ABSTRACT
The growing share of information technologies in the daily lives of citizens of the Republic of Kazakhstan during the pandemic leads to the fact that various institutions use an increasingly wide range of information elements and mechanisms. The expectations of society are not only to improve the functioning of electronic administration, but also to ensure that all stored data is properly protected from unauthorized access, so that ensuring the security of information processing becomes one of the most important tasks of the State and the public. The purpose of the study is to consider aspects of the functioning of information security in the Republic of Kazakhstan during the pandemic and to identify the factors of reliable information security by state policy in order to distinguish hoaxes from real malicious actions. The methodological approach of the research is institutional, structural–functional, and systemic. Improper management of information security can lead to leakage, loss, or falsification of stored data, paralyzing completely relevant activities. Kazakhstan has made notable advancements in establishing a comprehensive legal framework for cybersecurity, positioning itself ahead of certain Central Asian neighbors. Government agencies develop, install, implement, operate, monitor, and analyze an information security management system, ensuring confidentiality, accessibility, and integrity of information. Information security requires the establishment of comprehensive procedures for all ongoing processes, taking into account the use of personal data. Information is an integral part of society, acting as a strategic resource for creating national security. Kazakhstan has been particularly active in forging collaborations and alliances to bolster their cybersecurity postures. The practical significance lies in the improvement of state measures aimed at protecting information, as well as preventing material, physical, moral, or other damage to the state and society as a result of information activities.
Introduction
From the point of view of the security object, information is a strategic resource and a critical element for its functioning, therefore, it must be properly protected at every stage of its processing: from its receipt to its transmission, storage, analysis, or use, respecting all elements of confidentiality. Information security issues have always been at the heart of government. Reliable, accurate, and up-to-date data are always important for government decisions, especially in the field of security, both external and internal. This broad approach is a direct consequence of the definition of the concept of information security functions, which is due to the important characteristics of modern society during the pandemic. The meaning of the concept of information security is determined by the threat-free state, understood as the provision of information to unauthorized persons.1 This term is also used to define all actions, systems, and methods aimed at protecting information resources collected, processed, and stored for exchange between agencies. Freedom of movement of information, combined with rational and legal separation, is related to its protection from unwanted disclosure, modification, or destruction. The subject’s legitimate confidence in the quality and accessibility of the information received extends to an object that may be at risk of losing information resources or receiving information of inadequate quality.2
Information security during the pandemic is caused by internal and external factors, which allow the state policy to have a stable freedom of development of the information society. This state is achieved if the following conditions are met: strategic state resources are not at risk; agencies make decisions based on reliable, up-to-date, and accurate information; information exchange between state bodies is not interrupted; the functioning of information networks that form the country’s most important infrastructure is not disrupted; the state guarantees the protection of classified information and personal data of citizens; and state institutions do not violate the citizens’ right to privacy. The core of the information security system is information methods and technologies that are surrounded by social, ethical, cultural, scientific, economic, and political spheres.3 Each of them generates other types of threats that have their own specifics and can separately affect the state of national security. The spheres create a separate national subsystem of information security. Therefore, it must be protected in two ways: with the help of universal solutions applicable to all levels, and specific—for each sphere separately. Threats to information security are cross-sectoral in nature and can be applied to all sectors of the country.
Digital security is one of the most sensitive areas of national and international information security, which is of a cross-sectoral nature and affects the effectiveness of the entire state structure.4 With this approach, information security is determined by the content of cyberspace, the state, and processes aimed at ensuring the safe functioning of the Republic of Kazakhstan in the information space through its own internal data and effective protection of national interests in the external environment. These goals are achieved by providing adequate information resources and protection against hostile disinformation and propaganda.5
The state of information security in Kazakhstan, like many other countries, is an evolving landscape. The Kazakh government has shown increasing interest in enhancing its cybersecurity infrastructure. Efforts have been made to establish national cybersecurity strategies and frameworks in line with global best practices. The 2022 National Cyber Security Index, which measures the readiness of national governments to prevent cyber threats and manage cyber incidents globally, ranked Kazakhstan 78th out of 176 countries, with a security index of 48.05 percent and digital development at 60.18 percent, QazMonitor reports.6 Like many nations, Kazakhstan has been the target of various cyberattacks. Over the years, these have ranged from website defacements and Distributed Denial of Service (DDoS) attacks to more sophisticated cyber espionage activities.7 There’s a growing awareness of the need for robust infrastructure to protect against cyber threats. This includes the establishment of specialized bodies and institutions dedicated to monitoring, responding to, and preventing cyber threats.
While strides have been made, challenges persist. These might include ensuring that legislation keeps pace with the evolving threat landscape, securing critical infrastructure, promoting cybersecurity awareness among the public, and ensuring the private sector is adequately equipped to handle threats. Kazakhstan’s unique cultural, social, and political fabric shapes its approach to information security. Given its aspirations and global positioning, the implications of cybersecurity’s shortcomings are vast, affecting everything from its economy to its political stability. Addressing these challenges is not just a matter of technical proficiency, but also understanding and navigating the nuanced interplay of its cultural and sociopolitical dynamics.
Due to the constant development of information technologies, every innovation, especially when it has a breakthrough value for data transmission and processing, brings with it new qualitative threats.8 For these kinds of breakthroughs, the emergence of publicly available mass media should be considered, thanks to which, in addition to obvious positives, mass hoaxes, disinformation, and manipulation can be activated. Widely accessible communication platforms have a similar character. They are characterized by interactivity and, consequently, the ability not only to access information, but also to create and distribute data. The main threats to information security include information emptiness; information overload; access to false information and disinformation; lack of protection of one’s own information resources; and lack of control over one’s own channels.9
The purpose of the study is to examine aspects of the functioning of information security in the Republic of Kazakhstan during the pandemic in order to distinguish hoaxes from real malicious actions and to identify the factors of reliable information security through state policy.
Materials and Methods
The methodological basis of the research is the following approaches: institutional, structural–functional, and systemic. The institutional method attaches great importance to official and formal rules. Its application makes it possible to recognize the institutional and legal aspect studied in information security, which is emphasized by political reality in the formal manifestations of its subsystems. It recognizes legal units, norms, institutions, and systems as specific structures distinguished by internal construction. Depending on the accepted understanding of the system, many hoax procedures and their effects on information security are explored. The unit of analysis in this case is a specific state, which is considered as a set of permissive generalizations leading to the reconstruction of a certain model of political practices or views that are important both for studying the work of political institutions and the entire political system. This hypothesis is based on the assumption that information security, especially during a pandemic, contains a set of methods that emphasize commonality in terms of methodological foundations. The research area focuses on issues related to hoax and the history of information processes, such as the power of the specifics of a political topic. It also partially affects the legal aspects related to the functioning of information protection.
The structural–functional approach is predominantly descriptive, explaining specific policy processes, action plans, and information security decision-making structures. The aforementioned approach primarily leads to the adoption of social and political narratives. This type of work is theoretical in nature. The source material is limited to specific data, with information analyses carried out. The conceptual and terminological network is quite extensive, and the most important category here remains the category of the security system. This methodology contains the most important concepts, whose terms are mainly political and governmental in nature. These include party power structures, numerous state institutions, state political bodies, international organizations, and individual entities. The reason for the choice of the presented approach is an extensive and interesting source material on the policy of state authorities in the field of information security. It does not take into account important events that are inconvenient for the pandemic regime, and, therefore, does not provide an opportunity to look at the problem in a multilayered way. Awareness of the material truth is, therefore, another, no less important, condition for information protection at the national level.
The system paradigm implies attempts to analyze information reality in terms of the impact of decisions of various centers on the changes caused in the information security system. It is characterized by variability depending on the conceptual network used. In the context of the decision processes and their final results and consequences, the most important participants and centers of the pandemic period that determine aspects of information security are divided. Legal acts of public administration bodies establish the specifics of the functioning of information security conditions, which is the relevant legislator and decision-maker. It is especially important that legal acts appear not only as acts of generally applicable law, but also in the form of individual decisions that are formally nonbinding. They are the basis for selecting the appropriate information security, which makes up the thematic and chronological complement of the main sources of threats. The scientific value is largely determined by the materials that describe in relative detail the factors of information security events.
Results and Discussion
First of all, it is necessary to define the terms “information security,” “cyberspace,” and “hoax.” In the article, “hoax” is defined as a deliberate deception made to fool or mislead. It may be intended as a joke, to gain publicity, to defraud, or for some other purpose. Hoaxes can take many forms, including false stories, fabricated evidence, or counterfeit objects. The key element is the intent to deceive, typically for amusement or personal gain. Information security is the practice of protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction. It encompasses a broad set of policies, tools, and practices to safeguard digital and nondigital information. In this case, cybersecurity is a subset of information security. It focuses specifically on protecting systems, networks, and data in cyberspace from cyber threats. By understanding these definitions, readers can better navigate the complex world of cybersecurity and information technology.
Information security protection has become one of the most frequently discussed security topics. States, international organizations, and other non-state actors have realized that the stability of the functioning and development of the global information society depends on an open, reliable, and, above all, secure cyberspace, especially during a pandemic. The rise and awareness in this regard goes hand in hand with a sharp increase in the number of computer incidents and new types of threats. The Republic of Kazakhstan faces the task of developing legal and organizational changes to ensure an appropriate level of security in cyberspace and its citizens. The development of the information society in combination with the expansion of the Internet is accompanied by penetration into the spheres of other aspects of human activity. Worldwide network coverage and the possibility of immediate access from almost anywhere on Earth, combined with low operating costs, encourage government organizations and companies, as well as individuals, to transfer their daily activities to cyberspace.10 Many Internet users cannot imagine their lives without quick access to information and email, Internet banking, online shopping, booking electronic tickets, or communicating with family and friends through social networks and messaging. Information has become synonymous with freedom of speech and unhindered data flow, and in some cases has successfully served as a means of revolution and social change.
Cyberspace becomes a virtual reflection of physical reality, the joint development of scientific networks gives a sense of anonymity, but can participate in hoax processes and be used by criminals, terrorists, or some countries to participate in illegal activities or aggression against others. Users most often become victims of viruses and other malware. An example is the so-called hackers who pursue ideological goals, for example, steal and destroy confidential data or prevent access to it.11 The space is also used as a tool for conducting politically motivated activities. Due to disputes and problems with a clear definition of the concept of terrorism, it is difficult to clearly classify specific examples of attacks as a result of terrorist activities in cyberspace. Many incidents can be a form of vandalism, an operation indirectly sponsored or carried out with the approval of the state, which is very difficult to prove. One of the biggest obstacles in the formal and legal way of regulating information security, both at the national and international levels, is the definition of terms related to this issue. The state draws attention to the many functioning definitions that often describe only the hardware security components, including software, but ignores a person as a user interacting with cyberspace, thereby becoming part of it.12
The problem of the lack of a coherent system and legal solutions during the pandemic is limited to the provision of a secure global network. Criminals, not constrained by the limitations of the law, are effectively inventing new ways of using cyberspace for misleading and illegal activities. This is facilitated by the dynamics of change in this environment, leading to an endless arms race between criminals and those responsible for the security of space. The lack of international rules is not only a problem in this area, since the actions of the programs show that state competition in the information space has become a fact. It is very likely that the problem will increase, which may lead to an interstate conflict of the information environment. This issue is currently not regulated by law, which is a legitimate cause for concern. The most common threats to information security include malware attacks, identity theft, extortion, modification or destruction of data, denial of access to services, unwanted or unnecessary email, and hoaxes and disinformation.13 They combine different types of tools and are carried out by organized groups with a significant budget and time to penetrate into a specific area with the aim of stealing confidential data or causing damage and destruction of a computer system.
The information security of computer networks and the dissemination of information have been the subject of interest of legal protection bodies for several years; until recently there was no definition in Kazakh legislation that translates the concept of virtual space as an area of potential threats into legal language. At the same time, the problem of security goes beyond the traditionally understood criminal act. The state initiative should instill the concept of cyberspace into the legal system and give impetus to further legislative work. The introduction of this definition is particularly important for institutions and political bodies responsible for broadly understood security, allowing the creation of appropriate competence tools necessary to carry out tasks through appropriate constitutional principles. The decisions taken will form an addition to the state information protection program. Modern attacks, in addition to computers, also attack mobile phones and target electronic banking and the financial system. Preliminary assessments of the material show that only about 7 percent of government websites have an acceptable level of security, and 18 percent are sites with an unacceptably low level of security. Unusual incidents that are not detected by standard security systems are happening more and more often. This is due to the global trend toward the use of attacks in cyberspace to illegally obtain information from systems belonging to specific government institutions.14
Information resources and infrastructure elements are subject to hoax threats, causing security trends at the global level. Along with the progressive computerization of the state, it is necessary to create effective, preventive, technical, organizational, and legal solutions to protect its citizens and specific activities. The care and responsibility for maintaining information security and the development of cyberspace cannot be assigned exclusively to the agencies, which delegate some of their responsibilities to society, the private sector, and nongovernmental organizations. Their common goal should be ensuring the security of the state’s critical information infrastructure against threats from cyberspace; creating a coherent security policy at the national level for public and private sector organizations; establishing an effective coordination system to enable public and private sector organizations to collaborate on cyberspace security during a pandemic; managing the consequences of computer incidents to minimize their costs; and raising public awareness about information security. In order to achieve these goals, it is important to take multilevel action involving all stakeholders. After all, the information infrastructure is in the hands of private individuals, together with whom the state should determine the methods and scope of joint activities.
Legal information standards during a pandemic should be ensured by the effective work of the entire state and its institutions in the field of security. It is necessary to regulate in law the principles of protection and the definition of areas of responsibility for the protection of the information security infrastructure, since individual elements belong to different units of political governance. It is also important to ensure the consistency of the security policy for these components. The development of cooperation mechanisms in the field of information protection refers to the cooperation of the Republic of Kazakhstan with other countries, as well as with international organizations. Ensuring the security of cyberspace is impossible without the development of early warning systems about attacks, the introduction of additional preventive solutions, and special protection of key systems.15 Combined with exercises to assess the resilience of this infrastructure, protection tools should aim to strengthen access to public services and expand computer incident response teams. The Universal Crisis Communications Plan and standby solutions allow critical infrastructure to be taken over in the event that the core system becomes unavailable. Ensuring information security is impossible without involving the widest possible group of users of the global network, who, being aware of the dangers, will be able to contribute to data protection aimed at making users more aware of the threats that await them in space.16
Information security currently supports the activities of almost all spheres of life, and is also used in every modern institution, both in a large enterprise and in a small company. It determines the level of development of the state’s economy, the quality of its organizational and administrative structure, security in a broad sense, as well as the standard of living of citizens.17 The recent development of information networks and network services in the wake of the pandemic has led to dependence on the efficiency and security criteria of the mechanisms used. An increase in criminal activity aimed at deception, theft, and illegal use of information affects both the number of services available and the amount of information resources stored online. The most serious threats are attacks by hacker programmers with extensive knowledge in the field of information technology, who exploit vulnerabilities in software and security of information systems, as well as attacks by computer criminals, also known as hackers, who use the relevant knowledge, procedures, and naivety of users. Their working methods change as needed and are transformed by the use of new technologies, and their activities are aimed at informing administrators and software manufacturers about the vulnerabilities found.18
The Republic of Kazakhstan is increasingly using digital solutions, with government agencies, businesses, and citizens relying heavily on the innovative opportunities created by the network during the pandemic. Confidence in the security of digital solutions is necessary for the further digitization of society. The government is currently stepping up its activities in the field of information security. This work is being consolidated through the national implementation of protection strategies, which is a combination of actions by different government institutions. Information security is promoted by increasing the technological stability of the digital infrastructure, improving the knowledge and skills of citizens, businesses and government agencies, and strengthening coordination and cooperation in the field.19 The strategy focuses on consolidating protection and ensuring systematic action. It is impossible to eliminate the threat of hostile hoaxes, deception, and attacks, but the Government’s support will help to ensure that society continues to benefit from the opportunities offered by new technologies. However, the digital transformation of society leads to a greater dependence on solutions related to vulnerability to incidents that lead to the failure of information systems or the violation of the confidentiality, integrity, and availability of data. These incidents can be the result of attacks or inadvertent breaches of information security.
The high degree of accessibility of digital solutions provides huge advantages and many new prospects for citizens, businesses, and society as a whole. It attracts foreign investment and allows us to remain competitive. Digital transformation will continue in the coming years, both in the public and private sectors. The development of new technologies will gain momentum, and the coverage will constantly expand. Public agencies need to continue to use digital solutions to provide more and more effective services to citizens. The main responsibility of public agencies and businesses is to ensure that security meets the challenges they face. Within the framework of the national information security strategy aimed at key sectors of state society and government, an action plan has been developed that should intensify efforts to ensure the necessary level of security across the country. These efforts should be based on national efforts, which will help to increase the level of national protection. As information connectivity expands, the amount of data transmitted digitally is also increasing. In turn, citizens, businesses, and the government are increasingly becoming the target of sophisticated hostile attacks and deceptions. An event that can initially be considered as an isolated case of relatively minor importance can quickly spread to all government agencies, enterprises, and sectors.20
As information systems and infrastructures become more integrated during a pandemic, related security issues become more complex. In addition, many government institutions face the problem of large and complex cases of outdated information and communication structures, which requires maintaining the necessary level of security.21 Most of the information infrastructure is characterized by critical aspects in many sectors, such as transport, finance, and healthcare. Also, there are many small and medium-sized enterprises that form the basis of the economic system, which cannot provide an adequate level of security. For this reason, maintaining sustainability and security has become a challenge. The growing social and economic role of information solutions creates completely new in-demand conditions for information security, but the lack of systematic approaches leads to negative consequences. There is a need to create systematic and coordinated actions that will be able to function safely and smoothly. This process requires the resilience of the digital infrastructure to threats and deceptions, as well as the constant development of digital skills of citizens, businesses, and agencies, which will contribute to maintaining a high level of information security in the Republic of Kazakhstan. Business and government agencies in their organizational units are responsible for security.
Kazakhstan’s information security strategy is part of a large-scale initiative. The lead activity provides a 24/7 summary of the national information security situation through existing or potential threats affecting the most important network data.22 Central agencies should have a complete overview of individual structures requiring protection and monitoring to protect information systems and important data. In order to guarantee continuous monitoring, it is important for the state to establish an up-to-date information security plan to identify existing and potential threats to the main digital networks, which will contribute to obtaining an exhaustive description of the provisions of state agencies on a national scale of the anti-crisis management system. State agencies, in cooperation with certain types of enterprises, are obliged to report security incidents to the competent agencies. The reports provided are a prerequisite for a substantial exchange of knowledge and confidential data. To improve the reporting procedure, the Kazakh government developed an integrated digital solution for information security incidents. This solution will allow businesses and government institutions to report as many security incidents as possible. To ensure full compliance with protection standards, the implementation activities of organizational units should be monitored.
The pandemic has created a need to implement remote work in a short period of time and increase the mobility of employees in the fields of information technology and security, where close cooperation between companies has been established.23 This is the current reality that state-owned enterprises have to deal with. The topic of information security concerns enterprises whose management relates directly to the assessment of security risks to facilitate understanding of the complexity of hoax.24 Knowledge of the aspects discussed provides an opportunity to show attempts to standardize risk assessment processes through the opportunities and advantages that can be gained in practice through systematic information security management. The importance of the principles of confidentiality, integrity, and accessibility in the information security system is represented in various ways, developing specifically for the pandemic. The guarantee of effective protection of information is to ensure an appropriate level of security and the use of appropriate technical solutions. The principles of the system are based on the information security standard and provisions concerning the protection of personal data to meet the requirements of applicable legislation, as well as institutional structures for information protection.25
The security of information and the systems where it is processed is of key importance and is a condition for the continuous development of the Republic of Kazakhstan. One of the basic principles of personal data processing is the so-called data minimization, which means processing only those personal data that are necessary from the point of view of the purpose for which they are processed. This principle takes special care to protect the interests of data subjects, and, in particular, it is obliged to ensure that this information is limited to the necessary minimum. It is necessary to contain such fields that will allow the data subject to consent to the processing of personal data, if it is based on the premise of legality. Note the fact that a security application in the form of implementing firewall mechanisms or using only email by the user does not affect the security level classification. The only important thing is that at least one of the devices involved in data processing has access to the Internet, which makes this device vulnerable to numerous threats and deceptions emanating from this network. This processing is associated with the acceptance by the user of responsibility for the operations performed with the data. At the same time, responsibility for any violations resulting from improperly or illegally performed processing operations may be caused by authorized persons.
Picking up the pace of threats and deceptions in the internal sphere of the state, information security programs during the pandemic divide them into threats related to the imperfect functioning of civil society in cyberspace and media space and threats related to the use of international contacts, including bilateral, using the support of specific legal entities or individuals.26 In particular, the programs indicate that the lack of information makes them vulnerable to disinformation and hoax, contributing to the functioning of influential security agencies. Hoaxes in cyberspace are recognized to carry out disinformation, trolling, and hostile propaganda to disrupt important public administration and private sector tasks.27 Information security in sectors and institutions with a higher degree of sensitivity is due to the existence of technological gaps that make it possible to imperceptibly interfere with the content of web portals and influence the ability and properties of actions.28 As a result, undesirable external information influences, which may relate to the control procedures of state processes, are a serious threat. In connection with the functioning of threats on the territory of the Republic of Kazakhstan in global cyberspace, governmental and nongovernmental institutions form a national blockade of information transmission.29
The functional requirements of information security relate to the entire system used for processing and transmitting data, which allows you to receive information through a form on the site, which consists of part of the processing of the form and part of the maintenance of data collected using forms. The specificity of such a structure is that the persons entering information into the system are not users of the part of the system where the data obtained from the forms provided by the controller is stored. Therefore, if the provided data is not signed with an additional electronic signature, the verification must be carried out by the administrator. Underneath the security issue lies another prerequisite for a functioning system. Persons who intend to register using this form should be informed about who is the data controller and for what purposes information provided will be processed, as well as about the voluntary nature or obligation based on a legal element as a result of personal data protection actions. When processing data using computers, there is a public network, as an information system used to store information, which is also exposed to various threats. Therefore, it is important to apply high-level security measures. In practice, this means that the system must meet all the minimum requirements specified in the safety regulations and be implemented at the appropriate level.30
Like Kazakhstan, Kyrgyzstan has been focusing on developing its national cybersecurity infrastructure. However, as of the latest update, Kyrgyzstan faced challenges in terms of a comprehensive legal framework related to cybersecurity. Capacity building in Kyrgyzstan is an ongoing process, with an emphasis on training professionals and modernizing technical tools and infrastructure.31
Uzbekistan has been actively reforming its digital sector, which includes a push toward stronger cybersecurity measures. The nation has worked on fostering international collaborations, especially with countries like South Korea, to enhance its digital infrastructure and cybersecurity measures. As with other Central Asian nations, there’s a strong emphasis on public awareness and training programs to deal with cyber threats.32
Tajikistan, being one of the less digitally developed nations in the region, has had a slower progression in terms of establishing a robust cybersecurity framework. Nevertheless, there have been efforts to bolster its legal and technical stance on cybersecurity, especially in the public sector. International cooperation and partnerships play a vital role in Tajikistan’s efforts to upgrade its cybersecurity measures.33
Kazakhstan’s efforts in creating a comprehensive legal framework for cybersecurity are more advanced than some of its Central Asian neighbors, especially when compared to Kyrgyzstan and Tajikistan. Kazakhstan and Uzbekistan seem to be more proactive in terms of modernizing their technical cybersecurity infrastructure. Their push toward embracing modern technologies gives them a slight edge in the region. While all Central Asian countries understand the importance of capacity building in cybersecurity, Kazakhstan’s efforts in this area, in terms of training programs and public awareness campaigns, have been more pronounced. All the aforementioned countries recognize the importance of international collaboration. However, Kazakhstan and Uzbekistan have been more active in seeking out international partnerships and collaborations to enhance their cybersecurity stances.
In summary, while there are shared approaches and challenges in the realm of cybersecurity among these countries due to their shared history and regional dynamics, Kazakhstan, as of 2023, seems to be slightly ahead in terms of its comprehensive approach to the issue compared to some of its neighbors. This can change as other nations in the region ramp up their efforts and invest more in their cybersecurity infrastructure. It’s worth noting that the state of information security can change rapidly due to technological advancements, the emergence of new threats, political events, and other factors.
Conclusions
Thus, the information space has become a new security environment, which entails the need to make numerous changes both in pragmatics and in the legal and organizational aspects of the functioning of the systems of the Republic of Kazakhstan. In this context, it is particularly important to understand the dynamics of change in the current environment during the pandemic. Building a legal system that is the state’s response to hoaxes, threats, and problems is an extremely difficult task. This is due not only to the pace of technological change, but also to the peculiarities of the environment, which acquires appropriate significance in the conditions of a network society. Attacks and hoaxes can pose a threat to the functioning of not only non-state institutions, but also the state itself as a whole. Threats to the information security of the state are associated with the attributes of information, since their violation leads to the fact that data becomes inaccessible or incorrect, therefore, they cannot effectively perform their role. When forming legal norms at the national level, regulating strategies and policies of international cooperation and security should take into account these fundamental problems. The prerequisite is, on the one hand, a quick response, and, on the other hand, the formulation of regulations governing state activities in the field of information security.
The information security policy forms the basis of the information security management system operating in the Republic of Kazakhstan. It defines the management structure, as well as the general concepts, requirements, and principles according to which information assets are managed, protected, and operated. It should not be forgotten that threats in cyberspace represent a different category of legislative and organizational problems, which in many ways resemble the problems generated by other asymmetric aspects. Their common feature is forcing state structures to develop toward fewer hierarchical and flexible solutions. The network, in social, technological, and political dimensions, is one of the most important concepts of the new security paradigm both at the national and international levels. The dependence of the modern state on an effective information security structure is underlined by the protection of its information resources and the ability to identify and effectively counteract hostile influences aimed at gaining the country’s political influence or social mood. Thus, the concept of state information security is inextricably linked to information warfare, that is, one where information is present.
With an enhanced cybersecurity stance, Kazakhstan might attract more digital businesses and tech investments, given the increasing importance of digital security in the global business environment. As Kazakhstan continues to bolster its cybersecurity measures, it may become a target for more sophisticated cyber threats. This necessitates continuous monitoring and evolution of its cybersecurity strategies. In conclusion, the study indicates that while shared regional dynamics influence Central Asian countries’ approach to cybersecurity, Kazakhstan is setting a benchmark in several areas. Its commitment to a comprehensive cybersecurity strategy not only benefits its internal landscape, but also has broader implications for the region and its international partnerships.
Kazakhstan should continue to refine its regulatory framework to align with international best practices. Regularly updating cybersecurity laws and regulations will ensure the nation is prepared for evolving threats.
As artificial intelligence becomes more integral in various sectors, a study on its potential role in enhancing cybersecurity in Kazakhstan could be insightful.
FOOTNOTES
Lotrionte.
Toure; Singer.
Nye and Joseph.
Ginters.
Martemucci and Matteo.
QazMonitor.
“Kazakhstan Reports Hacker Attacks.”
Mukasheva, Iliev, and Balbayev.
Markoff and Kramer; Eriksson and Giampiero.
Berdykulova.
Clarke and Knake.
Boyd-Barrett.
Archibugi and Iammarino.
Choobineh et al.
Lupan and Prelipcean.
Mustafin and Kantarbayeva, “A Model for Competition of Technologies.”
Mustafin and Kantarbayeva, “Resource Competition and Technological Diversity.”
Madsen; Scholte.
Barlybayev and Sharipbay.
Renaud et al.
Abudaqa, Hassim, and Saidun.
Jeremy, Hall, and Battaglio.
Bidaibekov et al.
Gungor.
Goodman; Wamala.
Akyazi.
Cointet.
Aviv et al.
Georgiadou et al.
Wang et al.
UNDP in Kyrgyzstan Supports Digital Resilience.
Uzbekistan in the Process of Digitalization.
Digital Transformation in Tajikistan as Central COVID-19 Response Policy.