A cybersecurity bill was passed by the Turkish Parliament on Wednesday, paving the way for better control of cyberspace. The bill includes mandates for creating strategies and policies for cybersecurity as well as the establishment of a Cybersecurity Board.
The bill aims to make cybersecurity an inseparable part of national security. It will focus on creating a safe cyberspace and ensuring the protection of critical infrastructure and information technology systems.
It tasked the Cybersecurity Directorate, which was launched in January, to regulate cybersecurity. The Directorate will be in charge of storing data in public institution servers, examining them if the need arises and reporting them to relevant authorities. The Directorate will also be in charge of granting authorization to independent inspectors and inspection agencies for cybersecurity inspections. The bill gives broader authority to the Directorate on cybersecurity, especially in terms of collaboration with law enforcement on cybersecurity-related crimes.
It also created the Cybersecurity Board, which will be chaired by the president and staffed by several ministers, the intelligence chief, the defense industries chief and the head of the Cybersecurity Directorate. Other clauses of the bill include prison terms related to violations of cybersecurity regulations, such as those rejecting the transfer of data, software, hardware, etc., when requested by authorities in criminal cases, investigations and/or those preventing such a transfer. Those failing to comply with confidentiality clauses regarding cybersecurity issues will also face prison terms.
Perpetrators of cyberattacks, those benefiting from the use of data stolen in cyberattacks, may be punished with prison terms of up to 12 years under the new law. Those publishing, broadcasting and selling data stolen in cyberattacks will face prison terms of up to 15 years. Those failing to report cyberattacks or exploits in their line of work, namely Internet service providers or those offering online services that require storage of personal information, will face fines under the new law.
