Cybernetica to develop Estonia’s roadmap for PQC, begins e-state upgrade for crisis resilience

Cybernetica, one of the key companies behind Estonia’s digital government ecosystem, has been tapped to upgrade the country’s e-state systems to be crisis-resilient. The tech firm has also been awarded three procurements to transform digital public services to post-quantum cryptography (PQC) and ensure systems, such as eID, public key infrastructure and the country’s data exchange platform, are safe from future quantum attacks.

The first upgrade will focus on replacing the e-Consultation platform, which is used for legal procedures before a draft is submitted to the government, and the e-Cabinet platform (VIIS), designed for organizing weekly government sessions.

The new system will be designed to remain stable even during internet blackouts and other serious disruptions. Cybernetica will also test the use of AI as part of the project.

“For more than 25 years, Estonia’s government session information system has been a hallmark of our e-state,” says Oliver Väärtnõu, CEO of Cybernetica. “Our goal is to ensure that the new work platform keeps up with digital development and continues to meet the high standards of Estonia’s digital state even under changing and challenging conditions.”

According to the company, the prototype and roadmap for the new government work platform will be developed over the next 15 months.

The Estonian government uses several IT systems, including e-Cabinet and e-Consultation, the Document Exchange Centre, the Parliament’s Information System for Draft Legal Acts, the E-State Gazette, as well as document management systems of ministries and the government office.

The systems rely on e-signatures and authentication through digital identity systems such as ID-card and Mobile-ID, as well as usernames and passwords.

The upgrade is funded by the government of Estonia and  supported by the European Union’s Cohesion Policy Programme 2021–2027.

Estonia e-government goes post-quantum

In parallel, Cybernetica will also be focusing on developing Estonia’s national roadmap for public agencies for transitioning to post-quantum cryptography (PQC), preparing the country for a future in which powerful quantum computing will be able to break current encryption methods.

Currently, the country’s digital ID systems, such as ID-card, Mobile-ID and Smart-ID, still remain on traditional cryptography. The same goes for other vital platforms such as the X-Road data exchange platform, public e-services and the country’s online voting system.

“Presently, the systems are secured and there’s enough time to begin transition to PQC, since no quantum computers exist yet. However, it is impossible to know precisely when one is going to be manufactured, there are only predictions,” says Dan Bogdanov, Cybernetica’s Chief Scientific Officer.

The move is part of an EU roadmap to adopt Post-Quantum Cryptography (PQC) in critical and high-risk applications by 2030, which was issued in June last year. Other countries are also exploring how to protect their systems from potential quantum attacks, including Germany, which has recently received a proof-of-concept for a national ID card that combines classical and post-quantum cryptography.

​The upgrade process to PQC will be complex, the firm notes. The roadmap consists of three phases, including creating a cryptographic  inventory of existing systems, developing transition plans and implementing them across Estonia’s digital infrastructure.

The Population Register (Rahvastikuregister) will be one of the initial systems to receive quantum-resistant protections. Cybernetica plans to examine the register’s structure, assess how data moves through the system, review its cryptographic elements against potential quantum computing risks, and determine how post-quantum cryptography solutions could be implemented and what effects they might have.

This initiative will become a blueprint for protecting additional national databases and services.

The firm also plans to update its 2021 report, Cryptographic Algorithms and Their Support in Libraries and Information Systems, to include the latest developments in post-quantum cryptography.

Article Topics

biometrics  |  Cybernetica  |  data exchange platform  |  digital government  |  digital identity  |  e-ID  |  Estonia  |  government services  |  post-quantum cryptography  |  quantum computing