Orb 2
Retro Futuristic Elements

Unit4sec

An OvervIew of Türkİye’s Cyber SecurIty OrganIzatIonal UnIts

1

2

3

3

Monoline Text Divider
Monoline Text Divider
Monoline Text Divider
Turkish flag

IntroductIon

Introduction

Türkiye 2012-2014 Cyber Security Strategy

Türkiye 2014-2019 Cyber Security Strategy

Türkiye 2020-2023 Cyber Security Strategy


1

4

5

6

output of cyber securIty StrategIes

Cyber Security Organization Structure of TÜRKİYE

7

8

Other instutions regarding cyber security

Global Score

Global Cyber Security Index 2020


9


REFerences

10

IntroductIon

To understand Türkiye's cybersecurity organization, mission, and strategies, it would be appropriate to examine the period after the responsibility for cybersecurity was transferred to the Ministry of Transport and Infrastructure in 2012. The changes made during this period highlight many innovations, the organizational structure, and strategies in the country's cybersecurity field.


In this context, Türkiye's cybersecurity strategy was first defined under the decision published in the Official Gazette dated October 20, 2012, and numbered 28447, following the resolution adopted by the Council of Ministers in decision number 2012/3842, "On the Implementation, Management, and Coordination of National Cybersecurity Activities."


In accordance with this decision, a Cybersecurity Board has been established with the purpose of determining cybersecurity measures, approving prepared plans, programs, reports, procedures, principles, and standards, and ensuring their implementation and coordination. The board is chaired by the Minister of Transport, Maritime


Affairs, and Communications and includes the following members:


  • Undersecretaries from the Ministries of Foreign Affairs, Interior, National Defense, and Transport, Maritime Affairs, and Communications.
  • Undersecretary for Public Order and Security.
  • Undersecretary of the National Intelligence Organization.
  • Head of the General Staff Communications, Electronic, and Information Systems.
  • President of the Information Technologies and Communication Authority.
  • President of the Scientific and Technological Research Council of Türkiye.
  • President of the Financial Crimes Investigation Board.
  • President of the Telecommunications Communication Authority.
  • Top-level executives from ministries and public institutions designated by the Minister of Transport, Maritime Affairs, and Communications.


Türkİye Cyber SecurIty Strategy PlannIng InfographIc

Map Pin

01

Map Pin

When reviewing Türkiye's 2014-2019 cybersecurity strategy, we find 18 action items supporting the initial strategy

Map Pin

02

Map Pin

Currently , the last published strategy.

Map Pin
Map Pin

03

First Cyber Security Strategy which is the foundation of most of the actions.

Within this scope, the following actions were planned and implemented in the National Cybersecurity Strategy for 2013–14 and the 2013–2014 Action Plan:



a) Legal Regulations


  • Examination of national and international legislation in the field of cybersecurity and identification of necessary legal regulations (April 2013).


  • Updating existing primary legislation (laws) to cover cybersecurity aspects and completing the work on primary legislation that addresses new regulatory requirements, to be submitted to the Cybersecurity Council (September 2023).


b) Support for Legal Processes


  • Activation of appropriate recording mechanisms that are compliant with current technology and international standards for relevant public institutions to obtain reliable evidence for post-incident examinations (March 2014).



  • Ensuring that organizations operating in critical sectors deploy recording mechanisms that are compliant with current technology and international standards to obtain reliable evidence for post-incident examinations (May 2014).


c) Establishment of a National Cyber Incident Response Organization


  • Establishment of the National Cyber Incident Response Center (USOM) operating 24/7.
  • Preparation of procedures and processes, as well as the creation of a central assistance page for public personnel involved in cybersecurity.
  • Public institutions and organizations coordinating activities directly under the coordination of USOM.


d) Strengthening the National Cybersecurity Infrastructure


  • Implementation of mandatory annual security tests and audits at the institution level for prioritized public institutions, following agreements with relevant institutions (May 2013).
  • Training of technical personnel and issuance of certificates to personnel participating in the internal audit units of public institutions to develop information system audit capabilities (May 2014).



e) Human Resource Development and Awareness Activities in Cybersecurity


  • Organization of the first International Cybersecurity Exercises led by our country.
  • Preparation of feasibility studies for the establishment of the required technical infrastructure within relevant institutions for the security assessments of software developed for critical infrastructures.
  • Creation of access control principles in compliance with international standards (e.g., TS ISO/IEC 27001).
  • Redesign of e-government applications for prevention of unauthorized access to data over the internet.
  • Establishment of platforms for the development of open-source cybersecurity products.
  • Planning for the transfer of suitable critical information systems to open-source operating systems.
  • Initiation of scholarship programs for students pursuing doctoral and master's degrees in cybersecurity.
  • Creation of scholarship programs for students interested in specializing in cybersecurity.
  • Training and practical experience for experts working in USAM and SOMEs.


f) Development of Domestic Technologies in Cybersecurity


  • Establishment of incentive mechanisms for national R&D activities related to software, hardware, and similar information technology products related to cybersecurity.
  • Promotion of programs that support the establishment of R&D laboratories on cybersecurity in universities.
  • Regular collaboration involving public and private sectors, universities, civil society organizations, and all information security stakeholders.
  • Creation of incentive mechanisms for institutions to prefer domestically developed products that have undergone security assessment and certification, as well as products that have undergone security assessment and certification when domestic products are not available.


g) Expanding the Scope of National Security Mechanisms


  • Determination of how responsibilities of institutions will be handled and how national-level coordination will be achieved in various cybersecurity incidents occurring in the cyber environment.
  • Identification of priority actions for analyzing the current status and improving mechanisms for various incidents that may occur in the cyber environment.

2013 Jan

2013 May

Shield Security with Lock Icon Isolated. Protection, Safety, Password Security. Firewall Access Privacy Sign. Vector Illustration

2013 Feb

Creation of National Cyber Incident Response Center (USOM) and Sectoral & Corporate Cyber Incident Response Teams (SOME)

Determining Minimum Criteria for Maintaining Records to Obtain Reliable Evidence for Post-Incident Examination

The beginning of the activities of the Cyber Security Council.

cyber gradient icon

2013 April

2013 May

Identification of Critical Infrastructure Vulnerable to Direct Cyber Threats That Could Disrupt Societal Order When Damaged

Review of National and International Cybersecurity Legislation to Identify Needed Legal Regulations

2013 Sep

2013 Dec

2014 May

Establishing National R&D Incentives for Cybersecurity-Related IT Products, Software, and Hardware

First International Cybersecurity Exercise Led by Türkiye

Establishment of Public Sector Cyber Incident Response Teams (SOME)

When we glance at Türkiye's 2014-2019 cybersecurity strategy, we see action plans comprising 18 items to develop and support parallel processes with the first strategy. These 18 action plans fall under 5 distinct strategic action plan headings:

2014-2019 Türkiye Cyber Security Strategy

When reviewing Türkiye's 2014-2019 cybersecurity strategy, we find 18 action items supporting the initial strategy

Map Pin

02

Map Pin
  • Strengthening Cyber Defense and Protecting Critical Infrastructure,
  • Combating Cybercrimes,
  • Awareness and Human Resource Development,
  • Enhancing the Cybersecurity Ecosystem, and
  • Integrating Cybersecurity into National Security.


The 18 actions are as follows:


  • Establishment of a national critical infrastructure inventory, ensuring the security requirements of critical infrastructure, and their regulatory oversight by the relevant authorities.


  • Development of legislation, including an audit approach in cybersecurity, compliant with international standards.


  • Enhancement of regulatory awareness and competencies in cybersecurity within sectoral regulatory bodies, ministries, and other organizations.
  • Regulatory measures to protect agency IT systems not only from attacks but also from user errors and disasters.


  • Each agency reaching the competency to operate its information security management process to protect against attacks, user errors, and disasters.


  • Increasing awareness among agency executives regarding cybersecurity.


  • Training and encouragement of competent personnel in cybersecurity, including personnel, researchers, and students who wish to specialize in this field.


  • Promoting cybersecurity awareness throughout society, including awareness campaigns in print and visual media, in addition to educational institution efforts.


  • Legislative support for employing expert personnel in cybersecurity in public institutions and improving their welfare.


  • Legislative support, financial regulations, meeting the need for competent personnel, provision of IT infrastructure, and the enhancement of information sharing to increase the effectiveness of Corporate and Sectoral Cyber Incident Response Teams (SOME).


  • Creation of a strong central public authority for coordinating cybersecurity efforts.


  • Establishment of a national cybersecurity ecosystem with the participation and coordination of public institutions, the private sector, NGOs, regulatory bodies, universities, developer firms, and all other stakeholders.


  • Dissemination of best practices, advisory services, and sharing of transparency, threats, and beneficial practices within the national cybersecurity ecosystem.


  • Vulnerability analysis and certification to prevent the exploitation of vulnerabilities in hardware and software products used in critical information system points.


  • Establishment of a culture for secure software development and supply management.


  • Focus on R&D activities to reduce external dependencies in cybersecurity and develop local products.


  • Development of a national proactive cyber defense capability to neutralize threat actors before they launch attacks.


  • Widespread adoption of effective record management and IPv6 (Internet Protocol version 6) technologies to eliminate the anonymity advantage in cyberspace used by threat actors.

When we examine the 2020-2023 Türkiye Cybersecurity Strategy, we observe a parallel with the previous action plans, yet this time, the priorities are consolidated into eight main categories. Furthermore, we can see that the objectives and actions have matured within this framework. These eight primary categories are as follows:

2020-2023 Türkiye Cyber Security Strategy

Currently , the last publiished strategy.

Map Pin

03

Map Pin

1

Protection of Critical Infrastructure and Enhancement of Resilience

2

Development of National Capacity

3

Organic Cyber Security Network

5

6

7

Combating Cybercrime

CDevelopment and Support of Indigenous and National Technologies

Integration of Cybersecurity into National Security

4

Security of Next-Generation Technologies

8

Enhancement of International Collaboration

Cyber Security Organization Structure of Türkiye

Courthouse Building Illustration

Implementation, administration and coordination of national cybersecurity actions, and preparation and coordination of policy, strategy and action plans

Türkiye Cyber Security Board

In the context of cybersecurity, the board approves prepared plans, programs, reports, procedures, principles, and standards and ensures their implementation and coordination.

Female financial analyst giving presentation to board members
City Government Building

The Digital Transformation Office (Dijital Dönüşüm Ofisi -DDO) established by Presidential Decree in July 2018, has been given the task of developing projects that increase information security and cybersecurity.

Publications

  • Information and Communication Security Guide
  • Information and Communication Security Audit Guide
  • Information and Communication Security Compliance and Audit Monitoring System

Responsibilities

City Building

While policymaking is the responsibility of the Transportation and Infrastructure Ministry, the regulatory function has been assigned to the Information and Communication Technologies Authority (Bilgi Teknolojileri Kurumu -BTK)

  • Making regulations regarding authorization and issuing secondary regulations related to it.


  • Making the necessary regulations to provide postal services to users in a reliable, uninterrupted, and affordable manner, in accordance with the policies and strategies determined by the Ministry.


  • Monitoring communication conducted through telecommunications; it can be defined as the covert interception of all forms of communication carried out with the insertion of an intermediary, recording the information obtained, and its evaluation.


  • Establishing methods for approving, monitoring, and inspecting tariffs, as well as determining the upper and lower limits of tariffs and their implementation procedures and principles.

Responsibilities

USOM was established under BTK and constantly monitors and provides warnings and announcements for cybersecurity incidents. It also establishes national and international coordination for the prevention of cyber-attacks against critical sectors.

Company Tower Building
  • USOM conducts national and international coordination efforts for responding to cyber incidents in Türkiye, operating on a 24/7 basis.


  • It identifies cyber threats and issues alerts, warnings, and announcements to relevant parties and the nation as a whole to develop measures aimed at reducing or eliminating the impact of potential incidents.


  • USOM takes action to implement protective measures for information systems that have been exposed to cybersecurity incidents.


  • In cases where evidence of criminal activities is found during cybersecurity operations, USOM collaborates with law enforcement and judicial authorities.


  • USOM uses the National and Indigenous Cyber Incident Notification Portal (SIP) to send security notifications, alarms, announcements, messages, and reports to sectoral and institutional Cybersecurity Operation Centers (SOMEs) operating within the national cybersecurity organization. Likewise, SOMEs can use SIP to report incidents and alerts they have identified to USOM.


  • USOM reviews and assesses the reports and notifications it receives, taking necessary actions based on the nature of the incidents.


  • USOM conducts analyses of malicious software and shares findings with SOMEs and other relevant stakeholders.


  • To mitigate the impact of cybersecurity threats and incidents, USOM blocks access to harmful internet addresses, phishing sites, locations distributing or hosting malicious software, command and control centers, and addresses conducting port scans. These activities are carried out within the legal framework provided by the Electronic Communications Law No. 5809.
Close up of Gavel on a Book on Table

Government CERT

Institutional Cyber Events Response Teams are responsible for the main government institutions and bodies

Man Raising Renewable Sectors Over Fossil Fuels

Private Sector CERT

Sectoral CERTs specialise in sectors that are recognised as critical infrastructure for the nation: transportation, energy, electronic communications, finance, water management

Other instutions regarding Cyber Security Landscape of Türkiye

The Undersecretariat for Defense Industries (SSM) was established in 1985 as the "Defense Industry Development and Support Administration Presidency" under the Ministry of National Defense, with the aim of determining policies related to the establishment of the defense industry infrastructure in Türkiye and creating mechanisms to implement these policies. In 1989, it was restructured as the "Undersecretariat for Defense Industries." In 2017, as a result of regulatory changes, it was attached to the Presidency, and in 2018, it was restructured again as the "Presidency of Defense Industries of the Republic of Türkiye," with its organization, duties, authorities, and responsibilities regulated by Presidential Decree No. 7 regarding the Presidency of Defense Industries.

Projects

The company was founded in 1991 by the decree of the Defence Industry Executive Committee. Its primary mission was to provide an array of critical services, including project management, system engineering, technology transfer, logistical support, and consultation. These services were aimed at supporting the Presidency of the Republic of Turkiye Presidency of Defence Industries (SSB) and the Turkish Armed Forces (TSK) in high-technology sectors vital for national security.


Over the years, the company has expanded its expertise by actively participating in national projects within the Turkish defense industry. Significant investments have enabled diversification into various fields such as military naval platforms, cybersecurity, tactical mini UAV systems, radar systems, satellite technologies, command and control systems, certification, and consultancy. Notably, the company has developed and provided indigenous and critical systems using domestic resources to meet the requirements of civil, public, and private sectors. It proudly stands among the top defense industry firms in the country, playing a pivotal role in enhancing the global competitiveness of the Turkish defense industry while also engaging in export-oriented endeavors.

STM offers a comprehensive suite of capabilities and activities in the realm of cybersecurity. Their expertise encompasses the delivery of integrated turnkey cyber security projects, awareness studies, and education, ensuring a heightened level of cyber resilience.


They provide adept consultancy services along with extensive analyses such as assessing cyber security maturity levels and conducting test and evaluation services, further supported by their Common Criteria Test Laboratories. STM is also well-versed in offering services related to Industrial Control Systems and configuring customized laboratories. Their dynamic approach involves malware analysis, Red Team and penetration testing, as well as source code security analysis and vulnerability assessments, all underpinned by robust risk management strategies.


In the rapidly evolving landscape of cybersecurity, STM excels in IoT attack determination and operates a Cyber Fusion Center. They specialize in cyber threat intelligence and run a Cyber Operation Center, providing incident response and threat hunting solutions. Their expertise extends to the organization of R&D projects, producing periodical cyber threat status reports, and hosting Capture The Flag (CTF) competitions. STM’s activities also encompass data center configuration and consultancy services, ensuring a holistic and resilient approach to cyber security.

TÜBİTAK is an institution in Türkiye with a vision to be innovative, guiding, participatory, and collaborative in the fields of science and technology. It supports research and development in both academic and industrial sectors, focusing on national priorities. TÜBİTAK also plays a role in shaping the country's Science and Technology policies and publishes materials to increase awareness in society. It supports domestic and international academic activities of scientists through scholarships and awards, and funds projects in universities, public institutions, and industries to enhance the country's competitiveness.

The Cyber Security Institute (CSI) was established with the aim of conducting research and development activities in the field of cybersecurity to enhance the national cybersecurity capacity. CSI carries out research and development projects in the field of cybersecurity and undertakes solution-oriented projects for military institutions, public entities, and private sector organizations.

The activities of the Cyber Security Institute are grouped under three main headings:


  1. Advanced Cyber Security Research and Development Studies
  2. Cyber Security Strategy Formulation Studies
  3. Cyber Security Solution Projects


The Personal Data Protection Authority is a legally autonomous public entity established to fulfill responsibilities outlined in Law No. 6698. Operating under the purview of the Minister appointed by the President of the Republic, the Authority is headquartered in Ankara and comprises both a Board and a Presidency. The decision-making body of the Authority is the Board.

The Personal Data Protection Law, implemented in 2016 and overseen by the Personal Data Protection Authority (KVKK), plays a pivotal role in Türkiye's legal landscape. This legislation's central objective is the preservation of personal data in an age of digital proliferation, aiming to secure individuals' privacy rights. Complying with this statute is of paramount importance for enterprises, not only to prevent data breaches but also to harmonize Türkiye with worldwide data protection norms, thereby facilitating international data transfers and enhancing data security practices across various sectors.

The National Intelligence Organization was created by the National Intelligence Organization Act (Law No.644 dated 6 July 1965). It originally reported to the Office of the Prime Minister. In 2017, the National Intelligence Organization was subordinated to the Presidency. The organization operates under six different presidencies, one of which is the Cyber Intelligence Directorate.

The Cyber Intelligence Presidency is responsible for carrying out technical activities using all kinds of technical intelligence methods, tools, and systems to fulfill the duties assigned by Law No. 2937, which include gathering, recording, and analyzing information, documents, news, and data.


When reviewing the 2022 National Intelligence Organization (MİT) Activity Report, it is evident that numerous developments have occurred in the field of cyber intelligence. Furthermore, it is emphasized that new capabilities in artificial intelligence, big data analysis, and image intelligence have added a new dimension to their on-field operations."


The General Directorate of Security or Turkish Police Service is the national civilian police force responsible for law enforcement of the Republic of Türkiye, which is affiliated with the Ministry of Interior. Department of Fight Against Cyber Crimes serve as a cyber security unit for the Turkish Police Service

In order to provide support for the investigation of crimes committed through information technologies and the examination of digital evidence, and to centralize the dispersed structure of provincial units of the relevant Directorates under a single umbrella, prevent duplication of investments, and effectively and efficiently combat cybercrimes, the Directorate for Combating Cybercrimes was established within the General Directorate of Security by the Council of Ministers' Decision No. 2011/2025. Following the Ministry's approval dated February 28, 2013, the name of the Directorate for Combating Cybercrimes was changed to the Cybercrime Combat Directorate.

The Ministry of National Defence is entrusted with the primary authority for overseeing military cyber defense and occupies the highest position within the realm of military cyber operations


The Cyber Defense Department operates as a division under the Directorate of Communications and Information Systems, functioning as a department within the organizational hierarchy.

Department of Cyber Security

The Objective of Turkish Armed Forces Foundation, stated by LAW 3388; is to enhance the warfare of capability of Turkish Armed Forces through national defense industry, establishing new defense industry areas and procuring warfare armament by providing the financial and spiritual support of Citizens.

Subsidiaries

ASELSAN is the largest defense electronics company of Türkiye whose capability/product portfolio comprises communication and information technologies, radar and electronic warfare, electro-optics, avionics, unmanned systems, land, naval and weapon systems, air defence and missile systems, command and control systems, transportation, security, traffic, automation and medical systems. Today ASELSAN has become an indigenous products exporting company, investing in international markets through various cooperation models with local partners and listed as one of the top 100 defence companies of the world (Defense News Top 100).

Aselsan provide secure and integrated solutions such as crypto and information security systems, information technology systems, network security products in communication and computer systems, secure data sharing systems and encryption solutions.

Established in 1982 under the Turkish Armed Forces Strengthening Foundation, HAVELSAN is a leading Turkish technology firm known for its expertise and advanced software-driven solutions. It provides original software-intensive systems in fields such as Command Control and Defense Technologies, Simulation, Autonomous and Platform Management Technologies, and Information and Communication Technologies. HAVELSAN offers turnkey solutions to the Turkish Armed Forces, public institutions, the private sector, and international clients

HAVELSAN offers a suite of cutting-edge cybersecurity and data protection products. Their HAVELSAN WAF/LB (Web Application Firewall/Load Balancer) provides robust load balancing for high network traffic while also identifying and thwarting cyberattacks on web applications. Complementing this, HAVELSAN DLP (Data Leakage Prevention) is a PARDUS-compatible solution that safeguards against unauthorized data leaks from an organization by enforcing predefined security rules and monitoring data access. In the ever-evolving world of mobile technology and the escalating threat landscape, HAVELSAN İleti responds to the need for heightened communication and information security on mobile platforms. Lastly, HAVELSAN Data Diode is a modern data transfer system, designed modularly to meet the inter-network data transfer needs of various sectors, including defense, security, and finance, providing secure, one-way data movement between isolated networks. These products collectively signify HAVELSAN's dedication to enhancing cybersecurity, preserving data integrity, and ensuring secure data transfer mechanisms.

Others

Turkish Armed Forces Foundation has many other valuable and successful subsidiaries. However, these institutions are highlighted for their activities in the field of cybersecurity, so they are briefly mentioned.

Some Reported Results

The Global Cybersecurity Index (GCI) is a measurement tool developed by the International Telecommunication Union (ITU), a specialized agency of the United Nations, to assess and rank the cybersecurity readiness and capabilities of countries around the world.



They provide cyber security index and it is based on data reported by a record level of Member State participation, from 105 responses in the 2013-2014 iteration, to 150 questionnaires returned in 2020.


The Index assesses Member State commitments to cybersecurity across five key pillars:



  • Legal measures
  • Technical measures
  • Organizational measures
  • Capacity development measures
  • Cooperation measures.


Well, within these measurement according to the 2020 Global Cybersecurity Index published by the International Telecommunication Union (ITU), Türkiye has secured the 16th position globally and ranks 6th in the European region, boasting an impressive overall score of 97.41.



Conclusion

Our exploration of Türkiye's cybersecurity landscape has shed light on the multifaceted structure and the various authorities that play a pivotal role in enhancing the nation's cyber resilience. We've delved into the legal framework, government institutions, and key organizations that collectively contribute to Türkiye's cybersecurity maturity. By understanding the roles and responsibilities of these entities, it becomes evident that Türkiye is committed to fortifying its digital defenses and safeguarding its critical assets in an ever-evolving cyber landscape.


It's worth noting that our research has primarily relied on publicly available resources, and the complexity of this field means that there may be additional initiatives and entities contributing to Türkiye's cybersecurity posture that are not covered here. We apologize for any omissions, as it is challenging to encompass the entirety of this dynamic and vital domain in a single overview. As Türkiye continues to adapt and strengthen its cybersecurity posture, it stands better equipped to face the challenges of the digital age and protect the interests of its citizens, businesses, and institutions.


As we present this overview of Türkiye's cybersecurity landscape, it's a momentous occasion that calls for celebration. Today, on October 29th, Türkiye commemorates its 100th anniversary as a republic, a nation founded by the visionary leader Atatürk and the unwavering dedication of our soldiers, martyrs, and gazis. We are forever thankful for their sacrifices, which have paved the way for our remarkable journey.


In the words of Atatürk, "Sovereignty unconditionally belongs to the people." This sentiment embodies the spirit of our nation, where progress and innovation have always thrived within the democratic values of our republic. We celebrate this day with gratitude for the past and hope for the future, for our great republic and all those who have contributed to its strength and resilience. Happy 100th Anniversary, Türkiye! 🇹🇷🎉



References

  • https://cbddo.gov.tr/
  • https://hgm.uab.gov.tr/siber-guvenlik
  • https://www.itu.int/epublications/publication/D-STR-GCI.01-2021-HTM-E/
  • https://www.aselsan.com/en
  • https://www.kvkk.gov.tr/
  • https://ccdcoe.org/uploads/2021/08/TUR_country_report_final_clean_ver_2408.pdf
  • https://www.egm.gov.tr/siber
  • https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf
  • https://cybilportal.org/publications/itu-global-cybersecurity-index-gci-v4/
  • https://www.mit.gov.tr/
  • https://www.msb.gov.tr/
  • https://www.tubitak.gov.tr/
  • https://www.btk.gov.tr/
  • https://www.ssb.gov.tr/