Mongolian National Cybersecurity Strategy

Strategies and Action Plans

Recognising the critical need to safeguard its information assets, the Mongolian government has articulated a comprehensive National Cyber Security Strategy. This strategy aims to ensure the security, confidentiality, and availability of information for government entities, citizens, and legal entities operating within the cyber environment.

At the heart of this strategy lies a clear vision to protect the nation’s digital landscape against cyber threats and vulnerabilities. The strategy outlines a structured approach to achieving this vision, encompassing strategic goals, specific objectives, and a phased implementation plan over a span of several years. It underscores the importance of a robust legal framework, the protection of critical information infrastructure, the enhancement of human resource capacities, the expansion of international and domestic cooperation, and the development of resilience against cyber attacks.

This document details the strategic goals and the corresponding activities necessary to build a secure and resilient cyber environment. Through targeted initiatives and a collaborative approach involving both public and private sectors, the strategy aims to fortify the nation’s cyber defences, ensuring a secure digital future for all stakeholders.

Vision

  • Ensure the security, confidentiality, and availability of information for the government, citizens, and legal entities at the national level.

Strategic Goals, Objectives, and Deadlines

  • Improve Legal Framework: Strengthen laws and management systems for cybersecurity.
  • Critical Information Infrastructure Security: Protect organisations with critical infrastructure.
  • Human Resource Capacity: Enhance training and retraining in cybersecurity.
  • Expand Cooperation: Foster both domestic and international collaboration.
  • Cyber Security Resilience: Develop capabilities to respond to cyber attacks.

The strategy will be implemented in two phases: 2022-2025 and 2026-2027.

Activities to Achieve Objectives

  1. Strengthen Legal Framework and Management System:
    • Establish a council for unified management.
    • Create legal environments for information exchange about cyber incidents.
    • Localise international cybersecurity standards.
    • Enhance information security through investments.
  2. Ensure Cyber Security of Critical Information Infrastructure:
    • Introduce risk management systems.
    • Establish certification laboratories for critical infrastructure.
    • Enhance crisis management systems.
    • Address vulnerabilities from advanced technologies.
  3. Improve Human Resource Capacity:
    • Include cyber security in educational curricula.
    • Organise national campaigns, competitions, and seminars.
    • Support training, research, and academic efforts.
  4. Expand Cooperation:
    • Collaborate with international organisations and associations.
    • Encourage participation of state and non-state actors.
    • Support national production and reduce dependency on foreign technology.
  5. Create Cyber Security Flexibility and Attack Response Capability:
    • Establish centers for combating cyber attacks.
    • Develop digital analysis laboratories.
    • Enhance infrastructure for information exchange.
    • Support the creation of sector-specific cybersecurity units.

Implementation Management, Organisation, and Investment

  • The strategy will be overseen by the Government and the National Cyber Security Council.
  • Funding sources include state and local budgets, international loans and grants, and private investments.

Indicators of Strategic Goals

  • Legal and regulatory framework improvements.
  • Increased cybersecurity practices in critical infrastructure organisations.
  • Enhanced human resource capacity and digital literacy.
  • Expanded international cooperation and memberships.
  • Improved national digital signature and internet access infrastructure.

Monitoring and Evaluation

  • The central state administrative organisation responsible for e-development and communication will monitor and evaluate the implementation, reporting to the Cyber Security Council.