Turkey centralizes efforts for national cyber security

Turkey centralizes efforts for national cyber security

ANKARA - Hürriyet Daily News
Turkey centralizes efforts for national cyber security

Turkey has failed to create a unified command to coordinate actions against cyber terrorism, a defense official says. Hürriyet photo

Turkey is set to coordinate its various government departments’ individual efforts in order to build a national cyber security umbrella as part of its anti-terror warfare, including efforts to set up a national office.

In October Turkey’s top defense company, Aselsan, sponsored a critical workshop with the participation of government experts and academics. A series of policy recommendations was released.

“The workshop helped devise a draft road map,” said a senior security official familiar with the effort. “There is an understanding that a national coordination body will be set up.”

An independent cyber security expert said the national efforts to build a new architecture would be spearheaded by Havelsan, with contributions from Aselsan and other local companies.

A major recommendation is to launch a coordination office that will take concerted action to bring individual efforts under a national security umbrella. Another policy recommendation is to build a team of cyber security experts, similar to the U.S. efforts for the same goal, according to the document.

“It is imperative that especially government agencies with strategic importance increase their current level of security against cyber attacks,” the document said. “Local solutions at the moment do not provide government agencies with sufficient protection. Therefore, local companies must be supported to invest in better software solutions.”

Presently, Turkey’s various government departments employ individual solutions against cyber attacks. The government’s scientific research institute, TÜBİTAK, offers crypto solutions while strategic departments like the General Staff and the national intelligence agency, MİT, rely on local cyber security solutions developed by the defense software company Havelsan.

“What Turkey needs to do is to boost security at government agencies with critical strategic importance, nationalize some of the firewalls used in others and provide national solutions in general,” the expert said.

At the moment most government departments other than the General Staff and MİT rely on foreign solutions while these two have built their systems on domestic solutions. “When these efforts evolve, what we might see on a nationwide security basis could be a hybrid picture, featuring both foreign and local solutions, varying from one department to another,” the security official said.

One policy recommendation is that selected Turkish universities launch postgraduate courses to produce the necessary human resources for future efforts. “No doubt, universities will be at the core of the idea to build a solid, reliable architecture,” the cyber security expert said.

Although Turkey in 2010 included cyber terrorism and other cyber threats in a formal list of threats its national security is facing, it so far has failed to create a planned unified command to coordinate actions against this danger. Some defense officials said Turkey was intending to set up a probably two- or three-star Cyber Command at the office of the General Staff, partly resembling the Pentagon’s Cyber Command, but such a command would now probably be included in the broader plan for a national office.

In March, the government took the first steps by training eight computer specialists who would make the first core unit of any future coordination office. The team works under the command of the General Staff.

Cyber warfare generally refers to politically motivated hacking to conduct sabotage and espionage, and is a form of information warfare. Some experts qualify cyber warfare as actions by a nation state or a non-state actor to penetrate another nation’s computers or networks for the purpose of causing damage or disruption.

In the United States, the Cyber Command was set up to protect only the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.