National cybersecurity strategy of Georgia for 2021-2024 and its action plan

September 2021

View the original document

Strategies and Action Plans

The National Cybersecurity Strategy of Georgia (2021–2024), adopted by the Government on 30 September 2021 (Resolution No. 482), represents the third national-level strategy in this domain. It is an evolution of the earlier strategies from 2013–2015 and 2017–2018, reflecting changes in Georgia’s cybersecurity environment and aiming to respond to contemporary challenges with a robust policy and institutional framework.

Overview and strategic vision

The strategy views cybersecurity as an integral component of national security. It emphasises a holistic approach that integrates education, institutional coordination, technical capability, and international cooperation. The government outlines a three-year plan to enhance Georgia’s cyber resilience and ensure a secure digital environment for both the public and private sectors.

It is developed in collaboration with stakeholders from government, academia, business, and civil society and aligns with Georgia’s broader national security framework and international commitments.

Strategic goals and objectives

The strategy is structured around four strategic goals, each supported by specific objectives:

  1. Foster a cybersecurity culture and capabilities in society and organisations
    • Raise awareness and enhance education about cyber threats and safe online behaviour, targeting students, teachers, civil servants, journalists, and others.
    • Incorporate cybersecurity into formal education and vocational training.
    • Launch nationwide awareness campaigns and digital hygiene initiatives.
  2. Ensure the sustainability of the national cybersecurity governance system and enhance public-private cooperation
    • Develop a coordinated and effective cyber incident response system.
    • Strengthen capabilities to combat cybercrime, including through law enforcement and prosecution.
    • Facilitate international standards and knowledge sharing between sectors.
    • Establish national cybersecurity goals and support research and innovation.
  3. Enhance national cyber capabilities with skilled professionals and adequate infrastructure
    • Train and certify cybersecurity professionals.
    • Invest in technical infrastructure and tools for threat detection and incident management.
    • Expand domestic capacity through strategic academic and vocational partnerships.
  4. Position Georgia as a safe and reliable actor in international cybersecurity
    • Increase access to cyber threat intelligence and international cooperation.
    • Participate in international cyber drills and exercises.
    • Strengthen bilateral and multilateral partnerships in the field.

Guiding principles

The strategy is based on several core principles:

  • Cybersecurity is a component of national security.
  • Responsibilities are shared across the government, the private sector, and citizens.
  • Legal compliance and protection of fundamental rights and data privacy are paramount.
  • Risk-based approach and proportionality in cybersecurity measures.
  • Emphasis on innovation and technological advancement.
  • Active international collaboration.

Implementation and monitoring

A detailed action plan accompanies the strategy, with designated institutions responsible for each activity. Performance will be monitored through regular evaluations, with adjustments made as needed based on evolving threats and outcomes.

Institutional framework and roles

  • The Digital Governance Agency oversees information security in public systems.
  • The Operational-Technical Agency under the State Security Service is responsible for managing major cyber incidents affecting critical infrastructure.
  • The Cybersecurity Bureau under the Ministry of Defence handles military and defence-related cybersecurity.
  • The Ministry of Internal Affairs leads efforts against cybercrime.
  • The State Inspector’s Office ensures compliance with data protection and oversees lawful investigative practices.
  • The National Bank of Georgia regulates cybersecurity in the financial sector.

Notable challenges and threats

Georgia faces diverse cyber threats, including:

  • State-sponsored cyberespionage and hybrid attacks, particularly from the Russian Federation.
  • Attacks on critical infrastructure.
  • The proliferation of cybercrime (e.g. phishing, ransomware, defacement).
  • Risks from unauthorised software and unsecured procurement practices.
  • There is a need to upgrade existing legal and technical standards.

International standing

Georgia is recognised as a leader in cybersecurity among Eastern Partnership and Black Sea countries. The country actively participates in international platforms (e.g. NATO, EU, OSCE) and has signed multiple MoUs to enhance cooperation. It is consistently ranked highly in global cybersecurity indices, such as the ITU’s Global Cybersecurity Index.