© CABAR - Central Asian Bureau for Analytical Reporting
Please make active links to the source, when using materials from this website

“Cyber Shield” and Cyber Holes of Kazakhstan

At a glance, official emails of almost all state authorities of Kazakhstan are registered with foreign state email domains – mail.ru, yandex.ru and gmail.com, while the state domain – .gov – is ignored. The question is how well is the Kazakhstan cyberspace protected from external threats?

Follow us on LinkedIn 

In 2017, Kazakhstan launched the Cyber Shield Kazakhstan programme. By launching it, the government planned to better protect the national software from any cyberattacks.

“At any moment, Kazakhstan could face a situation where we would be the target of an experiment or actual attack of criminal organisations and individuals with unpredictable outcomes,” as specified in the document’s objectives of the programme.

It is scheduled until 2022. A centre for information security has been opened under the concept, the government has developed the law on informatization, increased the number of grants towards IT specialties, and as reported by the Ministry of Defence and Aerospace Industry, measures have been taken to improve computer skills among public servants.

As a result of measures taken, Kazakhstan improved its position from 82nd to 40th (out of 152) in the Global Cybersecurity Index 2018. It ranks second after Russia among other CIS states. 

Top three scores in the CIS region. A screenshot  of the Global Cybersecurity Index 2018

However, the improved position in the international ranking doesn’t change the fact that in some aspects Kazakhstan is an easy target for hackers, so the tasks of the Cyber Shield have not been fulfilled yet.

White Hats

In April 2017, some unknown persons hacked the website of the Kazakh ministry of defence and placed a banner “Free Palestine” on the main page.

In August 2018, specialists of the Centre for Analysis and Investigation of Cyber-Attacks (CAICA) found vulnerabilities in the Documentolog.kz system, which was used by strategically important Kazakhstan-based companies. Later on, vulnerability was also found on the website of the Kazakhstan’s Supreme Court, which provided access to personal data of any person.

A specialist of the Ministry of Defence and Aerospace Industry, Asel Kusbergenova, reported a major reduction in the number of attacks since the launch of Cyber Shield. According to her, web resources of state authorities were hacked 95 times in 2017, and only 28 times in 2018.

However, a CAICA expert, Sabina Berikova, is not that optimistic. According to their information, the number of hacker attacks on Kazakhstan-based web resources tends to increase.

“As we expand the monitored area, we will be getting more information and seeing more incidents. In the incomplete year of 2018, our monitoring system of internet resources, WebTotem, reported some 600 incidents on various Kazakhstan-based websites. We cannot compare this data to earlier figures just because we don’t have them. We are going to compare the changes only at the end of this year, after we have current year statistics,” Berikova said.

Also, she thinks the Kazakhstan cyberspace has really become safer, and the toughened requirements of the regulatory authority and controls are effective.

“Critically important objects have been gathered in a special category with tougher requirements. The incident response speed has become 30 times faster due to the active stance of the sector ministry,” Berikova emphasised.

For the sake of national security

Email boxes are a different story. The statistical committee, republican state enterprise “Kazakhavtodor”, central office and press service of the ministry of education, press services of ministries of defence industry, culture and justice, consulates-general of Kazakhstan in Canada, Saint Petersburg, India and Brazil are important government institutions that use email boxes on such domains as mail.ru, yandex.ru and gmail.com. Yet the threat is not in hacking.

According to Sabina Berikova, such security measures as two-factor authentication make public services even safer than email boxes on gov.kz domains. However, other risks appear in this case:

“Theoretically, the same Google (gmail.com) has full access to emails of its users. Moreover, no DLP (Data Leak Prevention) systems can be installed to external mail to prevent leak of data from the organisation,” Berikova said.

A specialist of ministry of defence and aerospace industry, Asel Kusbergenova, added that the use of public email services for official correspondence could lead to compromise and leakage of confidential information as well as of personal data of employees of government authorities of Kazakhstan:

It’s worth noting that popular public email services are foreign products, which implies storage of documents and messages of employees of government authorities of Kazakhstan on servers located beyond Kazakhstan.
Every website of a state authority of Kazakhstan is tested for software vulnerabilities. According to the law “On informatization”, a resource would not get a positive test protocol and start operating if vulnerabilities are not removed. During its operation, a Kazakhstan computer emergency response team (KZ-CERT) responds to hacker attempts.

According to Sabina Berikova, vulnerabilities are being updated every day. However, not all of them, either detected independently, or by such organisations as CAICA, have been removed so far. According to the expert, overall changes of website architecture or logic need to be made to remove some of vulnerabilities. It’s not always practicable because it can lead to service interruption.

According to Berikova, vulnerabilities may be removed only if properly stimulated, whereas a good stimulus can be either a publication (public discussion), or a letter to a superior agency or a regulatory body.

Main photo: redsearch.org

This article was prepared as part of the Giving Voice, Driving Change – from the Borderland to the Steppes Project implemented with the financial support of the Foreign Ministry of Norway. The opinions expressed in the article do not reflect the position of the editorial or donor.

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

Spelling error report
The following text will be sent to our editors: