The opening event of the Technical Assistance Project for Ensuring Compliance with the EU Regarding the Implementation of the Network and Information Security Directive was held.
The program, held at the BTK Building, was attended by Dr. Ömer Fatih Sayan, Deputy Minister of the Ministry of Transport and Infrastructure, BTK President Ömer Abdullah Karagözoğlu, and numerous guests.
In his opening speech at the program, Deputy Minister of UAB Dr. Ömer Fatih Sayan touched upon the changes in the economic order from past to present. Pointing out that the Customs Union Agreement, which entered into force in 1996 for the liberalization of trade, was an important step in this regard, Sayan stated: "The reforms and restructuring carried out in our country have transformed the economy into a more solid structure and created a favorable environment for technological developments. Especially in the last 17 years, Turkey has become a country that has a say in new technologies and industry worldwide. While our country was seen only as a market, thanks to the 'National Technology Initiative,' we have become a country that exports and produces technological products. We have taken steps in this direction, and along the path drawn by our President Recep Tayyip Erdoğan, we have caught up with the development that some call Industry 4.0 through our 'National Technology Initiative.' We observe in all our endeavors that cooperation in the field of communication is essential while doing all this. Both social media and security have replaced geographical borders with data, and we have come to a point where we better understand how data is used by others and which sources it serves when you do not own your own data. It is well known that countries need more cooperation especially in terms of cybercrimes and terrorism. We consider this project important in terms of creating data words related to the internet and cybersecurity, ensuring standardization, determining operator types, and especially standardizing data centers," he said.
Deputy Minister Sayan: We Are Accelerating Our Efforts to Be Among the First Countries to Adopt 5G
Deputy Minister Sayan continued: "As Turkey, we are accelerating our initiatives to be among the first countries to adopt 5G and with the localization rates we have provided in 4.5G authorizations, we are no longer just an exporting and market country in the communications sector.
I think this project is very important especially in determining the standardization in continental Europe and acting jointly. Authorized persons from both our side and the EU will come together throughout the project process, take the necessary steps, and operator types will be determined in accordance with this directive. In particular, we added the issue of data centers meeting certain standards with a decree-law in our legislation regarding data centers, and we are proceeding accordingly," he concluded his speech.
BTK President Karagözoğlu: We Have Conducted Important Studies on Network and Information Security
In his opening speech, BTK President Karagözoğlu also drew attention to the current state of the information and communication technologies sector. Emphasizing that the institution has undertaken important studies in ensuring network and information security, Karagözoğlu said: "With the Electronic Communications Security Regulation published in 2008, operators authorized by BTK were obligated to comply with the TS ISO IEC 27001 standard, personnel security, physical security, and software and hardware security. Various updates were made to this regulation taking into account technical and legal developments. The Network and Information Security Regulation in the Electronic Communications Sector, dated July 13, 2014, and numbered 29059, was published in the Official Gazette. Whether operators fulfill their obligations is controlled by our Institution. Sanctions are imposed on operators detected with violations as per Board decisions. In addition, guidance on security practices is provided through inspections."
Stating that one of the important developments in recent times is the entry into force of this directive, Karagözoğlu listed the items in the directive, designed as a product of ENISA's work, as follows:
· Formation of countries' network and information security strategies,
· Inclusion of actions determined by risk analyses in the strategy document,
· Determination of public institutions and relevant parties responsible for the actions,
· Existence of a network and information security institution responsible for international cooperation.
· Establishment of CSIRT, operating under the supervision and oversight of the network and information security institution.
· Subjecting e-commerce platforms, online payment systems, social networks, search engines, cloud computing services, app stores, and service providers in critical sectors to obligations regarding network and information security.
Karagözoğlu also touched upon BTK's studies on cybersecurity. President Karagözoğlu said: "Our Institution has been assigned the duties of preventing cyberattacks and ensuring deterrence. In this scope, BTK conducts necessary preventive studies not only with operators but with all legal entities. These studies are coordinated by the National Cyber Incident Response Center (USOM) operating within our Institution. In addition to conducting alarm, warning, and announcement activities to prevent cyber threats, USOM also works to take control of incidents with on-site intervention teams in critical situations and to provide national coordination in cyber incident response. USOM, equipped with malware analysis and digital forensics capabilities, achieves significant gains in the employment and training of expert personnel. Activities such as incident response, digital log examination, and penetration testing conducted by USOM personnel in numerous critical institutions have gained momentum."
President Karagözoğlu: Cybersecurity is an Indispensable Part of National Security
Emphasizing that they see cybersecurity as an indispensable part of national security, Karagözoğlu said: "Just as in every area related to national security, developing and using domestic and national products, resources, and methods in ensuring our national cybersecurity is of utmost importance. In this scope, in our projects to combat threats within USOM, we use applications we have completely developed with our own resources based on machine learning and artificial intelligence capabilities. It is clear that one of the most important resources in ensuring national cybersecurity is qualified human resources. In this framework, we are taking the necessary steps swiftly and the steps required to train qualified experts and close the cybersecurity expert gap in our country."
Karagözoğlu listed the studies on training qualified personnel as follows: "The second SİBER YILDIZ competition we organized at the beginning of February, trainings for CSIRTs from various critical sectors such as health and energy, periodic consultation meetings to increase USOM-CIRT coordination can be cited among the studies we have done in this regard. In addition, 14 CSIRTs in critical sectors and over 1130 Corporate CSIRTs were established in the last three years. The CIRT Communication Platform, which provides communication between USOM and CSIRTs, is in communication with around 3000 Cybersecurity Experts. Thus, the activity of transmitting actions to close security vulnerabilities to relevant institutions and organizations is carried out by USOM 7/24. As of March 2019, 3668 cybersecurity notifications were sent to institutions and organizations in the last year along with critical and urgent measures to be taken. On the other hand, a total of approximately 35 thousand malicious links (URL, IP, domain) used for malware and phishing were detected, checked, and access was blocked at the infrastructure level."
President Karagözoğlu: We Must Take Applicable Measures Against Cyber Attacks
Pointing out the need to take lower-cost and easily applicable measures that include intervention before attacks occur instead of reactive measures against cyber threats, Karagözoğlu said: "In addition to access controls to systems, controls at the network and infrastructure level are also needed.
Of course, national and international cooperation has undeniable importance in the field of cybersecurity. The borderless nature of cyberspace necessitates international cooperation in this area. For this reason, Turkey closely follows the work of international organizations such as UN, NATO, OSCE, OECD, G20, FIRST, TI, and CAMP and contributes actively to these works. According to the Global Cybersecurity Index report published on ITU's website, we are 11th in Europe and 20th in the world. In addition, the Cyber Star competition organized by USOM was specifically mentioned in the report. The competition was cited as an example of practices for building cyber capacity. The ITU-GCI, the Global Cybersecurity Index in the field of cybersecurity accepted worldwide by the International Telecommunication Union, one of the performance indicators of our IPA project, is published every year," he concluded his speech.