THE IMPACT OF PERSONAL DATA ON MONGOLIA'S NATIONAL SECURITY
Abstract
Personal data is not only a matter of citizen privacy but also a crucial resource for national security strategy and a fundamental requirement for ensuring state information security. This study explores the theoretical and practical implications of personal data breaches on Mongolia's national security, state secrecy, and the stability of its electronic infrastructure, drawing on international and domestic experiences. The research examines the enforcement of existing laws and policy documents in Mongolia and analyzes cases of data breaches in information systems critical for national security. A comparison is made between the legal and institutional frameworks for data protection in countries like the European Union, the United States, and Japan. The study highlights the importance of enhancing information security education in Mongolia, fortifying the national electronic infrastructure, and proposing enhancements to the legal framework for safeguarding personal data.
References
Baldwin, D. A. (1997). The concept of security. Review of International Studies, 23(1), 5–26.
BBC News. (2023, November 29). UK warns of state-backed cyber threats amid rising tensions. BBC News. https://www.bbc.com/news/uk-politics-67518511
California Department of Justice. (2024). California Consumer Privacy Act (CCPA). Office of the Attorney General. https://oag.ca.gov/privacy/ccpa
Cybersecurity and Infrastructure Security Agency. (2017, October 14). Heightened DDoS threat posed by Mirai and other botnets [Alert]. https://www.cisa.gov/news-events/alerts/2016/10/14/heightened-ddos-threat-posed-mirai-and-other-botnets
Cybersecurity and Infrastructure Security Agency. (2021, April 29). Defending against software supply chain attacks. https://www.cisa.gov/resources-tools/resources/defending-against-software-supply-chain-attacks
CyberScoop. (2018). APT27 targets Mongolia in cyber espionage campaign, Kaspersky reports. https://cyberscoop.com/apt27-mongolia-kaspersky/
European Union Agency for Cybersecurity. (2020). Cyber risk management for ports (p. 2). https://portalcip.org/wp-content/uploads/2024/11/ENISA-Guidelines-Cyber-Risk-Management-for-Ports.pdf
European Union. (2020). General Data Protection Regulation (GDPR). https://gdpr.eu
General Data Protection Regulation, Art. 4. (2016). Regulation (EU) 2016/679.
Government of Mongolia. (2010). Mongolian National Security Concept.
HackNotice. (2024, November 8). Intermed Hospital Mongolia data breach notification. https://hacknotice.com/2024/11/08/intermed-hospital-mongolia/
IBM Security X-Force. (2024). X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon. https://www.ibm.com/think/x-force/2024-x-force-threat-intelligence-index
The Independent. (2019, October 24). Mongolia and China cyber crime arrest raids target international network. https://www.independent.co.uk/tech/mongolia-china-cyber-crime-arrest-raids-a9179471.html
International Organization for Standardization. (2012). Information technology — Security techniques — Guidelines for cybersecurity (ISO/IEC 27032:2012).
Isaak, J., & Hanna, M. J. (2018). User data privacy: Facebook, Cambridge Analytical, and privacy protection. Computer, 51(8), 56–59. https://doi.org/10.1109/MC.2018.3191268
Japan Personal Information Protection Commission. (n.d.). Act on the Protection of Personal Information (APPI). https://www.ppc.go.jp
Legalinfo.mn. (2022). Electronic Security Law of Mongolia. https://legalinfo.mn/mn/detail/16574694017401
Parliament of Mongolia. (2021). Cyber Security Law.
Parliament of Mongolia. (2021). Law on the Protection of Personal Data.
Reddit. (2021, November 11). Central Bank of Mongolia was hacked and now [Discussion post]. r/mongolia. https://www.reddit.com/r/mongolia/comments/qs1i8y/central_bank_of_mongolia_was_hacked_and_now/
Security Affairs. (2022, January 19). Mongolian CA MonPass hack exposes citizen data. https://securityaffairs.com/119677/malware/mongolian-ca-monpass-hack.html
Taddeo, M. (2019). The ethics of algorithms: Key problems and solutions. In The Oxford handbook of ethics of AI (pp. 1–20). Oxford University Press.
TAdviser. (2021). Khan Bank (Haan Bank). https://tadviser.com/index.php/Company%3AHaan_Bank_%28Khan_bank%29
The Hacker News. (2025, January 15). RedDelta deploys PlugX malware to target organizations. https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html
The Record. (2024). Mongolia targeted by APT29 watering hole attacks using NSO Group and Intellexa exploits. https://therecord.media/mongolia-apt29-watering-hole-attacks-exploits-nso-group-Intellexa
Views:
127
Downloads:
29
Copyright (c) 2025 Munkhjargal Bayanjargal, Munkhtsetseg Erdenebulgan, Densmaa Batbayar
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles are published in open-access and licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). Hence, authors retain copyright to the content of the articles.
CC BY 4.0 License allows content to be copied, adapted, displayed, distributed, re-published or otherwise re-used for any purpose including for adaptation and commercial use provided the content is attributed.
