O‘ZBEKISTONDA ELEKTRON BOSHQARUV TIZIMLARIDA KIBERXAVFSIZLIK VA FUQAROLAR MA’LUMOTLARINI HIMOYA QILISH MUAMMOLARI: HUQUQIY VA TEXNOLOGIK YECHIMLAR
Keywords:
kiberxavfsizlik, shaxsiy ma’lumotlar himoyasi, elektron boshqaruv, Zero Trust, blockchain identifikatsiya, OneID, phishing, davlat reyestrlari.Abstract
Mazkur maqolada O‘zbekistonning elektron boshqaruv tizimlarida — xususan, my.gov.uz, OneID, data.egov.uz platformalari va davlat ma’lumotlar reyestrlarida — fuqarolar shaxsiy ma’lumotlarini himoya qilish va kiberxavfsizlikni ta’minlash masalalariga kompleks huquqiy va texnologik yondashuv taklif etilgan. Qiyosiy-huquqiy, normativ va statistik tahlil usullaridan foydalangan holda O‘zbekistondagi mavjud sohadagi kamchiliklar aniqlanib, ularga nisbatan Estoniya, Janubiy Koreya va Singapurning ilg‘or amaliyoti tahlil qilingan. Tadqiqot natijalari shuni ko‘rsatadiki, O‘zbekistondagi amaldagi qonunchilik bazasi — xususan, “Shaxsiy ma’lumotlar to‘g‘risida”gi Qonun (2019) va “Kiberxavfsizlik to‘g‘risida”gi Qonun (2022) — raqamli boshqaruvning zamonaviy talablariga to‘liq javob bermaydi. Davlat xizmatchilarining cyber hygiene darajasi past, phishing hujumlari tobora kuchayib bormoqda, identifikatsiya va autentifikatsiya tizimlari esa texnik jihatdan zaif holatda qolmoqda. Muammolarni bartaraf etishning amaliy yo‘llari sifatida Zero Trust arxitekturasi, blokchain asosidagi identifikatsiya va sun’iy intellektga asoslangan firibgarlikni aniqlash tizimlari tavsiya etilgan. Maqola O‘zbekiston qonunchiligini takomillashtirish, milliy CERT imkoniyatlarini kengaytirish va raqamli savodxonlik dasturlarini institutsional darajada joriy etish bo‘yicha aniq tavsiyalar bilan yakunlanadi.
References
1. Anderson, R., Barton, C., Böhme, R., Clayton, R., Ganán, C., Grasso, T., ... & Vasek, M. (2019). Measuring the changing cost of cybercrime. Workshop on the Economics of Information Security (WEIS). Cambridge University Press.
2. Berto, F., Cavelty, M. D., & Dunn Cavelty, M. (2021). Governing cybersecurity in a complex world: National cybersecurity strategies in small and medium states. Journal of Cyber Policy, 6(2), 145–162. https://doi.org/10.1080/23738871.2021.1975346
3. Cavelty, M. D. (2018). Cybersecurity research meets science and technology studies. Politics and Governance, 6(2), 22–30. https://doi.org/10.17645/pag.v6i2.1275
4. Deibert, R. (2020). Reset: Reclaiming the internet for civil society. House of Anansi Press.
5. European Parliament and the Council. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation — GDPR). Official Journal of the European Union. https://eur-lex.europa.eu/eli/reg/2016/679/oj
6. European Union Agency for Cybersecurity (ENISA). (2023). Cybersecurity culture in organisations: 2023 report. ENISA. https://www.enisa.europa.eu/publications/cybersecurity-culture-in-organisations
7. Gartner Research. (2024). Email authentication adoption benchmark: DMARC deployment status across public sector. Gartner.
8. IBM Security. (2023). Cost of a data breach report 2023. IBM Corporation. https://www.ibm.com/reports/data-breach
9. Infocomm Media Development Authority of Singapore (IMDA). (2023). Singapore's National Digital Identity (NDI) framework: Technical and governance overview. IMDA. https://www.imda.gov.sg/how-we-can-help/ndi
10. International Telecommunication Union (ITU). (2023). Global Cybersecurity Index 2023. ITU. https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
11. Kalvet, T., Lips, M., & Skoric, M. (2018). Governing digital transformation: The Estonian approach. In J. Å. Grönlund & T. A. Janssen (Eds.), Scandinavian Studies in e-Government. Springer.
12. National Institute of Standards and Technology (NIST). (2020). Zero Trust Architecture (NIST SP 800-207). U.S. Department of Commerce. https://doi.org/10.6028/NIST.SP.800-207
13. Organisation for Economic Co-operation and Development (OECD). (2023). Government at a glance 2023: Digital government indicators. OECD Publishing. https://doi.org/10.1787/8ccf5c38-en
14. O‘zbekiston Respublikasi Axborot texnologiyalari va kommunikatsiyalarini rivojlantirish vazirligi (ATKTV). (2024). O‘zbekistonda axborot texnologiyalari sohasining 2023-yil natijalari bo‘yicha hisobot. ATKTV.
15. O‘zbekiston Kiberxavfsizlik markazi. (2024). 2023-yilda O‘zbekistonda kiberxavfsizlik holati: Yillik hisobot. O‘zbekiston Respublikasi Prezidenti Huzuridagi Axborot xavfsizligi markazi.
16. O‘zbekiston Respublikasi. (2015, 9 dekabr). Elektron hukumat to‘g‘risida: O‘zbekiston Respublikasi Qonuni. O‘zbekiston Respublikasi qonun hujjatlari ma’lumotlar bazasi. https://lex.uz
17. O‘zbekiston Respublikasi. (2019, 2 iyul). Shaxsiy ma’lumotlar to‘g‘risida: O‘zbekiston Respublikasi Qonuni (ORQ-547). https://lex.uz/docs/4396419
18. O‘zbekiston Respublikasi. (2022, 15 aprel). Kiberxavfsizlik to‘g‘risida: O‘zbekiston Respublikasi Qonuni (ORQ-762). https://lex.uz
19. O‘zbekiston Respublikasi Prezidenti. (2023, 11 sentabr). «O‘zbekiston — 2030» strategiyasi to‘g‘risida: Prezident farmoni (PF-158). O‘zbekiston Respublikasi qonun hujjatlari ma’lumotlar bazasi. https://lex.uz
20. Personal Information Protection Commission of Korea (PIPC). (2021). Personal Information Protection Act of Korea: Amended 2020 version — Key provisions and enforcement. PIPC.
21. Preukschat, A., & Reed, D. (2021). Self-sovereign identity: Decentralized digital identity and verifiable credentials. Manning Publications.
22. United Nations. (2024). UN E-Government Survey 2024: Accelerating digital transformation for sustainable development. United Nations Department of Economic and Social Affairs. https://publicadministration.un.org/egovkb/en-us/Reports/UN-E-Government-Survey-2024
23. van Dijck, J. (2020). Seeing the forest for the trees: Visualizing platformization and its governance. Social Media + Society, 6(3), 1–11. https://doi.org/10.1177/2056305120940293
24. Wirtz, B. W., Weyerer, J. C., & Geyer, C. (2019). Artificial intelligence and the public sector — Applications and challenges. International Journal of Public Administration, 42(7), 596–615. https://doi.org/10.1080/01900692.2018.1498103
25. World Bank. (2023). Digital adoption index 2023: Measuring adoption of technology by businesses, people and governments. The World Bank Group. https://www.worldbank.org/en/publication/wdr2016/Digital-Adoption-Index
26. data.egov.uz. (2024). O‘zbekiston ochiq ma’lumotlar portali: Statistika va ko‘rsatkichlar. O‘zbekiston Respublikasi Prezidenti Huzuridagi Loyihalar boshqaruvi milliy agentligi. https://data.egov.uz
27. e-Estonia. (2023). X-Road: Data exchange layer for information systems. Enterprise Estonia. https://e-estonia.com/solutions/interoperability-services/x-road
28. ENISA Threat Landscape Report. (2023). ENISA threat landscape 2023. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
29. Khanzode, V. V., & Sarode, R. D. (2020). Advantages and disadvantages of artificial intelligence and machine learning: A literature review. International Journal of Library & Information Science, 9(1), 30–36.
30. Levi-Faur, D. (Ed.). (2012). The Oxford handbook of governance. Oxford University Press. https://doi.org/10.1093/oxfordhb/9780199560530.001.0001
31. Mahler, T. (2017). Legal risk management and cloud computing: Emerging regulatory frameworks. Computer Law & Security Review, 33(2), 163–184.
32. Reddick, C. G., Chatfield, A. T., & Jaramillo, P. A. (2015). Public opinion on National Security Agency surveillance programs: A multi-method approach. Government Information Quarterly, 32(2), 129–141. https://doi.org/10.1016/j.giq.2015.01.001
33. Solove, D. J. (2013). Introduction: Privacy self-management and the consent dilemma. Harvard Law Review, 126(7), 1880–1903.
34. Susha, I., & Grönlund, Å. (2012). eParticipation research: Systematizing the field. Government Information Quarterly, 29(3), 373–382. https://doi.org/10.1016/j.giq.2011.11.005
