Not so long ago, while scrolling through videos as part of a usual habit on a well-known social media platform, encountering an ad for one of Türkiye's prominent defense companies was a huge surprise at first. It was not surprising to see the ad, as most of us have probably grown accustomed to the guiding power of algorithms in the cyber world. A person interested in security studies would, no wonder, be confronted with defense-related content. The surprising part was how the suspicious ad used the CEO's name and image, asking citizens to invest in the company. Immediately after that, the company issued a statement warning people to be cautious about this investment scam, stating that the video, prepared with the support of artificial intelligence (AI), is fake. Yet, the fraud targeting people's national feelings had already trapped many, or at least that was the case, from what it seems in the social media platform’s comment section.
This incident was a significant indication that cybercrime now exploits psychological vulnerabilities, and scams such as phishing, social engineering, and disinformation campaigns are at the core of many cyberattacks. They map out the emotions they aim to trigger while manipulating emotions such as fear, urgency, authority, trust, curiosity or the promise of reward to influence their target group. Of course, this is merely a minor aspect.
On a broader level, the media recently reported significant cyberattacks between Iran and Israel as tensions between the two countries continue to rise. After the missile launches, observers from both sides began to point to cyber-focused hybrid warfare tactics. One of the most striking incidents involved the pro-Israel hacker group Predatory Sparrow, which reportedly breached Iran’s state-run Bank Sepah and disrupted its infrastructure. In addition, several independent crypto-tracking firms claim that the same group stole at least $90 million from Iran’s largest cryptocurrency exchange, Nobitex.
In response, both countries have moved to counter these attacks by adopting new cyber strategies, including restricting internet access as a deliberate defense measure. Again, during Iran’s drone and missile strikes on Israel in April 2024, power outages were reported in Tel Aviv. Although these blackouts may have been caused by technical issues, some regional observers believe they could be part of a broader hybrid warfare strategy aimed at targeting infrastructure alongside physical attacks
In the time of the Russian army’s entrance to Ukrainian territory in 2022, we've witnessed online attacks on Ukrainian military and government institutions, particularly the malware "IsaacWiper" and "HermeticWiper," aimed at crippling Ukraine's digital infrastructure. During the European power outage in April 2025, the possibility of a cyberattack was the first scenario that came to mind.
Cyberspace also contains non-state actors who conduct their activities with diverse motivations, goals and methods. While some serve the interest of the state, others pose major threats, such as cyberterrorism. Cyberterror attacks disrupt daily life, pose national security concerns and result in financial losses. Thus, it can be defined as illegal interventions or attacks on computer-based systems, networks or information infrastructures intended to intimidate or oppress a state or society for political purposes.
In recent years, Türkiye, for instance, conducted various counter-operations against PKK terrorist group-linked hacker groups, cracking their unauthorized access to websites belonging to public institutions and legal entities. They were also making PKK propaganda while demanding financial assets.
This shows that cybersecurity is no longer just a technical measure but a foreign policy, security strategy and national sovereignty asset. As threat perceptions change in relations between states and among non-state actors, attacks on digital infrastructures impact a wide range of issues, from economic functioning to public order, from military responses to diplomatic actions.
Developments such as tensions between countries, regional conflicts and the cyber transformation of terrorist attacks have placed the concept of cyber threats on a more realistic basis while revealing the simultaneity of conventional and proxy conflicts with cyberattacks. States and societies now need to protect not only their borders but also their data centers.
In this context, one of the contemporary frontiers of international relations is now being built on databases, gateways and algorithms. This changing picture is also transforming the understanding of cybersecurity. Now, not only intervention after a cyberattack (ex-post) but also taking preventive security measures by foreseeing threats before the attack (ex-ante) is becoming a fundamental approach.
Obviously, the more technologically advanced a country is, the more susceptible it is to cyberattacks on its infrastructure systems. By acknowledging this reality, Türkiye has taken critical steps to defend its digital borders in the last decade.
Türkiye's cybersecurity steps are directly aligned with the country's foreign policy priorities, security strategies and counterterrorism approach. Groups such as the "PKK Hack Team" and "Mesopotamia Hackers," digital extensions of the PKK terrorist organization, alongside domestic formations like RedHack, pose a serious threat to national critical infrastructure. Through their collaborations with international cyber-activist networks and the capabilities they possess, these entities have integrated digital threats into the broader framework of hybrid warfare, making them an enduring component of modern security challenges.
The timing of cyberattacks often coincides with diplomatic tensions, military operations, natural disasters or internal security crises, making cybersecurity one of the key issues in Türkiye's general understanding of security. Therefore, taking measures increases Türkiye's strategic deterrent power.
On Jan. 8, 2025, Türkiye established the Cybersecurity Directorate under the Presidency, signalling its intent to be a decisive actor in the digital domain. This newly formed institution is tasked not only with protecting public institutions but also with crafting a national cybersecurity strategy, coordinating inter-agency efforts, safeguarding critical infrastructure and establishing early warning systems. With this move, Türkiye positioned cybersecurity as a geopolitical necessity rather than a purely technical concern.
Although efforts in digitalization and information security date back to legislative and strategic initiatives in 2003, cybersecurity first entered the national security agenda in October 2010, when the National Security Council addressed it as a matter of state security. That same year, the concept of cyber threats was included in the National Security Policy Document, often referred to as the "Red Book."
Momentum accelerated in 2011 with a nationwide cyber drill involving 41 public institutions organized by TÜBİTAK and the Information and Communication Technologies Authority. It marked the first large-scale operational awareness effort where agencies tested crisis coordination, rapid response and information sharing.
In 2012, the Turkish Armed Forces (TSK) established the Cyber Defence Center, which was later reorganized as the Cyber Defense Command in 2013. This unit, with its dedicated operations center, took on a critical role in defending the TSK's digital infrastructure.
Türkiye's first official National Cybersecurity Strategy and Action Plan was released in 2013, and that same year saw the launch of the Computer Emergency Response Team of the Republic of Türkiye. In 2018, the Digital Transformation Office became the prominent junction for cybersecurity strategy and coordination.
In 2023, the National Intelligence Organisation (MIT) established the Cyber Intelligence Directorate to emphasize the strategic and intelligence aspects of digital threats. A new long-term strategy was adopted in 2024, followed by the passage of the comprehensive Cybersecurity Law (No. 7545) in 2025.
Today, cybersecurity in Türkiye is not a temporary concern but a profoundly institutionalized state policy. As a NATO member, Türkiye also embraces collective defense responsibilities. NATO's recognition of cyberspace as the "fifth domain of operations" at its 2016 Warsaw Summit has underscored this shared obligation, making cyber defense not only a national imperative but also a commitment to its allies.
In the end, the growing complexity and range of digital threats facing Türkiye make its recent moves in cybersecurity not only necessary but also strategic based on geopolitical awareness. These efforts go beyond simply responding to current risks: They reflect a broader vision aimed at securing control over its digital domain and asserting itself in international cyber diplomacy.
As borders and battlegrounds are defined not only by geography but also by networks and algorithms, Türkiye's investments in national cyber defense and deterrence emphasize the state’s determination for early detection and its active involvement in shaping cyberspace.
