When shutdown is no option: Identifying the notion of the digital government continuity paradox in Estonia's eID crisis
研究了爱沙尼亚政府如何在不关闭受影响系统的情况下管理大规模电子身份证安全漏洞,揭示了数字政府连续性的悖论,并识别出五个解释数字政府韧性的关键因素。
States must increasingly manage cybersecurity threats and disruptions in their digital government infrastructures. However, the digital government literature lacks a systematic, more rigorous understanding of how states respond to such risks and crises and what factors can explain these responses. This article addresses this research gap by identifying explanatory mechanisms of cyber risk and crisis governance in a critical and, to date, unique case: the Estonian government's management of the ‘ROCA’ vulnerability, which rendered two-thirds of its national electronic identity cards vulnerable to a major security risk. The case provides one of few examples in which a digitally highly advanced state publicly dealt with a large-scale cyber risk at the heart of its digital government. Estonia overcame the crisis without constraining the affected infrastructures' functionality, while other countries did not. The article examines a seeming paradox of 'digital government continuity': Crisis managers can not afford to shut down widely adopted, yet vulnerable, digital systems. However, the vulnerable systems' continued operation contributes to their resilience. The article identifies five constructs that help explain digital government resilience: 1) technology management, 2) networked cooperation, 3) collaboration capital, 4) risk management capacity, and 5) legitimacy building.