Bilge Karabacak - eDem

Critical Infrastructure Protection Status 

and Action Items of Turkey 

Bilge Karabacak 

TÜBİTAK-UEKAE 

Sevgi Özkan 

METU Informatics Institute 

9 December 2009

Agenda 

• Terms and Definitions 

• The Efforts of USA, EU, OECD and NATO 

• The Efforts of Turkey 

• The Action Items of Turkey 

2

Definition of Critical Infratructures (CI) 

• Critical infrastructures are those physical 

and cyber-based systems essential to the 

minimum operation of the economy and 

the government. 

3

Relation Between CI and ICT 

ICT = Information and Communication Technologies 

SCADA 

4

5 

The First Use of the Term (by USA)

6 

Succesive Documents of United States

7 

The Other Organizations and Countries

Some Examples: The Northeast Blackout 2003 

8 

•8

Some Examples: The Port of Houston and Power Grid 

7 October 2003 

13 August 2001 

9

Some Examples: Sewerage System and Nuke Plant 

31 October 2001 

19 August 2003 

10

11 

US Government Sites

12 

-stonia

We are Living with the Hackers … 

Financial Institutions 

Banks 

Hospitals 

SMEs 

INTERNET 

Physically distributed 

Logically single 

Public 

Organizations 

Any 

organization … 

HACKERS 

13

The Efforts of Turkey – 1 

• National Cyber Defense Policy (Draft) 

– the security of the critical ICT infrastructures 

has to be implemented. The critical ICT 

infrastructures of Turkey, the dependencies 

and criticality levels of them and the 

responsibilities have to be determined. The 

critical ICT infrastructures have to be 

protected against cyber threats. 

14

The Efforts of Turkey – 2 

• The draft of law of e-government and 

information society 

– “critical information system” is described as 

“those information systems that the partial or 

complete loss of functionality would affect the 

public safety and order adversely”. 

– determine critical information systems and to 

decide the minimum security standards to be 

applied to those systems. 

15

The Challenges of Turkey 

• Commitment at the highest levels (such as Prime 

Ministry) 

• Formalization of the draft “National Cyber Security 

Policy” 

• Preparation of the “National Cyber Security Strategy” 

and the “National Cyber Security Action Plan” (After the 

formalization of the “National Cyber Security Policy”) 

• Enactment of “The Draft of Law of E-Government and 

Information Society” 

• Harmonization with the OECD principles 

• Preparation of the policy document about critical 

infrastructure protection 

• Allocation of sufficient budget to support the studies 

16

The Items that has to be performed - 1 

• Collaboration and coordination with private sector 

• Establishment of a center that coordinates the 

studies related with the critical infrastructures 

• Determination and designation of roles and 

responsibilities 

• Performing a country wide risk analysis in order to 

determine the critical infrastructures and their 

dependencies 

• Establishment of a partnership between 

government and the operators critical 

infrastructures (public or private) in order to share 

information 

17

The Items that has to be performed - 2 

• Performing periodical security tests and exercises 

in order to determine vulnerabilities and to take 

countermeasures 

• Performing training, education and awareness 

activities in order to build capacity for secure 

digital nation 

• Establishment of international cooperation with 

other countries and multinational organizations 

• Support for research and development activities 

• Establishment of strong and country wide CERTs 

(Computer Emergency Response Team) 

18

Thank You 

Thank you 

http://www.uekae.tubitak.gov.tr 

19

Bilge Karabacak - eDem

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?