1. To approve the attached Action Plan for the implementation of the Cyber security Concept (“Cyber shield of Kazakhstan”) until 2022 (hereinafter – the Plan).
2. To the central state and local executive bodies of the Republic of Kazakhstan:
1) to take the necessary measures to implement the Plan;
2) to submit information every six months to the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan on the implementation of the Plan no later than the 10th day of the month following the reporting half-year..
3. To the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan to submit twice a year, by July 25 and January 25, summary information on the implementation of the Plan to the Office of the Prime Minister of the Republic of Kazakhstan.
4. Control over the implementation of this resolution is entrusted to the Ministry of Defense and Aerospace Industry of the Republic of Kazakhstan.
5. This decree is put into effect from the date of its signing.
Prime Minister of the Republic of Kazakhstan B.Sagintayev
|
|
|
Approved by Government decree of the Republic of Kazakhstan № 676 from 28th of October, 2017 |
ACTIONS PLAN
on the implementation of the Cyber security Concept (“Cyber shield of Kazakhstan”) until 2022
Item No |
Name of action |
Form of completion |
Responsible for execution |
Period of execution |
Estimated costs (thousands of KZT) |
Source of financing |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
1. Organizational and legal measures |
||||||
1. |
Consideration of the issue of introducing amendments and additions to the legislative acts regarding the creation of conditions for securing state purchases for national defense and security with domestic hardware and software, including technical solutions in the field of cyber security, and granting state grants to domestic IT companies |
Information to MDAI of the RK |
MNE of the RK, MF of the RK, MIC of the RK, MOD of the RK, NCE “Atameken” (by agreement) |
January, 2018 |
Not required |
Not required |
2. |
Казахстан Working out the issue on creating a single register of Kazakhstan’s trusted software products and products of the electronic industry of the Republic of Kazakhstan |
Information to MDAI of the RK |
NCE “Atameken” (by agreement) |
July, 2018 |
Not required |
Not required |
3. |
Study on the matter on the development of a plan for the phase–out of foreign proprietary software and certification of IT products for information security |
Information to MDAI of the RK |
NCE “Atameken” (by agreement) |
January, 2018 |
Not required |
Not required |
4. |
Study of the issue on the development of the procedure for the formation and maintenance of a single register of Kazakhstan’s trusted software products and products of the electronic industry of the Republic of Kazakhstan |
Information to MDAI of the RK |
NCE “Atameken” (by agreement) |
July, 2018 |
Not required |
Not required |
5. |
Elaboration of proposals on introducing amendments and additions to some legislative acts of the Republic of Kazakhstan on information security issues |
Information to MDAI of the RK |
MIC of the RK, MIA of the RK, MOD of the RK, NSC of the RK (by agreement), SSS of the RK (by agreement) |
January, 2018 |
Not required |
Not required |
6. |
Introducing of Amendments and additions to the Resolution of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016 “On the approval of unified requirements in the field of information and communication technologies and information security” with regard to ensuring information security |
Information to MDAI of the RK |
MOD of the RK, NSC of the RK (by agreement) |
July, 2018 |
Not required |
Not required |
7. |
Introducing Amendments and additions to the Resolution of the Government of the Republic of Kazakhstan No. 529 from the 8th of September, 2016 “On the Approval of the Rules and Criteria for the Recognition of Objects of the Information and Communication Infrastructure to Critically important Objects of the Information and Communication Infrastructure” regarding the revision of the criteria for classifying objects as critically important |
Information to MDAI of the RK |
MOD of the RK, NSC of the RK (by agreement) |
July, 2018 |
Not required |
Not required |
8. |
Introducing of amendments and additions to the Order of the Minister of Investments and Development of the Republic of Kazakhstan No. 66 from the 29th of January , 2015 “On Approval of Uniform Rules for Interaction and Centralized Management of Telecommunications Networks” in the area of ensuring information security * |
Order |
NSC of the RK (by agreement), MDAI of the RK |
within two months from the date of entry into force of the Law of the Republic of Kazakhstan “On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications” |
Not required |
Not required |
9. |
Making of amendments and additions to the Order of the Acting Minister for Investment and Development of the Republic of Kazakhstan No. 118 from the 28th of January, 2016 “On Approval of the Rules for Registration, Use and Distribution of Domain Names in the Space of the Kazakhstan Internet Segment” with regard to the use of domestic security certificates for encrypted Internet data transmission -resources with the domain .KZ and .ҚAZ * |
Order |
MDAI of the RK (convocation), NSC of the RK (by agreement) |
within two months from the date of entry into force of the Law of the Republic of Kazakhstan “On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communica-tions” |
Not required |
Not required |
10. |
Making of amendments and additions to the Order of the Acting Minister of Investments and Development of the Republic of Kazakhstan No. 66 from the 26th of January, 2016 “On approval of the Rules for monitoring the provision of information security, protection and safe operation of information objects of the “e-government “in terms of ensuring information security * |
Order |
MDAI of the RK (convocation), NSC of the RK (by agreement) |
within two months from the date of entry into force of the Law of the Republic of Kazakhstan “On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communica-tions” |
Not required |
Not required |
11. |
Establishment of the Council for the Provision of Cyber security of the Republic of Kazakhstan |
Order |
MDAI of the RK |
March, 2018 |
Not required |
Not required |
12. |
Harmonization of international standards, as well as updating and development of national standards in the field of information and communication technologies, information security and cyber security |
Order |
MID of the RK (convocation), MDAI of the RK, MIC of the RK, SSS of the RK (by agreement), MFA of the RK, МOD of the RK, NSC of the RK (by agreement) |
every year |
Not required |
Not required |
13. |
Development of proposals for the accreditation and licensing of the activities of specialists and organizations (including private ones) involved in the audit of information security and pen testing, their legal status |
Information to MDAI of the RK |
МOD of the RK, NSC of the RK (by agreement), NCE “Atameken” (by agreement) |
July, 2018 |
Not required |
Not required |
14. |
Development and approval of a methodology for compiling technical documentation on information security, provided for by unified requirements in the field of information and communication technologies and information security |
Order |
MDAI of the RK |
March, 2018 |
Not required |
Not required |
15. |
Introducing of proposals on the development of the draft of the Target Scientific Program for the Development of the Electronic Industry of the Republic of Kazakhstan for the Medium-Term Period from 2021 to 2025 |
Information to MDAI of the RK |
MID of the RK |
July, 2018 |
Not required |
Not required |
16. |
Making proposals on the development of the draft of the target scientific and technical program on information security for 2018-2020 |
Information to MDAI of the RK |
MOD of the RK |
January, 2018 |
Not required |
Not required |
2. Organizational-technical measures |
||||||
17. |
Organization of work on attracting developers, specialists, students in the field of information security for cooperation with enterprises of electronic industry, research and development laboratories for the implementation of projects in the field of cyber security
|
Information to MDAI of the RK |
MIC of the RK, MID of the RK, MOD of the RK, MES of the RK, NSC of the RK (by agreement) |
constantly |
Not required |
Not required |
18. |
Preparation and introduction of an investment proposal for the creation of an integrated analytical information system «Portal of Informational Security» for the purposes of collecting and analyzing the vulnerabilities of systems and products of state bodies and quasi- governmental sector, monitoring of the implementation by CEB, LEB,CIOICI and quasi-public sector of unified requirements in the field of information and communication technologies and information security approved by the Decree of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016 “On the approval of uniform requirements in the field of information and communication technologies and information security |
Investment proposals in MNE and MF of the RK |
MDAI of the RK (convocation), MOD of the RK |
June, 2018 |
Not required |
Not required |
19. |
Conclusion of Memoranda of Understanding and Cooperation with International Services for Responding to Computer Incidents (CERT) |
Agreements |
NSC of the RK (by agreement) |
every year |
Not required |
Not required |
20. |
Conducting negotiations with administrations of foreign social networks and instant messengers about placing their servers in the territory of the Republic of Kazakhstan to gain access to information about connections of Kazakhstan users |
Information to MDAI of the RK |
MIC of the RK(convocation), MIA of the RK, MDAI of the RK, NSC of the RK (by agreements), SSS of the RK (by agreements) |
January, 2019 |
Not required |
Not required |
21. |
Work on the issue of conducting exercises to develop mechanisms for preventing and promptly responding to incidents of information security in the event of crisis situations (social, natural and man-made emergency situations) |
Information to MDAI of the RK |
NSC of the RK (by agreement), SSS of the RK (by agreement), MIA of the RK, MIC of the RK, CEB, LEB |
every year |
Not required |
Not required |
22. |
Development and approval of a methodology for determining typologies and models of information security threats in the field of information |
Order |
MDAI of the RK (convocation), MIC of the RK, MOD of the RK, SSS of the RK (by agreement), NSC of the RK (by agreement) |
December, 2018 |
Not required |
Not required |
23. |
Development and approval of methodology for the creation and development of industry and departmental operational information security centers |
Order |
MDAI of the RK (convocation), MIC of the RK, SSS of the RK (by agreement), NSC of the RK(by agreement) |
December, 2018 |
Not required |
Not required |
24. |
Elaboration of the issue on creation and development of the National Information Security Coordination Center |
Information to the Administration of the President of the Republic of Kazakhstan |
NSC of the RK, (by agreement), SSS of the RK (by agreement) |
July, 2018 |
Not required |
Not required |
25. |
Elaboration of the issue of creating and developing a single backup storage of critically important data of information systems of state bodies |
Information to MDAI of the RK |
NSC of the RK (by agreement), MDAI of the RK, MIC of the RK, MF of the RK, SSS of the RK (by agreement) |
July, 2018 |
Not required |
Not required |
26. |
Development of the issue of creating a cyber security sector for building domestic capacity in the field of cyber security |
Information to MDAI of the RK |
MID of the RK, MOD of the RK, SSS of the RK (by agreement), NSC of the RK (by agreement) |
July, 2018 |
Not required |
Not required |
27. |
Elaboration of the issue of creation of the Center for training and advanced training of cyber security specialists for state bodies and private companies on the basis of infrastructure “Astana EXPO-2017” |
Information to MDAI of the RK |
MIC of the RK, MES of the RK, NSC of the RK (by agreement), SSS of the RK (by agreement), MOD of the RK |
July, 2018 |
Not required |
Not required |
28. |
Updating of professional standards in the field of electronic industry, information technologies, information security (cyber security) and in education |
Order of the NCE of the RK “Atameken” |
NCE “Atameken” (by agreement), MDAI of the RK |
December, 2017 |
Not required |
Not required |
29. |
Carrying out activities to increase the global cyber security index of Kazakhstan as estimated by the International Telecommunication Union in the Global Cyber security Index |
Information to MDAI of the RK |
MFA of the RK, NSC (by agreement) |
every year |
Not required |
Not required |
30. |
Preparation of proposals for the creation of a system for the effective protection of departmental information resources of the authorized body in the field of defense, forecasting and timely detection of computer attacks, their evaluation and classification for the threat to military security of the state |
Information to MDAI of the RK |
MOD of the RK |
July, 2018 |
Not required |
Not required |
31. |
Organization of work on conducting trainings and training practices for the population on the protection of personal data |
trainings |
MDAI of the RK |
every year |
Not required |
Not required |
32. |
Preparation of recommendations on building up Kazakhstan’s potential in the field of scientific, scientific, technical and educational activities in the field of cyber security |
Information to MDAI of the RK |
MES of the RK, MIC of the RK |
every year |
Not required |
Not required |
33. |
Analysis of the software and telecommunications equipment purchased in state bodies and the quasi-public sector for the share of domestic production |
Information to MDAI of the RK |
MIC of the RK, CEB, LEB |
every year |
Not required |
Not required |
34. |
Analysis of the implementation by CEB, LEB, subjects of the quasi-public sector, owners and owners of CIOICI of unified requirements in the field of information and communication infrastructure and information security, approved by the Decree of the Government of the Republic of Kazakhstan No. 832 from the 20th of December, 2016 |
Information to the Administration of the President of the Republic of Kazakhstan |
MDAI of the RK(convocation), CEB, LEB |
every year |
Not required |
Not required |
35. |
Participation in international organizations in the field of information security (FIRST, OIC-CERT, ICANN, CSTO, SCO, UN, EEA, ITU) |
Seminars, conferences |
MDAI of the RK, NSC of the RK (by agreement), MFA of the RK |
as needed |
within the budget program 005 “Foreign travel” of the Ministry of Foreign Affairs for 2018-2020 |
Republican budget |
36. |
The study of international experience in ensuring information security in the field of information (cyber security) |
Information to MDAI of the RK |
NSC of the RK(by agreement), MIA of the RK, MFA of the RK, MOD of the RK |
constantly |
within the budget program 005 “Foreign travel” of the Ministry of Foreign Affairs for 2018-2020 |
Republican budget |
3. Human Resource Management |
||||||
37. |
Updating educational programs in accordance with professional standards |
Educational programs |
MES of the RK (convocation), MDAI of the RK |
August, 2018 |
in the framework of the budget program 099 “Ensuring the accessibility of quality school education,” 102nd subprogram “Methodological support in secondary education” of the MES of the RK for 2018-2020 |
Republican budget |
38. |
Increase in grants for the specialty “Information Security Systems” for the training of personnel with higher and postgraduate education |
Educational grants |
MES of the RK (convocation), MDAI of the RK |
every year |
in the frame-work of budget program 204 “Provision of personnel with higher and postgraduate education”, sub-program 100 “Training of specialists with higher, postgraduate education and providing social support for students” of the MES of the RK for 2018-2020 |
Republican budget |
39. |
Training / further training / retraining of specialists: – on cyber security – the study of digital evidence |
Information to MDAI of the RK |
CEB, LEB |
every year |
Not required |
Not required |
4. Popularization of measures for the safe use of ICT |
||||||
40. |
Informing the public about the protection of personal data, relevant issues of cyber security and the measures taken to ensure it |
Press-release |
MDAI of the RK |
constantly |
Not required |
Not required |
41. |
Updating the secondary education program, integrating cyber security issues into the curriculum of general education schools |
Educational program |
MES of the RK (convocation), MDAI of the RK, LEB |
August, 2018 |
in the frame-work of the budget program 099 “Ensuring the accessibility of quality school education,” 102nd subprogram “Methodological support in secondary education” of the MES of the RK for 2018-2020 |
Republican budget |
* – after the adoption of the Law of the Republic of Kazakhstan “On Amendments and Additions to Certain Legislative Acts of the Republic of Kazakhstan on Information and Communications”
Note: Explanation of abbreviations:
CEB – central executive body, state body, directly subordinate and accountable to the President of the Republic of Kazakhstan, territorial subdivisions of the central executive authority
LEB – local executive bodies
MIA – Ministry of Internal Affairs of the Republic of Kazakhstan
MF – Ministry of Finance of the Republic of Kazakhstan
MOD – Ministry of Defense of the Republic of Kazakhstan
MDAI – Ministry of Defense and Aerospace industry of the Republic of Kazakhstan
MSE – Ministry of Education and Science of the Republic of Kazakhstan
MIC – Ministry of Information and Communication of the Republic of Kazakhstan
MID – Ministry for Investments and Development of the Republic of Kazakhstan
MFA – Ministry of Foreign Affairs of the Republic of Kazakhstan
NSC – National Security Committee of the Republic of Kazakhstan
SSS –State Security Service of the Republic of Kazakhstan
CIOICI – critically important objects of information and communication infrastructure
NCE “Аtameken” – National Chamber Entrepreneurs of the Republic of Kazakhstan “Atameken”