Analysis of Türkiye's Cybersecurity Strategies: Historical Developments, Scope, Content and Objectives

Yıl 2024, Cilt: 28 Sayı: 1, 204 - 219, 29.02.2024

Hasan Çifci

https://doi.org/10.16984/saufenbilder.1249760

Öz

Cybersecurity is regarded as a crucial part of overall national security. A national cybersecurity strategy (NCSS) offers direction and a framework for national cybersecurity-related concerns and initiatives. Many nations have devised their own plans to defend against attacks, reduce risks, discourage attackers, and provide a secure and accessible cyberspace to promote innovation, the economy, commerce, and wealth. In order to assist the countries in developing their plans, organizations like the ITU, ENISA, OECD, NATO, e-Governance Academy and Oxford University issued research and advice publications based on the best practices from various countries. The assessment of the scope, objective, and content of Turkish national cybersecurity strategies is limited in academic literature. The studies in the literature that gathered multinational NCSS attributes from various countries and served as a guide for the development of national cybersecurity strategies were examined through a comprehensive literature review in order to assess Türkiye's strategies in terms of scope, content, and objectives. Following the development of assessment criteria based on these studies and research, a qualitative study was carried out to evaluate and ascertain the degree of conformity of Turkish cybersecurity strategies with the criteria. The historical context of Türkiye's cybersecurity strategies was explored in this article, along with strategy revisions, evaluations of the strategies' scope, content, and objectives, and gaps that should be filled to make the strategies more effective.

Anahtar Kelimeler

Cybersecurity, Turkish Cybersecurity, Cybersecurity Strategy, National Cyber Strategy, Cybersecurity Objectives

Proje Numarası

Yoktur.

Kaynakça

• [1] ITU, “Definition of cybersecurity,” 2022. https://www.itu.int/en/ITU-T/studygroups/com17/Pages/cybersecurity.aspx
• [2] NIST, “Cybersecurity,” 2022. https://csrc.nist.gov/glossary/term/cybersecurity
• [3] F. Wamala, “ITU National Cybersecurity Strategy Guide,” 2011. [Online]. Available: https://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-national-cybersecurity-guide.pdf
• [4] H. Çifci, Her Yönüyle Siber Savaş, 3rd ed. Ankara, Türkiye: TÜBİTAK, 2023.
• [5] E. Abdurahmanlı, “Siber İstihbarat Kapsamında: Echelon İstihbarat Sistemi,” Academic Journal of History and Idea, vol. 8, no. 3, pp. 1212–1234, 2021.
• [6] D. Štitilis, P. Pakutinskas, U. Kinis, and I. Malinauskaite, “Concepts and principles of cyber security strategies,” Journal of Security Sustainability Issues, vol. 6, no. 2, pp. 199–210, 2016.
• [7] NATO CCD COE, “National Cyber Security Framework Manual,” NATO CCD COE Publications, Tallinn, 2012.
• [8] ENISA, “National Cyber Security Strategies,” 2012. [Online]. Available: https://www.enisa.europa.eu/publications/cyber-security-strategies-paper
• [9] OECD, “OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security,” 2002. [Online]. Available: https://www.oecd.org/sti/ieconomy/15582260.pdf
• [10] The White House, “The National Strategy to Secure Cyberspace.” 2003. [Online]. Available: https://georgewbush-whitehouse.archives.gov/pcipb/
• [11] ENISA, “National Cyber Security Strategies - Practical Guide on Development and Execution,” 2012. [Online]. Available: https://www.enisa.europa.eu/publications/national-cyber-security-strategies-an-implementation-guide
• [12] OECD, “Cybersecurity Policy Making at a Turning Point - Analyzing a new generation of national cybersecurity strategies for the internet economy,” 2012. doi: 10.1787/5k8zq92vdgtl-en.
• [13] ENISA, “An Evaluation Framework for National Cyber Security Strategies,” 2014.
• [14] ENISA, “NCSS Good Practice Guide: Designing and Implementing National Cyber Security Strategies,” 2016
• [15] ITU, “Guide to Developing a National Cyber Security Strategy - Strategic Engagement in Cybersecurity,” Geneva, 2018. [Online]. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-CYB_GUIDE.01-2018-PDF-E.pdf
• [16] ENISA, “Good Practices in Innovation Under NCSS,” 2019.
• [17] The European Parliament, Network and Information Security Directive, no. July. EU, 2016. [Online]. Available: https://www.enisa.europa.eu/topics/nis-directive
• [18] ENISA, “National Capabilities Assessment Framework,” The European Union Agency for Cybersecurity (ENISA), 2020.
• [19] T. Vaks, E. Maaten, O. Gross, E. Neeme, L. Luht, and K. Rousku, “National Cyber Security in Practice.” e-Governance Academy, Tallinn, 2020. [Online]. Available: https://ega.ee/wp-content/uploads/2020/05/Kuberturvalisuse_kasiraamat_ENG.pdf
• [20] Oxford GCSCC, “Cybersecurity Capacity Maturity Model for Nations (CMM),” 2021. [Online]. Available: https://gcscc.ox.ac.uk/the-cmm
• [21] H. Çakır and S. A. Uzun, “Türkiye’nin siber güvenlik eylem planlarının değerlendirilmesi,” Ekon. İşletme Siyaset ve Uluslararası İlişkiler Dergisi, vol. 7, no. 2, pp. 353–379, 2021.
• [22] TÜBİTAK-BİLGEM, “Tarihçe,” 2022. https://uekae.bilgem.tubitak.gov.tr/tr/kurumsal/tarihce
• [23] Prime Ministry of the Republic of Türkiye, Circular No. 2003/12: e-Transformation Türkiye Project. 2003. [Online]. Available: http://www.bilgitoplumu.gov.tr/Documents/1/Mevzuatlar/BasbakanlikGenelge_2003-12.pdf
• [24] Prime Ministry of the Republic of Türkiye, Circular No. 2003/48: e-Transformation Türkiye Short-Term Action Plan 2003-2004. 2003. [Online]. Available: https://www.resmigazete.gov.tr/eskiler/2003/12/20031204.htm#3
• [25] Prime Ministry of the Republic of Türkiye, 2006/38 Numbered Information Society Strategy and Action Plan 2006-2010. 2006. [Online]. Available: https://www.resmigazete.gov.tr/eskiler/2006/07/20060728-7.htm
• [26] Council of Ministers, Decision on the Execution, Management and Coordination of National Cybersecurity Studies. 2012. [Online]. Available: https://www.resmigazete.gov.tr/eskiler/2012/10/20121020-18-1.pdf
• [27] Ministry of Development, 2015-2018 Information Society Strategy and Action Plan. 2015. [Online]. Available: https://www.resmigazete.gov.tr/eskiler/2015/03/20150306M1-2.htm
• [28] Ministry of Transport Maritime and Communication, 2016-2019 National Cyber Security Strategy. 2016. [Online]. Available: https://hgm.uab.gov.tr/uploads/pages/siber-guvenlik/2016-2019guvenlik.pdf
• [29] Presidency of the Republic of Türkiye, Information and Communication Security Measures No. 2019/12. 2019. [Online]. Available: https://www.mevzuat.gov.tr/MevzuatMetin/CumhurbaskanligiGenelgeleri/20190706-12.pdf
• [30] Presidency of the Republic of Türkiye, National Cyber Security Strategy No. 2020/15 and Action Plan for 2020-2023. 2020. [Online]. Available: https://www.mevzuat.gov.tr/MevzuatMetin/CumhurbaskanligiGenelgeleri/20201229-15.pdf
• [31] Prime Ministry of the Republic of Türkiye, 2005/5 Numbered e-Transformation Türkiye Project Action Plan for 2005. 2005. [Online]. Available: https://www.resmigazete.gov.tr/Eskiler/2005/04/20050401-12.htm
• [32] Council of Ministers, National Cyber Security Strategy and Action Plan 2013-2014. 2013. [Online]. Available: https://www.resmigazete.gov.tr/eskiler/2013/06/20130620-1.htm
• [33] Ministry of Transport and Infrastructure, Communique on Procedures and Principles Regarding the Establishment, Duties and Operations of Cyber Incidents Response Teams. 2013. [Online]. Available: https://www.mevzuat.gov.tr/mevzuat?MevzuatNo=19004&MevzuatTur=9&MevzuatTertip=5
• [34] Ministry of Transport and Infrastructure, 2020-2023 National Cyber Security Strategy. 2020. [Online]. Available: https://hgm.uab.gov.tr/uploads/pages/strateji-eylem-planlari/ulusal-siber-guvenlik-stratejisi-ve-eylem-plani-2020-2023.pdf
• [35] Ministry of Transport and Infrastructure, “Minimum Information Security Criteria That Public Institutions Must Comply with,” 2013. [Online]. Available: https://hgm.uab.gov.tr/uploads/pages/siber-guvenlik/asbk.pdf
• [36] M. J. B. Kabeyi, “Organizational strategic planning, implementation and evaluation with analysis of challenges and benefits for profit and nonprofit organizations,” International Journal of Applied Research, 2019.
• [37] ITU, “GCI scope and framework,” 2019. [Online]. Available: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/GCIv4/New_Reference_Model_GCIv4_V2.pdf
• [38] ITU, “Global Cybersecurity Index (GCI) 2014,” 2014. [Online]. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf
• [39] ITU, “Global Cybersecurity Index (GCI) 2017,” 2017. [Online]. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-R1-PDF-E.pdf
• [40] ITU, “Global Cybersecurity Index (GCI) 2018,” 2019. [Online]. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf
• [41] ITU, “Global Cybersecurity Index (GCI) 2020,” 2021. [Online]. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf