30.08.2023
By the Decree of the President of the Republic of Azerbaijan dated August 28, 2023, “The Strategy of The Republic of Azerbaijan on Information Security and Cybersecurity for 2023-2027" (hereinafter - the Strategy) was approved. The Strategy is designed to elevate the nation's information security standard, with the overarching goal of facilitating secure utilization of contemporary Information and Communication Technologies (ICT) by the state, society, and individuals. Its objective extends to delineating and executing measures to bolster the security of information infrastructure prevalent in both the public and private sectors, encompassing critical information infrastructure. Additionally, the Strategy is geared towards safeguarding personal data, fostering an environment that fosters the observance of human rights and freedoms outlined in the Constitution of the Republic of Azerbaijan within the digital realm.
In our swiftly globalizing world, the assurance of information security and cybersecurity has emerged as a pivotal concern on both national and international fronts. Emphasizing that the primary objective is safeguarding the interests of individuals, society, and the state within this domain, it is imperative to acknowledge the factors that underscore the necessity of implementing the Strategy. These factors also stem from the escalating proliferation of technologically intricate cyber attacks targeting our information space, encompassing its integral components.
Collectively, the tangible efforts directed toward establishing and advancing the national cybersecurity ecosystem have yielded substantial advancements in our country's global standing. Evidently, Azerbaijan demonstrated notable progress by climbing 15 places in the "Global Cybersecurity Index 2020" (GCI) rankings, a compilation by the International Telecommunication Union. This achievement positioned Azerbaijan at 40th among 194 nations, securing an impressive score of 89.31 points. It is undeniable that amplifying these practical endeavors in alignment with the Strategy will undoubtedly fortify our nation's standing even further within the global cybersecurity rankings.
The emergence of "cloud" services, heightened efforts to raise awareness about "ransomware" attacks, the escalating prevalence of "insider" threats, the imperative to widely adopt "multi-factor authentication" methods to counter cyber threats, and the urgency to address these pressing and exceedingly critical matters once again underscore the pivotal significance of the Strategy's role in the country's advancement and our daily lives. Furthermore, within the Strategy, the establishment of infrastructure grounded in contemporary information technologies within areas liberated from unlawful occupation, the realization of the "Smart City" and "Smart Village" concepts, are highlighted as primary prerequisites for regional stability and progress. Additionally, the emphasis on crafting and implementing apt solutions rooted in "big data," "cloud," and "machine learning" technologies within this domain has been reiterated.
Within the Strategy, which encompasses strategic planning and phased execution of initiatives to safeguard information security and cybersecurity within the Republic of Azerbaijan, the subsequent priority directions have been delineated:
1. Identification of threats and risk management;
2. Enhancement of information security incident detection measures and security technologies;
3. Elevating the assurance level of information security within the information space;
4. Ensuring the security of critical information infrastructure;
5. Enhancing efforts in the realm of combating cybercrime and cyber forensics;
6. Enhancing capacities in information security and cybersecurity, and advancing institutional frameworks;
7. Enhancement of regulatory frameworks for information security and cybersecurity;
8. Fostering information security and cybersecurity culture;
9. Fostering domestic and international collaboration in information security and cybersecurity.
Moreover, in alignment with the aforementioned priority directions, the set objectives spanning the duration of the Strategy, and the intended accomplishments, a comprehensive action plan has also been ratified. This action plan entails a comprehensive array of measures aimed at fortifying information security and cybersecurity across the nation. Notably, the action plan is well-positioned to efficiently expedite the holistic implementation of the Strategy via clearly outlining the primary entities responsible for each approved measure, defining precise implementation timelines, and furnishing clear result indicators.
It is important to highlight that a total of 23 distinct entities (institutions) have been designated as the responsible implementers of the measures outlined in the Strategy spanning the years 2023-2027. Additionally, the task of orchestrating the Strategy's execution in alignment with the relevant Presidential Decree of the Republic of Azerbaijan has been entrusted to the Cabinet of Ministers. Furthermore, the ongoing monitoring and assessment of the progress in implementing the designated measures have been delegated to the Information Security Coordination Commission.