Kazakhstan Raises Cyber Shield
Kazakh Program Focuses on Securing Systems From Hackers and Criminals
More than 85% of Kazakhstan’s population uses the internet, the highest rate in Central Asia. Major areas of the country’s economy and the government have become fully digitized. In 2018, the Kazakh government launched the Digital Kazakhstan program, which has encouraged government agencies and businesses to shift from brick and mortar to online access for more efficient customer service.
But with Kazakhstan’s massive transition to digital economy, cybersecurity has grown more urgent, particularly since the onset of the COVID-19 pandemic that forced many people to work and study remotely.
This has inspired Kazakh authorities to advance serious measures to counter cyber threats. While there is no shortage of challenges to addressing cybercrime, which is increasing in intensity, scope and sophistication, the results of Kazakhstan’s efforts to fight cybercrime and threats in recent years have been significant.
Thanks to recent improvements in cybersecurity, Kazakhstan ranked 31st out of 182 countries in terms of commitment to cybersecurity in the 2020 Global Cybersecurity Index, issued by the International Telecommunication Union, an information and communication technologies initiative of the United Nations.
The five main pillars of the index are legal, technical, organizational, capacity development and cooperative measures. The 2020 ranking was a significant improvement from Kazakhstan’s previous standing of 83rd place in the 2017 Global Cybersecurity Index.
Installing Cyber Shield
Kazakhstan’s cybersecurity policy stems from the “Cyber Shield” program rolled out by then-President Nursultan Nazarbayev in 2013. He stressed that developing a cybersecurity strategy was in the national security interests of Kazakhstan, citing the ability of criminals to shut down infrastructure like power plants and trains.
“In today’s world, it is not necessary to fight using an aircraft or a tank,” Nazarbayev said in 2017.
That year, Kazakhstan developed state policies on how to prevent, mitigate and fight cyberattacks and hybrid warfare and improve legal processes to do so effectively. Kazakh authorities consulted international experts and adopted best practices in cybersecurity to put together the concept. The first stage of the Cyber Shield program ran from 2017 until 2018, and the second is to last from 2019 to 2022. So far, the program has cost 28 billion Kazakh tenge (about $66 million).
The country’s Ministry of Digital Development, Innovations and Aerospace became the main government agency responsible for implementing the Cyber Shield action plan along with the State Technical Service Joint Stock Co., which is now part of the Kazakh Ministry of Investments and Development.
Cyber Shield defines how state policy protecting electronic information resources, information systems, and telecommunication networks and ensuring safe use of information and communication technologies should be implemented. The concept helped unify the previous makeshift approaches to cybersecurity. Cyber Shield also advocated developing rapid response mechanisms to prevent information security incidents, including during emergency situations.
Criminals target Kazakhstan
In the spring of 2021, a United Kingdom-based technology review and consumer website Comparitech issued a report that ranked the most and least cyber-safe countries in the world. According to the report, Central Asian countries, including Kazakhstan, were ranked near the bottom.
Kazakhstan is one of the most appealing countries for so-called cryptojackers, who create digital currency, or cryptocurrency, by gaining access to vulnerable computers. This process is known as mining cryptocurrency, or cryptomining. Without getting permission of owners of computers, cryptojackers avoid paying for massive amounts of electricity needed for cryptomining. Kazakhstan is an attractive country for cryptomining due to low electricity prices and less secure computers compared to other countries in the world.
One of the main reasons of why computers in Kazakhstan are less secure is that nearly 74% of software installed in computers in Kazakhstan was unlicensed, or downloaded from illegal sources, according to a 2019 meeting of the Kazakh working group on computer software.
Unlicensed software may carry malware that can jeopardize a user’s data, and it is difficult to download security updates for such a software to prevent cyberattacks. As a result, computers running on pirated software are extremely vulnerable to hacking, cryptomining, theft of confidential information, fraud and other forms of cybercrime.
“The number of cyber threats to electronic systems of [Kazakh] government agencies are doubling every year,” according to a 2017 statement by Ruslan Abdikalikov, chairman of the Information Security Committee of the former Ministry of Defense and Aerospace Industry.
Kazakhstan’s national Computer Emergency Response Team, known as KZ-CERT, registered 11,432 cybercrime and information security threats in the first half of 2021, a 15% increase from 2020. According to KZ-CERT, botnets, Trojan horses and computer viruses are some of the most common malicious software used by cybercriminals to attack computers in Kazakhstan.
Cyberattacks on WordPress content management modules (software used to build websites and create content published on the internet), which are commonly used in Kazakhstan, have cost many website users confidential and sensitive information and defaced sites with terrorist and extremist propaganda messages.
Cybercriminals regularly target Kazakh businesses, government agencies and individuals for profit. In August 2021, every bank in Kazakhstan failed to demonstrate the capability to protect their web-based resources, including security of their content, data transmission, traffic encryption and security settings, against cyberattacks.
Weak cyber defense of Kazakh banks is particularly concerning, given that cyberattacks against major international banks take place every second, according to General Director of Citibank in Kazakhstan Andrey Kurilin.
Nevertheless, since the establishment of the Cyber Shield concept in 2017, the Kazakh government’s increased monitoring and proactive responses to secure the country’s cyberspace have significantly lowered cyber threats. By 2019, the Ministry of Digital Development, Innovations and Aerospace had sufficient knowledge about sources and timing of cyberattacks against Kazakhstan. The ministry has helped reduce the number of website defacements and infected software in the country.
Thanks to Cyber Shield, more than 300 critical infrastructure sectors, including banks, government agencies, businesses and manufacturing, improved their security systems. The State Technical Service of Kazakhstan has built enough capability to deter and prevent nearly 1 million cyberattacks a day.
In 2018, the National Security Committee of Kazakhstan established the National Information Security Coordination Center (NISCC), designed to protect information resources of state agencies and critical information infrastructure of Kazakhstan from cyberattacks. In 2020, the NISCC provided 17 government agencies with antivirus protection and monitoring of their information systems for cyber incidents and threats.
One of the key parts of the Cyber Shield is training cybersecurity specialists and educating the public about information security. Because of a shortage of trained information technology professionals in Kazakhstan, the authorities have been eager to provide cyber-focused scholarships to university students. The Ministry of Digital Development, Innovations and Aerospace has been tasked with arranging training and educational campaigns about cybersecurity for the general population.
As part of the Cyber Shield action plan, the Kazakh government introduced voluntary cyber insurance for the first time in Kazakh history, which authorizes financial compensation for property damage to a legal entity from a cyberattack or data leak.
Importance of education
The state realizes that the rapid transition of the country to a digital economy and governance requires greater engagement and education of the public about computer security to reduce cyberattacks and related damage. Kazakh authorities note that the public remains largely uninformed about basic cybersecurity threats, such as risks from unintentionally downloading malicious software that can lead to phishing and online fraud.
Moreover, many small and medium-size businesses in the country lack basic knowledge about protecting information and communication technologies.
Therefore, the state now emphasizes improving public awareness and holding educational campaigns to ensure that people have basic tools to protect computers and communication technologies. According to a recent survey, such efforts have been effective in raising public awareness about cybersecurity threats, knowledge of which now reportedly stands at 78%.
Kazakhstan has also been investing in training civil servants about cybersecurity, information and technology legislation, and electronic governance. Since January 5, 2021, the Academy of Public Administration under the President of Kazakhstan has organized online courses to train civil servants on digitalization of government agencies. In 2019, the Ministry of Digital Development, Innovations and Aerospace held free online training courses on cybersecurity for government officials in more than 20 state agencies and
17 local government bodies.
At the start of the global pandemic in 2020, many government workers in Kazakhstan switched to remote offices. To improve digital and communication skills of Kazakh civil servants, the Academy of Public Administration, the United Nations Development Program in Kazakhstan, the Astana Civil Service Hub and the Agency for Civil Service Affairs of Kazakhstan organized large-scale training for government workers in 2020.
In an address to the nation on September 1, 2021, President Kassym-Jomart Tokayev said “all information and technology initiatives of the public sector will be exclusively based on the new platform under the Kazakh state technical supervision. It will eliminate duplication, costs and bureaucracy, and provide public services to citizens from smartphones 100%.”
The growing digitalization of government services will continue to require investments in educating civil servants about cybersecurity. President Tokayev’s vision of a digital Kazakhstan, where just about all government services will be provided electronically and the private sector will rely on electronic commerce, is inseparable from his commitment to continuous improvement of the country’s cybersecurity.