If we consider the birth of the software company Cybernetica to be 1997, when the public limited company of the same name was founded, we can say that it is an IT company with a long-standing history. However, the roots of the company reach back even further – into the 1960s, when the Institute of Cybernetics in Tallinn first began to develop this discipline of science. Back then, the focus was more on the automation of industrial systems (like factories). After Estonia restored independence in 1991, the research institutes were merged with universities, but the part of the institute dealing with applications and services fell into private hands.
Developing an e-society was already being considered in the 1990s in Estonia. There are not many systems operating currently that were created without the involvement of Cybernetica. The infrastructure of the e-state we have today is based on the topics of informational security and cryptography: the bread and butter of Cybernetica.
Today, there are around 170 people working at the company. Oliver Väärtnõu, Chairman of the Management Board of Cybernetica emphasises that their main goal is to create mission-critical software solutions for the clients. “This means that the solutions must be secure and must work under severe conditions.”
That would be a worthy aim for any IT-company. But in the case of Cybernetica, the requirements are much higher – of the highest degree, even. For example, the company has developed the Estonian e-elections system, which has two controversial goals that it needs to achieve – it has to provide confidentiality (secrecy of the vote) and transparency (vote cast as intended) at the same time. They have also created various information systems of the Estonian Tax and Customs Board, Police and Boarder Guard, and played the most integral role in the creation and development of the famous X-Road data exchange layer. Today, Cybernetica has created a product version of the X-Road, which it distributes under the brand name of Unified eXchange Platform. The platform is in use in Japan, the USA, Ukraine, Denmark, and Tunisia.
One of the most recent and important breakthroughs for the company has been the creation of a new digital identity technology called the SplitKey. Once again, this is a totally unique technology in the world, which turns end-user mobile devices into secure authentication devices, equipping online service providers with a reliable and secure end user access management tool. The platform also enables end-users to digitally sign documents in accordance with European Union regulation.In Estonia and the other Baltic countries, the SplitKey technology backs the Smart-ID service and enables 3 million people to use it as a means of secure authentication with digital service providers.
Secure authentication typically requires the use of tokens (e.g. smartcards, PIN-calculators etc) in order to avoid identity theft or cloning of a digital identity. These devices are either expensive or inconvenient to use. Moreover, user registration typically requires a physical visit to whomever issues the relevant tokens. SplitKey’s uniqueness comes from the fact that it is fully software-based and uses advanced cryptographic methods like threshold cryptography. It also complies with the highest security demands that European regulations have set for digital signatures and authentication appliances.
Väärtnõu says that with the spread of the Coronavirus, many countries have identified the need to become more digital. One of the first questions they usually ask is about identification of individuals in the cyberspace. If a government offers digital services to its citizens, how can it ensure that it is dealing with the right citizen for whom it has created the service? “It is quite simple – If we are unable to authenticate a person, one really cannot offer the service.”
Väärtnõu is often asked how long it would take to build an e-government like in Estonia somewhere else. “I always reply that other countries would not benefit from exactly the same kind of e-government, because each country has its own systems, legislation, culture and ways of conducting business. But indeed, we can export the basic technologies from Estonia and apply them, usually with customisations elsewhere. I still want to emphasise that those technologies do not come in a box – something you just plug and play. Technology transfer is a process which requires strong local state leadership and a technology partner that is committed to transform (proven) technologies to the local needs,” explains Väärtnõu.
Cybernetica is also involved in the development of the Estonian Corona app HOIA that was launched in August. In the case of this application, Cybernetica took the task of solving issues of privacy and security. The app notifies you if you have been in close contact with an infected person, but it does not tell you when and where you came in contact with an infected person, so it is not possible to identify the infected one. Väärtnõu admits that the app was launched slightly later than in some other countries but emphasises that it is built according to best practices. Unlike many applications launched, it does not track the activities or movement of individuals.
Emphasis on research
“In addition to the development of services and applications, we carry out a lot of research and development related to information security, mostly in cryptography but also machine learning. As we say, R&D is in our DNA,” says Väärtnõu. “After all, we have grown out of a research institute and we really live in accordance with those values.”
In order to emphasise the significance of scientific research, Cybernetica gives out two different fellowships. The Cybernetica Master’s Fellowship is intended for excellent students in the Masters in Computer Science and Masters of Software Engineering curricula at the University of Tartu. The fellowship provides students with research collaboration opportunities alongside the leading R&D-based IT company in Estonia. The second fellowship commemorates the former head of Cybernetica, Monika Oit, and supports information technology master’s and doctorate students.
“It is important for us that, in addition to strong IT specialists, Estonia also has high quality IT science. Therefore, we encourage people to study and pursue research,” explains Väärtnõu. Cybernetica also employs doctorate students who focus on research when working for Cybernetica (so-called industrial PhD’s). Furthermore, every year the company also brings in around ten apprentices who often receive part-time employment, but ensures that they finish their studies.
Exchanging cyber intelligence
An important milestone, not only for Cybernetica but Estonia as a whole, was the contract signed between Estonia and the United States to build a joint platform for sharing cyber-threat intelligence between the two countries. The system will be developed by Cybernetica and procured by the Estonian Centre for Defence Investment.
As one of the core asset of cyber defence is regular exchange of threat intelligence, the goal is to develop an automated system between the US and Estonian defence forces. “This is the first-ever joint capability developed in the cyber domain between the two countries,” says Oliver Väärtnõu. He explained that if Estonia were attacked, the so-called attack signatures or information would be sent through a secure data exchange system to the Americans. Or vice a versa, if our allies discover a vulnerability in a system they use that is also used in Estonia, they can share this information securely. The contract was signed last year and currently the development work is underway. While the system will initially be used by Estonia and the United States, the parties are exploring the possibility of introducing this capability to other allies.
Want to do invest in the digital country where the solutions of tomorrow are invented? Read more about the opportunities Estonia has to offer in the areas of IT R&D here and request complementary e-Consulting.