're meeting new technological challenges and new opportunities? And we are delighted to have our two colleagues from the Estonian Information System Authority with us to talk about Estonia's digital evolution. I'm just going to bore you for one minute with one story that I have. It was my first visit to Tallinn, Estonia at the very end of 2001. And I was there as part of a delegation of U.S. officials as we were looking at Estonia's candidacy to become a NATO member. And so we had a meeting with the Prime Minister's office. We were ushered in, and we walked past the cabinet room. And the cabinet room was this extraordinary room. It was just with computer monitors, and it goes, oh yes, this is our new cabinet room. We're paperless. We just do everything on the computers, and it's very efficient. And I walk in, OK, and we sit down with the Prime Minister's advisors and staff, and we start talking about corruption and how does Estonia address corruption? And I'm like, oh no, everything is online. All our tenders, all our procurements, you can go look at it. It's fine. That's a very transparent e-government. And I went, boy, I wish we had that. And so in many ways, what a wonderful example of a country that's taking a leadership role in an area and what can we learn from them. But fast-forwarding six years later, we also saw the more insidious nature of e-governance when Estonia suffered from the most significant cyberattack in 2007 after the Bronze Knight incident. And where we learned that there are other actors that use this wonderful tool of e-governance and can be very harmful. So we've seen both the opportunities and the challenges. So I think this is a wonderful opportunity to dig a little deeper, have two of Estonia's foremost experts tell us about both those opportunities and challenges. We're delighted to have with us Daniel Shenook, Executive Director of the Center for Business Government and IBM, who will be with us to moderate this discussion and introduce our two speakers. You're in for a wonderful presentation, and I know you have a lot of questions, so we look forward to a rich discussion. And with your applause, will you please welcome Daniel Shenook to the podium. Thank you. Thank you, and good morning, everybody. Thanks to CSIS for hosting a very informative and interesting discussion that I know will have this morning. Thanks to the Estonian government for lending two of their leaders to us here this morning. I'll introduce our speakers momentarily just a word. So I served in the U.S. government for about 15 years and for the last five years of that time, from about 1990 to 2004, I was the functional equivalent of the Chief Information Officer of the U.S. or the Deputy Chief Information Officer of the U.S., which the world changed when the Clinton administration moved down to the Bush administration from a career position, which I held to a political appointee in the U.S. government, which the Bush administration introduced. And that position still exists in the U.S. government. And this topic of e-governance is one that even when I was in that position in the U.S. government, Estonia, I kept hearing these stories about these incredible things are happening in Estonia. And so looking at things that were happening as you heard earlier from the introduction, it was really an interesting case study of things that the U.S. and other nations could learn from. So we did model a number of our open government initiatives after some of the open cabinet meeting proceedings that Estonia pioneered at that time. And also the topic that you'll hear this morning, our main speaker will talk in from the position of Chief Architect in the Estonian Information System Authority. And this role, this combination of sort of technical and enterprise architecture with governance is really a key to making technology work for the mission of government. It's certainly something that we've learned in the U.S. when we set up an e-government strategy 15 years ago, enterprise architecture was at the core of that strategy. And we now still have a U.S. Federal Enterprise Architecture. And I'm sure we'll hear similar experiences from our speakers. So I'm very interested to hear the discussion. I'm sure that we'll learn a lot. We'll be a lot smarter in about an hour. And I know that we'll get some great learnings from our guests. And then we'll be able to get into a discussion, I think, toward the end of the hour. So let me then introduce our speakers. Andress Kut, who is the Chief Architect for the State Information System Agency and the Information System Authority in Estonia. Andress did spend time in the U.S. and the World of Higher Education at MIT recently and also is a graduate of the business school in Estonia and the University of Tartu. He's also spent time in the private sector with the Nordea Bank in Estonia and has had a number of positions, including a position with Skype. So all of us who actually call people on Skype can probably thank Andress for helping to make that capability work very well. So thank you for that. Andress will be doing the bulk of the presenting. With him is his colleague, Lena Aran. Hello, Lena. Welcome. Lena is the Head of International Relations for the Estonian Information System Authority, a position she's held now for a little over a year. Prior to that, she actually worked in NATO at the Cyber Defense Center of Excellence. And she holds an honorary title of a NATO CCD COE Ambassador. So we will call you Ambassador Aran. Thank you for joining us. She has a long career working with the Estonian Ministry of Defense in many different positions and studied also in Oslo. Both of them speak many languages. So depending on your comfort in the questioning, you might try a different language if English isn't working for you. And I know we'll have a terrific discussion. So with that further ado, let me welcome to the stage Andress. For the wonderful introduction. I'm an engineer at heart and by profession. And therefore, I always cherish and appreciate these opportunities to talk to non-technical audiences because this makes me think about things that usually I don't think about. Like how to actually make the technology work with the existing business processes to have it utilized for governance. So today, I'm going to talk about the evolution of the Estonian digital ecosystem, opportunities and challenges of e-governance. But the idea here is not to sort of define the discussion, to not to give you sort of, this is how you do things. And if you do this, you will be prosperous kind of things, but rather give you a frame of thought as to how to think about things. And I'm certainly not going to tell you what you should be doing. I'm rather telling you how we have approached things. And maybe that's useful. Firstly, I'm going to talk about what the stone and digital infrastructure consists of so that you have some understanding as to what it is that I'm talking about. Then, I'm going to cover a little bit about how this all fits together because having technical solutions is one thing, but actually having that work together with the legislation, business processes and the social processes is a completely different thing. And finally, I'm going to cover a little bit about what are the digital enablers that have allowed Estonia to actually be where it is now. There are a couple of interesting things there, and finally, some conclusions. But let me emphasize this once more. How we develop the solutions is more interesting than what we have actually built. Because probably something that works in a country of 1.3 million people does not necessarily work exactly like that in a country of US magnitude. Stuff just doesn't scale like that. However, it is a high chance that the approach, the methodology, the thinking, the mental models applied, that those can be taken over, those can be useful. So I tried to move away from actually trying to tell you what the exact digital solution is, or technical solution is, and more as to how we got there. And the other thing I'd like to emphasize is that we should talk about digital embracing government, not e-government. The difference is subtle, but still significant, I think. With the e-government, you have this implication that you have this government over there, and you have this e-government over there. And this is a completely separate thing in a corner somewhere which is the domain of the IT people and doesn't really concern the actual government part at all. I think that's a big mistake. Technology should be seen as something that enables better governance. That is something that allows and drives change in the governments, rather than something that is just bolted on to the existing government processes in the hope that somehow awkward stuff done faster is less awkward or more useful. It's just awkward stuff that is done faster. So let's talk about the digital infrastructure we have. So that's the basic enterprise architecture picture that we have. Our agency's name is Estonian Information System Agency, in Singular. Which means that we really perceive our system as one entity. At the same time, the basic principle of democracy is to actually disperse power. To make sure that there is no concentration of power anywhere in particular. And therefore, we are facing this challenge of how do we have those agency silos form a coherent information system? And that's how we do it. What the layers actually mean and what they contain, I'm going to go into slightly more detail in a minute. But it is important to understand that we have the technical layers, the architectural layers that we also use as a framework of governance, framed by two sort of fundamental processes on site. Firstly, we have finance and portfolio management where we actually drive, well that's basically a stick in the carrot, to drive desirable behavior from the agencies. We fund projects that we like, that help agencies move towards this one coherent picture that are useful for e-governance or digital governance and for the entire Estonian ecosystem. And we deny funding for projects that we see as unnecessary. For example, two agencies come to us applying for the funding, both. And we perceive that as those both solutions as being highly overlapping. We don't approve funding unless they actually talk to each other and come with a joint proposal saying, hey, this is how we will work together and this is we will avoid waste. And on the other side, we have information security. I firmly believe that information security deals with failures of architects. If something is insecure, if something is difficult to defend, that's an architect's failure. We must design things that are defensible. Therefore, the architecture of all the layers, the architecture of the entire information system, must have feedback from the information security world. And the other way around, of course, changes coming in from the funding part, changes in all the layers and the information systems, they drive changes in information security processes as well. All right, so let's go over the layers very briefly. The electronic identity, we have a chip card, smart card, which relies on a certificate authority that is external. It is a government has a stake in that CA, but it's a separate organization. So those certificates can live also on the SIM card, so in your mobile phone. And digital signature is legally equivalent to a physical one. So that if I digitally sign something, and this is where actually a lot of confusion happens, is that sometimes I get sort of, for example, a patent sort of paperwork from US, and I'm told that I need to sign this digitally. And I rejoice, I can do digital signatures, and then it turns out that I actually need to find an iPad and sign it on the screen. But in our case, it is actually a digital signature that actually cryptographically computes a hash of the document and encrypts it, and that's legally equivalent to physical actual signature. The chip does not contain that much information at all beyond the personal ID code of every citizen. This is something that is very much a cornerstone of our system is that every person is uniquely identifiable. And we also have a bank-driven federated identification scheme that is widely adopted by stakeholders. Basically, you log into a bank and you get handed over in a secure fashion to a government agency. And this illustrates very neatly the sort of strategic alliance between the public and private sector, because an average citizen interacts with the government two or three times a year. And whatever you do, probably saving a couple of minutes from two or three interactions over the year isn't gonna help you much. Also, if you need to identify yourself two or three times a year, do you remember a password or a PIN code that you only use twice a year? You won't, right? At the same time, you pay your bills, you interact with the bank daily, weekly. And this creates a situation where the banks can benefit from the digital signature because that takes away from the risk portfolio because they can now say that this payment order was signed digitally and that's equivalent to a physical signature, so what do you mean? You didn't make the transaction, right? And the government can actually benefit from banks driving authenticated customers to digital services. On the channels layer, we have a central government portal called hasty.ee, which has 800 plus government services available, which relies on the next architectural layer, I'm gonna talk about in a minute, for services. But in addition to the central portal, we also have hundreds of direct contact points with the different agencies. And the main challenge we see here is that how to maintain central coordination while still preserving sort of service ownership. So let's say a minister of agriculture wants to have, let's say, a registry of foxes. All foxes in a stone need to be in a registry somewhere. So how do we publish that service in the central portal in a way that still makes the minister of agriculture responsible for the entire service responsible for the business process of registering all the foxes while still having this as a sort of part of unified central service portal that creates a disconnect that we have a challenge to overcome. And it is unfortunate that public servants really don't like to think in terms of customers. For whatever reason, that seems to be the case everywhere I speak at, and it is a real challenge making people think of customers. We do have a central set of rough recommendations of how to build a government portal or government web service, but we don't have a central set of guidelines. And we are struggling with mobile. This is one of our weakest points is that we haven't embraced mobile technologies to the extent we would love to. It is not a massive concern because as I said, two or three times a year you interact with the government, you can live with that if the UI is a little bit clunky and doesn't look good in a mobile phone, but this is something that we definitely need to deal with in the coming years. And integration layer. Now, I think this is the key sort of building block. This is the central pillar on top of which everything else relies. We have a distributed service bus called Xroad. And what this allows us to do, or actually allows agencies to do, is to exchange information. We have more than 1,000 usable services on that Xroad available to different agencies. And we are constantly developing that infrastructure. And what this practically means is that it de facto enables once only and various privacy policies. Once only policy means that if government already has a piece of information about the citizen, they're not actually allowed to ask for it again. So if I interact with any government agency, it is enough for me to authenticate myself, provide that ID code. And from that, the agency can derive my name. They must not ask for my name again. And why is it this? Why do we have this policy? Sounds good in paper. And for a political sort of process, or a policy process or other, we try to find out where it is actually said that this once only policy is a policy. And we actually couldn't find it. It's one of those things that everybody knows that you're not supposed to do, but it's actually not written down anywhere. And the reason it works is that it is actually easier for an agency to fetch a piece of information about the citizen sort of online over the integration layer rather than ask for it again and then store it and keep it up to date and make sure that it's actually sort of accurate and prevent it from being stolen. It's actually easier to ask for that piece of information from a different registry. And this is where the privacy policies come in. X-Rode effectively allows us to, allows us not to have this master database with all of the information. All of the agencies have their own registries. Like there's a Ministry of Agriculture with their registered foxes and there's this persons registry and there are other registries. And if there is a breach in any of those registries and inevitably there will be, there is no such thing as a completely secure system. Then the only that sort of, only that part of the information system is breached. There is no way to sort of walk away with the entire dataset the government has about the citizen. A very practical example of this is the driver's license. Our road authority that issues driver's licenses recently figured out that they don't actually need to take pictures of people. You know, on your driver's license, there's a picture of you. But the authority went, wait a minute. But these people at the police and border guard agencies, they already issue the ID cards and they already take pictures of people. So why do we actually redo this? And a field was added to a one service because you still need to sort of present your ID document when you get your driver's license. So there needs to be an integration where the validity of that document is verified. A field with a picture was added to that X-Rode service. And the road authority is able to save or shut down those photo booths they had and they're saving enough money to pay for the entire integration layer in five or six years. Adding one field pays for the entire infrastructure in five to six years. So that's how financially beneficial that integration layer is. And it's really a cornerstone of what we have. And underneath everything, there's infrastructure. In this area of cloud computing, we often forget that, well, there's still gonna be some computer somewhere, some hard drive somewhere that actually stores this information that actually does the computation. And we are working in this field aggressively. We are seeing platform as a service as our vision. We are by far not there yet. And we're currently having mainly consolidated network access for the government services which provides the government agencies with fairly easy integration points into the telcos or internet service providers. And from the other hand provides our agency with the ability to do sort of joint network monitoring for the entire government system and to support agencies in resolving cyber incidents. And we see the government cloud as a combination of private cloud, public cloud, and data embassies. And I probably should say a couple of words about data embassies. You see, Estonia is very dependent on these services. And when I say very dependent, I mean, like we are literally not able to have business processes without the digital services. Estonian business processes, governance processes and legislation has been for the past 10 years designed around information systems. They are designed to embrace the technology. Therefore, when the technology is not there, we don't know how to do things. Yes, in theory, you can always fold back on paper but over the 10 years that actual practical capability of handling that stack of papers has been lost. Therefore, e-services are really, really crucial for us. So that's one thing. The other thing you should know about Estonia is that it's about that size. In the IT world, there's something that's called sort of layered data center division. On layer four, you should have data centers, your primary and secondary data centers, 250 kilometers apart, which basically means that if there's a natural disaster on one of them or a massive electrical failure, there's a high chance that the secondary site is gonna be unaffected. There is unfortunately no way to do this in Estonia without putting one of those data centers effectively next to a certain border and the other one on a tiny island. So what do we do? What do we do is that we actually extend the territory of Estonia. We figured out that it is actually possible to use Estonian embassies as sort of extensions of that virtual data center framework of ours. And so we're deploying services actually outside of Estonian boundaries. And we're trying to, by doing that, we're trying to redefine what it actually means to have a country in a digital sense. But this is not enough. This is just the technical view. Thing is that the described model is lacking. It's no technical solution really exists in a vacuum. Democracy needs different tools from the bureaucracy. Both are legitimate ways to run a country but they need different tools. Structure of government. Estonia is a very small country with two layers. You have a government and you have municipalities. In U.S. you have federal layer in addition and that is going to change the way systems are built, the way the architecture is designed. What registers are there? For example, in U.S. case there is no central, as far as I know, central register of all citizens. There is just, it's not there. So therefore the functional architecture must be distinct from what we have in Estonia. And also the physical constraints of, basically, yeah, the stone in size, but set some physical constraints that you guys don't have or some other countries. While let's say an island nation in the middle of the ocean is going to have slightly different challenges there. So the question is how do you build a governance model that encompasses all of those aspects while still making technical sense? Because in the end I speak from the point or perspective of an engineer, so I still like to be able to build stuff based on an architectural model. So what we have come up with is an enterprise architectural model that actually divides the organization or government into layers. You get business architecture. Basically, this is what your constitution says. That fundamental thing that you are a democracy and not some other governance model and so forth. You get organizational architecture which basically defines your ministries, your agencies, your business processes. You get your functional architecture which defines what registers are there. How do they interact? Do you have a, for example, do you have a vehicle registry that is linked with population registry or do you have just the population registry or just the vehicle registry? How are those related to land registers and so forth? You get technical architecture, which is the layers I described you. The identification, the servers, the integration layers and so forth. And you have physical architecture that tells you about what the physical setup is to are you able to build a decent network of data centers, what are the network challenges and so on and so forth. And what this model actually gives us is an ability to see the government as a holistic entity. Let's take this data embassies idea. Data embassies is a question or a concept on the technical architecture. Let's just move some servers to the, let's say, Swedish embassy of Estonia. Technically, it's fairly simple to do. We can do that, we can do encryption, we can do VPNs, we can do all sorts of interesting things on the technical architecture and on the physical architecture. And even on the physical architecture, we get challenges because now the embassies need to have a physical place for that server. Do they have that? I'm not entirely sure. We need to establish that. Functional architecture, okay, so we have one registry out of Estonia. If something happens to the main registers in Estonia, then that registry is gonna be fine. But will that registry in Sweden be able to do a function on its own without relying on something else? Yes, we might have a vehicle registry out there, but if it only contains the ID code of the owner and no name and no driver's license information and whatsoever, then how useful is it? And it becomes a challenge of the functional architecture. So organizationally, we have a legal setup where there's a very specific organizational owner to all pieces of data. There's a ministry or an agency or a department of an agency responsible for maintaining integrity and security and confidentiality of every piece of data. And again, taking the data embassies example, we move that registry out to the Sweden and something happens to the agency that's responsible. That is physically still in Estonia. We are not gonna be moving an agency to Sweden. So how do we resolve that in a legal setup? How is there a responsibility to be resolved in that situation? And on the business architecture, the very fundamental questions about the government's governance, what does it mean to have data embassies, to have data distributed over the world? What does it mean in the concept of the state? What does it mean to the fundamental sort of what? A government, a state used to be this thing that you could draw a border around. That's no longer the case. All of a sudden we can have government that's almost devoid of the physical manifestation. Let's say little green men pop up all over the Estonian countryside, can we move our country into the digital world? And these are the thoughts that this sort of enterprise architecture view of the government allows us to have. Changes in all of the layers actually impact the others. When we change legislation on the organization architecture, we need to change function architecture, we need to build systems. When we decide to do some technical advances like the data embassies, we need to think of the other layers. So what allows us to have these wonderful things and allows us to have this luxury of actually being there? I think it is very easy to see Estonia as one of these, like somebody said, digital nornea. This wonderful wonderland where everything is digital and Estonia is this chosen nation that somehow is magically born with a computer in their hands and they're very fluent in these things. That's not the case at all. The thing is that we don't have another choice. We cannot afford the country without the benefits that digital governance brings. So we are there because we need certain things right, not because we are a somehow magically chosen country. So where does our digital background come from? Where does it, why are we able to do these things? What are the things that actually have driven us to build that sort of infrastructure we have? First, I think it's vital to have trusted collaboration between stakeholders and preferably externally guaranteed trust. I already brought the example of digital signature in an interaction between a citizen and the bank. The government provides an external sort of legal guarantee that that digital authentication method, the electronic identity that is used by the citizen is actually equivalent to the physical one that assures that that interaction is trustworthy on both sides. At the same time, the interaction between let's say, citizen and the government in terms of E-election is secured or externally guaranteed by cryptography. The citizens know how, well, they can know, that's public information, how the cryptography works and they can trust on that. It's transparent. And these sorts of things are important because trust tends to erode over time and there needs to be something that keeps it stable. And in our view, only very wealthy countries can afford not to have that trust. I found one example, the IRS. IRS lost 5.2 billion to identity theft in 2013. I've been told that the numbers for 2014 are bigger and just to sort of put that in perspective when we convert that as a percentage of GDP, that would mean that Estonia would have lost roughly 6 million euros, which is basically more than the budget of our agency. We have like 120 people or something like that in our agency. And I can tell you that if Estonia and Texas Customs Board lost 6 million euros a year, that would be a problem. So we really can't afford not to have that trust. But it's also about trust between engineers, politicians and administrators, but also banks and the government. At some point in our history, we had a situation where we had the Europe's youngest Prime Minister called Martlar. And he was a, for crying out loud, he was a history teacher who became a Prime Minister. Like how do you, zero experience in, and he went on and the tax reforms and land reforms and all of these things. But he had an advisor and that guy told him that, look, we can't afford Procracy. We simply cannot afford it because we don't have anything. And the way to avoid Procracy is, look, these computer things, these are really useful. Let's go digital, let's avoid Procracy and the feedback loop that the Procracy creates of creating new Procracy. Let's avoid that by going digital. And because that history teacher having no background in technology or economy or governance or anything but history, he trusted that advice. There was a trust there and he took that advice. And that is something that underpins many, many, many decisions we have made. Is that there is a trust between policymakers, administrators and engineers. There is a discussion going. Of course, it's not perfect. Nothing ever is, but it still works and it is very, very important to what we have. The other thing we really can't live without is ubiquitous electronic identification. On the internet, nobody knows you're a dog. And the assurance level of service provided is dependent on how well you can identify somebody. And the British way of using utility bills and so forth, that can be really helpful. But it only can go so far. You can't sort of have digital signatures based on a utility bill. You need to have a strong form of electronic identification. But ubiquity part is something that is very important. Because if you only are going to use something that you perceive as being useful. And as I said, a citizen doesn't really interact with the government that often. So they must have an inherent understanding that going digital is actually useful. But also that the users are acquainted with the risks involved. They know what happens when you give out your credentials to somebody. Let's take the same example of e-elections. The electronic elections in Estonia are executed over the interweb using the same chip card, your ID card with the pin codes. And you can vote from your computer and a surprising amount of people do. And at that point, all of these sort of critics go, oh, but what happens if people hand over there? You have no control over the chip card and the pin codes and people hand them over. And yes, that is true. However, people in Estonia, because they have used it, they are using it in their everyday lives, they have a very keen understanding as to what it means to hand over that electronic identification method to somebody else. That means that that person who gets that chip card and those pin codes has a utter and complete control over your money, your property, everything. It is something that people realize very sort of broadly. It's very sort of deeply built into the society. People, therefore, are very less likely to do that than in a society where, you know, chip card is just something that you have but not something that you use everyday. And people actually have to find convenient to use it. Any identification method that is too crumbly some and we are getting there with the event of mobile phones, you know, chip card reader, you can have that on your computer but not on your mobile phone. So we need to figure something out there. User actually has to find it convenient to use. Breathing room. When we started out, we had nothing. Estonia had no telco, infrastructure, no legal basis. We still had to build our regulations and everything was in flux and that helps a lot because if everything is in place by definition, any change would go against well established rules. And in government setting, you have a regulation that tells you that you should be doing things in a certain fashion. And when one morning an official comes to work and doesn't do things according to the regulation, they are breaking the law. But that's kind of the definition of innovation. Doing things today differently than you did yesterday. There has to be some level of breathing room, some level of flexibility there. Let's take the same example of users handed over from the banks to the Jackson Customs Board. I was working at a bank at the time and as I remember we developed the entire solution within six weeks because the Jackson Customs Board came to us and said that, hey, we have this challenge, we need to, the personal tax returns are about to be filed and we need to figure out the way how to authenticate people on there because people never go to a Jackson Customs Board and say, hey, could you please issue me an electronic identity, it was before the ID card. But they do go to bank to do that. So can we have a cooperation there? And we went, sure, and we designed the protocol and implemented it and rolled it out. And today it would be, in a student setting, it would be utterly impossible to do. I would imagine even contract negotiations would take six months, not six weeks. There has to be some flexibility, some controlled chaos for the innovation to emerge. If you do everything by the book, if everything is very well controlled and sort of, if the loan is very nicely manicured, you don't get much change, you don't get much innovation. Critical levels of critical competencies. And I think there are three things that if you wanna have a digital government, you need to have these capabilities within the government organization. Firstly, ability to procure development. There must be an ability to act as a responsible customer. And this is surprisingly difficult. Doing vendor management in today's world is challenging. I've had a conversation with a representative of a large country that basically told me that they are struggling with vendors. Because big vendors nowadays can dictate their conditions and can overwhelm even large and very well established and mature government organizations. When I came to be the Estonian chief architect, I had this naive vision that, oh, it's like an enterprise architect, right? I set up a sort of this architecture board and we are just gonna coordinate all the architecture decisions made in Estonia. And it's gonna be wonderful. And it took me about a couple of weeks to figure out that that's not the case at all. Why? Because nobody in a Estonian government actually makes or actually made, no, it's slightly better now, but still the government doesn't make architecture decisions at all. Those decisions are made by vendors. So the first step is to have the government act as a responsible customer to pull those critical IP defining intellectual property defining decisions into the government domain to take that from the vendors and then to coordinate those decisions. Also there needs to ability to procure operations. Operating the service means controlling the data. So use of public cloud is a challenge there, but can be used if the legal framework allows it and if the operational setup is right. But what we have seen is that we cooperate, operations lead to low service levels and loss of trust. If the government doesn't have the ability to provide or procure operations of those systems, people are not happy. If the service is only usable if it's there. You try to file a tax return once and you fail because the server was down. You try maybe once again. You try maybe the third time, but on the fourth time you're gonna take the paper. So operations is important. And of course, information cybersecurity. This is vital. You can, I cannot imagine a setup where these sorts of competencies can be bought in. These need to be inherent in the government agencies. Fundamentally, who will work out your electronic identity scene? The chip card we have is fairly simple to use, but it's cryptographically fairly complicated. It's not a trivial thing to figure out. Same applies to the digital signature formats, file formats we have, and the digital signature properties and the processes. I'm not even talking about electronic voting, which is cryptographically fairly complex. Building these things requires that competence to be in-house. Also, there's a question about whose cryptography do you trust and can you make your own? It's a very, very valid question nowadays. At least I'm not taking any sides, but that's an important decision and that must be an informed decision. Not something that, oh, I find a piece of code on the interweb that seems to do encryption and that's gonna be just fine. You can't take that approach if you're responsible government. And finally, how do you protect your service? If something is useful, if something is valuable, if something drives value for you, inevitably there are going to be people that don't like that. That's just how the world works. So you have to be able to protect those services and this is again something that is a critical competence. And without those three, ability to procure development, ability to procure operations and the information in cybersecurity, without these three competencies, it is really difficult to set up a digital government. In Estonia, where do these things come from? As I said, Estonia is not a magical wonderland. So where do we get these three things? Or those actually, those four things. The trust comes from our independence process. There's this popular meme that Estonia sang itself free. And to an extent, it's certainly true. Our country is our own. There's a very sort of deeply ingrained understanding that we made our country. You trust your own children. That's where the trust comes from. Also Estonian society is very small. Everybody knows everybody. I've been building software for living for more than 20 years. And at a financial organization, I had serious trouble explaining them that there is absolutely no way I can be fully independent in the procurement process because I have worked or been colleague or being a contractor or a customer of all the IT companies in Estonia or people in those companies. It's a very small society and that breeds trust. Ubiquitous electronic identity comes from two major projects to a very large extent. It's Tiger Leap and Look at World. Tiger Leap was a project in the 1990s. It still continues now, but the bulk of the work was done in 1990s to bring computers and internet connectivity to Estonian schools. So that kids from very young age would have a sort of this comfortable understanding relationship with the computer. They would realize that computers are useful. They would have the basic skills to use them and so forth. Look at World project was much more interesting in a sense that it allowed us to sort of express that strategic alignment I spoke about earlier between the government who wanted to get rid of the bureaucracy or avoid building bureaucracy banks who had the need to actually get rid of physical branches to basically save costs and telecoms who needed to educate their customer base to actually sell them telecommunication services. And these three parties sort of combined their efforts in the Look at World projects that provided education about computers to adults, provided internet connectivity, established internet access points all over Estonia. So in a library or at a school or a small municipality, effectively within a couple of kilometers from everywhere in Estonia, there was a computer that was free to access that was connected to the internet. That was something that the Look at World project did. And of course, banks pushing for electronic channels was something that allowed that ubiquity to emerge. Breathing room that comes from very simply ineptitude. Our prime minister was a history teacher. He simply did not know what to fear. And that's something that has been there a lot. If you don't know anything, you don't know what to be scared about and you just go and do things. And we have been lucky. Has worked out. There's also this thing called Nordic cynicism and a very practical mindset. In our climate, as opposed to what's happening outside now, in Estonian climate, the winter comes fast and harsh. And unless you are prepared, you die. There is not much time to think and figure out and maybe there's a better way to plant your grain or harvest it or do something. No, winter comes, you're gonna be prepared. But it's very, very practical, very sort of simple things. You need to be able to rely on stuff to work. Those critical competencies come from two major sources. We have Soviet education system. And there was this, you might have heard this thing called Cold War, in which there was the struggle between the powers. And the Soviet government very rapidly realized that you can't very well throw poetry or cabbages at the capitalist talks. You have to have bombs. You have to have, therefore, you have to have somebody to actually build those bombs for you. You have to have engineers. And so it was that the Soviet power, when I grew up, was the Soviet state was not able to supply, or actually was able to supply my home town with exactly two varieties of men's winter coats. If you were lucky to get one, at the same year, that same government was able to supply our school with a class full of computers. That just indicates the focus. That means that there was a very strong sort of focus on STEM from the education system. And at the same time, the society in itself didn't really allow any sort of expression of yourself basically other than going into the computers. So that provided this fantastic outlet for geeks like myself. And also there was this local banks relying on local intelligent amateurs. In the beginning of 1990s, Amazon was very young. New books were available. We basically had to figure out how to do stuff ourselves. Even though the Soviet education system was STEM oriented, the computers we had were still sort of ages beyond what the West had and what started coming in when we regained independence. So there was a lot of this sort of, I have this thing that is expensive and I know it's useful, but how? And this intelligent amateur mindset emerged. That was also, for example, Estonian banks, to my knowledge, none of the banks that would actually started in Estonia, none of them bought their core banking core as a product. They were all built from scratch. Like four or five of them within like a couple of years in Estonia and some of them are still around, amateurs, building stuff, making stuff happen, not relying on the outside powers. And this drives competences. This is how we build competences or actually we do. So conclusion. Firstly, digital rather than in government. The E must not be a separate thing on top of usual practices and processes, but something that actually drives change in the government. In order for this to be valuable, there must be a holistic approach to this. It is not sufficient for engineers to figure out how to do data embassies or digital ID or something else. That technical thing must be supported by legislation, by organization setup, by function setup, by technical setup or the physical setup and the other way around. If there's a legal change, it must go through all of the layers as well. This is how you understand success and failure. This is how we drive change. And finally, benefits stem from the ecosystem, not from individual systems. Building a website is simple or as certain president of a certain country said when he visited Estonia, maybe not that simple, but nevertheless, building a website is certainly doable, but getting people to use it, that's not trivial. For traction, all stakeholders must benefit. Our e-governance would not be where it is. Was it not for the banks, the telcos, the people themselves, the private companies? I signed, I met my, I have a small apartment that I rent out and I had a new tenant last year. I met him the first time last week. Digital signatures. We signed the contracts digitally. I didn't meet the guy at all, ever. Now he had to hand over the keys. But that's not something that is part of the digital governance, but it is something that lives on top of the digital infrastructure provided by the government. And this is where the value comes from. This is where the savings come from. Not from me interacting with the government, but me interacting with my tenant, me interacting with the university organizations interacting using that infrastructure. This is where the benefits and value come from. And thank you. Not just in the organizing seat? Yep. Please go ahead. So Lena, from your perspective, it's a terrific story over the last two, but you come from a ministry within the, right the defense ministry within Estonia. How from the perspective of an agency serviced by this tremendous governance story from the central government, how was the interaction from the agency's perspective? I did come from a ministry. I work together with Andres because I switched sides, but I used to work in the Ministry of Defense at the time when we had the tremendous cyber attacks in 2007. And when this was considered as a major national security threat, and this was why the Ministry of Defense took the lead to develop our first cybersecurity strategy. But when the strategy was ready, when the structures were ready, when the order was created out of chaos, everything functioned well, then we realized that actually the more proper place for cybersecurity should be not within the Ministry of Defense, but within a civilian organization. So we started to demilitarize this issue and we handed over the responsibility for cyber to the Ministry of Economic Affairs and Communications. And now we have a perfect mix there in the information system authority and in the Ministry of Economic Affairs and Communications who sits on top of the agency that we have the system builders, the architects and the system defenders under the same organization roof, which is quite unique, I believe in the world. And as Andres said, that cybersecurity deals with the failures of systems design. So we tried to, or we have built at least a structure to deal with this problem from the very start. And our enterprise architects, the layered picture that I had, the integration layer actually allows us to separate the concerns very clearly. When I joined, when I started my job, there was a massive fight because I was perceived as this evil architect that tries to stump on everybody's lawn because nobody likes anybody else to tell them in their little tiny kingdom what to do or what not to do. But the enterprise architecture picture we have developed allows us to draw very clear boundaries. Within that box of yours, within that agency, you are utterly free to do whatever you find usable or suitable or get to financing for. However, the holistic picture is my domain. And that creates a very clear framework for communication and collaboration with the agencies and with the central sort of information system authority. So that's one of the very deliberate design goals of that enterprise architecture. So our center at IBM is in effect a think tank and we work with governments around the world to learn from the best of what's happening in government and to share best practices with other governments. So in that vein, you've sort of evolved this picture as we've seen from your presentation in a mix of technical and governance specifications. Would you say that that's the best, if governments are learning to learn from your example in terms of sort of the order that they engage in in to make a journey like this? Is it, you wanna work on both tracks at the same time? Do you need a technical foundation first? Absolutely, actually one would need legal and procedural and business process foundation first. For example, the ID code being set up, the legislation about the digital signature, the data protection regulations, all of these things actually need to be in place before you start building something like X-Rode. So I would even say that the sort of legal support, the business change should come before technical change. Technical should be just something to help achieve those goals there. Good, thank you. Any other observations, Lina, before I open it up for questions that you wanna share? Yeah, maybe one thing that, another thing that we're very proud of in this cold harsh climate there, the fight for survival is a thing called collective brain. We are a extremely tiny country, but we have come to appreciate joint action or joint thinking that we have realized that you win, you win only when you think, when you're together with like-minded fellows and when you develop this collective brain. So we put a lot of emphasis on community building and we have integrated that into our national defense as well. Also when it comes to cyber, we have a great formation called Cyber Defense League or Cyber Defense Unit of our National Defense League, which is something similar to, Defense League is something similar to your National Guard and the unit is underneath that National Guard, a military structure, but the people that participate in this formation are volunteers and they have very civilian backgrounds. They usually have well-paid jobs in banks and ISPs and they are patriotically motivated and they volunteer the free time in order to come together, to exchange information, to train together. The thing that the government provides for them is a training range, a cyber lab cyber range where they can train and they really enjoy it, to do something cool instead of, that brings them out of their regular boring IT jobs, system administrators, et cetera. So this is a, this community building efforts are of great help. And it doesn't come naturally to Estonians. The only difference between introvert and extrovert is there in East that introvert to Estonians is constantly looking at his shoes and extrovert to Estonians is looking at somebody else's shoes. So it's really something you need to sort of focus and concentrate on. It doesn't really come naturally. Okay, good. Well, I know we probably have some interesting questions in the audience. So let me start back here. And if you could just identify yourself. Interesting question and thank you. I'm also a Kennedy School alum, so good to see you here. Yeah. In the digital governance requires some sort of stability because those servers need to live somewhere. That somewhere needs to be reasonably safe. So in an unstable setting, building a digital government is really difficult. However, the second half of your question was about exile governments. And this is something that we have, this is one scenario that we have really deeply thought about. And let's imagine a scenario or not that I enjoy imagining it, but let's say something like happened in Crimea happens in Estonia. And all of a sudden there's these magical green men that somehow appear and there's an attempt at a referendum. What we can do in Estonia or we would love to have the ability to is to have public communication in Estonia saying, Estonians, let's vote. ID cards in your computer. Let's vote. And you can start uploading all the votes to a neutral party outside of Estonia. That's not under the control of those little green men. And you can have an actual democratic vote in that setting. So these are the scenario that we really, really think about. And it's becoming increasingly important. Again, bringing example from the Ukrainian set up, one of the things as far as I know that Ukrainian government did, it's a very first thing, was to cut the Crimea off from a population registry. That was in the sort of rest in Kiev, physically. And that meant that there was no way to actually have an understanding as to who lives in Crimea. So therefore there is no way to actually have a legitimate kind of voting procedure. So these things are becoming increasingly important in the digital governance world. And digital governance has a massive effect on these things and really broadens the perspective of things you can actually do. It effectively liberates your country or from the sort of physical world, you can move at least part of the function of your country into a virtual world, if you will. Perhaps I can only add that in addition to physical stability, digital government also needs some sort of political stability. Because our digital government rests upon transparency and very low levels of corruption because you can't bribe a computer. So that the some very basic components of a democracy should exist in a state that is a... But digital governance can also be used to drive that transparency. And as you said, computers are very difficult to bribe. As an engineer, I would say, not impossible. You agree with this? Yes. Yes, sir. Back here, thank you. Yes, my name is David Katz and I'm formerly with the State Department. I'd like to ask you about the University of Michigan study of e-voting security and the fact that they have come out, Mr. Haldeman has made presentations which are fairly compelling and they're out there and challenging the whole, suggesting that perhaps e-voting is just too hard to get to ever. And you speak about security problems being architectural problems and stress the need for feedback to deal with those kinds of things. I've been a bit concerned, I've been following this to see that Mr. Haldeman's, University of Michigan's presentation is out there and I haven't seen a really compelling response in something like this, a peer-reviewed literature, a real free discussion where a lot of these things were addressed. And I think some of the things Mr. Haldeman mentioned were not only kind of systemic kinds of things but also operational things, just simply things about locking doors and things like that. So I was wondering if you could address that because the issues of trust that you mentioned, if you have trust from the outside, eroding it can have an effect and in terms of eroding the trust within the population. Thank you. An excellent question. And we are working to get sort of a second view on the issues that Mr. Haldeman is putting forth. The thing is though that what Mr. Haldeman is largely pointing out are technical issues. And it is really difficult to argue with that because no technical system is fully secure and he's absolutely right. There are security issues in every system. Every technical system has its flaws. As an engineer, I know that. So it is, from that perspective, it is really difficult to argue with him because he's to very large extent right. However, what is not in that research is the holistic view of the things. The question is not whether or not e-voting is secure. The question is whether the voting system of Estonia is more or less secure when part of the voting happens electronically. And that's a very different question. For example, in Estonia it is possible to vote as many times as you want with the last vote counting. So that if you have any issues voting digitally, you are forced, there's a technical breach. You have reason to believe that your computer was insecure. Or whatever you have, you can always go on the voting tape and vote physically in a very old fashioned way. And that vote is gonna prevail. And the other thing is that our technical systems for e-voting sort of reflect the same procedure that is used by voting by mail, which is very established, very well researched. It's always there, it's basically step-by-step copies of the same procedure. So yes, technical systems are insecure and yes, there are challenges and yes, we are constantly working on improving that. However, it is not about technical solutions, it's about the holistic thing. And this is where we're struggling. We're actually struggling to find people in academia who are able to actually convincingly look at the entire thing, not just the technical aspects. Let me put this out, if there is any academic interest in research in this field, it would be much appreciated because there is just, as you pointed out, just one piece of evidence out there that is very loud and yeah. So I think that's an excellent point in terms of risk, risk-risk trade-offs that you're pointing about. It's not like there's zero risk in the current system and there's significant risk in an e-voting system. It's a question of what system is more efficient relative to the risk? And so making those trade-offs for any government, I think is an important point. There was a question over here. Yeah, let me, right here. Hello, my name's Jan Sieden and I work at the Center for Transatlantic Relations. I'm a visiting fellow from Finland and I have worked at the same bank as you have, Nordia. And one of my tasks in the bank was to convince the older people to move from the traditional banking to e-banking. And you didn't mention at all the challenge of how to convince the elderly people in Estonia to move to this system. So do you have any best practices in that field? Thank you. Excellent. And that joke about the Stoners looking at their shoes was actually stolen from Finns. Thank you for that. As to elderly, it is a challenge and this is why I actually mentioned the Look at World project because that specifically targeted education to the elderly. And in Estonia we have this situation where the elderly don't necessarily have many other options because the infrastructure is very poorly developed and you might actually in the winter you might not get out of your house. So there is a sort of very strong drive to actually use electronic systems rather than just sit in your car and drive somewhere. So that sort of lack of infrastructure helps and that is supported by the actual education providing you the tools to actually get things done electronically. Perhaps not. To elaborate a little bit on your picture of Estonia as everybody living in countryside and deserted places covered with snow then the elderly nowadays they're quite modern actually when you look at the senior citizens in Estonia then they are the Rolling Stones generation. So they can find their ways in the internet. They can book their plane tickets online. So an Estonian e-government system is very user friendly. It's very easy to use your EID to authenticate yourself to give digital signatures and we have extremely high numbers of digital signatures. We give almost six million digital signatures a year with a population of 1.3 million people only. And that also involves the elderly segments in the society. So they handle it quite well. Rolling Stones and Black Sabbath, how old are they nowadays? As a member of the Rolling Stones generation I'm now encouraged to come and visit. Yes, sir. Aguettes from the MITRE Corporation. And you mentioned earlier that we can speak in different languages. You are very good at speaking Estonian. I have a lot of ideas. You mentioned Estonian. I don't know much about Estonian. Now that I've expended my Estonian vocabulary I'll continue in English. Estonia has started the E-Resident program which is sort of an expansion of the digital borderless world. How is this going to impact your architecture? Is it going to require any changes or expansion? I'd like to hear your thoughts on that. Yes, thank you. An excellent question again. The E-Resident thing is a challenge. It's a big challenge architecturally because it doesn't require anything. It doesn't have an impact on any of the systems. Basically what has happened is that from the architectural perspective E-Residency is identical to every other resident we have. So the card is minted. There is certificates on the card. The person is issued an ID code. And from that point onwards that person is going to look identical to every single Estonian citizen. So it doesn't require any changes whatsoever. And that is a challenge because the business processes need to change. We need to start providing things in English language and so on and so forth. And these sorts of things are easier to implement if they come together with some architectural change if you need to build a new system. But that need is not there. So we need to somehow go and meddle with all of the components of the architecture to provide that decent experience for the user. So technical architecture changes, there are none. But fundamentals of the business process changes, there are many. And that difference is a challenge. Interesting, all the way in the back. I'm making the mic get some exercise here. Sorry about that. My name is Keith Hill. I'm with Bloomberg B&A. And I'd like to piggyback on the question about the Rolling Stones generation and their use of e-services. And specifically, I wanna ask what about those individuals who are older than the Rolling Stones generation? Like my mother's 89. And she couldn't use a computer if you put it in front of her and put a gun to her head. So what about individuals who are in their mid-70s and older? What percentage of them are using e-services or are the numbers too small? We'll call them the Frank Sinatra generation. Or the greatest generation. When we look at the statistics of our last e-elections, then the largest group who voted online was the people over 65 years of age. So this is quite telling. And maybe it's because of the Look at Word program that has helped a lot. The elderly people to develop their skills. Maybe it's something else. That they live in these houses in the winter and this is the toy for them. And just one more thing is that we also rely a lot of the grandchildren of these grandmothers and grandfathers. So if you have a grandmother who was not able to do things digitally, then she can actually pass that right to somebody else in the family who can do it for her. This is an option that is quite widely used as well. And one more thing is that it has been a deliberate and conscious strategy of Estonia for the past 20 years. 20 years ago, that generation was 20 years younger. If I'm doing my math correctly. Which means that they had the better ability to sort of study and learn about things. So over time, this problem actually sort of alleviates itself as the generations that get better education get older. So I think that is one of the key things. In the beginning 20 years ago, definitely, it was a much larger challenge that it is now. But the rolling change is helping there a lot. Sir. Yes, my name is Patrick Eftempier. I'm formerly with US agency for international development and now with a small consulting firm called the public management group. I was particularly intrigued by the connections that you made between digital services, ubiquity, trust, and not just an emphasis on the technical aspects of it. But at the very end, you started talking about some of the conditions which I think might be that are necessary for this even to take place. You talked about a legal procedural and other environments. Could you elaborate a little bit more on that, please? It is very difficult to answer in a generic fashion. I guess my message is that whatever the technical solution is you are building, and whatever the legal infrastructure is you are building, the legal procedural and business change must come before the technical change. If the engineers are allowed to run the world, that's a disaster, basically. That engineering, the technology must be used to actually complement and implement a business change, this is what I'm saying. Whatever the business change is, it must use technology, not the other way around. I think that's my sort of genericness. This is where the collaboration comes in. It was led in conjunction from the policy makers to the engineers. There was a sort of trust and collaboration environment between those two parties, and that's crucial, because that allows to develop policies and regulations and processes in a way that actually embraces digital. Without the engineering component in there, it's very difficult to do. And engineering is very difficult to do without the sort of legal and procedural aspects. So that cooperation actually allows those two sides to drive that thing together in the same time. But they must drive the legal part first, the business part first, and then technology. I'm curious as a follow-up to that question, in this country we've seen successes where business leaders in agencies and ministries define their goals and objectives and then work in partnership. So it's sort of our integrated project team, if you will, where it's supposed to. We're doing the business piece here and then we're throwing it over the fence. How does that work in Estonia? Oh, very much the same way. There is a very strong correlation between a IT savvy, focused business leader and successful implementation of systems. There's a very, very strong correlation, completely agree with that. Any other questions for our guests? Yes, sir. Thank you, Pete Bear with Energy Wire. How effective is the sharing of classified cybersecurity threat information between defense agencies and civilian agencies and the private sector? And is this dependent upon personal relationships to some important degree, or is it really well spelled out in a system and in rules? You know this is your turn. Yeah. This is dependent on both personal relationships, the community, and also some regulations. That when we talk about vital service providers or the critical information infrastructure, then they have an obligation to report on the incidents. So it's not voluntary, it's obligatory. But attached to that, we also are attached. Apart from that, we also have a very strong community that unites these people. Through the Cyber Defense League or through some other formats of cooperation that we have in all level strategic operational technical level. We also envisage to look at this picture comprehensively. This is also written into our national cybersecurity strategy that we try to integrate the continuous operation plans of the vital service providers with the national defense planning so that the crisis preparedness would kind of work hand in hand with the military planning. And this is how the information gets ideally shared. Of course, it doesn't happen 100%, not even in Estonia, but we are getting there through regulation and through this very strong community. And I believe that we actually get there faster through that community than through regulation. So we try to use carrots rather than sticks even though we have the regulation place. Following up on that question, one of the open legislative issues this year in the US Congress is a potential legislation that would provide liability protection to private sector firms to increase information sharing. And that's legislation as I'm sure many people in the room know has been sort of floating around for a couple of years. I've worked with CSIS and a number of capacities on similar issues. Is there a, back to your point about policy coming first, is the legislative framework friendly to information sharing and that there is similar protection to private sector companies who share information with government? Or is it more the interpersonal and close-knit nature of the community that really drives that? I would say it's the latter rather than the former. We try to regulate as less as we can, but there needs to be some basic regulation in place. But I would say that it is rather the strong sense of community. Interesting. And so that's been able to share it. Fundamentally, a situation has been created where the community is so strong that people perceive being able to be in that community as a sort of almost requirement to be able to do their job. Because unless you are within that community, you are cut off from your information sources. You can't share information, you can't get the news anymore. And unless you are in there, you basically can't do your job and you can't get a new job either. So in such an environment, sharing information becomes fairly easy. That's true. If you're a bad kid on the block, then you're cut off your, yeah. Nobody wants to play with you. Future positions. That's true. Nobody wants to play with you. Interesting. Interesting. Okay, the wisdom of the crowd at work. Yeah. Okay. Terrific. Well, I think we're about at the end of our hour. Are there any final thoughts that you wanted to share before we close? Just to be thank you for the very good questions. I guess. Thank you. Thank you all for coming. And.