Building-up cyber resilience in the Kyrgyz Republic

In my previous career at Lithuania’s Communications Regulatory Authority (RRT), I had the opportunity to observe how EU member states began to acknowledge and embrace the importance of cybersecurity. For many of them, though, it would begin with a major shock – a serious national-level cybersecurity incident.
 
Since joining the World Bank, I have observed a similar trend across the developing countries. For instance, the Government of the Kyrgyz Republic has begun to place stronger emphasis on cyber resilience after a series of incidents, including digital vandalism of organizations’ websites. Among other considerations, also these cyber events led to the inclusion of cybersecurity financing in a World Bank $50 million Digital CASA (Central Asia-South Asia) – Kyrgyz Republic Project while, at the same time, the Bank catalyzed complementary grants for technical assistance to the government.

One of these grants is the “Global Cyber Security Capacity Building Program”. We chose the Kyrgyz Republic as the first beneficiary country for the Program, and then others followed suit: Ghana, FYR Macedonia, and Myanmar. The financing came from Korea’s Ministry of Strategy and Finance (MoSF), through the Korea-World Bank Group Partnership Facility (KWPF), which is administered by the World Bank.
 
We employ a number of resources and two key strategic partnerships to support the specific cyber needs of the Kyrgyz Republic. Together with our partner, the Global Cyber Security Capacity Centre of the University of Oxford (GCSCC), we deployed a review assessment of the Cybersecurity Capacity Maturity Model for Nations.
 
The review, the first of its kind in Central Asia, assisted the Government in gaining insights into the breadth and depth of their cybersecurity capacity through a benchmarking exercise across five dimensions: cybersecurity policy and strategy; cybersecurity culture and society; cybersecurity education, training and skills; legal and regulatory frameworks; and standards, organizations and technologies. An Executive Summary is available here. Our assessment determined that the Kyrgyz Republic had begun the process of developing various aspects of cybersecurity capacity across all five dimensions. The review suggested specific steps through which the country could achieve greater cybersecurity capacity and also contribute to the development of a comprehensive legal and regulatory framework, a national cybersecurity strategy and a national Computer Security Incident Response Team.

Going beyond analytical support, we have also introduced the State Committee of Information Technologies and Communications of the Kyrgyz Republic (SCITC) to the cutting-edge experience of Republic of Korea. As such, a delegation of experts representing the Global Cybersecurity Center for Development, part of Korea’s Internet & Security Agency (KISA), delivered a workshop in Bishkek in November 2017.

Workshop attendees consisting of over 60 representatives of public sector and academia, learned about e-government security in Korea, about the country’s incident response and security teams, global cyber incident trends, cyber incidents in the finance sector, and much more. As a next step in our engagement, we are delivering targeted cybersecurity technical assistance for the Digital CASA-Kyrgyz Republic Project Implementation Unit that is part of the State Committee of Information Technologies and Communications of the Kyrgyz Republic. This work aims to strengthen the implementation capacity of Digital CASA-Kyrgyz Republic Project making sure that the aspects related to cybersecurity are well covered throughout the implementation of different components.

At a later date, we will evaluate our assistance to the Kyrgyz Republic, and other target countries. So, stay tuned for more updates and insights from this process.
 
Building-up cyber resilience takes commitment, vision, and considerable resources. But the effort pays off, ultimately benefitting all citizens. And this is what we hope for the Kyrgyz Republic, as well as other countries.
 
Related Reading:

• The Global Cybersecurity Center for Development, established in 2015, aims to share practical knowledge and support capacity building in the field of cybersecurity.
• The Global Cyber Security Capacity Centre is a leading international center for research on efficient and effective cybersecurity capacity-building, promoting an increase in the scale, pace, quality and impact of cybersecurity capacity-building initiatives across the world.