Sectoral Methodology

Sectoral methodology

In agreeing upon the definition, the working group analysed whether there are any suitable existing national and international terms and definitions that can be applied to the Estonian cyber defence strategy. For this, the different terms and definitions used by international organisations and states were evaluated. The following were taken as the basis:

• UN/ITU documents;
• NATO documents;
• EU documents;
• national strategies;
• theoretical publications.

The analysis revealed that the existing definitions do not fill the three target criteria:generalizability, brevity and systematicness. So the working group decided to develop new terms and definitions that would fit the context of Estonian information society and the organisation of security.

For this, the connections of cyber security with other similar domains were defined along with the scope of the field. In other words, the prefix cyber- was given a clearly defined meaning. Consequently, the main terms were defined based on this logic.

The cyber-terms are always compounds – cyber-attack, cyber-danger, cybersecurity, etc. This means that a smaller area (cybersecurity) needed to be distinguished from the main area (i.e. security), and the distinctive features of the smaller area and its connections to the main area needed to be highlighted.

A great issue was defining the main areas (attack, danger, security, etc.). Such general terms are used in different meanings in different fields and situations, and the staff and schedule of the cyber-terms working group did not make such an in-depth approach possible. As a result, the working group decided to forego defining the main areas and only described them.

Such a methodological approach, where the main area is not defined, makes it relatively simple to create new terms in the field of cyber defence. The meaning of the main groups can be different in different domains.

1.1The connections and SCOPE of the domain

Defining the connections and scope of the domain was important as there are many different terms used in the context of the cyber-domain. The following are among the terms used in the domain of security:

• IT Security;
• Computer Security;
• Information Assurance;
• Electronic Security;
• Emission Security;
• Information Security;
• Personal Data Protection;
• the physical security of data and systems (i.e. server rooms).

The question arises, how is cyber security different from these terms and how is cyber security related to them.

It seems like the important links between cyber security and the rest of the field are created on the basis of the devices and systems (i.e. facilities), data and information, and the physical environment. When talking about the cyber-domain, we are mainly talking about the tools of information processing – hardware, software and the related infrastructure. This term is characterised by the following drawing.

In order to define the scope of the cyber-domain, the working group of cyber terms used two criteria:

1. characteristics of the tool for information processing:
2. ability to communicate/network.

Issues of principle arose in the case of both of the criteria. At one end of the scale depicting the characteristics of the tool for information processing the working group placed such tools (hardware and software) that are created specifically for the processing of information. The other end of the scale was populated with all electronic devices that, to an extent, operate as processors of information (i.e. the clothing iron or refrigerator).

In case of the ability to communicate/network, at one end of the scale there were devices specifically designed for working in a network, and at the other end of the scale devices that are not connected to a communications network and are not able to communicate. In the case of those, it is only possible to speak about them processing information internally. In the middle of the scale there were devices that have the ability to communicate/network, but that are not necessarily connected to a communications network.

The working group came to the following conclusions in defining the scope of the cyber-domain (see figure below). First it was decided that not all electronic components can be regarded as part of the cyber domain. As it is hard to draw a universal line, it needs to be done on a case-by-case basis. At the same time, all tools designed specifically for the processing of information, as well as other tools with an important role in the processing of information, were included in the cyber-domain automatically. As for the ability to communicate/network, it was decided that devices for the processing of information can belong to the cyber-domain if they have the ability to communicate/network.

1.2Main terms

Two terms were laid down by the working group as the central terms: cyber-and cyber device. All other terms can then be based on them.

Küber-
Cyber- / is a prefix to the terms related to information processing devices communicating or with the ability to communicate with each other
Kübervahend Cyber Device / is an information processing device which is able to communicate with all other information processing devices with the ability to communicate

Given the scope of the base terms, definitions with the prefix cyber- can be quantified in the form of four different perspectives.

Version 1

An influence is what is externally originating for the cyber devices (everything that influences the cyber devices – a cyber-attack, a physical attack, an electromagnetic impulse, a natural or man-made disaster).

Example:A cyber-incident is an incident influencing the operation of cyber devices.

Version 2

The influence is directed outside from the cyber-devices (influencing various objects through a cyber-attack).

Example:A cyber-incident is an incident created through the operation of cyber devices.

Version 3

The influence occurs between the cyber devices (i.e. cyber-attack on cyber devices).

Example:A cyber-incident is an incident created through the operation of cyber devicesand influencing the operation of cyber devices.

Version 4

The influence is directed both from the inside to the outside as well as from the outside to the inside of the cyber devices (i.e. cyber-attack combined with physical attack and an electromagnetic impulse.

Example:A cyber-incident is (a) an incident created through the operation of cyber devicesand (b) influencing the operation of cyber devices.

At first, it seemed to the working group that a single approach/version can be used for defining all cyber terms. This, however, did not prove true in practice. A version of the definition that fit for one term did not fit for another. This is why the working group decided that in case of each term, the version that fit the concept of the term best was used.

No. / Term in Estonian and English / Definition
(main area not defined) / Comment on the main area
(comments are illustrative in nature and do not provide a conclusive description of the main area in all contexts)
1 / Küberruum
Cyberspace / is a space created through operationally connectedcyber devices. / Space usually means an environment – a wide-scale and complex system consisting of different elements and their interrelations. The elements of cyberspace are information processing devices that are able to communicate with each other.
2 / Küberintsident
Cyber Incident / is an incident created through the operation of cyber devices. / An incident usually means an occurrence which can cause or causes deviations from the intended operation of systems.
3 / Küberrünne
Cyber Attack / is an attackcarried out through the operation of cyber devices / An attack usually means a deliberately caused incident.
In the military context, the term ‘attack’ is also used as a synonym for ‘offensive’.
4 / Küberspionaaž
Cyber Espionage / is espionagecarried out through the operation of cyber devices / Espionage usually means a confidentiality breach with the aim of stealing information.
5 / Küberkuritegu
Cybercrime / is acrime created through the operation of cyber devices. / A crime usually means any breach of national legislation or international contracts that is classified as a crime.
6 / Küberoht
Cyber Threat / is a threat created through the operation of cyber devices. / A threat usually means something possibly causing harm.
7 / Küberkaitse
Cyber Defence / is (a) the defence of cyber devices from the threats influencing them and
(b) the defence against threats created through the operation of cyber devices. / Defence usually means the application of measures against various threats.
In a military context, defence means:
a) at the strategic level, the whole domain of the military (the Defence Forces);
b) on the operational level, defence operations;
c) on the tactical level, defence measures.
8 / Küberturvalisus
Cyber Security / is (a) the security of cyber devicesand
(b) security against threats created through the operation of cyber devices. / Security usually means a situation where risks are not materialised.
9 / Küberturve
Cyber Security / Protection / is (a) the protection of cyber devicesand
(b) protection against threats created through the operation of cyber devices. / Security/protection usually means ensuring the security of something.
10 / Küberjulgeolek
(National) Cyber Security / is (a) the security of cyber devices of national importance and (b) protection against threats created through the operation of cyber devices. / (National) security usually means ensuring order, the way of governing, or national integrity (usually by institutions of security, law enforcement and national defence).
11 / Küberohutus
Cyber Safety / is the safe operation and handling of cyber devices / Safety usually means that threats to the basic operation and handling of the devices and systems are not materialised.
12 / Küberhügieen
Cyber Hygiene / is the hygiene of the operation and handling of cyber devices / Hygiene, in this context, means ensuring safety.
13 / Küberkonflikt
Cyber Conflict / is a conflict taking place as a result of the operation of cyber devices. / Conflict usually means a contradiction/collision of ideas, interests, needs or values.
14 / Kübersõda
Cyber War / is a war happening through the operation of cyber devices. / War usually means a conflict between nations or organised and armed groups.