Cyber awareness in Turkey has increased dramatically in the past 10 years, experts say, adding that although there is a tendency to look for the enemy outside, as far as cyber threats are concerned, the domestic sphere is from where they most often stem.
Especially after the 9/11 attacks, which demonstrated how cyber tools can result in massive destruction, the attention of the world turned toward the cyber realm, particularly cyberterrorism, as a new threat. While global awareness of cyber threats began at that time, Turkey's awareness of the issue rose relatively later, especially compared to countries such as the U.S. and Germany. Since 2008, when Turkey saw its first major cyberattack aimed at the Baku-Tbilisi-Ceyhan pipeline, the country has faced many subsequent cyberattacks, leading to the increase of cyber awareness and the development of cyber defense technology in the country.
According to Foundation for Political, Economic and Social Research (SETA) security researcher Merve Seren, countries with a high level of cyber infrastructure are also developed in space research and satellite development. Thus, Germany, the U.S. and Israel can be considered the most developed countries in cyberspace. However, Seren said that even the most developed countries can still be vulnerable to cyberattacks due to the constantly changing nature of cyberspace.
Cyberattacks can be launched by states and state-sponsored, non-state actors. In addition, there can be intentional hacks as well as unintentional cyber infiltrations, which are a more tricky threat to identify due to the difficult nature of taking precautions against them. "The biggest defense attempt in Turkey should be education sessions on the struggle against phishing and insider trading methods for the personnel of the state institutions," Seren explained, stressing that these methods prevent vulnerabilities associated with personnel's access to sensitive information which makes institutions more vulnerable to cyberattacks. While the phishing method is the hacking of a person's private information through personal accounts or tools, the insider trading method also works through access to flash disks and other personnel tools, both of which cause the technological systems of even the most developed countries to become increasingly vulnerable to cyber threats.
"Terrorist organizations use the cyber realm to spread misinformation and manipulate information. For instance, the Revolutionary People's Liberation Party-Front [DHKP-C], which has been known for having very sophisticated encryption capabilities, has not yet launched any known direct attacks on the state itself yet," Seren further said.
The DHKP-C was founded in 1978, espousing a Marxist-Leninist ideology. It was most active during the Cold War era but has renewed attacks in recent years. Although less influential in Turkey compared to other terrorist organizations such as the PKK, the DHKP-C still constitutes a considerable threat to the country amid the string of attacks in recent years.
A professor of cryptology from the University of California, Çetin Kaya Koç, on the other hand, has contended that it is not possible for a terrorist group to effectively launch a cyberattack without getting support from a state. As a result, he says, major cyberattacks come from other nations rather than from terrorist organizations.
"Countries like Germany and the U.S. have the ability to launch such an attack because they have the necessary institutions and technology to do so. Turkey, however, generally finds itself in a defensive position and is actually quite good at protecting itself," Koç said, adding that despite this preparedness, Turkey's offensive measures are rather weak. In this respect, Koç added it might be more suitable to say that a cyberwar is ongoing between countries rather than cyberterrorism.
Still, Turkey is no stranger to cyberterrorism. In July, cyberattacks targeted the Energy and Natural Resources Ministry, as minister Berat Albayrak confirmed, which aimed to infiltrate the country's power grid. In 2017, Turkey was subject to some 90 million cyberattacks. Following the July 15 coup attempt last year, these attacks intensified two-fold in the months after the coup, even after it was quelled. According to experts, Turkey ranks fourth in the world in terms of the number of "compromised computers, with some 45 percent of the country's computers being exposed to cyberattacks.
The Gülenist Terror Group (FETÖ), which is run through strict obedience to leader Fetullah Gülen, a self-exiled, fugitive, former imam who has lived in Pennsylvania since 1999. The July 15 coup attempt, perpetrated by FETÖ members in the Turkish Armed Forces (TSK), left 249 people dead and over 2,100 wounded. Now, one of the priorities of Turkey's security network is to hinder unauthorized wiretapping like that of FETÖ-linked companies that developed software for wiretapping and surveillance and supplied it to the Presidency of Telecommunication and Communication (TİB), which was shut down in 2016 on grounds that it had served FETÖ interests.
In the last 10 years, there have been several cyberattacks in Turkey. One of these was the constant threat of the international hacker collective Anonymous, which targeted Turkey in 2011 and 2012 amid restrictions on the internet and censorship and the demand of the recognition of the alleged Armenian genocide, respectively. In the wake of both threats, the group launched an attack targeting the TİB, which eventually failed due to measures that had been taken beforehand.
In addition, in 2015, the Turkish media reported that more than 400,000 websites registered under Turkey's top-level website domain ".tr" experienced problems with distributed denial of service (DDoS) cyberattacks, which affected internet speeds for two weeks.
In response to these attacks, Turkey improved its measures and continues to do so in terms of cyber defense. To cope with the cyber threat, Ankara has given the responsibility of cybersecurity to the Transport, Maritime Affairs and Communications Ministry. In addition, institutions such as the General Directorate of Security and the National Intelligence Organization (MİT) have established their own responsibilities and duties. The Information Society Strategy was established in 2005 by the State Planning Organization's Information Society Department while the state-run Scientific and Technological Research Council (TÜBİTAK) BİLGEM Network Security Group has also worked to establish an Information Systems Security Program as part of the Information Society Strategy Project.
"For Turkey, the cyber realm is not only a criminal realm anymore. Now, it is the realm of strategic defense," Seren said, referring to the establishment of the Cyber Defense Commandership of the TSK in 2013, as well as the Cyber Fusion Center in 2016.In June, Transport, Maritime Affairs and Communication Minister Ahmet Arslan told the Akşam daily that the government aims to require all public bodies integrate their systems to the KamuNet digital network by the end of 2017, which is designed to minimize the damage that cyberattacks can inflict on Turkey's public institutions and information systems.
In July, a draft presented to the Cabinet to boost cybersecurity, especially at public agencies, was established to appoint security experts and white hat hackers. The bill aims to widen the authority of the National Intervention Center against Cyber Attacks, a department of the Information Technology and Communication Board (BTK), which handles nationwide attacks and will coordinate small teams of security experts in critical public agencies and large private corporations.
Yet, according to Koç, whereas it is true in nominal terms that Turkey takes numerous measures to strengthen its defensive structure, as far as physical threats are concerned, the country is still quite vulnerable. "Since Turkey did not complete its cyber transformation in its infrastructure yet, it is in an advantageous position still. If you do not transform yourself technologically, technology-related threats cannot harm you. However, we, Turkey, transform ourselves very constantly and quickly," Koç said. He also added that in case there is an attack on the infrastructure in the future, such as on metro systems or electricity, there are not enough precautionary measures taken to deal with it.
In 2016, NATO accepted the cyber realm as the realm of movement for the first time, which means that from that time on, the cyber realm is bound by international law. This creates problems since, although cyberattacks from states can be determined, they cannot for attacks from non-state actors. There is also the problem of deterrence and proportionality. Thus, the question of how to deal with cyberterrorism still continues in the country.