Election Cyber Threats in Central Asia

doi:10.1017/9781009574105.012

10 - Election Cyber Threats in Central Asia

A Multistakeholder Approach to Tackling Election Interference and Increasing Resilience

from Part II - Case Studies

Published online by Cambridge University Press: 19 December 2025

Pavlina Pavlova

Edited by

Scott J. Shackelford ,

Frédérick Douzet and

Christopher Ankersen

Show author details

Scott J. Shackelford: Affiliation:
Indiana University, Bloomington
Frédérick Douzet: Affiliation:
Paris 8 University
Christopher Ankersen: Affiliation:
New York University

Book contents

Summary

Elections in Central Asia unfold against a backdrop of digital repression, characterized by network throttling, online content blocking to suppress dissent and targeted online harassment of political opposition and journalists. State-imposed limits on online information availability are compounded by cyber foreign interference, including espionage, information campaigns, and disruptive incidents that have increasingly played a geopolitical role. These multifaceted cyber threats underscore the urgent need for a rapid, concerted policy response aimed at bolstering the integrity of electoral systems and procedures, reducing censorship and enhancing cybersecurity culture and resilience. This chapter explores trends in influencing elections and threatening electoral integrity through cyber means, focusing on both the informational and technical domains, and proposes action-oriented recommendations for cross-sectoral cooperation toward securing elections and the broader digital ecosystem in the region.

Keywords

democracy elections vulnerabilities

Information

Type: Chapter
Information: Securing Democracies
Defending Against Cyber Attacks and Disinformation in the Digital Age
, pp. 215 - 236

DOI: https://doi.org/10.1017/9781009574105.012 [Opens in a new window]

Publisher: Cambridge University Press

Print publication year: 2026
Creative Commons: This content is Open Access and distributed under the terms of the Creative Commons Attribution licence CC-BY-NC-ND 4.0 https://creativecommons.org/cclicenses/

10 Election Cyber Threats in Central Asia A Multistakeholder Approach to Tackling Election Interference and Increasing Resilience

Introduction

The Central Asian region comprises a complex historical, political, social, and cultural landscape. The five countries – Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan – are located at the nexus of Russia, China, South Asia, and the Middle East. Having been part of the Soviet Union, Central Asian republics entered the Commonwealth of Independent States after the bloc’s disintegration in 1991. Turkmenistan reduced its involvement to an associate membership in 2005 and the country maintained a status of permanent neutrality (Mite, Reference Mite2005). Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan have participated in the security and economic Russia-led organizations. The Collective Security Treaty Organization (CSTO) currently comprises Kazakhstan, Kyrgyzstan, and Tajikistan. Uzbekistan suspended its membership in 2012 (RFE/RL, 2012). The Eurasian Economic Union (EAEU) has Kazakhstan and Kyrgyzstan as full members and Uzbekistan gained observer status to the EAEU in 2020 (Aidarkhanova, Reference Aidarkhanova2023). The region’s traditionally strong relations with Russia have seen competing interests and prominently a shift towards closer cooperation with China and diversification of international partnerships. Economic ties and trade with China have intensified with the Belt and Road Initiative, alongside security cooperation, including in the Shanghai Cooperation Organization (SCO). Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan are among CSO members, together with China, Russia, and more recently India, Pakistan, Iran and Belarus (Kassenova, Reference Kassenova2022). The US deepened its engagement in Central Asia as a response to the war in Afghanistan, and the region has been dealing with the fallout from the Taliban takeover (Putz, Reference Putz2023; Temnycky, Reference Temnycky2023). The US commitment has transitioned from primarily security-focused interests to a broader diplomatic and economic strategy, such as the C5+1 diplomatic platform serving as a multilateral dialogue initiative (U.S. Department of State, 2023).

Central Asia is at a critical demographic juncture with a combined population of more than 78 million people, which is young and growing. Young people under thirty years old constitute more than 50 percent of the population, which is set to form a strong labor force in a growingly digitalized society (UNODC, 2023). The strategically positioned region has unequally distributed oil and gas reserves, Kazakhstan and Turkmenistan possess the majority of the hydrocarbon resources, and deposits of critical minerals that attract international cooperation. The armed conflict in Ukraine reinforced the diversification of economic and security alliances and catalyzed reconsiderations about Russia’s role in the region. While the regional dependencies remain strong, Moscow is viewed with increased suspicion (Freeman, Helf, & McFarland, Reference Freeman, Helf and McFarland2023; Hess, Reference Hess2023). The Central Asian leaders have distanced their rhetoric from Russia concerning the war against Ukraine. The countries declined to recognize the annexation of Ukrainian territories, officially complied with sanctions against Russia, and declared support for Ukraine’s territorial integrity (Freedom House, 2023b).

After more than three decades since gaining independence, efforts toward democratic reforms in Central Asia have shown limited progress. Regional approaches to the rule of law, democratic institutions and processes, and the protection of human rights and fundamental freedoms remain distorted. The Central Asian republics move on the spectrum from authoritarian-leaning countries to consolidated autocracies. According to Freedom House’s “Freedom in the World” (2023b) report, all five states are considered “not free.” Kyrgyzstan is regarded as the only democracy in the region, but the country has gradually shifted towards authoritarianism. On the other side of the democratic spectrum is Turkmenistan, a repressive authoritarian state where political rights and civil liberties are largely denied. Governing structures reflect in online spaces. Assessing internet freedom status, Freedom House (2023c) categorizes Kyrgyzstan as “partly free,” Kazakhstan and Uzbekistan as “not free,” and no data is available for Tajikistan or Turkmenistan.

Despite the negative outlook, some democratic processes have become more pluralistic, mainly because countries prioritize economic modernization, development of digital infrastructure and services, and attracting foreign investments. However, elections as critical markers of democratic progress remain uncontested. The incumbent administrations use various forms of suppression, including digital repression, to ensure that opposition candidates and parties do not gain viable support or political traction. Prospects for a grassroots change are negligible, which translates into the voting results. The key election questions remain the size of the regime-chosen candidates winning the vote and the size of the turnout. For illustration, in the November 2022 presidential election in Kazakhstan , incumbent President Kassym-Jomart Tokayev won with over 81.3 percent of the votes, with turnout reported at 69.4 percent (OSCE & ODIHR, 2022b), while in Uzbekistan’s presidential election in July 2023, incumbent President Mirziyoyev won with an 87.1 percent share and voter turnout of 79.8 percent (OSCE & ODIHR, 2023). Turkmen presidential elections in March 2022 saw the office passed from father to son when Serdar Berdimuhamedow was elected with 73 percent of the votes and a 97.2 percent voter turnout (Vershinin, Reference Vershinin2022).

Amid the efforts to exert control over election results, the digital environment has emerged as a vital operational domain. In this respect, the Central Asian republics are part of a broader trend present in authoritatively leaning countries. Information autocracies, as observed by Sergei Guriev and Daniel Treisman (Reference Guriev and Treisman2019), use technology to control the online information space. These regimes display a track record of restrictive policies, especially around elections and referendums, leveraging the state control of the internet infrastructure and the influence governments exercise over digital service providers operating in their jurisdictions. While tendencies toward digital authoritarianism are present in all five countries, Central Asia is not a monolithic space. States display several national specifics depending on the available tools and resources, sociopolitical contexts, and strategic objectives. Kazakhstan, Kyrgyzstan, and Uzbekistan enjoy comparably open online space in contrast to Tajikistan, where online information and communication are heavily restricted and subject to government control, and Turkmenistan, which has pursued a stringent and centralized approach to internet control through a combination of offline and online measures that maintain a highly sterilized online environment (Muhamedov & Buralkiyeva, Reference Muhamedov and Buralkiyeva2023).

Electoral processes worldwide are increasingly vulnerable to cyber-enabled interference originating from abroad. Perpetrators harness the power of social media and messaging platforms to disseminate fake news and disinformation, conduct disruptive attacks on governmental services, electoral and related critical infrastructure, breach and leak data, penetrate candidates’ online accounts or conduct espionage to gain strategic advantage (ASPI, 2019; Van der Staak & Wolf, Reference Van der Staak and Wolf2019). Such interference can impact elections both directly and indirectly, by eroding trust in democratic processes and institutions over the long term. The 2016 US presidential election stress-tested the influence of online intrusion, particularly when carried out by threat actors affiliated or sponsored by adversarial states (United States Senate, 2017). Reports on foreign interference have been growing ever since with malicious actors expanding tactics, techniques, and targets. For example, in a statement from December 2023, the British government condemned Russia’s attempts to target high-profile individuals and entities through cyber operations with the intent to use hacked information to interfere in the national democratic processes. The data breach was attributed to a group within Russia’s intelligence services, and reportedly involved several years of spear-phishing campaigns prominently targeting parliamentarians, as well as universities, think tanks, journalists, public sector, and civil society organizations (UK Government, 2023).

The second section examines the domestic and foreign cyber-enabled election interference in the region in further detail. National case studies are analyzed and positioned against the backdrop of global trends and regional practices. The presented examples are not exhaustive and serve as a representative snapshot. The third section considers potential incentives for governments to secure electoral infrastructure and wider democratic processes, including strengthening respective digital ecosystems. The final section offers policy recommendations to protect electoral integrity, enhance cyber resilience, and bolster accountability, which extend to states, international and regional bodies, the private sector, and civil society.

Cyber Threats to Election Integrity

Network Interference

The Central Asian republics control, monitor, and manipulate online information around elections and other politically charged events. As early as February 2005, the Citizen Lab (Deibert, Reference Deibert2005) reported that Kyrgyz websites belonging to political parties and independent media were subject to hacking during the parliamentary election. The pattern of recorded failures pointed to deliberate interference with access to online sources (OpenNet Initiative, 2005). Influenced by the Russian and Chinese models of information control (Weber, Reference Weber2019), governments in the region employ a plethora of restrictive measures to silence political dissent or discontent and censor the media and civil society voices. Several connected tactics are used to restrict access to online information, including blocking content and throttling or shutting down networks (Muhamedov & Buralkiyeva, Reference Muhamedov and Buralkiyeva2023).

Internet shutdowns are an extreme form of digital censorship. Authorities in Turkmenistan have been particularly prone to imposing large-scale blackouts. The country is a repeated offender using censorship when the electorate votes and keeping tight control over the online information space as a preventive measure. Recent incidents were reported by Access Now (2023b) around protests in December 2021 and during the March 2022 presidential elections when the citizens were plunged into digital darkness. Kazakhstan has also repeatedly switched off the internet amid elections and protests. The most severe internet shutdowns to this date were imposed as a reaction to the massive protests in January 2022 when Kazakhstani authorities initiated a country-wide blackout to curb the unrest. The government also disrupted internet access around extraordinary presidential elections in November 2022, accompanied by targeted blocking of social media and communications platforms (Access Now, 2023a). From a legal perspective, governments justify internet shutdowns with provisions on anti-terrorism and public security under their domestic law. On the technical level, close to complete shutdowns are enabled by centralized state control and influence over large segments of telecommunication infrastructure providing internet services (Pavlova, Reference Pavlova2022).

Selectively blocking access to online content is a widespread practice across Central Asia. According to Freedom House (2023a), Turkmenistan exerts the tightest control over the online information space, where the state-run internet service provider permanently blocks websites that carry independent news coverage or critical content. A key election in Kazakhstan in June 2019, when the country voted for a successor to then-president Nursultan Nazarbayev, was also accompanied by excessive network disruption on election day and restrictions on streaming services and several social media platforms (NetBlocks, 2019). The authorities justified the network interference with concerns over the spread of false information (Freedom House, 2020). During the January 2021 parliamentary election, media freedoms were curtailed with social media restrictions and distributed denial of service (DDoS) attacks designed to disrupt or block websites. According to the country’s officials, the targeted censorship intended to prevent the spread of false information and maintain public order (Freedom House, 2022). Kazakhstan repeated similar tactics in the extraordinary presidential elections in November 2022 (Access Now, 2023a; RSF, 2022) and again in the parliamentary election in March 2023 (RFE/RL, 2023). The region’s practice of suppressing free speech extends into censorship in online spaces. For illustration, Uzbekistan amended its criminal code to make insults against the president illegal and added penalties for online offences. These provisions, infringing on freedom of expression, entered into force ahead of the presidential elections in October 2021 (Freedom House, 2021).

DDoS attacks disrupt the traffic of a server, service, or network by overwhelming the target or its surrounding infrastructure. These disruptive attacks are simple to deploy and difficult to prevent, especially for small and under-resourced entities, which makes them a popular tool to censor media outlets and websites of civil society organizations and political candidates (Korosteleva, Reference Korosteleva2022). For example, Kazakhstani news site Vlast reported suffering a persistent targeted DDoS attack in January 2021 (Freedom House, 2022). DDoS attacks were also targeted against several news sites, including KazTAG and Orda.kz prior to the presidential elections in November 2022 (Justice for Journalists, 2024). Disruptive cyber operations have been playing an increasingly political role. In September 2022, Kazakhstan experienced a series of primarily DDoS attacks that interfered with internet connectivity across the country, allegedly linked to the upcoming presidential elections scheduled for November 2022. The intent behind these incidents was unknown, but President Kassym-Jomart Tokayev blamed foreign actors seeking to destabilize the country during a sensitive political period (Eurasianet, 2022; Khassenkhanova, Reference Khassenkhanova2022). Considering the regional context, the cyberattacks might have been connected to the war in Ukraine. According to the CyberPeace Institute’s database “Cyber Attacks in Times of Conflict Platform #Ukraine,” government websites in Kazakhstan were targeted by Russia-affiliated groups deploying DDoS attacks on three different occasions in October 2022.

It is noteworthy that Russia employed DDoS attacks as a coercive measure around politically charged events in the past, including state-orchestrated DDoS attacks on Estonia during the bilateral conflict throughout April and May 2007 and in the Russo-Georgian War in August 2008 (Kozłowski, Reference Kozłowski2020). Another early example was the use of DDoS attacks as part of Russian mounting pressure to persuade the Kyrgyz president to close the US base in Manas (Bradbury, Reference Bradbury2009). According to the Electoral Knowledge Project, in January 2009, DDoS attacks targeted the country’s internet infrastructure, lasting for approximately ten days and eliminating 80 percent of the country’s limited online capacity .

Cyberattacks Targeting Electoral Infrastructure

Malicious cyber activities against electoral infrastructure, including electronic voting systems and voter registration databases, with the intent to obstruct voting or erode trust in election results have been observed worldwide (ASPI, 2019). Central Asian countries have experimented with e-voting systems. Kazakhstan actively used e-voting technology between 2004 and 2011 but discontinued this practice and returned to paper ballots due to concerns over the integrity of e-voting procedures (Kassen, Reference Kassen2020). Uzbekistan piloted biometric identification during the referendum on constitutional amendments in April 2023 (Gazeta.uz, 2023 ). The Kyrgyz authorities view the digitalization of electoral infrastructure as a step toward enhancing transparency and increasing electoral participation through biometrics registration, biometric identification of voters, and ballot scanning and reporting technology. The e-system prevents common election fraud in the form of vote buying, carousel voting, and group or family voting (Sheranova, Reference Sheranova2020). This technology was piloted in the 2015 parliamentary election to increase the integrity of voting stations (Goyal, Reference Goyal2017; Putz, Reference Putz2015). In 2016, the Osh City Council introduced e-voting after repeated violent political uprisings in the region. Kyrgyzstan has conducted e-counts since 2017, where optical scanners are used to verify counts (International IDEA, 2023). The United Nations Development Programme (UNDP) (2021) reported a large-scale voters’ biometric data collection campaign prior to local council elections in March 2021 to increase the reliability of the vote count during elections and referendums . In April 2023, the Central Election Commission of Kyrgyzstan presented a pilot electronic voting project and an upgraded voter identification device for local elections (Kharizov, Reference Kharizov2023).

Public concerns about the integrity and reliability of electoral infrastructure, whether based on suspected external interference or internal manipulation, can have serious repercussions. Such disruption erodes public trust, impacts voter turnout, and challenges the legitimacy of election outcomes. The Kyrgyz parliamentary elections in November 2021 were accompanied by allegations of interference, and opposition leaders called for the results to be annulled after technical difficulties appeared to have affected the vote count (OSCE & ODIHR, 2022a; RFE/RL, 2021). The Central Election Commission’s tabulation monitor experienced a blackout, and when the system restarted, different results appeared on the monitor. The discrepancy resulted in several opposition parties falling below the 5 percent threshold required for entering the Parliament (Pannier, Reference Pannier2021). Technical failures can be destabilizing especially in countries with contested election outcomes. The 2021 Kyrgyz elections in question followed a failed parliamentary vote in October 2020. In that case, the Central Election Commission declared the results of voting in all polling stations invalid amid protests over alleged campaign violations and unfair voting practices. Concerning potential foreign interference in the 2021 repeated elections, the Kyrgyz Security Council registered cyber incidents targeting the Central Election Commission’s servers from twenty countries without affecting the elections (Kabar, 2021b; Orlova, Reference Orlova2021). The Commission reported on the attempted cyberattacks against national servers while stating that the current level of protection sufficiently defends the country’s electoral infrastructure (Kabar, 2021a ).

Data Leaks and Cyber Espionage

Central Asia has witnessed a shift toward digitalizing government services driven by digital economy initiatives and international support. However, as pointed out in the Electoral Knowledge Project (n.d.), rapid digitalization can increase the attack surface for malicious activities if coupled with massive data collection and insufficient safeguards that would ensure privacy, transparency, and effective oversight to handle citizens’ personal information securely. Sensitive data can be hacked, leaked, or otherwise exploited for the purpose of fraud, jeopardizing people’s security, or undermining trust in democratic processes and institutions. For illustration, the Kazakhstani Central Election Commission experienced an extensive data breach in July 2019. Data from the election database, comprising information on 11 million Kazakhstanis, which constitutes approximately 60 percent of the total population, was published online, exposing names, identification numbers, passport numbers, and residence addresses (Vlast, 2019). The Ministry of Internal Affairs launched an investigation into the unlawful dissemination of confidential data in the same month. However, the investigation did not find anyone accountable for the incident. The official report cited insufficient evidence of a crime as the leaked personal data was neither further used nor caused harm. Still, the mere publication of personal data suggests malicious intent and poses risks to citizens, including the potential for identity theft, targeted scams, and social engineering to exploit the targets. The decision taken by the Kazakhstani Ministry of Internal Affairs to close the investigation highlights the lack of accountability for data breaches – even when national security and the democratic process are at stake (U.S. Bureau of Democracy, Human Rights, and Labour, 2020).

Data exfiltration and cyber espionage can also constitute election interference. Primary targets of such operations are government agencies, officials, and political candidates, but hacking extends to research and civil society organizations, journalists, and private companies (O’Connor et al., Reference O’Connor, Hanson, Currey and Beattie2020). Although the known cases of targeted hacking do not conclusively prove an objective to interfere in democratic processes, threat intelligence reports increasingly point to political motivation of state-affiliated groups operating in Central Asia. Microsoft ’s reporting (2022) suggests that China utilizes cyber espionage as a tool for advancing the country’s political, economic and military influence, including in Kazakhstan. A Chinese cyber-security vendor further reported on Russian-speaking actors deploying malware to surveil a wide range of individuals and organizations in Kazakhstan, extending to government agencies, military personnel, researchers, journalists, private companies, educational organizations, and dissidents (Cimpanu, Reference Cimpanu2019 ). Securelist by Kaspersky (2018c) reported on a Chinese threat actor detected behind a targeted campaign linked to a high-level meeting in Central Asia pursuing a regional political agenda and another campaign targeting a national data center in the region that allowed access to a wide range of government sources (Securelist, 2018a). Another report by Securelist (2019) detailed Zebrocy malware, primarily associated with Russian state-sponsored hacking groups, spearphishing Central Asian government-related targets, both in-country and in remote locations. A Russia-affiliated group was also reported to use the potential Telegram ban in Kazakhstan to distribute malware in an alternative communication software for the political opposition (Securelist, 2018b). In yet another case, a hacking group deployed a novel backdoor against international governmental targets located in Kazakhstan, with low confidence indicators pointing to Moscow (Chakravarti, Reference Chakravarti2023). While not directly interfering with the elections, these incidents point to an active engagement of Russia- and China-affiliated actors in politically motivated hacking in the region, targeting critical components of democratic processes.

Disinformation Campaigns, Inauthentic Accounts, and Synthetic Content

Disinformation deployed to deliberately share false narratives and information with the aim of manipulating opinion and discrediting the opposition intensifies around elections. Online disinformation campaigns target a wide array of political candidates, media organizations, individual journalists, and civil society representatives. Malicious actors leverage social media and messaging platforms to sway voters, amplify the content via inauthentic accounts, and deploy trolls to harass individuals and distort online discourse (Lee Myers, Reference Lee Myers2022 ). In Central Asia, the coordinated online attacks provide the basis for a high incidence of online and offline abuse aimed at deterring candidates and independent reporting (Pavlova, Reference Pavlova2023). Networks of fake accounts promoting pro-government narratives have been observed in Kazakhstan around elections, including in the presidential election campaign in November 2022 (Du Boulay, Reference Du Boulay2023). These accounts are commonly referred to as “nurbots ,” after the ruling Nur Otan Party (Kozhanova, Reference Kozhanova2019). Kyrgyz activists reported on fake accounts spreading disinformation, allegedly coordinated by national ministries and operated by a combination of government agencies and individuals (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021). The Committee to Protect Journalists (2020) and Reporters Without Borders (2020) observed that law enforcement agencies in Kyrgyzstan instructed a troll farm to discredit critics. The practice of using fake accounts has also been observed in Uzbekistan, where online trolls derail discussions and undermine the reputation of journalists and news organizations (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021 ).

As documented by the Australian Strategic Policy Institute (ASPI) (2019), Russia frequently deploys coordinated information operations abroad. The government and state-affiliated groups exploit the online information space to sway public narratives. These efforts persist beyond elections, forming part of a broader, long-term strategy to manipulate public opinion and erode trust in democratic institutions. Networks of accounts originating in Russia and targeting Central Asian states are regularly detected on popular social media platforms (Bradshaw, Bailey, & Howard, Reference Bradshaw, Bailey and Howard2021). Online disinformation campaigns have intensified in the aftermath of the international armed conflict in Ukraine (Cabar, 2023). Disinformation finds a fertile ground amid the expanding social media landscape and low trust in traditional media. The commercialization of advanced artificial intelligence tools is set to facilitate further abuse and empower malicious actors to spread fake and harmful content (Khashimov, Reference Khashimov2021; Neudert, Reference Neudert2018; Stanley-Becker & Nix, Reference Stanley-Becker and Nix2023; Tiku, Reference Tiku2022).

Online Surveillance and Intimidation

Politically motivated surveillance is pervasive throughout Central Asia, with governments employing sophisticated technologies to monitor citizens’ communications and online activities. Invasive data collection practices are facilitated by the adoption of Russian-style legislation and tools, increasing use of Chinese surveillance and censorship technologies, and adaptation of domestic legal frameworks to authorize state overreach (Weber, Reference Weber2019). The Kazakhstani authorities intercept internet traffic and internet users are required to install digital security certificates designed to generate detailed logs of their online activity (Kumenov, Reference Kumenov2020; Raman, Reference Raman, Evdokimov, Wurstrow, Halderman and Ensafi2019). Human Rights Watch (2021) reported that the “false information” bill in Kyrgyzstan, which came into power in August 2021, compels internet service providers to register their clients in a unified identification system and provides authorities with complete information related to users if a court or a state agency requests such data. Without adequate transparency and independent oversight, these intrusive practices are weaponized against the opposition, the media, and civil society, violating individuals’ rights to privacy and participation in civil society as well as freedom of expression, assembly, and association.

Both Kazakhstan and Uzbekistan have repeatedly engaged in the targeted surveillance of media, dissidents and activists (Kumenov, Reference Kumenov2018; Marczak et al., Reference Marczak, Scott-Railton, Perry, Al-Kizawi, Anstis and Panday2023; RFE/RL, 2016; Securelist, 2023). Already in 2015, WikiLeaks published an exchange of documents linking state agencies and a surveillance software company indicating that the government might have obtained software to monitor and interfere with online traffic, including encrypted communications, as well as to perform targeted attacks against certain users and devices (Freedom House, 2020, 2023b). In 2021, Amnesty International’s Security Lab conducted forensic analysis on the phones of Kazakhstani human rights activists – confirming four individuals had their devices infected with the Pegasus spyware (Amnesty International, 2021). A Justice for Journalists (2020) report highlights how online surveillance goes hand in hand with arbitrary arrests of opposition figures and journalists, creating a climate of self-censorship and preventing genuine political participation .

Incentives for Improvement

States have obligations under international law to uphold and protect the right to vote and to ensure that citizens can exercise their fundamental right without interference, intimidation, or coercion. Free and fair elections are protected under the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. Complementary international and regional obligations, such as the Organization for Security and Cooperation in Europe (OSCE) commitments, further mandate Central Asian states to respect and protect freedom of expression, association, and assembly online, and the right to freely seek and impart information (Human Rights Council, 2022; Democracy Reporting International, 2012). In principle, governments should secure their legislative frameworks and enforcement mechanisms against abuse and exploitation of the online information space for political ends, guarantee the independence of digital infrastructure and services, and refrain from repressive practices such as internet shutdowns or throttling, censoring online content, or surveillance that violate the principles of necessity and proportionality and the right to seek, receive, and impart information. However, in practice, Central Asian countries justify restrictive practices as an intrinsic prerogative derived from sovereign state authority, appealing to the need to safeguard national security and maintain constitutional and public order (Muhamedov & Buralkiyeva, Reference Muhamedov and Buralkiyeva2023).

While incentives are missing for the regimes to ease their digital authoritarian practices, the economic ramifications of interference with internet connectivity and service restrictions are significant and could potentially influence countries’ behavior (Lamensch, Reference Lamensch2021; Rakhmetov & Valeriano, Reference Rakhmetov and Valeriano2022). Internet shutdowns and near-complete blackouts disrupt access to financial and public services and, in their consequences, harm populations as well as the private and public sectors (Muhamedov & Buralkiyeva, Reference Muhamedov and Buralkiyeva2023). Network interference inflicts reputational damage, discourages foreign investments, erodes citizens’ trust in digital services, and hinders digital transition (Woodhams & Migliano, Reference Woodhams and Migliano2023 ). Some states have shown an interest in minimizing the risks associated with shutting down the internet. However, this comes alongside exerting control over the online information space through more sophisticated approaches to allow monitoring of online space and circumscribing access to information. The Kazakhstani government has acknowledged that the nationwide internet shutdowns during the January 2022 unrest were an excessively harsh response, however, the authorities did not denounce the practice of internet shutdowns. The Ministry of Digital Development informed about a more refined approach, proposing the creation of a list of resources that would remain accessible during such crises (Zakon.kz, 2023). These were expected to be pro-government media. Turkmenistan proposed developing an autonomous national network. In December 2022, the Ministry of Foreign Affairs announced plans to develop an autonomous national digital network that would disconnect the country from the global internet (Chronicle of Turkmenistan, 2022). The project aims to create a separate digital infrastructure for tighter censorship, potentially resembling China’s Great Firewall.

Central Asian governments collect extensive data on their citizens without implementing adequate data security measures. This raises significant cybersecurity and human rights concerns. The countries have laws intended to protect personal and biometric data, and work on improving the data protection standards. However, substantial loopholes allow government access to sensitive information under the guise of national security or public order. By compromising data integrity, as well as users’ anonymity and privacy, Central Asian countries increase their potential attack surface and risk exposing domestic digital ecosystems to foreign interference. Both Russia and China are active powers in the region with a track record of hacking elections for political influence. These threats only intensify with the growing geopolitical polarization.

Central Asian countries largely fail to increase cyber resilience and preparedness. The Global Cybersecurity Index (GCI) by the International Telecommunication Union (ITU) measures the commitment of 182 countries to cybersecurity at a global level. In the 2024 Index, Kazakhstan and Uzbekistan are ranked as advancing. Kyrgyzstan, Tajikistan, and Turkmenistan remain in low tiers. The ITU figures show that Central Asia has been digitalizing without adequate legal frameworks, cybersecurity measures, and the necessary capacity in place. Nation-state actors and organized cybercriminal groups can exploit these vulnerabilities, especially around elections, referendums, and protests, and position to exert political or financial pressure on governments. Election interference benefits the perpetrators, while regional responses remain inadequate to deter malicious behavior and ensure meaningful accountability. With the growing use of cyber operations and disinformation campaigns as a political tool and large-scale participation of non-traditional and non-state actors in a domain that has traditionally seen an exclusive engagement of states, foreign threats to the region’s elections and fragile democratic processes are set to increase. In response to the worsening threat landscape, the Central Asian republics have more incentives to double down on extended cooperation and alignment with international partners. Although optimism for revitalizing democracy remains limited in the short to medium term, certain aspects of cyber policy and cybersecurity offer promising opportunities for multistakeholder collaboration.

Recommendations

Reduce the Risk of Information Compromise

• Central Asian governments must curb the mass collection of personal data to what can reasonably be justified, following the principles of legality, necessity, and proportionality, while increasing the cybersecurity, transparency, and oversight measures for how data is processed, transmitted, and stored to secure the systems that are custodians of sensitive and personal data. Excessive data collection creates weaknesses in the digital ecosystem that can be exploited for malicious purposes, such as unauthorized access to personal data, resulting in severe privacy violations with little accountability.
• Broad surveillance powers violate international human rights standards, undermine data security, and induce self-censorship. States must refrain from intrusive practices such as mass surveillance, real-time collection of traffic data, and targeted interception of online communications without legal authorization and a legitimate purpose, adhering to the principles of necessity and proportionality in line with international human rights standards.
• Internet service providers and online platforms must help secure digital ecosystems, especially in regard to transparency about their operations as well as trust and safety practices and potential threats to users’ privacy . Digital service providers must ensure privacy by design, including end-to-end encryption, data protection safeguards, and fact-checking mechanisms that include trusted and verified partners in the loop of accuracy verification and limit the virality of disinformation and other harmful content. Priority should be given to improving verification techniques to combat manipulated content and inauthentic coordinated behavior online, especially amid the commercialization and rapid proliferation of AI tools for language generation, image creation, and content amplification.
• Procurement and deployment of dual-use technologies such as commercial cyber intrusion capabilities by states should be conditional and subject to a human rights and impact assessment that informs and guides such activities and their scope, aligns them with the international human rights law, and subjects them to independent and transparent oversight. Governments should commit to imposing international controls to prevent commercial cyber intrusion tools from being exported to countries with poor human rights records and prevent vendors from bypassing regulations.

Improve the Understanding of the Cyber Threat Landscape

• Countering foreign cyber-enabled election interference requires effective technical and legal attribution to identify threat actors and address malicious behavior. States should invest in building their national capacities and extend international and bilateral cooperation aimed at information exchange and forensic and legal capacity building. Proactive measures such as conducting regular cybersecurity assessments and simulations can help identify vulnerabilities within electoral systems.
• Central Asian governments should advance the implementation of confidence-building measures on structured and transparent exchange of information between states and private companies. International partnerships, such as the International Counter Ransomware Initiative, and operational collaboration between the public and private sectors facilitate gathering timely, comprehensive, and actional intelligence and allow states and affected entities to protect themselves against attacks. For example, the OSCE confidence-building measures include threat information sharing among participating states, public–private partnerships , critical infrastructure protection, and vulnerability disclosure (OSCE, 2016). Common baselines for sharing intelligence and recognizing the impacts of cyber incidents are key for effective mitigation and response, and OSCE delivers programs in Central Asia that support the development and implementation of the classification of cyber incidents in terms of scale and seriousness, emphasizing critical infrastructure protection (Cybil Portal, n.d. ).
• Donor countries and organizations should prioritize funding for civil society initiatives, research and investigative organizations, and independent media providing transparent data collection, investigation, and analysis. Such efforts help build data-driven understandings of the threat landscape, including the knowledge of cyber threats affecting elections and democratic processes. Information about cyber-enabled election interference is currently reliant on the fragmented work of organizations operating with limited resources. To evidence cyber threats and their impacts on infrastructure, services, and populations, authorities and research organizations should conduct rigorous data collection and pilot data-driven methodologies to enhance cyber preparedness, improve accountability, and inform effective victim redress.

Strengthen Accountability and Legal Frameworks

• Central Asian governments must increase transparency around elections by allowing independent election observation and reporting. Electoral observation missions should advance their reporting on cyber incidents, information campaigns, online intimidation, and other cyber-enabled tactics threatening free and fair elections. By incorporating detailed assessments of cyber threats into their reports, electoral observation missions can provide critical insights into how cyber-enabled tactics undermine electoral integrity.
• States should advance normative and legal frameworks to strengthen international provisions safeguarding electoral infrastructure, namely under the United Nations framework of responsible state behavior in cyberspace. In the consensus report of the United Nations Open-Ended Working Group on information and communications technologies (ICTs ) (United Nations General Assembly, 2021), states acknowledged that malicious cyber activities against critical infrastructure and critical information infrastructure that undermine trust and confidence in political and electoral processes, public institutions, or that impact the general availability or integrity of the internet, are a real and growing concern, and that public–private cooperation may be necessary to protect its integrity, functioning, and availability. However, progress on these commitments remains uneven and stakeholder engagement inadequate. States should advance cyber norm implementation and clarify the application of international law, including international human rights law, in cyberspace through targeted capacity building to strengthen accountability measures for state-sponsored interference in elections and democratic processes.
• Governments should develop policy and legal frameworks through inclusive consultative processes. Multistakeholder platforms such as the Oxford Process on International Law in Cyberspace provide expert guidance and support for states. “The Oxford Statement on International Law Protections against Foreign Electoral Interference through Digital Means” (The Oxford Process, 2020) reaffirms that the body of existing international law applies to cyber operations by states, including those that have adverse consequences for the electoral processes of other states. Other multistakeholder initiatives, such as the Paris Call for Trust and Security in Cyberspace (2018 ), have called on stakeholders to strengthen their capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through the malicious use of cyber capabilities.
• State response to cyberattacks must be timely and transparent, extending to informing citizens, reporting on detected cyber threats, and following up with accountability measures to deter malicious behavior. Detailing which norms or laws have been violated by a cyber incident can enhance the transparency of attributions and build state capacity to recognize and penalize malicious behavior. For instance, the EU Cyber Diplomacy Toolbox includes a cyber sanctions regime that addresses persons and entities involved in cyberattacks or attempted cyberattacks with a significant effect (EEAS) (Cyber Diplomacy Toolbox, n.d.).

Increase Cyber Resilience of Electoral Infrastructure and Processes

• Cybersecurity measures must be prioritized already at the inception phase of building or upgrading electronic election systems and digitizing election administration. State agencies relevant to election processes must act transparently and ensure election results are verifiable to be accepted by the electorate. Such measures hold particular significance for the Central Asian region, where several countries have experimented with e-voting systems. For instance, Kazakhstan initially embraced e-voting technology but later abandoned the system due to concerns about the reliability of e-voting procedures, or Kyrgyzstan, where technical difficulties appeared to have affected the vote count.
• Central Asian authorities should increase and incentivize cyber capacity building, including sharing best practices and promoting dialogue with stakeholders. Many existing initiatives facilitated by states or intergovernmental organizations are open only to government representatives. Capacity building needs to be more inclusive to build trust and leverage the strengths of diverse groups of stakeholders. Similarly, international and regional platforms dealing with cybersecurity and cybercrime must enable and support multistakeholder cooperation.
• Civil society is critical in fostering transparency and accountability during the election process. To support these efforts, funding from international organizations, donor countries, and private companies should be directed toward organizations with a track record of capacity-building initiatives that can raise cybersecurity awareness, provide training programs, and help combat disinformation, such as those promoting independent fact-checking or supporting investigative journalistic initiatives.
• Securing free and fair elections, including by refraining from network interference and information campaigns that influence election results, must be an integral part of multilateral and bilateral agendas that democratic countries pursue in their engagement with Central Asian governments. Cybersecurity cooperation and capacity building presents a viable platform to enhance the region’s overall resilience against internal and foreign cyber threats to elections (European Commission, 2023).

Conclusion

Central Asian governments tightly control their online information space. Elections in the region, albeit in varying degrees, are marked by a combination of internet shutdowns, network restrictions, deployment of inauthentic accounts to amplify pro-government narratives, extensive mass and targeted surveillance, and intimidation. Digital authoritarianism takes place amid intensifying disruptive and stabilizing cyberattacks, data extortion, cyber espionage, and foreign disinformation campaigns. The multiple and connected cyber threats require a coordinated response to enhance election integrity and resilience of the digital ecosystem. Governments must curb domestic censorship and surveillance practices to enable free and fair elections while mitigating the risk of cyber-enabled foreign interference. State-affiliated actors will continue to target electoral processes to plant distrust and project power as long as rewards outweigh the risks. The cyber domain presents promising opportunities for international and multistakeholder collaboration to reduce the risk of information compromisation, improve understanding of the cyber threat landscape, strengthen accountability and legal frameworks, and increase cyber resilience of electoral infrastructure and processes – steps that are increasingly urgent in light of the growing geopolitical polarization .

References

Access Now. (2023a, March 23). #KeepItOn: 2022 elections and internet shutdowns watch. Access Now. https://accessnow.org/elections-internet-shutdowns-watch-2022 Google Scholar

Access Now. (2023b). 2023 elections and internet shutdowns to watch. Access Now. https://accessnow.org/campaign/2023-elections-and-internet-shutdowns-watch/#Turkmenistan Google Scholar

Aidarkhanova, , E. (2023, November 23). Why Is the Eurasian Economic Union Broken? The Diplomat. https://thediplomat.com/2023/11/why-is-the-eurasian-economic-union-broken/Google Scholar

Amnesty International. (2021, December 9). Kazakhstan: Four activists’ mobile devices infected with Pegasus Spyware. Amnesty International. https://amnesty.org/en/latest/news/2021/12/kazakhstan-four-activists-mobile-devices-infected-with-pegasus-spyware Google Scholar

Australian Strategic Policy Institute (ASPI). (2019, May 15). Hacking democracies. Australian Strategic Policy Institute (ASPI). https://aspi.org.au/report/hacking-democracies Google Scholar

Bradbury, D. (2009, February 5). The fog of cyberwar. The Guardian. https://theguardian.com/technology/2009/feb/05/kyrgyzstan-cyberattack-internet-acces Google Scholar

Bradshaw, S., Bailey, B., & Howard, P. N. (2021, January 13). Country case studies industrialized disinformation: 2020 global inventory of organized social media manipulation (Working Paper 2021.1). University of Oxford. https://demtech.oii.ox.ac.uk/wp-content/uploads/sites/12/2021/01/CyberTroop-Report-2020-v.2.pdf Google Scholar

Central Asian Bureau for Analytical Reporting (CABAR). (2023, October 10). International expert panel: Investigating the influence of Russian propaganda in Central Asia. Central Asian Bureau for Analytical Reporting (CABAR). https://cabar.asia/en/international-expert-panel-investigating-the-influence-of-russian-propaganda-in-central-asia Google Scholar

Chakravarti, J. (2023, May 10). Russian group possibly behind cyberespionage in Central Asia. Bank Info Security. https://bankinfosecurity.com/russian-group-possibly-behind-cyberespionage-in-central-asia-a-22032 Google Scholar

Chronicle of Turkmenistan. (2022, December 10). The Cabinet of Ministers: Embassy in Qatar, propaganda information center and autonomous network, “not connected to the Internet.” Chronicle of Turkmenistan. https://hronikatm.com/2022/12/propaganda-autonomous-internet Google Scholar

Cimpanu, C. (2019, November 23). Extensive hacking operation discovered in Kazakhstan. ZDNET. https://zdnet.com/article/extensive-hacking-operation-discovered-in-kazakhstan Google Scholar

Committee to Protect Journalists (CPJ). (2020, January 9). Investigative journalist Bolot Temirov assaulted in Kyrgyzstan. Committee to Protect Journalists (CPJ). https://cpj.org/2020/01/investigative-journalist-bolot-temirov-assaulted-i Google Scholar

Cyber Diplomacy Toolbox. (n.d.). The cyber diplomacy toolbox. Cyber Diplomacy Toolbox. https://cyber-diplomacy-toolbox.com Google Scholar

CyberPeace Institute. (2023). Cyber attacks in Times of Conflict Platform #Ukraine. CyberPeace Institute. https://cyberconflicts.cyberpeaceinstitute.org Google Scholar

Cybil Portal. (n.d.). Development and implementation of National Cyber Incident Severity Scales (NCISS) and related measures to protect critical infrastructures. Cybil Capacity Knowledge Portal. https://cybilportal.org/projects/facilitation-of-the-development-and-implementation-of-national-cyber-incident-severity-scales-nciss-and-related-measures-to-protect-critical-infrastructures Google Scholar

Deibert, R. (2005, March 7). More Kyrgyz internet hacking and DDOS attacks. Citizen Lab. https://deibert.citizenlab.ca/tag/kyrgyzstan Google Scholar

Democracy Reporting International. (2012). Overview of state obligations relevant to democratic governance and democratic elections. Democracy Reporting International. https://aceproject.org/ero-en/misc/overview-of-state-obligations-relevant-to Google Scholar

Du Boulay, S. (2023, May 26). Fake accounts and presidential elections in Kazakhstan. Global Voices. https://advox.globalvoices.org/2023/05/26/fake-accounts-and-presidential-elections-in-kazakhstan Google Scholar

Electoral Knowledge Project. (n.d.). Cybersecurity in elections: Developing a Holistic Exposure and Adaptation Testing (HEAT) process for election management bodies. Types of exposure that can impact cybersecurity. ACE. https://aceproject.org/ace-en/focus/heat/types-of-exposure-that-can-impact Google Scholar

Eurasianet. (2022, September 30). Kazakhstan: President pins week-long cyberattacks on foreign-based plotters. Eurasianet. https://eurasianet.org/kazakhstan-president-pins-week-long-cyberattacks-on-foreign-based-plotters Google Scholar

European Commission. (2023, October 26). Global Gateway Forum: The EU reaffirms a high level of cooperation with the Kyrgyz Republic on digital development. https://global-gateway-forum.ec.europa.eu/news/global-gateway-forum-eu-reaffirms-high-level-cooperation-kyrgyz-republic-digital-development-2023-10-26_en Google Scholar

Freedom House. (2020). Freedom on the net 2020: Kazakhstan. Freedom House. https://freedomhouse.org/country/kazakhstan/freedom-net/2020 Google Scholar

Freedom House. (2021). Freedom on the net 2021: Uzbekistan. Freedom House. https://freedomhouse.org/country/uzbekistan/freedom-net/2021 Google Scholar

Freedom House. (2022). Freedom on the net 2022: Kazakhstan. Freedom House. https://freedomhouse.org/country/kazakhstan/freedom-net/2022 Google Scholar

Freedom House. (2023a). Freedom on the net 2023: Turkmenistan. Freedom House. https://freedomhouse.org/country/turkmenistan/freedom-world/2023 Google Scholar

Freedom House. (2023b). Freedom in the world 2023. Freedom House. https://freedomhouse.org/sites/default/files/2023-03/FIW_World_2023_DigtalPDF.pdf Google Scholar

Freedom House. (2023c). Internet freedom status. Freedom House. https://freedomhouse.org/explore-the-map?type=fiw&year=2023 Google Scholar

Freeman, C., Helf, G., & McFarland, A. (2023, May 25). China looks to fill the void in Central Asia. United States Institute of Peace. https://usip.org/publications/2023/05/china-looks-fill-void-central-asia Google Scholar

Gazeta.uz. (2023, April 17). Biometric voting and live video broadcasts planned for Uzbekistan’s constitutional amendments referendum. Gazeta.uz. https://gazeta.uz/en/2023/04/17/refer Google Scholar

Goyal, A. (2017, October 18). Kyrgyz election brings high expectations, but mixed results for voters. The Diplomat. https://thediplomat.com/2017/10/kyrgyz-election-brings-high-expectations-but-mixed-results-for-voters Google Scholar

Guriev, S. & Treisman, D. (2019). Informational autocrats. Journal of Economic Perspectives, 33(4), 100–127. https://aeaweb.org/articles?id=10.1257/jep.33.4.100 CrossRef Google Scholar

Hess, M. (2023, February 17). Russia is down but not out in Central Asia. Foreign Policy Research Institute (FPRI). https://fpri.org/article/2023/02/russia-is-down-but-not-out-in-central-asia Google Scholar

Human Rights Council. (2022, June 3). Reinforcing media freedom and the safety of journalists in the digital age. ReliefWeb. https://reliefweb.int/report/world/reinforcing-media-freedom-and-safety-journalists-digital-age-report-special-rapporteur-promotion-and-protection-right-freedom-opinion-and-expression-irene-khan-ahrc5029-enarruzh Google Scholar

Human Rights Watch. (2021, November 18). How are the authorities in Central Asia trying to control the internet? Human Rights Watch. https://hrw.org/news/2021/11/18/how-are-authorities-central-asia-trying-control-internet Google Scholar

International IDEA. (2023). ICTs in elections database. International IDEA. https://idea.int/data-tools/question-view/742 Google Scholar

International Telecommunications Union (ITU). (2024). Global Cybersecurity Index 2024. International Telecommunications Union (ITU). https://itu.int/en/ITU-D/Cybersecurity/Documents/GCIv5/2401416_1b_Global-Cybersecurity-Index-E.pdf Google Scholar

Justice for Journalists. (2020, May 22). Attacks on journalists, bloggers and media workers in Central Asia and Azerbaijan (2017–2019). Justice for Journalists. https://jfj.fund/attacks-on-journalists-bloggers-and-media-workers-in-central-asia-and-azerbaijan-2017-2019 Google Scholar

Justice for Journalists. (2024, June 27). Attacks on media workers in Kazakhstan 2022–2023. Justice for Journalists. https://jfj.fund/attacks-on-media-workers-in-kazakhstan-in-2022-2023 Google Scholar

Kabar. (2021a, November 20). Technical problems at CEC website did not affect elections results: Secretary Council. Kabar. http://en.kabar.kg/news/technical-problems-at-cec-website-did-not-affect-elections-results-secretary-council Google Scholar

Kabar. (2021b, November 29). CEC website attacked by hackers from 20 countries: Security Council of Kyrgyzstan. Kabar. http://en.kabar.kg/news/cec-website-attacked-by-hackers-from-20-countries-security-council-of-kyrgyzstan Google Scholar

Kassen, M. (2020, May 5). Politicization of e-voting rejection: Reflections from Kazakhstan. Transforming Government: People, Process and Policy, 14(2), 305–330. https://doi.org/10.1108/TG-11-2019-0106 CrossRef Google Scholar

Kassenova, , N. (2022, December 7), How China’s foreign aid fosters social bonds with Central Asian ruling elites. Carnegie Endowment for International Peace. https://carnegieendowment.org/research/2022/12/how-chinas-foreign-aid-fosters-social-bonds-with-central-asian-ruling-elites?lang=en Google Scholar

Kharizov, R. (2023, April 6). Local elections: CEC presents pilot e-voting project. 24KG. https://24.kg/english/262725_Local_elections_CEC_presents_pilot_e-voting_project Google Scholar

Khashimov, S. (2021, July 12). Kazakhstan’s alternative media is thriving – and in danger. Foreign Policy. https://foreignpolicy.com/2021/07/12/kazakhstan-alternative-media-thriving-danger Google Scholar

Khassenkhanova, G. (2022, October 7). Kazakhstan’s officials and experts advocate for more cybersecurity funding and establishment of cybersecurity agency. Astana Times. https://astanatimes.com/2022/10/kazakhstans-officials-and-experts-advocate-for-more-cybersecurity-funding-and-establishment-of-cybersecurity-agency Google Scholar

Korosteleva, Y. (2022, November 11). Kazakhstan’s broken internet. Vlast. https://vlast.kz/english/52525-kazakhstans-broken-internet.html Google Scholar

Kozhanova, N. (2019, February 20). Finding Kazakhstan’s troll farms. The Diplomat. https://thediplomat.com/2019/02/finding-kazakhstans-troll-farms Google Scholar

Kozłowski, A. (2020). Comparative analysis of cyberattacks on Estonia, Georgia and Kyrgyzstan. European Scientific Journal, 3, 1–14 https://doi.org/10.19044/esj.2014.v10n7p%25p Google Scholar

Kumenov, A. (2018, December 21). Report: Hackers detect online protest-sniffing software in Kazakhstan. Eurasianet. https://eurasianet.org/report-hackers-detect-online-protest-sniffing-software-in-kazakhstan Google Scholar

Kumenov, A. (2020, December 7). Kazakhstan: As election beckons, authorities tighten control on internet. Eurasianet. https://eurasianet.org/kazakhstan-as-election-beckons-authorities-tighten-control-on-internet Google Scholar

Lamensch, M. (2021, March 9). The cost of an internet shutdown. Centre for International Governance Innovation. https://cigionline.org/articles/cost-internet-shutdown Google Scholar

Lee Myers, S. (2022, November 6). Russia reactivates its trolls and bots ahead of Tuesday’s midterms. The New York Times. https://nytimes.com/2022/11/06/technology/russia-misinformation-midterms.html Google Scholar

Marczak, B., Scott-Railton, J., Perry, A., Al-Kizawi, N., Anstis, S., Panday, Z., et al. (2023, April 11). Sweet QuaDreams a first look at spyware vendor QuaDream’s exploits, victims, and customers. Citizen Lab. https://citizenlab.ca/2023/04/spyware-vendor-quadream-exploits-victims-customers Google Scholar

Microsoft. (2022). Microsoft Digital Defense Report 2022. Microsoft. https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv?culture=en-us&country=us Google Scholar

Mite, , V. (2005, August 29) CIS: Turkmenistan reduces ties to “associate member.” RadioFreeEurope/RadioLiberty (RFE/RL). https://rferl.org/a/1061002.html Google Scholar

Muhamedov, R. & Buralkiyeva, D. (2023, March 8). How, and why, Kazakhstan and Turkmenistan shut down the internet. The Diplomat. https://thediplomat.com/2023/03/how-and-why-kazakhstan-and-turkmenistan-shut-down-the-internet Google Scholar

NetBlocks. (2019, June 9). Internet and streaming services blocked in Kazakhstan on election day. NetBlocks. https://netblocks.org/reports/internet-and-streaming-services-blocked-in-kazakhstan-on-election-day-dAmOP7y9 Google Scholar

Neudert, L. M. (2018, August 22) Future elections may be swayed by intelligent, weaponized chatbots. MIT Technology Review. https://technologyreview.com/2018/08/22/104087/future-elections-may-be-swayed-by-intelligent-weaponized-chatbots Google Scholar

O’Connor, S., Hanson, F., Currey, E., & Beattie, T. (2020, October 28). Cyber-enabled foreign interference in elections and referendums. Australian Strategic Policy Institute (ASPI). https://aspi.org.au/report/cyber-enabled-foreign-interference-elections-and-referendums Google Scholar

OpenNet Initiative. (2005, April 15). Special report: Kyrgyzstan: Election monitoring in Kyrgyzstan. OpenNet Initiative. https://opennet.net/special/kg Google Scholar

Organization for Security and Co-operation in Europe (OSCE). (2016, March 10). Permanent council decision No. 1202. OSCE. https://osce.org/pc/227281 Google Scholar

Orlova, M. (2021, November 29). Security Council Secretary of Kyrgyzstan announces cyberattacks on CEC server. 24KG. https://24.kg/english/215336_Security_Council_Secretary_of_Kyrgyzstan_announces_cyber_attacks_on_CEC_server Google Scholar

OSCE & ODIHR. (2022a). Kyrgyz Republic, parliamentary elections. ODIHR Election Observation Mission, Final Report. https://osce.org/files/f/documents/2/f/519087.pdf Google Scholar

OSCE & ODIHR. (2022b). Republic of Kazakhstan, early presidential election. ODIHR Election Observation Mission, Final Report. https://osce.org/files/f/documents/8/d/548593.pdf Google Scholar

OSCE & ODIHR. (2023). Uzbekistan, early presidential election, 9 July 2023. ODIHR Election Observation Mission, Final Report. https://osce.org/odihr/elections/uzbekistan/544495 Google Scholar

Pannier, B. (2021, November 29). Democratic “blackout”? latest Kyrgyz parliamentary elections can’t escape controversy. Radio Free Europe/Radio Liberty (RFE/RL). https://rferl.org/a/kyrgyzstan-elections-democratic-blackout/31585579.html Google Scholar

Paris Call for Trust and Security in Cyberspace. (2018). The 9 principles. Paris Call for Trust and Security in Cyberspace. https://pariscall.international/en/principles Google Scholar

Pavlova, P. (2022, January 31). How Kazakhstan’s control of information can turn into a regime weakness. Open Global Rights. https://openglobalrights.org/how-kazakhstans-control-of-information-can-turn-into-a-regime-weakness Google Scholar

Pavlova, P. (2023, February 27). Gendered disinformation and connected cyber threats: Historical patterns, new battlefields, and the implications for international security. Global Policy Journal. https://globalpolicyjournal.com/blog/27/02/2023/gendered-disinformation-and-connected-cyber-threats-historical-patterns-new Google Scholar

Putz, C. (2015, August 13). Kyrgyzstan set to use biometric registration in next election. The Diplomat. https://thediplomat.com/2015/08/kyrgyzstan-set-to-use-biometric-registration-in-next-election Google Scholar

Putz, C. (2023, November 21). Central Asia faces challenges and sees opportunities amid complex geopolitical outlook. The Diplomat. https://thediplomat.com/2023/11/central-asia-faces-challenges-and-sees-opportunities-amid-complex-geopolitical-outlook Google Scholar

RadioFreeEurope/RadioLiberty (RFE/RL). (2012, June 28). Uzbekistan Suspends Membership in CSTO. RadioFreeEurope/RadioLiberty (RFE/RL). https://rferl.org/a/uzbekistan-csto-suspends-membership/24629244.html Google Scholar

RadioFreeEurope/RadioLiberty (RFE/RL). (2021, November 29). Kyrgyz opposition protests against parliamentary election results, citing alleged fraud. RadioFreeEurope/RadioLiberty (RFE/RL). https://rferl.org/a/kyrgyzstan-parliamentary-vote-rally-protest-fraud/31585124.html Google Scholar

RadioFreeEurope/RadioLiberty (RFE/RL). (2023, April 28). Internet monitor says Kazakhstan ‘throttling’ RFE/RL sites to limit access to information. RadioFreeEurope/RadioLiberty (RFE/RL). https://rferl.org/a/kazakhstan-rferl-internet-throttling-ooni/32383892.html Google Scholar

Rakhmetov, B., & Valeriano, B. (2022, February 24). The consequences of internet shutdowns in Kazakhstan. Council for Foreign Relations (CFR). https://cfr.org/blog/consequences-internet-shutdowns-kazakhstan Google Scholar

Raman, R. S., Evdokimov, L., Wurstrow, E., Halderman, J. A., & Ensafi, R. (2019, July 23). Investigating large scale HTTPS interception in Kazakhstan. ACM Digital Library. https://censoredplanet.org/kazakhstan10.1145/3419394.3423665CrossRef Google Scholar

Reporters Without Borders (RSF). (2020). Kyrgyzstan. Reporters Without Borders (RSF). https://rsf.org/en/kyrgyzstan Google Scholar

Reporters Without Borders (RSF). (2022). Heading for reelection, Kazakhstan’s Tokayev must respect press freedom obligations. Reporters Without Borders (RSF). https://rsf.org/en/heading-reelection-kazakhstan-s-tokayev-must-respect-press-freedom-obligations Google Scholar

RFE/RL. (2016, August 3). Uzbekistan, Kazakhstan said to be hacking, spying on dissidents. RFE/RL. https://rferl.org/a/uzbekistan-kazakhstan-said-hacking-spying-dissidents/27897226.html Google Scholar

Securelist. (2018a, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Securelist. https://securelist.com/luckymouse-hits-national-data-center/86083 Google Scholar

Securelist. (2018b, October 15). Octopus-infested seas of Central Asia. Securelist. https://securelist.com/octopus-infested-seas-of-central-asia/88200 Google Scholar

Securelist. (2018c, September 10). LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company. Securelist. https://securelist.com/luckymouse-ndisproxy-driver/87914 Google Scholar

Securelist. (2019, January 11). A zebrocy go downloader. Securelist. https://securelist.com/a-zebrocy-go-downloader/89419 Google Scholar

Securelist. (2023, March 8). The state of stalkerware in 2022. Securelist. https://securelist.com/the-state-of-stalkerware-in-2022/108985 Google Scholar

Sheranova, A. (2020, March 26). Cheating the machine: E-voting practices in Kyrgyzstan’s local elections. European Review, 28(5), 793–809. https://doi.org/10.1017/S1062798720000241 CrossRef Google Scholar

Stanley-Becker, I. & Nix, N. (2023, March 22). Fake images of Trump arrest show ‘giant step’ for AI’s disruptive power. The Washington Post. https://washingtonpost.com/politics/2023/03/22/trump-arrest-deepfakes Google Scholar

Temnycky, M. (2023, September 6). The United States must strengthen its engagement with Central Asia. Atlantic Council. https://atlanticcouncil.org/blogs/new-atlanticist/united-states-engagement-central-asia Google Scholar

The Oxford Process. (2020). The Oxford statement on international law protections against foreign electoral interference through digital means. The Oxford Process. https://elac.ox.ac.uk/the-oxford-process/the-statements-overview/the-oxford-statement-on-international-law-protections-against-foreign-electoral-interference Google Scholar

Tiku, N. (2022, September 28). AI can now create any image in seconds, bringing wonder and danger. The Washington Post. https://washingtonpost.com/technology/interactive/2022/artificial-intelligence-images-dall-e/?itid=lk_inline_manual_3 Google Scholar

U.S. Bureau of Democracy, Human Rights, and Labor. (2020). 2020 country reports on human rights practices: Kazakhstan. U.S. Department of State. https://state.gov/reports/2020-country-reports-on-human-rights-practices/kazakhstan Google Scholar

U.S. Department of State. (2023, February 27). C5+1 diplomatic platform. U.S. Department of State. https://state.gov/c51-diplomatic-platform Google Scholar

UK Government. (2023, December 7). UK exposes attempted Russian cyber interference in politics and democratic processes. Gov.uk. https://gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes Google Scholar

United Nations Development Programme (UNDP). (2021, March 3). A large-scale voters’ biometric data collection campaign will take place prior to local council elections. United Nations Development Programme (UNDP). https://undp.org/kyrgyzstan/press-releases/large-scale-voters’-biometric-data-collection-campaign-will-take-place-prior-local-council-elections Google Scholar

United Nations General Assembly. (2021, March 10). Open-ended Working Group on developments in the field of information and telecommunications in the context of international security. Final Substantive Report. A/AC.290/2021/CRP.2. https://front.un-arm.org/wp-content/uploads/2021/03/Final-report-A-AC.290-2021-CRP.2.pdf Google Scholar

United Nations Office on Drugs and Crime (UNODC). (2023). Empowering Central Asian youth for positive change: UNODC ROCA’s regional initiative. United Nations Office on Drugs and Crime (UNODC). https://unodc.org/centralasia/en/news/empowering-central-asian-youth-for-positive-change_-unodc-rocas-regional-initiative.html#:~:text=The%20Central%20Asian%20region%20is,the%20region%20has%20ever%20had Google Scholar

United States Senate. (2017, June 21). Russian interference in the 2016 U.S. elections. Hearing Before the Select Committee on Intelligence. United States Senate. https://intelligence.senate.gov/sites/default/files/hearings/Russian%20Interference%20in%20the%202016%20U.S.%20Elections%20S.%20Hrg.%20115-92.pdf Google Scholar

Van der Staak, S., & Wolf, P. (2019). Cybersecurity in elections models of interagency collaboration. International IDEA. https://idea.int/sites/default/files/publications/cybersecurity-in-elections-models-of-interagency-collaboration.pdf10.31752/idea.2019.23CrossRef Google Scholar

Vershinin, , A. (2022). Turkmenistan leader’s son wins presidential election. Associated Press News. https://apnews.com/article/central-asia-asia-turkmenistan-presidential-elections-elections-3d13e95fe055bf53525141c351708488 Google Scholar

Vlast. (2019, August 8). The leak of Kazakhstani data to the network occurred from the Central Election Commission. Vlast. https://vlast.kz/novosti/34706-utecka-dannyh-kazahstancev-v-set-proizosla-iz-centrizbirkoma-carka.html Google Scholar

Weber, V. (September 2019). The worldwide web of Chinese and Russian Information controls (Working Paper Series No. 11). University of Oxford. https://ctga.ox.ac.uk/article/worldwide-web-chinese-and-russian-information-controls Google Scholar

Woodhams, S. & Migliano, S. (2023, October 10). Government internet shutdowns have cost $50 billion since 2019. TOP10VPN. https://top10vpn.com/research/cost-of-internet-shutdowns Google Scholar

Zakon.kz. (2023, January 16). Kazakhstan will create a “White List” of sites that will not be blocked in case of emergency. Zakon.kz. https://zakon.kz/6382621-v-kazakhstane-sozdadut-belyy-list-saytov-kotorye-ne-budut-blokirovat-pri-chs.html Google Scholar

Accessibility standard: WCAG 2.2 AAA

Why this information is here

This section outlines the accessibility features of this content - including support for screen readers, full keyboard navigation and high-contrast display options. This may not be relevant for you.

Accessibility Information

The HTML of this book complies with version 2.2 of the Web Content Accessibility Guidelines (WCAG), offering more comprehensive accessibility measures for a broad range of users and attains the highest (AAA) level of WCAG compliance, optimising the user experience by meeting the most extensive accessibility guidelines.

Content Navigation

Table of contents navigation
Allows you to navigate directly to chapters, sections, or non‐text items through a linked table of contents, reducing the need for extensive scrolling.

Index navigation
Provides an interactive index, letting you go straight to where a term or subject appears in the text without manual searching.

Reading Order & Textual Equivalents

Single logical reading order
You will encounter all content (including footnotes, captions, etc.) in a clear, sequential flow, making it easier to follow with assistive tools like screen readers.

Short alternative textual descriptions
You get concise descriptions (for images, charts, or media clips), ensuring you do not miss crucial information when visual or audio elements are not accessible.

Full alternative textual descriptions
You get more than just short alt text: you have comprehensive text equivalents, transcripts, captions, or audio descriptions for substantial non‐text content, which is especially helpful for complex visuals or multimedia.

Visualised data also available as non-graphical data
You can access graphs or charts in a text or tabular format, so you are not excluded if you cannot process visual displays.

Visual Accessibility

Use of colour is not sole means of conveying information
You will still understand key ideas or prompts without relying solely on colour, which is especially helpful if you have colour vision deficiencies.

Use of high contrast between text and background colour
You benefit from high‐contrast text, which improves legibility if you have low vision or if you are reading in less‐than‐ideal lighting conditions.