Media

Media

Azerbaijan completes initial assessment of critical information infrastructure security

26 September 2025 10:49 (UTC +04:00)

The initial stage of the assessment of the security status of critical information infrastructure has been completed, APA reports.

According to the information received from the State Security Service, which is the authorized body in the field of security of critical information infrastructure in the Republic of Azerbaijan, as well as the fight against cyber threats, the measures taken to verify compliance with the requirements established by regulatory legal acts in the relevant field, the difficulties encountered, as well as issues related to their elimination were discussed at the meeting of the relevant Commission.

The report also stated that the Commission’s members from the State Security Service and the State Service for Special Communications and Information Security attended the meeting in full composition.

It was noted that during the meeting, the results of the initial assessments carried out on the security of critical information infrastructure were discussed in a collegial manner. It was also stated that several shortcomings identified in some critical information infrastructures were also eliminated. As a result of the discussions, new targets were set to strengthen the resilience of the country's critical information infrastructure against modern cyber threats. In addition, issues related to inspections to be carried out by the Commission on compliance with general and specific security requirements in critical information infrastructure entities based on the plan approved by the authorized body were considered.

In addition to the current topics on the agenda of the meeting, a number of other issues related to ensuring the security of critical information infrastructure were also discussed. In accordance with international practice (NIS-2, CSF 2.0), improving the general requirements for the security of critical information infrastructure, as well as constantly updating the list of critical information infrastructure objects, taking into account risks and modern cyber threat models, was considered important in terms of ensuring national interests. Taking into account the above, it was stated that it is necessary to submit a project proposal on making additions and changes to the list of critical information infrastructure objects in the relevant context, as well as to keep in mind and improve the list of industrial control systems (SCADA) of particular importance in the country. In addition, strengthening control over compliance with specific requirements for the security of critical information infrastructure was also discussed.

During the discussions, it was emphasized that the regular identification and assessment of security risks in critical information infrastructure, as well as the calculation of the financial burden of these risks and their consideration in management, are of great importance. In addition, the importance of eliminating dependence on services provided by legal entities that do not comply with the requirements for cybersecurity service providers in relation to the security of critical information infrastructure facilities was noted.

At the meeting of the Commission, it was noted that the National Cyber Center exchanges information with relevant entities using cryptographic protection tools, and the importance of further improving this practice, taking into account industry standards, was noted.

For reference, it was noted that the Commission is responsible not only for organizing inspections to ensure compliance with security requirements for critical information infrastructure, but also for evaluating the measures taken by critical infrastructure entities to eliminate identified deficiencies, preparing periodic reports and updates on the results, and, when serious shortcomings that could compromise the security of critical infrastructure facilities are detected or a critical security incident occurs, promptly raising the issue to enable immediate action in accordance with regulations.