New Safe Kazakhstan: experts discuss cybersecurity in Astana
Astana hosted the Cyber and Digital Security conference on April 4, where experts in the field of cybersecurity addressed various aspects of cybersecurity in Kazakhstan. Particular attention was paid to the issues of data leakage, regulation of information security, and the lack of staff in this area, Kazinform News Agency correspondent reports.
One of the speakers, Ruslan Abdikalikov, chairman of the Information Security Committee of the Ministry of Digital Development, Innovation and Aerospace Industry, noted the case of a data leak that occurred with Kazakhtelecom and Air Astana in February 2024.
On April 1, the ministry disclosed the details of an unscheduled audit of Kazakhtelecom, the nation’s telecom operator, the Unified Accumulative Pension Fund, Air Astana for compliance with information security requirements. According to the results, Kazakhtelecom and Air Astana were brought to administrative responsibility and were issued instructions with a period of one year to eliminate violations.
Next is a classic increase in fines because now we are also receiving feedback from citizens, and they are outraged. (...) There are such small fines. How come? Therefore, I think, together with the deputies, we will resolve this issue this year, he said.
He also proposed abandoning the use of digital signatures on file storage media in favor of cloud digital signatures to increase the level of security. He said that citizens, using digital signatures on media, often leave their data on other people’s computers, even in the public service center, forgetting about it, which puts the security of the data at risk.
Instead, he proposed the introduction of a cloud digital signature.
To do this, a person only needs to undergo multi-factor identification, including biometrics (…) You won’t lose it because it’s not physically there, but it’s stored in a secure cloud in the state, he said.
He also discussed the shortage of cybersecurity specialists and the need for their retraining. Abdikalikov proposed the introduction of a retraining certificate regardless of previous education to broaden the personnel in the field of cybersecurity with valid accreditation.
Askar Zhunisbek, head of the State Technical Service, emphasized the importance of protecting the information and communication infrastructure, noting that only 34% of 514 facilities are connected to operational information security centers.
Zhunisbek also raised the topic of data leakage.
I would probably like to mention the Kcell company, which last year, performing in Kazakhstan in pen-testing, took first place. Pen-testing, of course, is good, but they must develop further, and we are now working on this together with telecom operators on threat identification, hacking and reverse engineering, he explained.
Askar also noted that one of the glaring problems is the lack of specialists in this area.
Ekaterina Smyshlyaeva, deputy of the Mazhilis, a lower house of the Kazakh Parliament, expressed the need for the proper regulation of the field of artificial intelligence and jurisdictional administration.
There cannot be strict regulation otherwise, the technology will stop. (...) However, the rules of the game are needed. If there is no regulation in our jurisdiction, then a situation similar to one with miners will happen again. (...) We have a certain vision. There is a draft. I think we will be very actively discussing this vision with the professional and expert community in the very near future, said the member of the Parliament.
She also discussed fines for companies that leak customer data, noting that the fine should exceed the company's annual information security costs.