How Kazakhstan will fight cyber-attacks
The government`s decree "On the approval of the uniform requirements in the field of information and communication technologies and ensuring information security” takes an effort on January 9. The Acting Chairman of the Committee of Information Security of Kazakhstan Ruslan Abdikalikov said about the document and how it effects on the participants of information processes.
The document is accepted for the first time. Earlier there was no similar legal regulation in the field of the information and communication technologies` safe use in the country. In fact, will the approval be the handbook, for both managers and employees related to the information technology sector?
Yes, first of all for public authorities. But the requirements in the information security sector are necessary for private information systems` owners are integrated with the public, as well as the owners of the urgent facilities of the information and communication infrastructure. It includes the industrial enterprises and other categories of economic facilities, with automated technological processes, the violation of which could affect the country`s security.
-What approaches were provided in the development of the uniform requirements?
The document is a kind of codification of previously disparate laws and many harmonized technical standards in Kazakhstan in the field of the information technology, the information security, the information security`s management procedures. The approval describes the procedures and rules of the use of information technology protected by law and doesn`t contain the state secrets.
-What is the main difference between the uniform requirements and the measures provided for the protection of state secrets?
In contrast to the state secrets, the processing of such types of information protected by law as the official information, interdepartmental correspondence, citizens` personal data using the information technology was less regulated. Due to the large informatization, its use is associated with the many people`s ability to access. It is also vulnerable to the large number of threats from the Internet, because often it implies the use of its opportunities.
In addition, it is important to understand that non-compliance or rejection from the technical standards at any stage – from the development to the utilization of information systems, leads to the violation of the integrity, availability, or the data loss. In this part, the uniform requirements also contain standards of ensuring technological safety, which include requirements for the information infrastructure, information systems and resources, software, technology platforms, technical facilities at all the stages of their life.
-What measures are provided in the event of cyber-attacks?
In the case of technical failure or signs of cyber-attacks in the uniform requirements, the algorithms of incidents response of the information security are written and the order of the interaction between the owners or owners in the regulatory frameworks` procedures for their containment and prevention in the wider national scale.
-How can the government achieve the compliance of the uniform requirements?
Using the measures of state control. The non-compliance of the uniform requirements leads to the administrative responsibility. It spreads not only to public authorities but also to the owners and owners of the urgent facilities of the information and communication infrastructure.
-All this allows to hope for a significant increase in the general level of culture of "cybersecurity" in Kazakhstan?
At least the most fragrant cases of ignorance, carelessness and extravagance will stop being routine. The core of the cybersecurity is firstly the right informatization