Turkey Steps Up Counter-Cyber Attack Efforts

Turkey Steps Up Counter-Cyber Attack Efforts
All Rights Reserved
Merve Seren

Merve Seren mseren@setav.org

Turkey faces cyber security risks more than ever before.

Recently the devastation that cyber-attacks may cause has transformed into a new shape which holds the kind of impact weapons of mass destruction’s have. The systems and devices, which are used with the same purpose as conventional weapons, are called "weapons of mass disruption." Today, the sphere where society and technology intersect has emerged as a "cyber life zone," and implies not only the dimension and impact of the threat, but also points out the difficulty of taking real-time preventive and actionable precautions in terms of chain reactions and increasing speed.

In the current system, states may use several significant ways to damage enemy states through cyber-attacks, such as targeting the opponents’ financial markets and banking systems, electricity and water supply networks, or military or other critical infrastructures. Moreover, states may also use cyber espionage to accomplish the mission of preserving their economic and industrial needs and interests. Cyber wars between Russia, the United States, China, and in some cases North Korea, are good examples of this. Recently, with the rise of “impact espionage” between Russia and the US, the issue has taken on a different shape.

According to a report by Trend Micro, Turkey has been the most affected country in Europe by the attacks directed at online banking systems, coming ahead of Germany and France.

In fact, the dynamic and asymmetric characteristics of cyber threats require fresh defensive approaches from conventional ones. The third millennium indicates that cyber wars are not just scenarios or mere science fiction, but tools of inter-state struggle. Leon Panetta, the former American CIA Director and Secretary of Defense, delivered a speech in 2012 arguing that American society could possibly face a cyber-attack directed either by a terror group or an adversary state in the future, and warned of a "Cyber Pearl Harbor."

To cope with cyber threats, the Turkish government handed the responsibility of providing national cyber security to the Ministry of Transport, Maritime Affairs and Communications. Besides, institutions such as the General Directorate of Security and National Intelligence Organization have their own responsibilities and duties in terms of cyber security.

The first cyber-attack that Turkey confronted was directed at the Baku–Tbilisi–Ceyhan pipeline on August 8, 2008. An explosion occurred in Erzincan, near Refahiye province. Although local authorities first suspected the possibility of sabotage by the PKK, which in fact claimed responsibility for the attack, further investigation made it clear that a “technical failure” was responsible for the explosion, the cause being a sophisticated cyber-attack.

Turkey’s Foreign Ministry announced on July 3, 2012 that its official website was hacked by a local hacker group, which leaked the personal information of foreign diplomats serving in Turkey on the internet. Again in December 2015, Turkey was attacked for two weeks. The government acknowledged that it had received six DDoS (Distributed Denial of Service) attacks on its ".tr" server. Thereafter, Turkey took a number of steps to prevent such cyber-attacks.

Source: STM Report, "Cyber Threat Landscape Report, October-December 2016"

Inside the Scientific and Technological Research Council of Turkey (TUBITAK), an Informatics and Information Security Research Center (BİLGEM), was established to carry out the mission of cyber security and support National Cyber Security. For this purpose the "Network Security Group" was founded in. In 2001, the Common Criteria Test Center (OKTEM) Project was initiated with the contribution of the Turkish Armed Forces. Later, the Common Criteria Test Center became capable of performing "communications security" (COMSEC) tests for crypto devices. Since 2006, the Network Security Group has gained experience with "side channel analysis" and "reverse engineering."

According to research by Akamai, Turkey ranked in the top 5 countries for the origin of DDoS (Distributed Denial of Service) attacks in the last quarter of 2015 and the first quarter of 2016.

In 2005, the State Planning Organization’s Information Society Department initiated the "Information Society Strategy." The TÜBİTAK BİLGEM Network Security Group has also worked in establishing an Information Systems Security Program as part of the Information Society Strategy Project. With this project it aimed to bolster information security and to spread corporate information security awareness. To carry out these initiatives, the establishment of the TR-CERT (Computer Emergency Response Team) could be given as an example.

In 2008, 2011 and 2013 TÜBİTAK BİLGEM held "cyber security maneuvers," similar to war games carried out by conventional militaries. In October 2012, the council of ministers decreed "The Resolution on the Implementation, Administration and Coordination of Cyber Security Studies." In compliance with this resolution, under the chairmanship of the Ministry of Transport, Maritime Affairs and Communications, the Cyber Security Council was established. Duties of the CSC include determining cyber security measures to be taken in accordance with the current legislation, to confirm prepared plans, program, principles and procedures and standards, and to ensure their implementation and coordination.

During the first half of 2016, ransomware attacks increased nearly 172% and Turkey has been among the most affected countries in Europe.

In line with the same purposes, in 2012, the Turkish Armed Forces (TSK) established a cyber defense unit. Called the "General Staff Warfare and Cyber Defense Command," it was established to protect military data from cyber-attacks.

In 2013, the "National Computer Emergency Response Center" (USOM, TR-CERT) was established within the Information and Communication Technologies Authority in order to specify threats against Turkey’s cyber security and take measures for the elimination of the impact of likely cyber-attacks. In March 2016, the Cyber Defense Technology Center (SISATEM) of HAVELSAN was established. This establishment is one of the significant milestones of HAVELSAN, aiming to become a center of excellence in cyber security of Turkey.

In May 2016, within the STM Corporation, Turkey’s first Cyber Fusion Center (CFC) was inaugurated. The CFC consists of proactive and preventive actions which protect critical technology and data assets. It orchestrates and coordinates security functions and information flow from threat intelligence, through security and IT operations. Hence, it enhances operational effectiveness, and improves security readiness by preventing or neutralizing attacks through the timely delivery of tactical cyber threat intelligence with relevant indicators of the degree of compromise that may have occurred. The CFC has three crucial components such as the Cyber Operations Center (COC), the Cyber Intelligence Center (CIC) and the Malware Analysis Laboratory.

According to a report by Fortinet in August 2016, Turkey placed in the list of top five countries for usage of botnets, malicious software and exploit kit attacks.

To further enhance cyber security, Turkey prepared the "2016-2019 National Cyber Security Strategy and Action Plan." The plan has two main objectives: first, cyber security was acknowledged as an integral part of national security. Second, acquiring the competency that will allow taking administrative and technological precautions for maintaining the absolute security of all systems and the national cyber space. To achieve this, the strategy and action plan aims to determine targets and sub actions, while providing and supervising their implementation.

Source: STM Report, "Cyber Threat Landscape Report, October-December 2016"

Turkey faces cyber security risks more than ever before. The number, kinds, and sources of such cyber-attacks against Turkey have dramatically increased and diversified. Globally during the first half of 2016, ransomware attacks increased nearly 172% and Turkey has been among the most affected countries in Europe, holding the third place in the world after the U.S. and Brazil.

Source: STM Report, "Cyber Threat Landscape Report, October-December 2016"

According to a report published by Fortinet in August 2016, Turkey placed in the list of top five countries experiencing botnets, malicious software and exploit kits attacks. Moreover, the changing nature of cyber-attacks was addressed by Turkish Prime Minister, Binali Yıldırım in December, 2016. Speaking at the National Informatics Congress in Ankara, Yıldırım stated: "Today, cybersecurity has become national security. We have already made progress. We are among the top 10 countries in the world on this issue. But still we need to gain ground, the legal background is ready." He concluded by stressing Turkey’s progress in cyber security and added, "as well as evaluating and enhancing cyber security, ‘cyber deterrence’ should also be taken into account."

Merve Seren, PhD, works as a researcher at Security Studies Department of SETA Foundation, Ankara.