The Strategy of the Republic of Azerbaijan on Information Security and Cybersecurity for 2023–2027

The Strategy of the Republic of Azerbaijan on Information Security and Cybersecurity for 2023–2027 outlines a comprehensive framework to strengthen the country’s resilience against cyber threats and to advance national capabilities in managing information and digital risks.

Approved by Presidential Decree in August 2023, this is Azerbaijan’s first official strategic document solely focused on information and cybersecurity. The strategy reflects the growing importance of protecting national digital space in the face of evolving threats, rapid ICT growth, and increasing global interconnectivity.

The main objectives of the strategy are:

• To protect critical information infrastructure and individual data.
• To reduce dependency on foreign technology in the security domain.
• To encourage local innovation and startups in cybersecurity.
• To raise national awareness and education on cybersecurity issues.
• To enhance international cooperation and integration in cyber defence.

Strategic priorities include:

1. Threat detection and risk management: Establishing a registry of cybersecurity risks, classifying potential threats, and developing AI-based solutions to predict and prevent attacks.
2. Incident detection and technical protection: Strengthening the capacity of national CERTs, improving monitoring and incident response mechanisms, and supporting domestic production of cryptographic and technical security tools.
3. Enhancing security levels in the information space: Applying best practices and standards for managing public and private ICT services, protecting digital broadcast infrastructure, and evaluating national information security performance.
4. Critical information infrastructure protection: Ensuring operational continuity of infrastructures whose failure could endanger national security, health, or economy.
5. Combating cybercrime and improving cyber-forensics: Strengthening investigative capacities and technical capabilities to counter cybercrime, including ransomware, insider threats, and digital fraud.
6. Institutional capacity and legal framework development: Enhancing research and education infrastructure, creating new training centres, and continually updating the legal basis for cybersecurity aligned with global standards.
7. Promoting cybersecurity culture and public awareness: Introducing educational programs, public campaigns, and targeted initiatives to improve digital literacy, especially among youth and vulnerable groups.
8. Expanding national and international cooperation: Fostering collaboration among state bodies, the private sector, and civil society, while aligning with international cybersecurity norms and practices.

Implementation mechanism:

The strategy is supported by a detailed Action Plan (2023–2027), which assigns roles to key institutions, including the Special Communication and Information Security State Service, the Ministry of Digital Development and Transport, the State Security Service, and others. The plan includes measurable performance indicators, defined timelines, and provisions for financing through the state budget and other lawful sources.