Skip to main content
invest in estonia

How the world’s leading blockchain company Guardtime turns trust into digital truth from its Tallinn office

Based on the world's leading position in the field of cyber security, doors are open for Estonia in every branch of the economy, from space sector to healthcare. Estonia's cyber security flagship Guardtime offers world-class digital security and is a valued partner for the European Space Agency (ESA) and the World Health Organisation (WHO).

Guardtime has developed a system based on blockchain technology that can verify the correctness of data, networks, systems and processes with a mathematical proof called KSI Blockchain. With offices in Tallinn, Estonia and Lausanne, Switzerland, Guardtime has built 12 different enterprise products in the past 13 years, ranging from Telecom, Audit and Compliance, Cyber Range & Exercises and even Space and Health.

Guardtime helps to improve the European Space Agency’s cyber security capabilities

Having worked in various space-related positions in the public sector for years, Marika Popp joined Guardtime as the Head of Space Solutions about a year ago because “she wanted to sit on the opposite side of the table to see how private entities develop their technologies jointly with the European Space Agency (ESA)”.

Roughly speaking, every project that Guardtime is working on in space is tied to the domain of space cybersecurity but each in its own specific way. For example, as software is today the integral part of every single satellite this has brought along new specific security challenges and dealing with those potential cyber-threats requires a completely different approach to those back on Earth.

To combat those threats, Guardtime was recently awarded a contract to leverage its cybersecurity expertise and technologies to improve the capabilities of ESA’s Cyber-Security Space Operations Centre (C-SOC). Popp said that Guardtime is currently mapping and evaluating the agency’s cybersecurity capabilities while also identifying the future capabilities of what the C-SOC needs to address. This is the most palpable project that Popp has been working on with her team at the moment.

C-SOC is specifically designed and trimmed for the space sector. The centre will monitor ESA’s space mission operations and assist in security incident response.

“The fact that Estonia has such a high ambition in the field of space cybersecurity is partly thanks to Estonian government’s policy for ESA’s membership. As an ESA member state for five years already, Estonia has had to decide which programs to participate in. Considering Estonia’s background, cybersecurity has obviously been one of the priorities. In the foreseeable future, it’s unlikely that Estonia would have the capacity to build orbital launch systems. However, if we talk about space data security, Estonia has a reference base that makes us a trustworthy partner for ESA and its member states,” described Popp.

Having had several years of an active and successful collaboration with ESA has been a good selling point for Guardtime; for potential partners, it’s proof that the company can be trusted and its technology does what it claims to be doing. Comparing Estonia with other ESA members that have colossal sums of money to invest, Popp says that Estonia’s strength lies in carefully selecting its priorities and focussing on its existing strengths.

Space is a rather recent endeavour for Guardtime and Popp is looking for ways to actively extend Guardtime’s product portfolio further to  space. Its longest track record in this is related to the company’s main products, a blockchain technology solution called KSI blockchain. Simply put, it’s a technology that detects whether data has been manipulated by making hash out of the data and then comparing it to the original.

For example, the hash for “Life in Estonia” is 7f63138c4b2f999ca4acc6a4a73db229 but for “Life in e-Estonia” it would be 6ea00970ec07ffe6e01b6559ff9e3b39. As demonstrated, just with a small addition in the name the hash is totally different. Using a hash gives the confidence that no third party can see the data without authorisation.

This technology has the longest track record in collaboration between Guardtime and ESA to verify the integrity and provenance of ESA’s Earth Observation (EO) data sets. Guardtime has a technology stack that can be used to upgrade and improve operational EO data archiving and processing systems and improve their cyber-security measures. In addition, Guardtime is also working on a prototype based on KSI to verify the satellite trajectory data for collision avoidance within the domain of Space Surveillance and Tracking.

 

From space to health, KSI has a wide range of uses

The same KSI technology is also used by a team run by Ain Aaviksoo. He’s been filling the position of Chief Medical Officer of Guardtime Health for about two years. Aaviksoo’s career is admirable, he has worked as a physician at East-Tallinn Central Hospital, was a health policy researcher and consultant for the World Bank and dipped his toes into the public sector as Chief Information and Innovation Officer in the Estonian Ministry of Social Affairs. Due to his background, Aaviksoo is well-informed about what the public sector wants from the private sector and vice-versa.

The latest product Aaviksoo’s team has been working on is called Real World Data Engine. To describe it, he says the engine provides aggregated reports across multiple health care providers in a privacy-preserving manner. To make it even more understandable, Aaviksoo states that the system makes health data queries from everyday health care institutions, such as hospitals and family physicians.

Guardtime’s Real World Data Engine makes it possible to make the information behind the data available to the related parties without the specific data from moving outside of the medical institution. The producer of the drug can ask the engine how many patients achieved the promised outcome and complied with the conditions of the prescription. The data is based on actual data from real healthcare environment, as the name suggests, and the results are given in an aggregated form without any personal data processing being done at all.

Guardtime has already partnered with ten leading pharmaceutical companies led by Roche and AstraZeneca who will use the engine to cause a paradigm change in drug pricing with the ultimate aim of realising outcomes-based contracting.  According to Aaviksoo, both the healthcare payers and pharmaceutical companies have been looking for indication-based and combination-based pricing systems, which would mean drugs no longer have fixed prices but change in every case.

To achieve this, Guardtime combines two of their technologies: a multi-party computation technique and the KSI blockchain. With these tools, Aaviksoo is certain his team can solve the two main hurdles that have prevented patient data privacy, scalability and sustainability.

“It is not always possible to actually achieve the results found in clinical trials. Patients in clinical trials are a very specific group. Most of those who actually start using the medicine have a variety of coexisting conditions and confounding circumstances that can affect the outcome of treatment. The usual prognosis is given by the group average, in real life it could be different. Right now, it’s impossible to measure whether the outcome is achieved or not. Yes, the specific doctor sees the result but that information is kept from the pharmaceutical company and healthcare payer,” described Aaviksoo.

For example, the same drug can be used for the treatment of breast and pancreatic cancer but it could cost less for one of the treatments because the impact/value of the drug is different. To use the indication and combination-based pricing system, there needs to be a system in place for the drug manufacturers to control whether the drug is used as prescribed and where the conditions are filled.

Luckily for Guardtime, pharmaceutical companies and medical institutions have understood that there is no point in having separate databases for every pharma. Thanks to COVID-19, awareness has been raised that data is needed in the health sector.

“In order to know which treatment method is most appropriate, it would be necessary to compare the actual treatment used in different groups, so that effective treatment would be better rewarded and it would reach more and more patients,” said Aaviksoo. He adds that it is the main reason Guardtime is involved in this project. Pharmas have also found other possible use-cases for the same solution.

Yellow Card will see a digital transformation thanks to Guardtime

Another project Guardtime ventured into recently was initiated due to COVID-19. With the help of the World Health Organisation (WHO), the company is making the Carte Jaune (ICV) or Yellow Card digital. Not in the sense that the physical card, which carries all of the information about the vaccinations a person has, will be made obsolete; rather with the aim of restoring normality in the world.

Right now, Aaviksoo says that the card itself will remain as a physical card. However, one day in the near future, every person will have a unique QR code certifying whether they have received a Covid-19 vaccination or not. Looking at the travel restrictions put in place in many countries, having a certified vaccination when entering a country could be the new reality next year.

Due to the fact that WHO is involved with the project, Guardtime has to keep in mind that the system created needs to be simple enough to work worldwide and operate in countries without sophisticated information systems that can house the information in question.

“The same system can be used to secure the supply chain, for example, if a vaccine is intended for sale in Estonia, it must not be sold anywhere else. Guardtime’s system can detect the development of fake vaccines, meaning that their administration and sale to other countries becomes meaningless,” said Aaviksoo.

Just like with the Real World Data Engine, Guardtime keeps privacy as the cornerstone while developing the digital version of ICV. Aaviksoo gives the example of entering a foreign country and being asked for the ICV: the border-guard will only get a simple yes or no to the question of whether the person is vaccinated from the document that the person is presenting. No digital queries or integrations to outside databases are needed.

How one meeting in Geneva opened doors for Guardtime and Estonia in general

On October the 5th, Estonian Prime Minister Jüri Ratas and Director-General of WHO Dr Tedros Adhanom Ghebreyesus signed a Memorandum of Understanding regarding cooperation in the fields of Digital Health and Innovation. With pride, Marten Kaevats can call himself the architect behind it: he was the person that started the chain of events that led to the signing of the memorandum.

Kaevats is the National Digital Advisor to the Government Office of Estonia. On one of his work trips to Geneva, Switzerland in spring of last year, he was introduced to Dr Soumya Swaminathan, the Chief Scientist at WHO. After networking, Kaevats visited her office the next day and made a two-hour long presentation about the e-solutions currently used in Estonia as well as those coming in the near future. After the meeting, on Swaminathan’s personal recommendation, Kaevats joined the Digital Health Technical Advisory Group at WHO.

“WHO is looking for their role in the digital health field. They haven’t had any big success yet. The high-level Advisory Group consists of top experts from all over the world, many of which are doctors. I was frank with them during our first meeting that I don’t know anything about health as that’s not my field of expertise but I do know about interoperability. Simply put, interoperability is like Estonia’s X-Road. After our first meeting it was decided that I would lead the interoperability part of the Advisory Group,” explained Kaevats with joviality and cheerfulness in his voice.

Anyone that has met Kaevats knows he is not the typical public sector employee. He is always energetic, often embellishes his business attire with bright yellow or red sunglasses and talks with officials and journalists like friends. But don’t let the looks fool you, in just short years he has managed to prove to the government that self-driving cars need to be allowed on Estonian public roads and that Estonia needs to legalise Artificial Intelligence (AI).

In the Advisory Group, he started to work on the question of how to move health data cross-border, bearing in mind that WHO has 194 member states. To make it a reality, Kaevats made around 20 visits to WHO’s office in Geneva up until February. He got to know the personnel there and organised many workshops to map out different use-cases. The one eventually selected for proof of concept (POC) was not initially at the top of the list but the COVID-19 situation suddenly made it the most important issue.

Kaevats hopes that the Yellow Card POC is a stepping stone for Estonia and will open many more doors for Estonian companies to collaborate on projects with WHO, some of which are already in the works.

 

Guardtime is not getting any monetary compensation from WHO or the Estonian Government for developing the POC.

Wish to know more about cyber security in Estonia? Read more here or send Invest Estonia a request for e-consulting to be assigned a personal advisor who will help you with your business plan in Estonia.

News & events

Need more information?

Need more information?

What is it like to run a business in Estonia? How to benefit from the e-solutions and the efficiency of our business culture? What are the opportunities in specific sectors? Who to partner up with?

The Estonian Investment Agency’s team is happy to help you via its complimentary e-Consulting service, organize online or offline follow-up events such as virtual investment visits and guide you through the fairly simple process of investing in Estonia.

Request e-consulting