Approved the Action Plan for the Implementation of the Cyber security Concept until 2022

 

1. To approve the attached Action Plan for the implementation of the Cyber security Concept ("Cyber shield of Kazakhstan") until 2022 (hereinafter - the Plan).

2. To the central state and local executive bodies of the Republic of Kazakhstan:

1) to take the necessary measures to implement the Plan;

2) to submit information every six months to the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan on the implementation of the Plan no later than the 10th day of the month following the reporting half-year..

3. To the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan to submit twice a year, by July 25 and January 25, summary information on the implementation of the Plan to the Office of the Prime Minister of the Republic of Kazakhstan.

4. Control over the implementation of this resolution is entrusted to the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan.

5. This decree is put into effect from the date of its signing.

 

Prime Minister

of the Republic of Kazakhstan B.Sagintayev

 

 

 

 

 

Approved 

by Government decree

of the Republic of Kazakhstan

№ 676 from 28
th of October, 2017

 

 

 

 

 

ACTIONS PLAN 

on the implementation of the Cyber security Concept ("Cyber shield of Kazakhstan") until 2022

 

Item No

Name of action

Form of completion

Responsible for execution

Period of execution

Estimated costs (thousands of KZT)

Source of financing

1

2

3

4

5

6

7

1. Organizational and legal measures

 1.

Consideration of the issue of introducing amendments and additions to the legislative acts regarding the creation of conditions for securing state purchases for national defense and security with domestic hardware and software, including technical solutions in the field of cyber security, and granting state grants to domestic IT companies

Information to MDAI of the RK

MNE of the RK, MF of the RK, MIC of the RK, MOD of the RK, NCE "Atameken" (by agreement)

January, 2018

Not required

Not required

2.

Казахстан Working out the issue on creating a single register of Kazakhstans trusted software products and products of the electronic industry of the Republic of Kazakhstan

Information to MDAI of the RK

NCE "Atameken" (by agreement)

July, 2018

Not required

Not required

3.

Study on the matter on the development of a plan for the phase-out of foreign proprietary software and certification of IT products for information security

Information to MDAI of the RK

NCE "Atameken" (by agreement)

January, 2018

Not required

Not required

4.

Study of the issue on the development of the procedure for the formation and maintenance of a single register of Kazakhstan’s trusted software products and products of the electronic industry of the Republic of Kazakhstan

Information to MDAI of the RK

NCE "Atameken" (by agreement)

July, 2018

Not required

Not required

5.

Elaboration of proposals on introducing amendments and additions to some legislative acts of the Republic of Kazakhstan on information security issues

Information to MDAI of the RK

MIC of the RK, MIA of the RK, MOD of the RK, NSC of the RK (by agreement), SSS of the RK (by agreement)

January, 2018

Not required

Not required

6.

Introducing of Amendments and additions to the Resolution of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016 "On the approval of unified requirements in the field of information and communication technologies and information security" with regard to ensuring information security

Information to MDAI of the RK

MOD of the RK, NSC of the RK (by agreement)

July, 2018

Not required

Not required

7.

Introducing Amendments and additions to the Resolution of the Government of the Republic of Kazakhstan No. 529 from the 8th of September, 2016 "On the Approval of the Rules and Criteria for the Recognition of Objects of the Information and Communication Infrastructure to Critically important Objects of the Information and Communication Infrastructure" regarding the revision of the criteria for classifying objects as critically important

Information to MDAI of the RK

MOD of the RK, NSC of the RK (by agreement)

July, 2018

Not required

Not required

8.

Introducing of amendments and additions to the Order of the Minister of Investments and Development of the Republic of Kazakhstan No. 66 from the 29th of January , 2015 "On Approval of Uniform Rules for Interaction and Centralized Management of Telecommunications Networks" in the area of ensuring information security *

Order

NSC of the RK (by agreement), MDAI of the RK

within two months from the date of entry into force of the Law of the Republic of Kazakhstan "On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications"

Not required

Not required

9.

Making of amendments and additions to the Order of the Acting Minister for Investment and Development of the Republic of Kazakhstan No. 118 from the 28th of January, 2016 "On Approval of the Rules for Registration, Use and Distribution of Domain Names in the Space of the Kazakhstan Internet Segment" with regard to the use of domestic security certificates for encrypted Internet data transmission -resources with the domain .KZ and .ҚAZ *

Order

MDAI of the RK (convocation), NSC of the RK (by agreement)

within two months from the date of entry into force of the Law of the Republic of Kazakhstan "On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communica-tions"

Not required

Not required

10.

Making of amendments and additions to the Order of the Acting Minister of Investments and Development of the Republic of Kazakhstan No. 66 from the 26th of January, 2016 "On approval of the Rules for monitoring the provision of information security, protection and safe operation of information objects of the "e-government "in terms of ensuring information security *

Order

MDAI of the RK (convocation), NSC of the RK (by agreement)

within two months from the date of entry into force of the Law of the Republic of Kazakhstan "On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communica-tions"

Not required

Not required

11.

Establishment of the Council for the Provision of Cyber security of the Republic of Kazakhstan

Order

MDAI of the RK

March, 2018

Not required

Not required

12.

Harmonization of international standards, as well as updating and development of national standards in the field of information and communication technologies, information security and cyber security

Order

MID of the RK (convocation), MDAI of the RK, MIC of the RK, SSS of the RK (by agreement), MFA of the RK, МOD of the RK, NSC of the RK (by agreement)

every year

Not required

Not required

13.

Development of proposals for the accreditation and licensing of the activities of specialists and organizations (including private ones) involved in the audit of information security and pen testing, their legal status

Information to MDAI of the RK

МOD of the RK, NSC of the RK (by agreement), NCE "Atameken" (by agreement)

July, 2018

Not required

Not required

14.

Development and approval of a methodology for compiling technical documentation on information security, provided for by unified requirements in the field of information and communication technologies and information security

Order

MDAI of the RK

March, 2018

Not required

Not required

15.

Introducing of proposals on the development of the draft of the Target Scientific Program for the Development of the Electronic Industry of the Republic of Kazakhstan for the Medium-Term Period from 2021 to 2025

Information to MDAI of the RK

MID of the RK

July, 2018

Not required

Not required

16.

Making proposals on the development of the draft of the target scientific and technical program on information security for 2018-2020

Information to MDAI of the RK

MOD of the RK

January, 2018

Not required

Not required

2. Organizational-technical measures

17.

 

Organization of work on attracting developers, specialists, students in the field of information security for cooperation with enterprises of electronic industry, research and development laboratories for the implementation of projects in the field of cyber security

 

Information to MDAI of the RK

MIC of the RK, MID of the RK, MOD of the RK, MES of the RK, NSC of the RK (by agreement)

constantly

Not required

Not required

18.

Preparation and introduction of an investment proposal for the creation of an integrated analytical information system «Portal of Informational Security» for the purposes of collecting and analyzing the vulnerabilities of systems and products of state bodies and quasi- governmental sector, monitoring of the implementation by CEB, LEB,CIOICI and quasi-public sector of unified requirements in the field of information and communication technologies and information security approved by the Decree of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016 "On the approval of uniform requirements in the field of information and communication technologies and information security

Investment proposals in MNE and MF of the RK

MDAI of the RK (convocation), MOD of the RK

June, 2018

Not required

Not required

19.

Conclusion of Memoranda of Understanding and Cooperation with International Services for Responding to Computer Incidents (CERT)

Agreements

NSC of the RK (by agreement)

every year

Not required

Not required

20.

Conducting negotiations with administrations of foreign social networks and instant messengers about placing their servers in the territory of the Republic of Kazakhstan to gain access to information about connections of Kazakhstan users

Information to MDAI of the RK

MIC of the RK(convocation), MIA of the RK, MDAI of the RK, NSC of the RK (by agreements), SSS of the RK (by agreements)

January, 2019

Not required

Not required

21.

Work on the issue of conducting exercises to develop mechanisms for preventing and promptly responding to incidents of information security in the event of crisis situations (social, natural and man-made emergency situations)

Information to MDAI of the RK

NSC of the RK (by agreement), SSS of the RK (by agreement), MIA of the RK, MIC of the RK, CEB, LEB

every year

Not required

Not required

22.

Development and approval of a methodology for determining typologies and models of information security threats in the field of information

Order

MDAI of the RK (convocation), MIC of the RK, MOD of the RK, SSS of the RK (by agreement), NSC of the RK (by agreement)

December, 2018

Not required

Not required

23.

Development and approval of methodology for the creation and development of industry and departmental operational information security centers

Order

MDAI of the RK (convocation), MIC of the RK, SSS of the RK (by agreement), NSC of the RK(by agreement)

December, 2018

Not required

Not required

24.

Elaboration of the issue on creation and development of the National Information Security Coordination Center

Information to the Administration of the President of the Republic of Kazakhstan

NSC of the RK, (by agreement), SSS of the RK (by agreement)

July, 2018

Not required

Not required

25.

Elaboration of the issue of creating and developing a single backup storage of critically important data of information systems of state bodies

Information to MDAI of the RK

NSC of the RK (by agreement), MDAI of the RK, MIC of the RK, MF of the RK, SSS of the RK (by agreement)

July, 2018

Not required

Not required

26.

Development of the issue of creating a cyber security sector for building domestic capacity in the field of cyber security

Information to MDAI of the RK

MID of the RK, MOD of the RK, SSS of the RK (by agreement), NSC of the RK (by agreement)

July, 2018

Not required

Not required

27.

Elaboration of the issue of creation of the Center for training and advanced training of cyber security specialists for state bodies and private companies on the basis of infrastructure "Astana EXPO-2017"

Information to MDAI of the RK

MIC of the RK, MES of the RK, NSC of the RK (by agreement), SSS of the RK (by agreement), MOD of the RK

July, 2018

Not required

Not required

28.

Updating of professional standards in the field of electronic industry, information technologies, information security (cyber security) and in education

Order of the NCE of the RK "Atameken"

NCE "Atameken" (by agreement), MDAI of the RK

December, 2017

Not required

Not required

29.

Carrying out activities to increase the global cyber security index of Kazakhstan as estimated by the International Telecommunication Union in the Global Cyber security Index

Information to MDAI of the RK

MFA of the RK, NSC (by agreement)

every year

Not required

Not required

30.

Preparation of proposals for the creation of a system for the effective protection of departmental information resources of the authorized body in the field of defense, forecasting and timely detection of computer attacks, their evaluation and classification for the threat to military security of the state

Information to MDAI of the RK

MOD of the RK

July, 2018

Not required

Not required

31.

Organization of work on conducting trainings and training practices for the population on the protection of personal data

trainings

MDAI of the RK

every year

Not required

Not required

32.

Preparation of recommendations on building up Kazakhstan's potential in the field of scientific, scientific, technical and educational activities in the field of cyber security

Information to MDAI of the RK

MES of the RK, MIC of the RK

every year

Not required

Not required

33.

Analysis of the software and telecommunications equipment purchased in state bodies and the quasi-public sector for the share of domestic production

Information to MDAI of the RK

MIC of the RK, CEB, LEB

every year

Not required

Not required

34.

Analysis of the implementation by CEB, LEB, subjects of the quasi-public sector, owners and owners of CIOICI of unified requirements in the field of information and communication infrastructure and information security, approved by the Decree of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016

Information to the Administration of the President of the Republic of Kazakhstan

MDAI of the RK(convocation), CEB, LEB

every year

Not required

Not required

35.

Participation in international organizations in the field of information security (FIRST, OIC-CERT, ICANN, CSTO, SCO, UN, EEA, ITU)

Seminars, conferences

MDAI of the RK, NSC of the RK (by agreement), MFA of the RK

as needed

within the budget program 005 "Foreign travel" of the Ministry of Foreign Affairs for 2018-2020

Republican budget

36.

The study of international experience in ensuring information security in the field of information (cyber security)

Information to MDAI of the RK

NSC of the RK(by agreement), MIA of the RK, MFA of the RK, MOD of the RK

constantly

within the budget program 005 "Foreign travel" of the Ministry of Foreign Affairs for 2018-2020

Republican budget

3. Human Resource Management

37.

Updating educational programs in accordance with professional standards

Educational programs

MES of the RK (convocation), MDAI of the RK

August, 2018

in the framework of the budget program 099 "Ensuring the accessibility of quality school education," 102nd subprogram "Methodological support in secondary education" of the MES of the RK for 2018-2020

Republican budget

38.

Increase in grants for the specialty "Information Security Systems" for the training of personnel with higher and postgraduate education

Educational grants

MES of the RK (convocation), MDAI of the RK

every year

in the frame-work of budget program 204 "Provision of personnel with higher and postgraduate education", sub-program 100 "Training of specialists with higher, postgraduate education and providing social support for students" of the MES of the RK for 2018-2020

Republican budget

39.

Training / further training / retraining of specialists:

- on cyber security

- the study of digital evidence

Information to MDAI of the RK

CEB, LEB

every year

Not required

Not required

4. Popularization of measures for the safe use of ICT

40.

Informing the public about the protection of personal data, relevant issues of cyber security and the measures taken to ensure it

Press-release

MDAI of the RK

constantly

Not required

Not required

41.

Updating the secondary education program, integrating cyber security issues into the curriculum of general education schools

Educational program

MES of the RK (convocation), MDAI of the RK, LEB

August, 2018

in the frame-work of the budget program 099 "Ensuring the accessibility of quality school education," 102nd subprogram "Methodological support in secondary education" of the MES of the RK for 2018-2020

Republican budget

* - after the adoption of the Law of the Republic of Kazakhstan "On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications"

      Note: Explanation of abbreviations:

      CEB – central executive body, state body, directly subordinate and accountable to the President of the Republic of Kazakhstan, territorial subdivisions of the central executive authority

      LEB – local executive bodies

      MIA – Ministry of Internal Affairs of the Republic of Kazakhstan

      MF – Ministry of Finance of the Republic of Kazakhstan

      MOD – Ministry of Defense of the Republic of Kazakhstan

      MDAI – Ministry of Defense and Aerospace industry of the Republic of Kazakhstan

      MSE – Ministry of Education and Science of the Republic of Kazakhstan

      MIC – Ministry of Information and Communication of the Republic of Kazakhstan

      MID – Ministry for Investments and Development of the Republic of Kazakhstan

      MFA – Ministry of Foreign Affairs of the Republic of Kazakhstan

      NSC – National Security Committee of the Republic of Kazakhstan

      SSS –State Security Service of the Republic of Kazakhstan

      CIOICI – critically important objects of information and communication infrastructure

      NCE "Аtameken" – National Chamber Entrepreneurs of the Republic of Kazakhstan "Atameken"

 

 

 

Blog of the Minister
Atamkulov B. B. 
Minister of industry and infrastructural development of the RK

Top