The Cyber Policy Programme at EDAM seeks to examine the most pressing cyber issues facing the world today. As digital technology and the Internet increasingly influence many aspects of our daily lives, the need to understand how to approach and manage these changes through cyber-specific policies has grown. The digital universe has presented governments and citizens alike with the question of how to translate traditional conceptions of governance into the new frontier of cyberspace. By exploring topics like data privacy and surveillance, Internet freedoms, cybersecurity, and cyberwar, EDAM seeks to contribute to Turkey's efforts to formulate effective and comprehensive cyber policies.
The second phase of the Robert Bosch Cyber Policy Fellowship under EDAM's Cyber Policy Program is now open for applications. The program is undertaken with the support from Robert Bosch Foundation. The deadline for applications is 30 November 2016.
Please click for more information
Pleace click to reach the application form
Akın Ünver, Grace Kim, 3 June 2016
With PayPal’s surprise decision to cease its Turkey operations, data transfer and localization policies of the Turkish government have started to receive more attention. It has been claimed that PayPal’s failure to obtain an operating license in Turkey for its e-money operations are connected to local data storage requirements. But data policy has also been on the political agenda of the country as data privacy requirements have surfaced as one of the unfulfilled components of the fragile refugee deal with Europe. EDAM’s latest cyber policy brief examines data transfer and data localization issues against this backdrop. Co-authored by Akin Unver, EDAM Board Member and Kadir Has University and Grace Kim, EDAM research fellow, the policy brief also includes a set of key recommendations on data policy.
Akın Unver, Grace Kim, 19 February 2016
For Turkey, one of the most important aspects of the package deal reached with the EU over Syrian refugees, has been the promise of lifting Schengen visa requirements for Turkish citizens. Yet the EU accepted this condition with a caveat. To achieve this goal on October 2016, there are technical criteria that Turkey has to fulfill. Amongst some of the most crucial criteria were the adoption of a legal framework on the Protection of Personal Data that would be congruent with EU norms. This framework has been prepared by the Ministry of Justice and is currently being negotiated at the General Assembly of the Turkish Parliament. EDAM has published a policy paper on this law, that is expected to bridge an important gap in the country’s legal infrastructure and in the path of becoming more modern economy. In this analysis, prepared by Akın Unver, faculty member at Kadir Has University, and EDAM research assistant Grace Kim, highlights several issues with the draft law. It is evaluated that the doubts over the independence of the Data Protection Board from the executive, and the exceptions provided in the name of providing access to public institutions, may present issues with regards to congruence with EU norms. The main risk of passing the law as it is, is the possibility for TUrkey to not gain a safe country status in the EU evaluation even after the adoption of the law. This would give some EU members that would like to delay Turkey’s visa freedom process the excuse they need and were hoping for. Furthermore, the creation of a legal structure for the Protection of Personal Data, will mean that national and international companies that could transfer data abroad until now, would have to abide by the arrangements. Yet, if the EU does not designate Turkey as a safe country, this would create ambiguities surrounding the data transfers from Turkey to EU countries.
Rising threats in cyber security motivated EDAM to prepare this report that covers the basics of cyber security with a focus on critical infrastructure and especially nuclear power plants. This collection includes four complementary chapters to help the reader understand Turkey's cyber security challenges with a focus on nuclear power plants as components of the country's critical infrastructure. The first chapter introduces the concept of cyberwarfare as the next Revolution in Military Affairs, and looks into cyber trends, emerging state capabilities and threats from Turkey's perspective. The second chapter examines the cyber security scene in Turkey by both looking into the relative governmental agencies, institutions and security forces working on ensuring the country's cyber security and develops policies in these areas, and on the other hand, at malicious hacker groups operating from within the country. The third chapter provides a conceptual introduction to cyber space, cyber attackers and cyber security, and focuses on the international aspect of nuclear power plant cyber security by exploring the cases of United States and the International Atomic Energy Agency. The fourth and final chapter examines the relevance of cyber security for nuclear power plants, investigates previous cyber incidents, explores existing vulnerabilities and evaluates Turkey's current capabilities in terms of ensuring cyber security resilience.