Cyber Security Board

The Decision dated 11/6/2012 and numbered 2012/3842 on the Execution, Management, and Coordination of National Cyber Security Activities, adopted by the Council of Ministers, was published in the Official Gazette dated 20/10/2012 and numbered 28447, thereby entering into force. Pursuant to this decision, the Cyber Security Board has been established, duties and authorities in the field of cyber security have been assigned to the Ministry of Transport, Maritime Affairs and Communication, and it has been resolved that working groups and temporary boards related to cyber security may be formed.

The content of the relevant Council of Ministers Decision has been enacted into law through Additional Article 1 added to the Electronic Communications Law No. 5809 dated 5/11/2008 by Law No. 6518 published on 06/02/2014, and new duties related to cybersecurity have been assigned to the Information Technologies and Communication Authority through additional paragraphs added to the Electronic Communications Law No. 5809.

Accordingly;

With Supplementary Article 1 added to Law No. 5809 on Electronic Communications, the Cyber Security Board has also been established.

Cyber Security Board

ADDITIONAL ARTICLE 1 – (1) For the purpose of determining the measures to be taken by public institutions and establishments, as well as real and legal persons, regarding cybersecurity; approving the prepared plans, programs, reports, procedures, principles, and standards; and ensuring their implementation and coordination, the Cybersecurity Board has been established under the chairmanship of the Minister. The ministries, public institutions, and establishments to be represented in the Cybersecurity Board, as well as the level of representation of their members, shall be determined by the Council of Ministers.

(2) The duties of the Board are as follows:

1. To approve policies, strategies, and action plans related to cybersecurity and to take the necessary decisions for their effective implementation nationwide
2. To finalize decisions on proposals regarding the identification of critical infrastructures
3. To determine the institutions and establishments to be exempted from all or part of the provisions related to cybersecurity
4. To perform other duties assigned by laws.

(3) The working procedures and principles of the Cybersecurity Board shall be determined by a regulation to be issued by the Prime Ministry.”

Additional Article 1 added to Law No. 5809 on Electronic Communications states that “The ministries, public institutions, and establishments to be represented in the Cybersecurity Board, as well as the level of representation of their members, shall be determined by the Council of Ministers.” According to the Council of Ministers decision dated 11/6/2012 and numbered 2012/3842, referenced by the said Law, on the Execution, Management, and Coordination of National Cybersecurity Activities, the Cybersecurity Board is chaired by the Minister of Transport, Maritime Affairs and Communications,

• Undersecretary of the Ministry of Foreign Affairs,
• Undersecretary of the Ministry of Interior,
• Undersecretary of the Ministry of National Defense,
• Undersecretary of the Ministry of Transport, Maritime Affairs and Communications,
• Undersecretary for Public Order and Security,
• Undersecretary of the National Intelligence Organization,
• Chief of Communications, Electronics and Information Systems of the General Staff Headquarters,
• President of the Information Technologies and Communication Authority,
• President of the Scientific and Technological Research Council of Turkey,
• President of the Financial Crimes Investigation Board,
• President of the Telecommunications Communications Presidency

and consists of high-level executives from ministries and public institutions to be designated by the Minister of Transport, Maritime Affairs and Communications.

With the addition of clause (h) to the first paragraph of Article 5 of the Electronic Communications Law dated 5/11/2008 and numbered 5809, the following duties and powers have been granted to the Ministry of Transport, Maritime Affairs and Communications in the field of cybersecurity.

“h) To determine policies, strategies, and targets for ensuring national cybersecurity; to determine procedures and principles for ensuring cybersecurity for public institutions and establishments, as well as real and legal persons; to prepare action plans; to serve as the secretariat of the Cybersecurity Board; to ensure coordination of related activities; to identify critical infrastructures, the institutions they belong to, and their locations; to establish, have established, and supervise necessary intervention centers; to conduct, commission, and encourage studies for the production and development of all kinds of cyber intervention tools and national solutions; to carry out awareness-raising, education, and awareness-increasing activities on cybersecurity; and to prepare procedures and principles that real and legal persons operating in the field of cybersecurity must comply with.”

By adding the following clause after clause (ü) of the first paragraph of Article 6 of Law No. 5809, a cybersecurity-related duty has been added among the duties of the Information Technologies and Communication Authority.

“v) To fulfill the duties assigned by the Council of Ministers, the Ministry, and/or the Cybersecurity Board on cybersecurity and internet domain names through the Telecommunications Communications Presidency or other units.”

Cyber Security Board Meetings

The first meeting of the Cyber Security Board was held on 21/12/2012 under the chairmanship of Minister of Transport, Maritime Affairs and Communication Binali Yıldırım. In the relevant Cyber Security Board Decision, the “Directive on the Duties, Working Procedures and Principles of the Cyber Security Board” and the “National Cyber Security Strategy and 2013-2014 Action Plan” were adopted.

The second meeting of the Cyber Security Board was held on 20/06/2013. In this meeting, it was reported that the National Cyber Incident Response Center (USOM) had been established during the six-month period between the first and second meetings and that USOM began operations as of May 15, 2013. The third meeting of the Cyber Security Board was held on 19/12/2013.