The goal of this research is twofold. Primarily, it provides an assessment of the cybercrime situation in Georgia and projection of possible developments, as well as envisages policy recommendations for responsible public authorities. The secondary, but not less important goal is to facilitate awareness-raising through developing analytical information regarding problems and ways of their solutions. Georgian citizens are end victims who suffer from any national security threats including cybersecurity incidents and cybercrimes. Informing the public and raising awareness gain utmost importance, especially in conditions of hybrid threats. Social resilience could not be ensured without a wider engagement of informed and socially active citizenry.
- Cybercrime is still an emerging phenomenon in Georgia, its damaging potential is not fully exposed and the threat is not perceived properly either by the government or the society;
- Highly likely cybercrime remains underreported in Georgia as in many other countries of our region;
- The MIA is focused on pure cybercrimes and does not calculate cyber-enabled crimes under cybercrime statistics that leaves room for ambiguity;
- From the perspective of criminal justice, policy cybercrime still does not expose serious challenge to society as its share in general criminal statistics is not significant;
- In the context of national security, cybercrime is more dangerous than other crimes as it represents an instrument of transformation of external threats into serious problems of internal security;
- Georgian Police handle cybercrime generally in a reactive manner, with more focus on response - investigation and pursuit, lacking a comprehensive preventive approach;
- LEA has certain problems in investigation and digital forensic, especially, in the regions;
- Lack of coordinated government policy, mature engagement of the private sector and low public awareness in the light of digitalization of social life, increasing internet and ICT access are main factors affecting cybercrime statistics negatively;
- Transnational criminal activities expose little danger to Georgia cybersecurity nowadays, but it`s predictable that GOCGs being an important part of transnational organized criminality, will increase their illegal activities in the digital space;
- Lack of sustainable financial support to develop key cybersecurity services and programs is observed;
- As main determinants affecting of raising cybercrime in Georgia are mostly generated through complex internal socio-economic and technological developments and external geopolitical processes and the GOG has limited capacity to influence significantly on most of those factors in a short-term perspective, it can be implied that in the nearest 5 years’ period, the trend of raising cybercrime rates in Georgia will be maintained. Highly likely cybercrime would be increased approximately by 25-30% per year in comparison to 2020 rates and gradually, it will easily overcome 5% share of total criminal cases registered by the police in 2022.
Recommendation #1. More preventive, proactive and protective policy:
- Set up a comprehensive strategic agenda for cybercrime preventive measures. Georgia needs to develop not only reactive but also proactive measures for combating cybercrime;
- Change the approach of calculating cybercrime statistics to consider numbers of cyber-enabled crimes in total number of cybercrimes;
- Develop joint interagency task force from key government stakeholder institutions, equipped with strategic, operational and tactical tools, to unify efforts and undertake comprehensive and adequate measures for deterring external threats or mitigating the risks;
- Elaborate long-term strategy and action plan for combatting cybercrime, which will include capacity building, large-scale public awareness projects jointly organized by relevant government agencies (participation of the institutions responsible for implementing educational and youth policy is highly recommended);
- Draft and adopt legislative framework empowering the police for utilization ethical hacking and other proactive measures in cyberspace;
- Increase funding of cybersecurity dimension.
Recommendation #2. Develop workforce and institutional capacity:
- Increase human and technological capacity of cybercrime investigators, especially at the regional level. Regular training programs with no gaps, as new sophisticated attacks require qualified people to deal with;
- Develop national training infrastructure for LEAs and security sector agencies to fill the gaps of human resources and facilitate professionalization of their personnel in cybersecurity, cybercrime investigation techniques and digital evidence;
- Increase efforts for participation in international exercises and trainings to increase international LEA cooperation with a special focus on combatting cybercrimes;
- Work more actively with LEAs of partner countries, international and regional law enforcement organizations in joint working groups and other platforms to detect activities of GOCGs in cyber sphere and be informed about possible threats;
- Create specialized cybercrime police units in every region of Georgia, equip them with special crime detection software and technical solutions that will increase early warning opportunities and increase other preventive technics;
- Equip and train enough police personnel properly for conducting tailored proactive policing measures countrywide.
Recommendation #3. Develop cyber culture:
- Take active measures for public education and awareness, the empowerment of Georgian information society; reduce the success rate of many forms of cybercrime by educating individuals and organizations in recognizing criminal activity before they fall victim to it;
- Through various institutional frameworks achieve engagement of multiply government agencies having a large set of beneficiaries and active partnership with the private sector in the awareness-raising process to increase the outreach;
- Implement tailored educational campaigns for professional civil servants in cybersecurity, cyber hygiene and misinformation campaigns;
- Implement tailored and large-scale awareness-raising campaigns for the most vulnerable social groups;
- Share information about threats, best practices, specialized capabilities among stakeholders to build trust and demonstrate value for them;
- Raise awareness among decision-makers and senior management of LEAs to determine strategic priorities regarding cybercrime and electronic evidence.
Recommendation #4. Co-share resources between CERT and MIA:
- Temporary secondment - assignment, transfer of LEA professional in CERT in order to get a hand-on experience of CERT incident collection and reporting, classification approaches, together define procedural and organizational formalities. On the contrary, CERT representative can be shifted to cybercrime office in order to get more insight into procedural powers, investigation techniques and assist the process with technical cyber know-how. This advice is vastly promoted by ENISA, Council of Europe as a cooperative tool between cybercrime and cybersecurity authorities;
- Adopt unified operational standards, develop the capacity of joint work; the experience of joint risk assessment teams of the MIA and the LEPL Revenue Service could be a useful example;
- Key steps required for information exchange between CERT and the police: Define a common taxonomy related to incidents and events in cybersecurity; Define an exchange standard to enable the sharing of information based on the taxonomy
- Create statistics based on the information exchanged.
Recommendation #5: Connect, communicate and collaborate:
- Strengthen formal and informal cooperation frameworks to combat cybercrime in order to build an effective and sound governance system;
- Elaborate and adopt legislative requirements for the exchange of information between public and private sectors;
- Foster cooperation between the MIA and ISPs;
- Develop a secure information sharing platform for the exchange of information on cyber-threats and incidents between cyber authorities;
- Undertake measures (including legislative amendments) to increase informed and responsible engagement of the private sector in strengthening the country`s cyber resilience.
Recommendation #6: Develop Cybercrime Reporting Mechanism:
- Establish a cybercrime reporting centre, hotline, providing a central point of contact for citizens and businesses;
- Develop coordinated mechanisms within the public and the private sector allowing citizens to report cybercrime cases, including online fraud, cyberstalking, child abuse online, identify theft, privacy and security breaches, etc.;
- Define common reporting methodology with written guidelines to broad stakeholder groups, including foreign counterparts;
- Launch awareness programs and communication campaigns to promote the regular use of reporting mechanisms by a wider community;
- Develop digital tools for cybercrime reporting.