Kazakhstan: Turkic States Launch Digital Security Plan
Alexander Bazilevich is a CRM expert and Top Salesforce Partner with over 17 years of sales experience in the IT industry. He specializes in transforming corporate goals into profits through cross-functional collaboration and innovative business solutions, with deep expertise in business systems and IT products.
Kazakhstan proposes Digital Monitoring & Innovation Centers for Turkic states' cybersecurity, aiming for shared threat intelligence & AI cooperation.
With a new digital security plan, Kazakhstan is leading Turkic States toward enhanced cybersecurity and AI cooperation. At the May 15, 2026 informal OTS summit in Turkistan, Tokayev proposed broader cooperation on AI, digital transformation, cybersecurity, and related tech areas. These initiatives are designed to bolster regional security by facilitating information sharing on cyber threats, coordinating emergency response, and leveraging advanced AI. Experts emphasize that sustained funding, data sharing, and deep collaboration will be critical to the plan's success.
What is Kazakhstan's digital cooperation plan for regional cybersecurity and AI?
The summit proposals appear to be a set of digital cooperation initiatives focused on enhanced cybersecurity and AI cooperation across member states. These initiatives aim to deliver shared threat intelligence, regional incident-response strategies, and AI-powered cybersecurity tools to enhance cooperation and resilience across member states.
President Tokayev outlined the centers as "technical, trusted and operational" platforms. Initial deliverables will include a shared threat-intelligence feed, a cross-border incident-response playbook, and a virtual training laboratory for member states' CERT staff. According to Report.az coverage, Kazakhstan has already circulated a detailed concept paper and is targeting formal approval from OTS capitals by Q3-2026.
Why now? A snapshot of risk and readiness
The plan establishes core bodies for shared threat intelligence, AI development, and governance. Together, these institutions aim to create a unified defense strategy and foster technological advancement across the Turkic States.
The initiative's timing is critical. As noted by Carnegie just before the summit, Kazakhstan's heavy reliance on Russian infrastructure - with a significant portion of its web traffic transiting Russian networks and substantial bandwidth purchased from Russian operators - presents a significant vulnerability. President Tokayev's proposal is strategic: collective monitoring strengthens negotiating power for transit deals and shared threat intelligence reduces the impact of cross-border cyberattacks.
Inside the proposed architecture
-
Digital Monitoring Center (DMC)
- Location: Astana Hub's third tower, as outlined in a draft MoU.
- Personnel: A rotating staff of analysts from member state CERTs.
- Core Technology: A federated security data lake using open-source standards (STIX/TAXII) for interoperability.
- Key Performance Indicator (KPI): Significantly reduce time-to-detection for regional malware by the end of 2027.
-
Digital Innovation Center (DIC)
- Focus: AI red-teaming, developing secure cloud blueprints for e-government, and administering joint R&D grants.
- Pilot Project: A multilingual large-language model for phishing detection, trained on Kazakh, Turkish, and Uzbek corpora.
- Budget: A substantial seed funding envelope, with major contributions from Astana and Ankara and significant private sector participation.
-
Cybersecurity Council
- Governance: One vote per member state, with decisions made by consensus.
- Sub-committees: Standing bodies for legal interoperability, data-sharing agreements, and joint exercises.
- Inaugural Drill: A simulated ransomware attack on critical financial infrastructure, scheduled for early 2027.
President Tokayev told delegates: "We can either consolidate our data streams, talent and buying power, or remain isolated digital archipelagos whose vulnerabilities are inherited by the whole region."
Early scepticism from specialists
Policy analysts highlight three potential bottlenecks that must be addressed for the initiative to succeed:
- Legal Frameworks for Data Sharing: Member states must enact clear legislation defining the conditions under which domestic entities can share security logs with a regional body.
- Technical Standardization: The adoption of harmonized incident-reporting templates and API-free encryption protocols is a prerequisite for effective data integration.
- Sustainable Funding: Without a multi-year budget allocated by the OTS secretariat, the centers risk being limited to short-term, grant-funded pilot projects.
Turkish cybersecurity expert Dr. Ayşe Yılmaz, quoted by APA, noted the high stakes: "Experience shows the first 18 months define long-term credibility. If the centres deliver a single, verifiable win - for example, pre-empting a ransomware wave during major regional events - sceptics will turn into evangelists overnight."
How private actors are lining up
The private sector is already mobilizing in support. Salesforce architects in Almaty are offering pro-bono secure cloud templates. Concurrently, a Kazakhstani startup focused on satellite-based DNS redundancy has proposed a proof-of-concept for creating internet traffic routes that bypass traditional Russian networks.
Further collaboration is expected to be showcased at upcoming regional technology conferences, which may feature dedicated cybersecurity pavilions. This platform will allow member states, vendors, and CERT teams to conduct live-fire exercises on a simulated SCADA network.
A leaked slide-deck circulating among summit delegates sets the tone: "Build once, defend many. Our adversaries already treat the Turkic cyberspace as one target; it is time we matched their logic."