On April 15, the head of state signed the law “On cybersecurity”. The document was adopted by the Legislative Chamber of Oliy Majlis on February 25 this year and approved by the Senate on March 17. The law comes into force after three months from the date of its official publication. The document consists of 8 chapters and 40 articles.
According to the document, cybersecurity is a state of protection of the interests of an individual, society and the state from external and internal threats in cyberspace, and a cyberthreat is a complex of conditions and factors in cyberspace that pose a threat to the interests of an individual, society and the state.
The unified state policy in the field of cybersecurity is determined by the President, the State Security Service (SSS) is the authorized state body in the field of cybersecurity.
The authorized state body, when exercising powers in the field of cybersecurity, has the right to:
ꞏ rent technical, software and hardware tools designed to detect cyber attacks, prevent and eliminate their consequences, and take measures in relation to cybersecurity incidents;
ꞏ free use of technical installations and services to take immediate measures to eliminate cyber attacks;
ꞏ visit state bodies and other organizations, get acquainted with the necessary documents and materials, as well as request and receive information and other necessary documents and materials from state bodies and other organizations, citizens, identify them and use them in investigative actions on cybersecurity incidents, etc.
The document states that ensuring the storage of data of information systems and resources of state bodies and organizations, as well as critical information infrastructure facilities, is carried out in accordance with the internal information security policy by creating a backup copy of data, the storage period of which should not be less than the last three months.
Cybersecurity incidents are investigated by the designated government agency or officials of the cybersecurity working body. The owner of an information resource or information system in which a cybersecurity incident has occurred can conduct an investigation of the cybersecurity incident if he has the necessary resources and technical capabilities to conduct an investigation. In this case, the authorized state body must be notified of the results of the investigation.
The State Security Service maintains a unified register of critical information infrastructure facilities. The categories of cybersecurity objects subject to mandatory entry into the unified register of critical information infrastructure objects are determined in accordance with the law.
The authorized state body, in accordance with the law and international treaties, upon request, provides foreign states and international organizations with information on combating international cybercrime.
Support for the development of human resources of government bodies, local government bodies and business entities in the field of cybersecurity can be carried out through:
- providing financial, information and consulting assistance to organizations engaged in retraining and advanced training of personnel in the field of cybersecurity;
- providing educational-methodological and scientific-pedagogical assistance in the field of cybersecurity.
