Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
Modern cybersecurity strategy of Turkey
Material posted: Publication date: 09-10-2017
In the XXI century the spread and impact of cyberspace in the world was so great that it began to pre-empt the state policy of many countries. The technological boom has brought a rapid growth in the number of cyber attacks. In the literature includes such concepts as cyber security, cyber terrorism, the penalties for kiberprestupniki.

It became clear that without information sovereignty cannot exist state sovereignty as such. That is why today many international organizations and States began to create their own cyber security strategies.

For the state to be information protected must have its own Internet infrastructure, media structure, own system of propaganda and a system of information warfare.

Turkey, like most developed countries, is forming a cybersecurity strategy in the following key areas: operations and cybercriminal cyber security; cybercrime; intelligence activities and cyber-espionage; crisis management; management of Internet and CyberTipline.

In the past few years, Turkey has significantly increased understanding of the importance of cybersecurity. On this occasion, the Minister of transport, Maritime Affairs and communications binalı Yildirim said: "War is not the rifles, and information technology", adding that "Turkey in the military and in the public relations started to be taken the necessary steps to meet the cyber threat"[1]. How true his statement?

According to data published by the Department of anti-smuggling and organized crime from 2000 to 2011, the number of Internet users in Turkey increased from 2 million to 35 million people and accounted for 45% of the population. However, significantly increased the number of crimes committed against information systems. This refers to unauthorized access to information systems, blocking and hacking, theft and data modification. In addition to money laundering, such campaigns are here to protest and blackmail. If in 2007 such cases were reported 210, by 2011 their number increased up to 1791[2].

Cybersecurity strategy of Turkey aims at protecting the citizen, business and government as a whole. In one recent speeches, the Minister Yildirim said: "We can assess the damage that would be incurred by citizens in the event of failure of the electronic system E-state. On the one hand, the electronic system facilitates the daily lives of citizens. On the other hand, in case of damage, there will be chaos, which is not difficult to guess"[3].

In addition to attacks on the state system, the Turkish government is concerned about the possible emergence soon of a new kind of cyber attacks – "industrial espionage". This was openly warned the President of the Board of Turkish scientific and technical research of yudzhel Altunbasak during the Exercises to ensure national cyber security in 2013[4]. "Industrial espionage" - the question is very acute for Turkish economy, where the contribution of this sector to GDP is about 30%[5].

Today, according to the Strategic studies Institute of Ankara, "Turkey does not have sufficient infrastructure to carry out effective cyber security strategies"[6]. According to the newspaper "Sabah", the cost of Turkey in 2012 in the software and the equipment was of the order of 18.4 billion TL. Whereas in the EU the only cost is the software was estimated at the time 258 billion euros[7].

Like most countries of Europe, Turkey has its search engines and social networks and is using the us Google, Facebook and Twitter, which puts her in the position of a satellite of the United States.

There are also some gaps in the legislation. "In the Criminal Code of Turkey in the field of it, under the penalties for crimes not considered the motivation, which is a major flaw in the legislation. No distinction between a terrorist or a spy who committed kiberprestupniki, and any hacker. Therefore, from the point of view of criminal law, there is no difference between cyberterrorism and hacking. In addition, in respect of cybercrime in the Law on the fight against terrorism there is no separate amendment"[8], says researcher strategy Institute, Ankara Safak Bayram.

However, in the field of cybersecurity in the last six years there have been a number of concrete actions. In the area of legislation an important step was the adoption in may 2007 of the Law No. 5651 "On the regulation of Internet publications and combating crimes committed through such publications".

In practice, the composition of the Board of Turkish scientific and technological research was created by a team of computer incident response (TR-BOME). She will respond to threats to the security systems of organizations and institutions across the country. The team also will coordinate the actions among the concerned institutions and to ensure international cooperation in this field[9].

One of the most important steps in terms of policy, cybersecurity became a Ministerial Council decision taken in June 2012 № 3842 "implementation, management and coordination of work to ensure the national cybersecurity". In accordance with this decision, with the aim of training policy, strategy and plan of action concerning cyber security Committee has been formed for cyber security. Minister Yildirim, speaking about the importance of creating a new Committee, noted that "cybersecurity is a national security issue and requires a high level of safety"[10].

According to the published on may 27 2013 decision, the Ministry of Telecommunications was created by the national center for response to liberalitie (USOM)[11]. Through USOM is now communication and coordination in the field of cyber security between Internet actors, law enforcement agencies, international organizations, research centres and the private sector[12].

From 2011 to 2013 at the state level was twice carried out Exercises to ensure the national cybersecurity[13]. The organizers were the Ministry of transport, Maritime Affairs and communications, Organization for information technologies and communications authority (BTK) and the Council of Turkey on scientific and technical research (TÜBITAK). The purpose of the exercise is to test the endurance of it systems, to prepare a new work programme and to introduce new protection measures.

In 2012, the exercise was attended by 61 representative of the state institutions and the private sector, also the meeting was attended by 12 representatives of international organizations. The participants acted according to written scripts as well as opposed to the real attacks.

During the second month of technical training they were engaged in a port scan, DdoS, web security, analyze the registry file, the office web apps and tracking attacks using social engineering techniques. This time were involved in 194 employee.

But the Turkish government did not think to stop there. 2014 has planned a number of measures to improve the cybersecurity of the state. This year it is planned that the Exercises will be held for the first time at the international level. The invitation will be sent in 30 countries[14].

At the state level are constantly held conferences, seminars and meetings. One such workshop "Vision 2015, an action Plan on cyber security of Turkey" held in the Turkish Parliament in early February. At the seminar, which will be held in the form of discussions, Turkish cyber security plan will be compared with plans of other countries[15].

In early January of this year the Turkish government has submitted to Parliament a draft law to toughen control over the Internet. Under the new amendments to law No. 5651 any Internet site can be closed by order of the Ministers of telecommunications and transport for 4 hours without a court order[16]. The law is primarily concerned with publications that violate the privacy. However, the opposition, strengthening control over the Internet is perceived as a prohibition of freedom of speech[17].

All Turkish providers under the amendments, will be compulsory to get certified and become part of the structure created by the Association of providers. It will give effect to the decision to close specific sites. Will be blocked IP address. This means that will not save the disgraced sites nor the use of 'DNS' numbers, nor VPN service. In other words, to enter through the back door blocked sites will fail.

Also, the Association will within 2 years to maintain information about the Internet traffic of subscribers. Thus, it will be monitored, which Internet site went subscriber or any application using a specific smartphone. In the electronic dossier will include information about search queries, visited web-resources and activity, manifested in social networks. To subscriber profiles will be indexed and the system filters that will impose additional costs on providers, and would slow down the Internet. Innovations, according to forecasts by the Turkish researchers, is likely to lead to higher prices for Internet for end users.

The fact that Turkey's cyber security directly linked to the issue of internal stability. The growth of anti-government sentiment has provoked a tightening of control by the state over the use of the Internet. In the summer of 2013 the social network was used by the opposition to coordinate anti-government demonstrations.

The creation of information security strategy and its implementation primarily require knowledge of information technology and human resources. The large role played by the Institute for cyber security (BSG), which provides consulting on issues of information security and offers technological solutions to military and government institutions and private organizations[18].

To improve the effectiveness of training the computer security Institute in cooperation with the Academy of information security since 2010 organized a summer educational camp for students[19].

Their popularity among young people is gradually increasing. 2013 summer camp knowledge of cyber security was able to obtain not only the students of technical and humanitarian specialties. Such a popularization of cyber security has its advantages. As noted by the Minister of science industry and technology Nihat ergün, "this area mainly attracts young people and creates in Turkey for more employment". But despite these measures, the majority of Turkish youth do not know of the existence of such camps and, moreover, are not familiar with the term "cybersecurity".

"National cyberstrategy and action Plan 2013-3014" takes into account the main factors influencing the policy of the Turkish national cyber security, and puts forward a number of objectives. Among them: the adoption of additional laws in the field of cybersecurity and the improvement of the existing ones; establishment of a response team for cyber threats (SOME) under the control of the USOM; development of robust mechanisms for the recording to determine the source of a cyber attack and its effects; strengthening the security of public information systems and ensuring new technologies; training of human resources in the field of cybersecurity and the organization of outreach activities, the development of local technologies for cyber security and the expansion of the scope of work in the institutions responsible for ensuring national cyber security[20].

For the reason that cyberspace is not associated with the boundaries of a particular state and has no boundaries, international collaboration and the signing of international agreements as important as the resolution of domestic legislation. In 2009, Turkey became a member of the International organization for multilateral cooperation against cyber threats (IMPACT).

In 2010, Turkey signed the Council of Europe Convention on cybercrime, adopted in 2001. However, the Convention still has not been approved by Parliament. In the result of the approval of the Convention and regulation legislation the policy of cybersecurity will take a big step forward.

Of course, in the short term to solve many problems in this area will fail. Cybersecurity is too costly and experienced personnel. Besides, not all government decisions approved by the society. Nevertheless, multilateral action in this direction already have a positive result. According to statistics from the security company Akmai for the third quarter of 2012, Turkey ranked third in the list of source countries of cyber attacks, after China and the United States. But in the next year disappeared altogether from the list[21].

Turkey is a country where any dissatisfaction is usually expressed through strikes. In addition, the society long ago divided into supporters of state power and a strong active opposition. The fact that Turkey is in an unstable region, puts the risk of destabilization of the state.

Of course, in the case of cyberattacks from technologically advanced States, like China and the United States, their cybersecurity strategy will be ineffective. Nevertheless, Turkey remains a state, conducting proactive cyber defence policy in the region.


[1]Usal Siber Güvenlik Tatbikatı Başarıyla Tamamlandı //BTK URL:

[2] Kaçakçılık veOrganize Suçlarla Mücadele raporu 2011// Kaçakçılık veOrganize Suçlarla Mücadele Daire Baskanligi URL:

[3] Usal Siber Güvenlik Tatbikatı Başarıyla Tamamlandı //BTK URL:

[4] Usal Siber Güvenlik Tatbikatı Başarıyla Tamamlandı //BTK URL:

[5] Review the state of the Turkish economy// foreign trade information Portal of the Ministry of foreign economic development of the Russian Federation URL:

[6] Şafak BAYRAM Türkiye'nin Siber Güvenlik Politikası// Ankara strateji Institusü on 11.12.2013. URL:

[7] Siber güvenlikte tehlike çanları//Sabah 28.12.2013. URL:

[8] Şafak BAYRAM Türkiye'nin Siber Güvenlik Politikası// Ankara strateji Institusü on 11.12.2013. URL:

[9] Bilgisayar Olaylarına Müdahale Ekibi URL:

[10] Milli güvenlik meselesi// Yeni şafak 9.12.2012. URL:

[11] Ulusal Siber Olaylara Müdahale Merkezi URL:

[12] Ulusal Siber Olaylara Müdahale Merkezi URL://

[13] Usal Siber Güvenlik Tatbikatı Başarıyla Tamamlandı //BTK URL:

[14] Ulusal Siber Olaylara Müdahale Merkezi URL:

[15] Siber Güvenlik Derneği URL:

[16] Türkiye'de Internet Hükümetin Kontrolüne Geçiyor// Ankara Su Kesintisi Haberleri 13.01.2014

[17] Araştırma: Türkiye'de hükümet medyaya müdahale ediyor// SES Türkiye adına Istanbul'dan Menekşe Tokyay''ın haberi 16.09.2013 URL:

[18] Ulusal Bilgi Güvenliği Kapısı URL:

[19] Siber Güvenlik Yaz Kampı URL:

[20] Ulusal Siber Güvenlik Stratejisi ve Eylem Planı 2013-2014 URL:

[21] Section 1: Security//The State of the Internet 3RD QUARTER, 2013 REPORT - VOL. 6, No. 3, p. 4 URL:

Maria Vyskov


RELATED MATERIALS: Defence and security
Возрастное ограничение