First official and original document in field: “Information and Communication Security Guide”

The opening speech of the “Presidential Information and Communication Security Guide” digital event organized by BThaber on March 3 was given by Dr. Ali Taha Koç. Pointing out that the guide is a dynamic one and will always have new agendas, Koç informed that an “Audit Guide” is being prepared to elaborate the audit processes.

In the speech titled: “Information and Communication Security Guide Introduction and Data Privacy”; Dr. Ali Taha Koç stated that: “Are we aware that the amount of data produced in the last 2 years in the world is more than the data produced since the beginning of humanity? In today’s world, the power of states also increases to the extent that they can make meaningful interpretations from data. Data that you cannot protect has the potential to easily turn into a weapon used against you. With increasing digitalization, we live in an age of large volumes of data flowing from very different sources in various formats and at high speeds, where it is impossible to manage with existing database tools. It is essential that we attach great importance to data privacy and protect our digital infrastructures. Growing data means increasing risk. The nature of cyber threats has changed inconceivably in the last 25 years. Cyber-attacks, which increase in intensity with each passing year, have become more frequent, destructive and target oriented, taking place at the state level. The partial or complete disabling of critical infrastructure, systems and services has the potential to endanger the national security of countries. Fake or manipulated information and documents spread through social media and communication tools can trigger social events and cause events that can disrupt public order. Our citizens, institutions and digital infrastructures need to be protected more than ever before against rapidly increasing cyber threats.”

An action step of the 2020-2023 National Cyber-Security Strategy and Action Plan

“The most important components of reaching sufficient maturity in cyber security are human, technology, organizational structure, legal regulation, national and international cooperation and it is possible to avoid destructive impacts with the right and conscious steps to be taken in each of the components. Increasing cyber threats in recent years led to new measures to protect the digital infrastructures of countries and to re-evaluate its policies and strategies with a new and holistic perspective. For this purpose, a new “National Cyber Security Strategy and Action Plan” was prepared and published under the leadership of our Ministry of Transport and Infrastructure and our Digital Transformation Office. With the contributions of all relevant institutions, 40 actions and 75 implementation steps for 8 strategic purposes were determined. With the implementation of the activities determined in the National Cyber Security Strategy and Action Plan covering the period of 2020-2023, we will increase our resistance against cyber-attacks against our digital infrastructures across the country, as well as increase our level in the international cyber security index. On the other hand, the Guide preparation process, which we initiated under the coordination of our Agency within the scope of the Presidential Circular on Information and Communication Security Measures published in 2019, has also been completed and was published on our website on 27 July 2020. At the same time, the Guide, which is an action step of the 2020-2023 Cyber Security Strategy and Action Plan, was an important step to increase the level of information security of our country and to ensure data privacy. We aim to ensure that the Guide, which is the first official and original document to be taken as a reference countrywide in its field, will guide the information and communication security of our country in the long term by continuously improving it.”

Our resistance to cyber-attacks will increase, duplicate investments will be prevented

Koç listed the main objectives of the Guide as: “To reduce and eliminate information security risks, to determine and implement minimum security measures to ensure the security of critical data that may threaten national security or disrupt public order” “The Guide covers those who have an independent information processing unit from institutions within the state organization and businesses that provide critical infrastructure services, or the information processing services are covered by third parties within the framework of contracts. The gains through the Guide will be increasing our resistance against cyber-attacks, establishing a data privacy culture, ensuring the security of critical data for national security and public order, reducing the security risks encountered in information systems, contributing to the sustainability of our infrastructure and systems, increasing the use of domestic national cyber security products and solutions, preventing duplicate investments, increasing the level of the country in information security and cyber security in the international arena, and keeping our country’s data in our country.”

Responsibilities of public administrators in the adaptation process and updating

Koç expressed that: “Information and Communication Security Guide contains a unique criticality rating methodology for digital infrastructures and security measures graded according to this rating. The methodology used in this framework includes an eight-dimensional analysis of systems and infrastructures. Dimensions related to the processed data focuses on confidentiality, integrity and accessibility and evaluates the dimensions of impact, dependent systems, corporate results, sectoral impact, social consequences and the estimated number of people affected in the event of a cyber-attack. The compliance plan included a total of 659 measures classified under the main headings of 15 measure areas and 62 measures, and audit articles related to these measures. The Guide is licensed under a Creative Commons Attribution 4.0 International license, allowing free use and sharing, provided that it is properly attributed. Achieving the targeted gains will be possible with the effective supervision and follow-up of the Guide compliance process in the institutions and organizations within the scope. For this purpose, we are preparing an “Audit Guide” for the elaboration of the audit process. In this context, I would like to state that our public administrators have important responsibilities in matters such as the process of compliance with the Guide and the updating of secondary legislation. Applying the measures described in the guide will prepare our country against possible cyber security threats and help us keep the threat level under control.”