CMM Review Kyrgyz Republic (as part of the Global Cybersecurity Capacity Program I)

Summary

In collaboration with the World Bank (WB), and the State Committee of Information Technologies and Communications of the Kyrgyz Republic, the Global Cyber Security Capacity Centre (GCSCC) undertook a review of the maturity of cybersecurity capacity in the Kyrgyz Republic. The review was hosted by the State Committee on Information Technology and Communications of the Kyrgyz Republic (SCITC, Государственный комитет информационных технологий и связи КР).

Details

Aim

The objective of the review was to enable the Kyrgyz Republic to gain an understanding of its cybersecurity capacity in order to develop an investment strategy for the development of the cybersecurity capacity of the country.

Context

The Global Cyber Security Capacity Centre (GCSCC) conducts research to understand and identify trends in cybersecurity, to help the world prepare and respond to cyber threats. Together with a global multistakeholder community with expertise in cybersecurity capacity building, the Centre has developed a model that helps countries self-assess and identify their strengths and needs for their cybersecurity maturity. The Cybersecurity Capacity Maturity Model (CMM), which was last revised in 2021, considers cybersecurity maturity to comprise five dimensions which together constitute a wide breadth of national capacity that a country requires to be effective in delivering cybersecurity resilience. Dimension 1 looks at the country’s ability to develop and implement cybersecurity policies and strategy. Dimension 2 looks at culture and societal elements that affect public understanding and their ability to protect themselves in the cyberspace. Dimension 3 looks at the initiatives by different stakeholders in driving cybersecurity awareness among users. Dimension 4 looks at the capacity of countries to prosecute cybercrime and Dimension 5 looks at the availability of protective technologies and standards

The GCSCC’s support to a CMM in the Kyrgyz Republic was funded by the United Kingdom, Korea-World Bank Group Partnership Facility (KWPF) under its Global Cybersecurity Capacity Program.

Outcomes

The CMM review revealed relevant findings. For instance, the lack of a national cybersecurity strategy or national incident response team, cybersecurity and cybersecurity awareness not being a priority amongst public and private actors, legal frameworks for addressing cybersecurity and cybercrime were at early stages, a lack of technical security controls, secure software catalog, with regulatory standards for cybersecurity and information technology still in early stages.

Various specific steps were proposed to the Government, notably: the development of a comprehensive legal and regulatory framework, a national cybersecurity strategy, and a national Computer Security Incident Response Team (CSIRT).

Outputs

The CMM report was completed in 2017.

A summary of the CMM’s findings and information on follow-on action was included in the World Bank’s report ‘Global Cybersecurity Capacity Program: Lessons Learned and Recommendations Towards Strengthening the Program’.

Following the implementation of the Global Cybersecurity Capacity Building Program in the Kyrgyz Republic, the Security Council of the Kyrgyz Republic issued a document “On measures for digital development of the Kyrgyz Republic”, which was signed by the President of the Kyrgyz Republic on 18 December 2018.

In addition, the World Bank commissioned a cybersecurity awareness video targeting the general public to help spread information on the scope of the assistance provided to the Kyrgyz Republic throughout the Program.

Activities

The Global Cybersecurity Capacity Building Program kicked off with the CMM assessment. The CMM in-country assessment review was conducted during 4-6 April 2017, with the Executive summary published in September 2017. Stakeholders representing the following sectors participated in the consultations to review the Kyrgyz Republic’s cybersecurity capacity: Public sector entities, Criminal justice sector Defense sector Private sector Telecommunications companies Finance sector Academia Civil society organizations International organizations and embassies.

Going beyond analytical support, the State Committee of Information Technologies and Communications of the Kyrgyz Republic (SCITC) were introduced to the cutting-edge experience of Republic of Korea. As such, a delegation of experts representing the Global Cybersecurity Center for Development, part of Korea’s Internet & Security Agency (KISA), delivered a workshop in Bishkek in 29-30th November 2017. Workshop attendees consisting of over 60 representatives of public sector and academia, learned about e-government security in Korea, about the country’s incident response and security teams, global cyber incident trends, cyber incidents in the finance sector, and much more.

As a next step in the engagement between World Bank and the Kyrgyz Republic, the Bank will target cybersecurity technical assistance for the Digital CASA-Kyrgyz Republic Project Implementation Unit that is part of the State Committee of Information Technologies and Communications of the Kyrgyz Republic. This work aims to strengthen the implementation capacity of Digital CASA-Kyrgyz Republic Project making sure that the aspects related to cybersecurity are well covered throughout the implementation of different components.

Other website links

Building-up cyber resilience in the Kyrgyz Republic (worldbank.org)

World Bank Kyrgyz Republic – Improving Cybersecurity in the Kyrgyz Republic | Facebook