At a glance, official emails of almost all state authorities of Kazakhstan are registered with foreign state email domains – mail.ru, yandex.ru and gmail.com, while the state domain – .gov – is ignored. The question is how well is the Kazakhstan cyberspace protected from external threats?
Follow us on LinkedIn
На русском In 2017, Kazakhstan launched the Cyber Shield Kazakhstan programme. By launching it, the government planned to better protect the national software from any cyberattacks. “At any moment, Kazakhstan could face a situation where we would be the target of an experiment or actual attack of criminal organisations and individuals with unpredictable outcomes,” as specified in the document’s objectives of the programme. It is scheduled until 2022. A centre for information security has been opened under the concept, the government has developed the law on informatization, increased the number of grants towards IT specialties, and as reported by the Ministry of Defence and Aerospace Industry, measures have been taken to improve computer skills among public servants. As a result of measures taken, Kazakhstan improved its position from 82nd to 40th (out of 152) in the Global Cybersecurity Index 2018. It ranks second after Russia among other CIS states. However, the improved position in the international ranking doesn’t change the fact that in some aspects Kazakhstan is an easy target for hackers, so the tasks of the Cyber Shield have not been fulfilled yet.
In April 2017, some unknown persons hacked the website of the Kazakh ministry of defence and placed a banner “Free Palestine” on the main page.In August 2018, specialists of the Centre for Analysis and Investigation of Cyber-Attacks (CAICA) found vulnerabilities in the Documentolog.kz system, which was used by strategically important Kazakhstan-based companies. Later on, vulnerability was also found on the website of the Kazakhstan’s Supreme Court, which provided access to personal data of any person. A specialist of the Ministry of Defence and Aerospace Industry, Asel Kusbergenova, reported a major reduction in the number of attacks since the launch of Cyber Shield. According to her, web resources of state authorities were hacked 95 times in 2017, and only 28 times in 2018. However, a CAICA expert, Sabina Berikova, is not that optimistic. According to their information, the number of hacker attacks on Kazakhstan-based web resources tends to increase. “As we expand the monitored area, we will be getting more information and seeing more incidents. In the incomplete year of 2018, our monitoring system of internet resources, WebTotem, reported some 600 incidents on various Kazakhstan-based websites. We cannot compare this data to earlier figures just because we don’t have them. We are going to compare the changes only at the end of this year, after we have current year statistics,” Berikova said. Also, she thinks the Kazakhstan cyberspace has really become safer, and the toughened requirements of the regulatory authority and controls are effective. “Critically important objects have been gathered in a special category with tougher requirements. The incident response speed has become 30 times faster due to the active stance of the sector ministry,” Berikova emphasised.
For the sake of national security
Email boxes are a different story. The statistical committee, republican state enterprise “Kazakhavtodor”, central office and press service of the ministry of education, press services of ministries of defence industry, culture and justice, consulates-general of Kazakhstan in Canada, Saint Petersburg, India and Brazil are important government institutions that use email boxes on such domains as mail.ru, yandex.ru and gmail.com. Yet the threat is not in hacking.
This article was prepared as part of the Giving Voice, Driving Change – from the Borderland to the Steppes Project implemented with the financial support of the Foreign Ministry of Norway. The opinions expressed in the article do not reflect the position of the editorial or donor.