New Cyber Security Law Passed – Latest News
Turkey has enacted a new Cyber Security Law to address the current and potential threats facing all elements of the national power in cyberspace, both internally and externally, as well as to detect and eliminate them. The law aims to reduce the potential impacts of cyber incidents and establish the principles to enhance the country’s cyber security, including the establishment of a Cyber Security Council.
The law covers all public institutions and organizations, professional organizations with public institution status, individuals, legal entities, and entities without legal personality that operate in cyberspace. It excludes intelligence activities conducted under the Police Duties and Authorities Law, Coast Guard Command Law, Gendarmerie Organization, Duties and Authorities Law, State Intelligence Services and National Intelligence Organization Law, and Turkish Armed Forces Internal Service Law.
The law defines terms such as “Hosting,” “President,” “Presidency,” “Information systems,” “Critical infrastructure,” “Critical public service,” “Cyber security,” “Cyber incident,” “Cyber attack,” “Cyber threat,” “Cyber threat intelligence,” “Cyber space,” “SOC” (Security Operations Center), “Asset,” and “Vulnerability” and establishes the basic principles for ensuring cyber security.
Key principles for ensuring cybersecurity include institutionalization, continuity, and sustainability of cybersecurity measures, as well as the application of cybersecurity measures throughout the lifecycle of services and products. Accountability will be a key principle in the implementation of cybersecurity processes.
The law emphasizes the preference for domestic and national products in cybersecurity efforts and holds all public institutions, organizations, and individuals responsible for preventing and mitigating cyber attacks. It also focuses on developing a qualified workforce in cybersecurity and promoting a cybersecurity culture across society.
The Cyber Security Presidency’s tasks are defined in the law, including increasing the cyber resilience of critical infrastructure and information systems, protecting against cyber attacks, detecting and preventing potential attacks, and reducing their impact. The Presidency will also conduct vulnerability and penetration tests, analyze risks, combat cyber threats, acquire and share cyber threat intelligence, and examine malicious software.
In conclusion, the new Cyber Security Law aims to strengthen Turkey’s cybersecurity measures, enhance the protection of critical infrastructure and information systems, and establish a secure cyber space. The law outlines strict penalties for non-compliance with cybersecurity regulations, emphasizing the importance of accountability and collaboration in achieving a resilient cyber environment.
