Bilge Karabacak - eDem
Bilge Karabacak - eDem
Bilge Karabacak - eDem
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Critical Infrastructure Protection Status<br />
and Action Items of Turkey<br />
<strong>Bilge</strong> <strong>Karabacak</strong><br />
TÜBİTAK-UEKAE<br />
Sevgi Özkan<br />
METU Informatics Institute<br />
9 December 2009
Agenda<br />
• Terms and Definitions<br />
• The Efforts of USA, EU, OECD and NATO<br />
• The Efforts of Turkey<br />
• The Action Items of Turkey<br />
2
Definition of Critical Infratructures (CI)<br />
• Critical infrastructures are those physical<br />
and cyber-based systems essential to the<br />
minimum operation of the economy and<br />
the government.<br />
3
Relation Between CI and ICT<br />
ICT = Information and Communication Technologies<br />
SCADA<br />
4
5<br />
The First Use of the Term (by USA)
6<br />
Succesive Documents of United States
7<br />
The Other Organizations and Countries
Some Examples: The Northeast Blackout 2003<br />
8<br />
•8
Some Examples: The Port of Houston and Power Grid<br />
7 October 2003<br />
13 August 2001<br />
9
Some Examples: Sewerage System and Nuke Plant<br />
31 October 2001<br />
19 August 2003<br />
10
11<br />
US Government Sites
12<br />
-stonia
We are Living with the Hackers …<br />
Financial Institutions<br />
Banks<br />
Hospitals<br />
SMEs<br />
INTERNET<br />
Physically distributed<br />
Logically single<br />
Public<br />
Organizations<br />
Any<br />
organization …<br />
HACKERS<br />
13
The Efforts of Turkey – 1<br />
• National Cyber Defense Policy (Draft)<br />
– the security of the critical ICT infrastructures<br />
has to be implemented. The critical ICT<br />
infrastructures of Turkey, the dependencies<br />
and criticality levels of them and the<br />
responsibilities have to be determined. The<br />
critical ICT infrastructures have to be<br />
protected against cyber threats.<br />
14
The Efforts of Turkey – 2<br />
• The draft of law of e-government and<br />
information society<br />
– “critical information system” is described as<br />
“those information systems that the partial or<br />
complete loss of functionality would affect the<br />
public safety and order adversely”.<br />
– determine critical information systems and to<br />
decide the minimum security standards to be<br />
applied to those systems.<br />
15
The Challenges of Turkey<br />
• Commitment at the highest levels (such as Prime<br />
Ministry)<br />
• Formalization of the draft “National Cyber Security<br />
Policy”<br />
• Preparation of the “National Cyber Security Strategy”<br />
and the “National Cyber Security Action Plan” (After the<br />
formalization of the “National Cyber Security Policy”)<br />
• Enactment of “The Draft of Law of E-Government and<br />
Information Society”<br />
• Harmonization with the OECD principles<br />
• Preparation of the policy document about critical<br />
infrastructure protection<br />
• Allocation of sufficient budget to support the studies<br />
16
The Items that has to be performed - 1<br />
• Collaboration and coordination with private sector<br />
• Establishment of a center that coordinates the<br />
studies related with the critical infrastructures<br />
• Determination and designation of roles and<br />
responsibilities<br />
• Performing a country wide risk analysis in order to<br />
determine the critical infrastructures and their<br />
dependencies<br />
• Establishment of a partnership between<br />
government and the operators critical<br />
infrastructures (public or private) in order to share<br />
information<br />
17
The Items that has to be performed - 2<br />
• Performing periodical security tests and exercises<br />
in order to determine vulnerabilities and to take<br />
countermeasures<br />
• Performing training, education and awareness<br />
activities in order to build capacity for secure<br />
digital nation<br />
• Establishment of international cooperation with<br />
other countries and multinational organizations<br />
• Support for research and development activities<br />
• Establishment of strong and country wide CERTs<br />
(Computer Emergency Response Team)<br />
18
Thank You<br />
Thank you<br />
http://www.uekae.tubitak.gov.tr<br />
19