Cybersecur­ity in Turkey

Dünya Executive - - BUSINESS BY LAW - EFE KINIKOGLU, PARTNER MORAL & PARTNERS efekinikog­[email protected]

IIn today’s increasing­ly interconne­cted digital world, to be engaged in economic activity means being online. Whether it is transferri­ng money, marketing products, correspond­ing with customers and businesses, or storing data in cloud systems the digital world has become an indispensa­ble part of our daily lives. The invisible border separating the real and virtual worlds vanished a long time ago. As leading physicist scientist Stephen Hawking has noted: “We are all now connected by the Internet, like neurons in a giant brain.” The Internet connects people and creates a virtual and living environmen­t built on ones and zeros. It is called cyberspace.

The advent of cyberspace has engendered a new class of security risks both for everyday people and the security agencies of nation states. Attackers using cyberspace can inflict serious damage by targeting financial institutio­ns, accessing and leaking national secrets or compromisi­ng the physical security of critical infrastruc­ture, exposing states to further attacks. The Stuxnet worm, which targeted Iran’s nuclear facilities, is a prime example of how cyberwar has become another weapon in the toolkit of nation states to disrupt the activities of their enemies. Many others likely exist but have yet to be deployed or publicly disclosed, but here are some of the more stand out examples of past attacks: In 2014, one of the biggest banks in the world lost data on 2.7 million customers, damaging its credibilit­y and reputation.

In 2016, the leading ride hailing company, Uber, was hacked and personal informatio­n of 57 million drivers and customers stolen.

In 2017, one of the world’s leading audit firms (which was ranked as the best in cybersecur­ity in 2012) admitted it had been hacked in 2016 and the personal informatio­n of 143 million US customers along with 400,000 European customers stolen.

In 2016, it became public that the Turkish Social Security Institutio­n (SGK) was hacked for an unknown period of time and vast amount of personal informatio­n stolen, inflicting an estimated of TRY 6 million in damages.

V ct ms are not aware

It is quite challengin­g to identify cyber attackers because they rarely leave traces behind. In most cases, cyber attackers do not need expensive or advanced technology to conduct their activities. As a matter of fact, facilitati­ng access to public IT resources and its growing importance in the operation of both public institutio­ns as well as private organizati­ons result in increased vulnerabil­ity. With the exception of a few attack types, such as distribute­d denial-of-service (“DDoS”) attacks, most cyber threats exploit the security holes of the target system and exploit the lack of sufficient countermea­sures. Most of the time, victims are not even aware of these weakness in their defenses which makes it quite difficult to foresee, disarm, and deter cyber attackers and gives the attackers an asymmetric advantage.

Cybersecur ty pol c es needed

The key to countering these attacks lies in how seriously nations take the threat and the countermea­sures they adopt. Unfortunat­ely, developmen­ts in cybersecur­ity policies, legislatio­n and national capabiliti­es in Turkey have a long way to go. Nonetheles­s, Turkey presents a fascinatin­g instance of average internet access but high capabiliti­es: as of 2017, 66.8 percent of Turkish citizens have Internet access (97th place globally), yet the country has been the 5th biggest source of cyber-attacks around the world. Hence, we believe that Turkey has a huge potential in R&D and human resources which are essential for long-term success in cyber operations, if government planning can be merged with private sector efforts.

Cyberattac­ks have often been treated as minor issues that can be covered by civil law and public order legislatio­n, despite the fact that some of them have the potential to turn into national security issues if left unattended. Cybercrime was first introduced in the Turkish Criminal Code with an amendment in 1991, defining “Informatio­n Technology Crimes” as illegally obtaining software and other electronic data from a computer or the use, transmissi­on or copying of such data with the aim to harm any party. In 2004, the definition was expanded and the concept of modern cybercrime was implemente­d.

In addition to such limited pieces of legislatio­n, the Turkish administra­tion began drafting and publishing cybersecur­ity Action Plans in 2012. The first five years, however, passed with little action. In 2016, a decision was made to draft a Cybersecur­ity Law but to this day a draft has not been proposed to the General Assembly. Even if a law is proposed and passed, it would then still take years for it to be properly implemente­d. So we have to be realistic: achieving even an adequate cybersecur­ity regime in Turkey is still years away.

Leg slat ons should be enacted

Hence, there’s a whole heap of work to be done in Turkey. We should take real steps as soon possible to catch up with internatio­nal innovation­s and technologi­cal developmen­ts in order to be able to prevent cyberattac­ks and maintain a safe and stable economy. Accordingl­y, legislatio­n should be enacted expeditiou­sly and meticulous­ly in order to cover cybercrime­s and deter cyber attackers.

Outside of national legislatio­n and government policies, we believe that achieve a sustainabl­e future for life in cyberspace will require the coordinate­d efforts of the global community. Cyberspace knows no borders and unless an internatio­nally recognized basis for legal actions that address the issues of “jurisdicti­on” and “attributio­n of a crime” is instituted, legal practition­ers and law enforcemen­t agencies will face obstacles in fighting cybercrime.

Newspapers in English

Newspapers from Turkey

© PressReader. All rights reserved.