ITU's 160 anniversary

Committed to connecting the world

News

CIS countries' results in the field of cybersecurity according to the Global Cybersecurity Index 2024 and the role of ITU cyberdrills in improving the readiness of countries to respond to cyberthreats


​​RI 2: Cybersecurity and personal data protection​
​​​​​​
14 January​​​​​ 2024
kandinsky-download-1734088591274.png





















Timur Derbishaliev, ITU Cybersecurity Consultant​

A new approach in country categorisation: five tiers

In 2024, the International Telecommunication Union released the fifth edition of the Global Cybersecurity Index (GCI), which assesses countries’ efforts to ensure cybersecurity. Over the past four years, Uzbekistan has strengthened its position and entered the second group of advanced countries, together with Russia, Kazakhstan, and Azerbaijan. Kyrgyzstan and Belarus moved up to the third group, known as the “establishing” group.

In addition, Tajikistan and Turkmenistan have strengthened their positions, so that in 2024, none of the CIS countries will fall into the last category of countries with a low level of cybersecurity commitment. 

The GCI assesses countries’ cybersecurity commitments in five areas:
  1. Legal – measuring laws and regulations on cybercrime and cybersecurity;
  2. Technical – measuring the implementation of technical capabilities through national and industry agencies;
  3. Organisational – measuring the existence of national strategies and organisations implementing cyber security;
  4. Capacity Development – measuring awareness, training, education, and incentives for cybersecurity capacity development;
  5. Collaborative – measuring partnerships between agencies, companies and countries.
The index emphasizes the need for inclusive and secure telecommunications/ICTs for sustainable development, highlighting the importance of cybersecurity, digital literacy, and secure infrastructure.

Changes in countries’ positions in the ranking over four years

According to the previous edition of the ITU Global Cybersecurity Index, released in 2020, the most developed countries in the CIS region were Russia, Kazakhstan, and Azerbaijan. At that time, only Russia (98.06) ranked among the top ten countries globally, sharing leading positions with the US, the UK, Saudi Arabia, Estonia, South Korea, Singapore, and Spain, among others.

In 2024, the authors of the study reclassified Russia, which was once a leader in the 2020 rating, from a leading to an advanced country in the field of information security (92,13). ITU experts identified legal regulation, the production capacity of IS market players, and organizational capabilities as Russia’s strengths, while noting technical equipment and cooperation as areas with potential for growth.

CIS countries such as Kazakhstan, Uzbekistan, and Azerbaijan are also in the second most advanced group, alongside China, Switzerland, Ireland, and Israel. In 2020, Kazakhstan and Azerbaijan were categorized in the second tier of countries in terms of cybersecurity level (85-95 points) and have retained their positions four years later.​
GCI 2024, ITU.png




















Uzbekistan made a leap and entered the group of advanced countries in terms of cybersecurity development level

Uzbekistan moved up to the category of advanced countries, rising from a lower tier (from 71 to 89,2 points). Previously, Uzbekistan’s strengths included only the legal framework, but now ITU experts have added capacity development and cooperation to these strengths.

Belarus and Kyrgyzstan also improved their positions, advancing from the fourth to the third group (Establishing, 55-85 points). In 2024, Belarus added legal measures to the cooperation indicator as a strength. Kyrgyzstan, meanwhile, significantly strengthened its technical measures to ensure cybersecurity while maintaining a high level of legal and organizational measures.

In 2024, none of the CIS countries were categorized as states where the IS ecosystem is only under construction (0-20). Tajikistan and Turkmenistan, which belonged to this group in 2020, increased their ratings and moved into the developing group (20-55), alongside Armenia.

The role of ITU cyberdrills in enhancing cybersecurity

To help countries strengthen the competencies of cybersecurity professionals, engage in international cooperation, and share experiences, the ITU conducts cyberdrills at national,regional and international levels. ITU cyberdrills are structured around various cyber incident scenarios — specifically, the most common types of attacks. Participants are tasked with investigating and analyzing these incidents and developing measures to mitigate their effects.

The target audience for these cyberdrills include national Computer Incident Response Teams (CIRTs). They operate on the principle that if specialists from one CIRT observe suspicious activity, they can contact the CIRT of another country to resolve the issue more effectively.

Timur Derbishaliev, ITU Cybersecurity Consultant, notes that countries’ interest in cyberDrillsincreasing due to the growing number and complexity of cyber threats, which necessitate continuous skill improvement for professionals in this field.

“Cyberdrills provide IT security professionals with the opportunity to practice their skills in conditions that closely resemble real-world scenarios. This facilitates effective knowledge and technology sharing among participants and enhances their preparedness to counter cyberattacks. Participating in cyber exercises allows professionals to test and refine their skills under simulated conditions that mimic actual cyber environments, contributing to their professional development as they interact with modern and advanced cyber defense and attack methods,” said Timur Derbishaliev.

According to him, a distinctive feature of cyber exercise is teamwork, which develops communication skills and the ability to function effectively in a high-stress environment. In addition, the drills provide an excellent platform for interacting with other professionals in the field, fostering new collaborations.

“Cyberdrills involve malicious traffic that is often much more complex than what specialists encounter in their daily practice. This is because the aim of these drills is to recreate conditions as closely resembling the real world as possible, including simulations of the latest and most complex cyber threats. This approach allows participants to effectively adapt to the dynamically changing cyber landscape, preparing them for genuine cybersecurity challenges,” concluded Timur Derbishaliev.
GeG35lSWAAALDGO.jpeg
























The First National CyberDrill in Armenia was held in Yerevan from December 5-6, 2024
 
The First ever ITU National CyberDrill was organized by the Telecommunication Development Bureau and co-hosted by the Information Systems Agency of Armenia (ISAA) and with the support of the Ministry of High-Tech Industry of the Republic оf Armenia. It was organized within the framework of the ITU Regional Initiative for CIS Region on cybersecurity and personal data protection, as agreed upon by the 2022 World Telecommunication Development Conference (WTDC-22).

The CyberDrill included two real-world scenarios developed by ITU experts and specialists from the Forum of Incident Response and Security Teams (FIRST). The scenarios were based on the most common types of attacks faced by national cyber incident response teams. Experts from the national CIRT, relevant ministries, and government agencies participated in the cyberdrills.
​ More news >>​