Using remote datacentres for backup may be far from a new idea, but Estonia is taking it to a new level, using facilities on allies' soil to provide a failover in the event of a national crisis.
Estonia has decided to go forward with the idea of digital data embassies. The concept was born during the discussions around the country's new cyber-defense strategy, and will see many databases and services deemed vital to the state's operation being duplicated in highly-secure datacentres, located in countries friendly to Estonia.
Currently, there are already duplicates of some of databases and state registries held in some Estonian embassies. The fact that these servers require dedicated rooms within the embassies which often are operating already in quite constrained conditions was one of the reasons why the new plan to rent space in secure datacentres in foreign countries was created.
In late August, the concept of data embassies was first presented by the ministry of economic affairs and communications to the council of e-Estonia. The feedback was positive, and means the first pilot projects could soon go live.
"It is of vital importance that e-Estonia is safe and our state could continue performing in a crisis situation. Backing-up critical systems in the data embassies will help us to assure the digital continuity of our state," said Taavi Rõivas, the head of the council and prime minister of Estonia.
"It is an unique idea in the world and our allies and partners have also shown interest in it."
The deputy secretary general for communication and state information systems Taavi Kotka said that assuring digital continuity is the main reason for the plan.
"Many of our registers and services exist only in digital form and situations where, for example, digital signatures do not work for days at a time, or the data in the Land Registry is corrupted, are not acceptable to society," he wrote in his Masters thesis, Concept of Estonian Government Cloud and Data Embassies.
The data embassies could also prevent the takedown of state systems in possible situations of crisis, such as cyber attacks or the highly unlikely event of occupation of Estonian territory.
"The initial idea was that we would be able to carry on with the functions of the state even when its physical territory is occupied," said the director general of the Information Systems Authority Jaan Priisalu, adding that Estonia already has the technical capabilities needed to set up data embassies and consultations with foreign countries' technologists have already begun.
"You can use these opportunities on many different levels: you can have backup copies [stored] in other places; secondly, you can have the databases in other places, meaning that you are able to run them from other places, and thirdly, the whole system functions somewhere else and is always accessible when it's being from these other places."
The state could use the data embassies to store duplicate copies of the population registry, land registry, business registry, and other databases and registries which are critically important to Estonia.
Because Estonia is a member of NATO, any occupation of Estonian territory is highly unlikely; however, data embassies will make it even more difficult for the theoretical enemy to disrupt the running of the state.
"One of the main tasks for a theoretical occupier's military planners would be taking down the state institutions and replacing them with its own. If the state and its institutions function even after the physical occupation of its territory, this goal will not be achieved and the political cost for the occupier would rise significantly," Priisalu said.
The so-called "state monuments" or services which are less important for the functioning of the state, such as information portal President.ee, could also be moved to the commercial clouds, provided by the likes of Microsoft and Amazon. To ensure that the service provider or a third party couldn't change the data saved in these commercial clouds, digital signatures and trusted timestamping would be used.
A significant benefit for running these services from a commercial cloud would be increased immunity against DDoS attacks, which were used against Estonia in 2007 during the biggest cyber attack campaign against the state so far.
As for the digital data embassies, where the duplicates of important registries and databases would be held, the responsibility for their security could theoretically be given to the state where the embassy is situated.
"One technical side of this matter, which still has to be discussed with other countries is that, in the same way that they are responsible for the security of a physical embassy, they could also be responsible for the cybersecurity of a virtual embassy," Priisalu said, adding that these secure datacentres employ specialists who can react to any attack rapidly and appropriately.
In the future, could Estonia's registers and databases be scattered in different countries, rather than just duplicates, as under the current plan?
"It would be really great if we could develop far enough that everything was scattered, it would be a major step further on from the data embassies. It would mean using secure multiparty computing, the data should be encrypted so that none of the data processors could intervene or see what does the data is comprised of. We could go even further than that — developing a system which is distributed in such a way that no service provider would have control over the system," Priisalu said.
"Are we ready for it now? Certainly not. We need to carry out a lot of application research and solve many problems before that."