The Industrial Cybersecurity Center in Turkey

Team

Maite Carli García

Maite Carli is Communication Manager and European Coordinator at the Industrial Cybersecurity Center. Specialized in administration of networks and communications, industrial critical infrastructures, industry 4.0, data analysis technologies in the Health sector and industrial cybersecurity, having done several courses and a master. She has developed his professional career during the last 9 years in the […]

Can Demirel

Can Demirel has been working as a cyber security professional since 2011. Demirel took part in various security projects in diverse disciplines and sectors such as; finance, e-commerce, government, telco and energy. Recently Demirel has been working on national critical infrastructure security projects mostly focusing on energy. Demirel is both developing audit and adaptive pentesting […]

Ayhan Gücüyener

Ayhan Gücüyener received undergraduate education in Galatasaray University Faculty of Economics and Administrative Sciences, Department of International Relations between 2006 and 2012 in French. She finalized her graduate education in Bilgi University Department of International Political Economy with the thesis on “Political Economy of Turkish Azerbaijani Energy Relations”. Gücüyener has worked in a Turkish think-tank […]

Can Demirel and Ayhan Gücüyener, the Industrial Cibersecurity Center Coordinators in Turkey (CCI Coordinators Team), help us to get in context of the state of the industrial cybersecurity in their country, and to do so, they share with us their impressions.

They describes the level of sensitivity of industrial organizations in their country according to the following percentages:

They also affirm that the trend of recent years has been a slight increase.

Turkey counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations is the BTK-USOM-TRCERT - Turkey - Computer Emergency Response Team.

Among the main national laws and regulations affecting in this context in Turkey, they mention:

  • EPDK/EMRA - Energy Market Regulatory Authority- Asset and Risk Management
  • EPDK/EMRA - Energy Market Regulatory Authority- Penetration Testing and Security Audits
  • EPDK/EMRA - Energy Market Regulatory Authority- Establishment and Management Corporate CERT
  • EPDK/EMRA - Energy Market Regulatory Authority- ISO 27001 & 27019 Compliance
  • Presidency of the Republic of Turkey- Information and Communication Security Act

Analysing the most widely adopted industrial cybersecurity measures by Turkish organizations to protect industrial automation systems, the CCI Coordinators highlight the application of:

  • Industrial cybersecurity consulting / advisory
  • Ethical hacking
  • External security audits
  • Network design and architectures
  • Conventional firewalls

The CCI Coordinators in Turkey characterize the industrial cybersecurity situation in their country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of a solutions and services catalogue of industrial cybersecurity

  • Lack of specific CERTs

Strengths

  • Public organizations driven force (industry, national issues and defence).

  • Leadership and recognition in the international markets

Threats

  • Application of IT security measures without discretion

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools

Opportunities

  • Increased of cibersecurity demand for Industry 4.0 and the Internet of things.

  • Strategic position in the industrial cyber security sector

Activities