Cybersecurity in the Making – Policy and Law: a Case Study of Georgia

Abstract

Summary The given article is an evaluation of the implementation and development of Georgia’s cybersecurity policy, and its influence on Georgia’s global cybersecurity index. The study covers the period from 2008 to 2018. In 2008 Georgia became one of the first victims of hybrid warfare. During the August 2008 Russo-Georgian war, Georgian government websites were attacked by hackers affiliated with Russia. In the given period, cybersecurity was not the priority direction for Georgia, therefore government portals were easy targets for cybercriminals and the government couldn’t prevent the cyberattacks. After 2008, the government decided to develop a state cybersecurity policy. In 2012 the country ratified the Council of Europe’s cybersecurity convention. At the same time, the “Law of Georgia on Information Security” which had become a basic document of the cybersecurity state policy implementation, had been adopted. The document was followed by a cybersecurity strategy. During the following years, based on cybersecurity strategy document, Georgia implemented 2 action plans and defined the relevant state agencies responsible for “cyber safety” of the country. As a result of the reforms, in 2017, according to the International Telecommunication Union (ITU) Cybersecurity Global Index, Georgia has been ranked among the top ten countries. The given article is a chronological description of a Georgian cyberpolicy and cybercapabilities evolution. It includes cases of organized cybercrime carried out against the state and examples of the development of Georgian cybersecurity policy which was reflected on the global international cybersecurity index of the country.