In an increasingly digital state, it is necessary to consciously prepare for a situation where the state will suddenly have to function without internet access and be able to adapt to this.
The Ministry of Justice and Digital Affairs is responsible for the continuity of the data transmission service as a vital service. The functioning of both phone services and information systems depends on data transmission. If data transmission goes down, the state must be prepared to reorganise the critical services in the area of administration of the Ministry of the Interior, the Ministry of Finance and other agencies, such as Eesti Pank, which was reviewed in the audit.
In the event of a data outage, rescuers, ambulances and the police may reach the people who need help later than usual, as reaching the Emergency Response Centre in the event of a data outage is more difficult, as it may also experience delays in processing emergency calls, assigning assistance and communicating with responding units.
A data outage will also lead to an outage in mobile phone service, and people may not be able to reach the Emergency Response Centre by phone. The only way to get help in this case is to contact the nearest police station, rescue unit or ambulance service provider, who can use their communication resources to help organise the necessary assistance or mediation. In the event of a data outage, communication of the Emergency Response Centre with the responding units driving to the scene will also be disrupted, as data-dependent means of communication are ordinarily used to keep in contact with the responders. According to the Minister of the Interior, alternative data-independent options for communication with responding units are being expanded.
Informing people about threats can be done independently of data transmission service only by radio via the Vikerraadio station of Estonian Public Broadcasting. Estonian Public Broadcasting is working on a solution, which will make it possible to broadcast warning messages via free-to-air television in the event of a data outage. Siren devices cannot be centrally activated in the event of a date outage. This imposes significant limitations on informing people in public spaces of an imminent threat. There is an alternative way of triggering the sirens, but the Rescue Board has not tested it in practice.
Interbank payments and payments through the State Treasury can be made without data communication, but the speed of payments would be significantly reduced in the event of a data outage. The end-users of the service must keep in mind that instant payments cannot be made in this case, and that it will take significantly longer to receive payments than usual.
Once the payment information reaches the bank, it can be moved between banks without the need for data transmission. Eesti Pank has thought this through in cooperation with commercial banks. The functioning of card payments without data transmission was not yet fully developed by the time of the audit. In a crisis, cash remains essential as a means to pay for goods and services and to cover the costs necessary for the functioning of state agencies.
The Ministry of Justice and Digital Affairs has proceeded from the requirements of the Emergency Act in the organisation of the continuity of the vital data transmission service, but some risks need more attention.
In its preparations, the Ministry has focused on power cuts as the scenario with the greatest impact on data transmission service, but the crisis plans of the Ministry and telecommunications companies do not explain how will the risks in the sector arising from failures in the provision of other vital services, such as the supply of fuel to telecommunications companies, be managed. The analysis of the crisis plans also did not reveal the extent of the preparedness to deal with breakdowns in the cable-based data transmission service inside the country. The crisis plans provide guidance only in the case of problems with international data transmission.
The Ministry of Justice and Digital Affairs have formulated key principles in their emergency response plans, but the crisis plans do not show that the Ministry and the telecommunications companies are on the same page when it comes to implementing the policy. For example, the Ministry of Justice and Digital Affairs has decided that, as a first priority, data transmission service must be restored in the regional centers of the Emergency Response Centre and on sites that ensure continuity of energy supply. However, the plans do not make clear how and with what resources telecommunications companies should organise this. Therefore, the National Audit Office finds that misunderstandings may occur in a crisis, for example, when restoring the data transmission of objects and agencies that are essential for the functioning of the state or when restricting data transmission nationwide.
The National Audit Office recommended that the Minister of Justice and Digital Affairs specify in the emergency response plan how to ensure the continuity of cable-based data transmission, the implementation of strategic principles and manage the risks arising from the interdependence of vial services.
The National Audit Office made more detailed recommendations to the Minister of the Interior and the Minister of Finance in the audit. Among other things, the National Audit Office recommended that the Minister of the Interior increase the possibilities to use communication channels that are autonomous from conventional data transmission and improve the continuity of siren devices.
Background
A digital state needs a stable data transmission to function, as many services depend on it. However, data connections are vulnerable, and in a tense security situation they have become potential targets of attempts to apply influence.
Estonia’s international connections are duplicated, and if one cable breaks, data traffic can be switched to other cables (either submarine or land cables). Whilst connections inside the country have not been damaged in Estonia, the experience of the war in Ukraine shows that attacks on data transmission infrastructure have a critical impact in both conventional warfare and hybrid operations.
In the audit, the National Audit Office analysed the continuity of data transmission as a vital service and the functioning of other services that depend to a significant extent on data transmission in the event of a data outage.
Services depending on data transmission have so far been most comprehensively listed as national defence tasks in the National Defence Action Plan established by the Government of the Republic (the last time was in December 2024). The responsible ministries regard the services selected for the audit as critical, dependent on digital solutions and universally essential in times of peace, crisis and war.
The critical services covered in the audit:
- ensuring rapid assistance and the 112 emergency number (Ministry of the Interior);
- ensuring emergency public warnings (Ministry of the Interior);
- payment service (Eesti Pank);
- payments for state institutions (Ministry of Finance).
The capabilities of telecommunication companies (Telia, Elisa, Tele2 and STV) concerning provison of data transmission service was not assessed during the audit.
The National Audit Office will publish a summary, an overview of the sector and, in part, the characterisation of the audit from the report “Functioning of critical services in the event of a data outage”. The full text of the report remains for internal use only.
