{"id":1687,"date":"2025-02-04T13:14:40","date_gmt":"2025-02-04T05:14:40","guid":{"rendered":"https:\/\/en.iss.gov.mn\/?p=1687"},"modified":"2025-02-18T07:30:11","modified_gmt":"2025-02-17T23:30:11","slug":"why-mongolia-needs-cybersecurity-literacy","status":"publish","type":"post","link":"https:\/\/en.iss.gov.mn\/?p=1687","title":{"rendered":"Why Mongolia Needs Cybersecurity Literacy?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><em>By<\/em><strong> <\/strong><em>Baasankhuu Sumiya<\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">A few days ago, at midnight, I walked 10 kilometers to get home. Public transportation had stopped, but I couldn\u2019t get a taxi because I didn\u2019t have any cash and always use banking applications on my phone. My most reliable smartphone was dead. These days, most Mongolians don\u2019t carry cash because we are heavily on our smartphones.<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">Just like me, many Mongolians are so proud of going digital but pay a little attention to cybersecurity literacy \u2013 many even don\u2019t hear the term. And, we can scale up to our national security \u2013 the state is vulnerable to cyberattacks and cybercrimes. Besides the government\u2019s strategic vision of a \u2018Digital Nation\u2019 and passing a number of laws, we need to educate our public from the age when they started being exposed to the digital world.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Becoming a Digital Nation<\/em><em><\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">In 2022, Mongolia had announced a vision for Mongolia to become a \u201cDigital Nation.\u201d As part of this vision the Government of Mongolia approved <em>the ICT Sector Medium-Term Development Policy<\/em> to be implemented in 2022-2027, and established the Ministry of Digital Development and Communications (later renamed to the Ministry of Digital Development, Innovation and Communications) to oversee the policy &nbsp;implementation. With 84% of the 3.47 million population connected to the internet, and 5.13 million devices online, our society now relies heavily on digital platforms<a href=\"#_ftn1\" id=\"_ftnref1\">[1]<\/a>. From paying bills to accessing government services via E-Mongolia, a digital one-stop shop for government services. This shift has saved the ordinary citizen a lot of time, money, and paperwork, not to mention the stress and discontent resulting from having to go through long lines and angry crowds at any given public office. Moreover, digital transformation has improved government efficiency by cutting red tapes and streamlining various functional processes.<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">Digital transformation of Mongolia is progressing rapidly. However, while it has accelerated transactions, saved time and money, it has not been without difficulties. Mongolia faces challenges especially when it comes to cybersecurity. In 2024, there were 1.6 million cyber-attacks and incidents, 13061 cybercrimes, and cost about 25.4 million USD counted in Mongolia. And these are just the cases that we are aware of. Many more cyberattacks and cybercrimes likely go unnoticed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Establishing a Legal Framework<\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">Then, to address this vulnerability in cybersecurity and the overall digital development the State Great Khural, Mongolia\u2019s legislature, passed the <em>Law on Cybersecurity<\/em>, which establishes the legal framework for cybersecurity governance, protection, and response in 2021. A year later, in 2022, a round of measures related to cybersecurity were taken including, the approval of the <em>National Cybersecurity Strategy<\/em>, which outlines key priorities for strengthening the country&#8217;s cybersecurity posture, with establishment of the Cybersecurity Council, Cyber Crime Police Department under The National Policy Agency, National Computer Security Incident Response Team (NCSIRT, or National CERT),&nbsp; Public Computer Security Incident Response Team (Public CSIRT\/CC), and the Armed Forces Cybersecurity Center (AFCC).<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">All these efforts to strengthen cybersecurity and fight cybercrime appeared to bear fruits. For instance, In the Global Cybersecurity Index (GCI) 2024, published by the International Telecommunication Union (ITU), Mongolia achieved a score of 56.36, placing it in Tier 3, labeled as &#8220;Establishing.&#8221; This reflects a significant improvement from the 2020 edition, where Mongolia scored 26.20 and ranked 120th out of 194 countries, which means the country advanced 17 places to 103rd position<a href=\"#_ftn2\" id=\"_ftnref2\">[2]<\/a>. But these efforts alone couldn\u2019t prevent all cyberattacks and crimes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Cyberattacks and Crime on the Rise<\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">The cyberattack and cybercrime statistics continuously&nbsp; increasing, government websites are under constant cyberattack, and there have been several high-profile cases of government website and social media handle hacks. Just to mention a couple of breach examples,<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"custom-justify-iss\">In August 2024, the China-linked RedDelta group targeted Mongolia\u2019s Ministry of Defense, deploying a customized PlugX backdoor through spear-phishing emails using flood-related lures<a href=\"#_ftn3\" id=\"_ftnref3\">[3]<\/a>.<\/li>\n\n\n\n<li class=\"custom-justify-iss\">Between November 2023 and July 2024, Russian state-backed hackers (APT29) compromised Mongolian government websites, including cabinet.gov.mn (official website\u00a0 of Cabinet Secretariat of Government of Mongolia) and mfa.gov.mn (official website of Ministry of Foreign Affairs), to conduct &#8220;watering hole&#8221; attacks. They used these sites to infect visitors\u2019 devices, exploiting vulnerabilities similar to those used by commercial spyware vendors<a href=\"#_ftn4\" id=\"_ftnref4\">[4]<\/a>.<\/li>\n<\/ul>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">These incidents highlight Mongolia\u2019s growing cybersecurity challenges despite its progress in global rankings. One of the core reasons of this persistent vulnerability is the <strong>lack of sovereign digital infrastructure<\/strong>. Mongolia is connected to the undersea fiber optic cable network via a single terrestrial fiber optic cable that runs through Mongolia connecting Eurasia to South Asia, making it highly susceptible to disruptions, cyber espionage, and geopolitical leverage. In other words, Mongolia is totally dependent on the single terrestrial fiber optics. Elon Musk\u2019s Starlink internet satellite constellation started service in Mongolia fairly recently, in 2023. But it is prohibitively expensive for the majority.<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">In addition, there are only about 20-25 Datacenters in Mongolia. Among them only 1\/5 have met essential standards like ISO\/IEC 27001, Uptime Institute\u2019s Tier II or more. To make matters worse Mongolia suffers from an energy supply and an insufficient human capital in the ICT sector and even fewer professionals in cybersecurity and cybercrime to adequately service the 2.9 million internet users.&nbsp; The sufficient amount of ICT professional for Mongolia is over 27,000 and there only about 12,000 people. On average there are 2000-2100 graduates major in IT specific major. Of them only 10% specialize in cybersecurity or system security<a href=\"#_ftn5\" id=\"_ftnref5\">[5]<\/a>. The situation is exacerbated by brain drain, where talented individuals are lured by promises of better life abroad.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Absence of the Cyber Literacy<\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">Leaving the worst to last, Mongolians hold terrible cyber literacy rates. In 2024, UNDP conducted \u201cCybersecurity awareness research in Mongolia\u201d<a href=\"#_ftn6\" id=\"_ftnref6\">[6]<\/a>. It covered a thousand well educated young and mid-age population.<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">The key findings were, 51% of those people use unauthorized or cracked software, 60% were unaware of ransomware, despite one-third encountering it personally, two-third lack knowledge about Personally Identifiable Information (PII), nearly half reuse passwords across applications, websites, 47% use private information in passwords. Despite 70% using mobile internet, mobile security awareness was critically low (almost no awareness), 71% never heard of phishing or have no knowledge, many of them do not update software, application they use and don\u2019t know the importance of patch management, data backups. Finally, almost two-third lack knowledge of cybersecurity reporting channels, indicating insufficient awareness of initiatives.<\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">Mongolia is trying to keep walks on global trends of digitalization but our cybersecurity is weighed down by a plethora of challenges, which necessitates massive intervention to unburden. Mongolia has made strides, but cybersecurity threats know no borders.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Educating Citizens \u2013 A Way Forward<\/em><\/p>\n\n\n\n<p class=\"custom-justify-iss wp-block-paragraph\">&nbsp;As we continue to digitalize, we must seek global cooperation to strengthen our defenses. First and foremost, we must invest in improving cyber literacy across our entire society. &nbsp;Without proper cybersecurity literacy, our national security\u2014and even our sovereignty\u2014remain vulnerable. If I had paid a little attention to my over-dependence on the technology, I could\u2019ve carried some cash and had a convenient ride back home. If many Mongolians become aware of cybercrimes and cyberattacks, we could withstand against any cyber threats \u2013 thus make our cybersecurity stronger than now. &nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Acknowledgement: Author would like to thank <\/em><em>Dr.Mendee Jargalsaikhan, Director of ISS and Buyandelger Davaajantsan, Research fellow at ISS<\/em><em>, for <\/em><em>their valuable<\/em><em> <\/em><em>peer review <\/em><em>and the copy-editing.<\/em><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref1\" id=\"_ftn1\">[1]<\/a> Simon Kemp, \u201cDigital 2024:Mongolia,\u201d <em>DatarePortal<\/em>, February 23, 2024,&nbsp; <a href=\"https:\/\/datareportal.com\/reports\/digital-2024-mongolia\">https:\/\/datareportal.com\/reports\/digital-2024-mongolia<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref2\" id=\"_ftn2\">[2]<\/a> \u201cGlobal Cybersecurity Index 2024\u201d, <em>The International Telecommunication Union (ITU),<\/em> 2024, <a href=\"https:\/\/www.itu.int\/epublications\/publication\/global-cybersecurity-index-2024\">https:\/\/www.itu.int\/epublications\/publication\/global-cybersecurity-index-2024<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref3\" id=\"_ftn3\">[3]<\/a>Ravie Lakshmanan,\u201d RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns\u201d, <em>The Hacker News<\/em>, January 10, 2025, <a href=\"https:\/\/thehackernews.com\/2025\/01\/reddelta-deploys-plugx-malware-to.html\">https:\/\/thehackernews.com\/2025\/01\/reddelta-deploys-plugx-malware-to.html<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref4\" id=\"_ftn4\">[4]<\/a> Clement Lecigne, \u201cState-backed attackers and commercial surveillance vendors repeatedly use the same exploits\u201d, <em>Google Threat Analysis Group<\/em>, August 29, 2024, <a href=\"https:\/\/blog.google\/threat-analysis-group\/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits\/\">https:\/\/blog.google\/threat-analysis-group\/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits\/<\/a> &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref5\" id=\"_ftn5\">[5]<\/a> \u201c\u0425\u0430\u0440\u0438\u043b\u0446\u0430\u0430 \u0445\u043e\u043b\u0431\u043e\u043e, \u043c\u044d\u0434\u044d\u044d\u043b\u043b\u0438\u0439\u043d \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439\u043d \u0441\u0430\u043b\u0431\u0430\u0440\u044b\u043d \u0445\u04af\u043d\u0438\u0439 \u043d\u04e9\u04e9\u0446\u0438\u0439\u043d \u044d\u0440\u044d\u043b\u0442, \u043d\u0438\u0439\u043b\u04af\u04af\u043b\u044d\u043b\u0442\u0438\u0439\u043d \u0441\u0443\u0434\u0430\u043b\u0433\u0430\u0430\u201d, <em>\u0426\u0430\u0445\u0438\u043c \u0445\u04e9\u0433\u0436\u0438\u043b, \u0445\u0430\u0440\u0438\u043b\u0446\u0430\u0430 <\/em>\u0445\u043e\u043b\u0431\u043e\u043e\u043d\u044b \u044f\u0430\u043c, &nbsp;2021 \u043e\u043d, (Human resource demand, supply research report in IT sector), Ministry of digital development and communication, 2021.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"#_ftnref6\" id=\"_ftn6\">[6]<\/a> \u201cCybersecurity Awareness Research in Mongolia Research Report\u201d, UNDP, October 2024.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Baasankhuu Sumiya A few days ago, at midnight, I walked 10 kilometers to get home. Public transportation had stopped, but I couldn\u2019t get a taxi because I didn\u2019t have&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[23],"tags":[],"class_list":["post-1687","post","type-post","status-publish","format-standard","hentry","category-strategic-focus"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/posts\/1687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1687"}],"version-history":[{"count":4,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/posts\/1687\/revisions"}],"predecessor-version":[{"id":1706,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=\/wp\/v2\/posts\/1687\/revisions\/1706"}],"wp:attachment":[{"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/en.iss.gov.mn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}