2018, Georgia adopted and implemented two-sets of national cybersecurity strategies and
respective action plans. Both strategy iterations concentrated on following strategic
priorities: research and analysis; legislative and regulatory frameworks; institutional
coordination; public awareness and education, and international cooperation. Georgia is
in the process of elaborating a new strategy for consecutive five years that will
demonstrate national vision and government’s strategic development path for cyber
development. All the past efforts and ongoing work demonstrate that Georgia is wellstand to enhance cybersecurity resilience through effective policy and strategy
dimensions;
2) Georgia is a trusted partner and an active participant of regional and international forums:
Georgia is part of a regular dialogues on internet governance and human rights on
domestic, regional, European and international levels, under the UN auspices and other
bilateral and multilateral forums with the aim to build-up common understanding of
present and future goals to make cyberspace secure and stable field for everyday
operations. Georgian information and cyber security authorities strive to cooperate with
like-minded states on bilateral formats as well: annually Georgian authorities sign 2-3
new MoUs on information and experience sharing in the field of cyber security with
different countries. Georgian technical security community is also part of European and
International cyber incident sharing platforms (CERT.EU; Trusted Introducer; Team
Cymru, etc.,);
3) Georgia considers cybersecurity as a whole-of-nation challenge – Safety and security of
cyberspace is not only a government’s responsibility, but it entails individual and
industrial duties and obligations, in a broader sense. While role of government is to
provide enabling frameworks for open, trusted, secure and transparent cyberspace, it does
not substitute corporate industrial sectors’ roles in safeguarding their own ICTs, as well as
end-users’ commitments towards essential security requirements;
4) Protection of Critical Information Infrastructure - Under the Law on Information
Security, promulgated in 2012, two first sets of civilian and military entities have been
identified as Critical Information System Subjects (CISSs) – Critical infrastructures.
Government facilitates adoption of information security policies and standards as well as
cyber security measures in critical information systems and services. From 2019 Georgia
plans to elaborate new sectoral lists of critical information infrastructures and harmonize
Georgian legislation with European Directive on Security of Network and Information
Systems (NIS Directive);
5) Georgia has achieved considerable advances in cyber operational capacity, CERT is
mandated to act as authority for managing cyber-security incidents within government
networks and at the national level. CERT.GOV.GE is the responsible entity for handling
critical incidents within Georgian government, especially those targeting critical
information infrastructures. In addition, Information Security Act introduced mandatory
Incident reporting requirements for all organisations identified as critical information
2