From ally to outcast, what’s next for Georgia’s cyber future?
In the lead-up to the 2008 war with Russia, Georgia became the target of cyberattacks timed to coincide with the Russian invasion. These attacks included distributed denial-of-service (DDoS) attacks that crippled government communication networks, the defacing of official websites, and the targeting of financial institutions and media outlets. Although these events galvanised international support for Georgia in strengthening its cyber resilience, this vital assistance has since diminished, leaving the country increasingly vulnerable.
Despite this early warning of cyber risks to come, Georgia has since struggled to secure its cyberspace. This struggle stems from a combination of factors, including inconsistent political commitment, limited budget allocations for cybersecurity, and a lack of institutional coordination. Russian has been testing its cyber capabilities on Georgia, disrupting the country’s cyber efforts. Reliance on international support and the absence of a unified, long-term strategy have left Georgia reactive rather than proactive.
In recent years, the ruling Georgian Dream party has transformed into a ‘Georgian nightmare,’ dismantling democratic institutions, undermining European integration efforts, and adopting an increasingly pro-Russian stance. Amidst the passing of a controversial Russian-style ‘foreign agent’ law, the official suspension of EU accession talks, and crackdowns on mass anti-government protests, Georgia’s relationships with once-close Western partners have deteriorated. As a result, Georgia’s already vulnerable cybersecurity infrastructure has been cut off from strategic partnerships and external funding, leaving the country open to hybrid attacks and other risks.
UK-Georgia collaboration
The United Kingdom and Georgia have a long-standing strategic relationship, exemplified by the 2014 Wardrop Strategic Dialogue, which fostered cybersecurity and defence cooperation. Since 2018, the UK’s National Cyber Security Centre has provided training and support to enhance Georgia’s cyber capabilities. This partnership proved vital during a 2019 cyberattack attributed to the GRU (Russian military intelligence). The hack involved a website defacement campaign that targeted government and NGO websites, national broadcasters, and businesses across Georgia, replacing content with an image of former President Mikheil Saakashvili captioned ‘I’ll be back’. This was primarily a psychological attack, aiming to instil fear about Georgia’s stability rather than cause significant disruption to infrastructure.
The UK-Georgia Cyber Partnership has been instrumental in strengthening Georgia’s cyber ecosystem through research and capacity-building initiatives. As recently as 2022, the UK allocated over £5 million ($6.37 million) to support cybersecurity collaboration with Georgia’s Ministry of Defense. The Cyber Security Bureau (CSB) of the Georgian Ministry of Defense also participated in Defense Cyber Marvel, an annual cyber defence competition.
However, this once-robust collaboration has taken a significant hit. The UK recently announced that they would freeze the Wardrop Dialogue, cancel high-level defence talks, and put a new cybersecurity program on hold, citing anti-democratic actions and anti-Western rhetoric from the Georgian government.
EU investment and reassessment
The United Kingdom has not been alone in investing in Georgian cyber capabilities. In 2021, the EU provided critical hardware and software worth $231,000, as well as training, to the CSB.
Additionally, the EU implemented a €1.3 million ($1.36 million) project to strengthen Georgia’s preparedness for and resilience against cyber threats. The initiative focused on capacity building and developing cybersecurity frameworks aligned with EU standards. A key beneficiary of this project was Georgia’s Digital Governance Agency, a relatively new organisation that oversees the cybersecurity domain through its Government Computer Emergency Response Team. The project significantly improved the agency’s ability to manage cyber incidents. Nevertheless, the recent EU reassessment of its partnership with Georgia, driven by concerns over anti-democratic actions, has raised questions about the continuity of such capacity-building programmes.
US-Georgia relations
The United States and Georgia have also shared a robust defence partnership, with the US providing more than $2 billion in assistance to the Georgian armed forces over three decades. This partnership extended to cybersecurity, with several programmes to enhance the resilience of the Georgian government and critical infrastructure against cyber threats. USAID’s Critical Infrastructure Cybersecurity Program supported Georgia in fully implementing its Law on Information Security, aligning cybersecurity laws with EU directives, and enhancing the capabilities of cybersecurity professionals. Additionally, the Securing Georgia’s Energy Future Program addressed cybersecurity threats to energy infrastructure.
However, the US, like the UK and EU, has recently reassessed its relationship with Georgia, suspending its strategic partnership and pausing over $95 million in aid that directly benefited the Georgian government. While specific cyber-related programmes have not yet been publicly identified as halted, it is highly likely that such initiatives, including government support programmes have also been suspended.
Despite support, Georgia remains vulnerable
Even before Western partners began scaling back their support, Georgia was highly vulnerable to cyber and disinformation threats originating from Russia.
In the lead-up to Georgia’s October 2024 parliamentary elections, it was revealed that Russian intelligence had conducted an extensive espionage and hacking campaign targeting Georgia’s government and critical industries. Between 2017 and 2020, Russian operatives infiltrated key Georgian ministries and industries. This campaign enabled the Kremlin to access, and potentially sabotage, vital infrastructure, including electricity companies, oil terminals, media platforms, and government departments.
By late 2019 and into early 2020, Russian hackers were monitoring employees of Telasi, a Tbilisi-based electricity distribution company, reading their emails and surveilling them via internal cameras. Another state-owned energy company was also targeted, with hackers gaining the ability to disable electrical substations and cut power to Georgian regions.
Direct cyber intrusions are not the only threat. In the run-up to the elections, Russia’s Foreign Intelligence Service (SVR) launched a coordinated disinformation campaign aimed at undermining Georgia’s relationship with Western allies. The campaign sought to portray countries like the United States as manipulative external actors interfering in Georgia’s internal political affairs, targeting public trust and fostering anti-Western sentiment.
Adding to Georgia’s challenges is the continued popularity of Russian-linked services like Yandex Go, a ride-sharing and delivery company tied to the Russian Federal Security Service (FSB). One Yandex provider was found to have illegally transferred users’ personal data, including IP addresses, to servers in Russia. This raises serious concerns about the security risks posed by such platforms. While Estonia, Latvia, and Ukraine have banned Yandex services over similar concerns, Georgians continue to rely on it. Addressing this issue requires international support to help Georgia phase out services linked to adversarial states and to educate the public about the dangers these platforms pose. Reduced support from Western partners will only exacerbate the problem.
Once again on the geopolitical crossroads
Although Georgia has benefited from its Euro-Atlantic partnerships, the country faces relentless pressure from the Kremlin. Withdrawal of support undermines Georgia’s ability to harden its critical infrastructure, develop a robust cybersecurity culture, and strengthen governance bodies responsible for managing cyber resilience. The country needs these resources to update its cyber policies and regulations to meet international standards and handle emerging threats.
Georgia’s recent strategic partnership agreement with China further complicates its position. It risks creating dependencies that limit Georgia’s ability to act independently and further isolate it from democratic allies. This redirection not only heightens Georgia’s vulnerability to Russian aggression but also introduces the challenge of navigating powerful Chinese influence, including in the cybersecurity sector.
Without a clear recommitment to democratic principles and the restoration of Western strategic partnerships, Georgian cyberspace risks being trampled upon by competing global powers. To secure its cyber future, Georgia must prioritise the hardening of critical infrastructure in both the public and private sectors, invest in training cybersecurity specialists, and strengthen its governance frameworks. Failure to do so will leave the country exposed to hybrid threats from adversaries while jeopardising long-term stability and sovereignty.