Astana Looks To Strengthen Cybersecurity, Launches Cyber Shield

Kazakhstan is planning to strengthen its cyber security, as President Nursultan Nazarbayev has called upon the country’s government to launch an initiative that outlines the policy towards information security threats.

“We need a reliable cyber shield for Kazakhstan, and we cannot postpone its creation, as we need to protect the interests of our country, our culture and our values,” Nazarbayev said as he opened a new session of parliament on Monday.

“In today’s world, there is no need to fight using aircraft and tanks. Run a virus, and stop power plants, trains – that’s all it takes,” Nazarbayev said.

Central Asia’s largest country is currently working on a five-year plan known as the “Concept of Cyber Security” or “Kazakhstan Cyber Shield” that is expected to strengthen already-existing state policy regarding cybercrime and is supposed to cover the period of 2018-2022. Prepared by the country’s Defense and Aerospace Industry Ministry in June 2017, the document identifies a range of measures, including the audit of existing educational programs, training of new experts in the realms of information security, as well as development of the domestic IT and electronics industries.

As early as 2006 Astana introduced cyber policy.  “The Concept of Cyber Security of Kazakhstan” was created with the aim to prevent external and internal cyber threats. It was revised in 2011 and extended to 2016. Both policies were designed based on existing laws, but they failed to bring the expected results.

In February, the country’s banks, including Kaspi Bank, Halyk Bank, Kazkommertsbank, Sberbank and Bank of Astana, were targeted by Ukrainian hackers, who managed to obtain confidential data from some card account holders in order to seize their money. Representatives of these banks have not disclosed the amount of damage. In May, hackers targeted servers of the North Caspian Operating Company, which is engaged in exploring Kazakhstan’s largest oil field, Kashagan. In addition, state websites with a sponsored top-level domain suffix ending in .gov, including the website of the Ministry of National Economy, were also subjected to cyber-attack in 2017.

While the attack in May was unsuccessful, the threats to Kazakhstan’s electronic systems are still real and present.

Kazakhstan’s Center for Analysis and Investigation of Cyber Attacks (CAICA) believes the use of an outdated content management system is the main reason for the vulnerability of state websites.

“A large percentage of state websites were developed based on content management systems, created and supported by specific software developers that no longer pays attention to its security,” said Olzhas Satiyev, CEO at CAICA.

According to the report issued by the International Telecommunication Union in 2017, Kazakhstan ranked 83 out of 165 countries in the Global Cyber-security Index, while Kazakhstan’s Caspian region neighbors Azerbaijan and Russia ranked 44 and 10, respectively.

In January, during his annual address to the Kazakhstani people, President Nazarbayev for the first time stressed the need to create a special protection system to combat cybercrime and urged the Defense and Aerospace Industry Ministry to create a plan to do just that. The result was a document titled Kazakhstan Cyber Shield, which was approved on June 30. The government earmarked 7 billion tenge ($12 million) for its implementation.

“We need to understand that the “Cyber Shield” is not just software and a couple of data centers, it is a huge complex of activities that need to be implemented in the upcoming years. The announced figure of seven billion tenge is only the first drop in the huge budget of the construction of country’s cyber defense system,” Shavkat Sabirov, the head of the Internet Association of Kazakhstan believes.