Cyber – A New War Domain
Information Technologies (IT) became an important part of our lives with the incredible innovations in the 21st century. We are getting more dependent upon this new technology. Besides making our daily life easier, IT has a lot of applications in our work life. This is so obvious when we consider time spent on sending e-mails, preparing e-documents etc. We, as human beings, became successful! in getting this new cyber domain a new war domain. Now cyber is inevitably became the fifth war domain after land, sea, air and space.
Cyber, as our new war domain, has some differences from the other war domains. What are the different characteristics of cyber? The very basic characteristic of cyber-attack is its asymmetric feature. In other words; bigger impacts can be achieved with little effort. In the war domains other than the cyber; you must have sophisticated and expensive weapons to dominate the adversary. But in cyber, with a cyber-weapon, developed by a few cyber experts using little resource, you can endanger adversary’s critical infrastructure like electricity distribution infrastructure or airborne early warning system.
Another main feature of cyber-attacks is the difficulty in attack source attribution. Cyber attackers, using the capabilities of IT, can hide their tracks or even leave tracks as if attack was done by somebody else. This situation; while decreasing the risk taken by the attacker, on the other side, creates a risk of not finding the perpetrator or counter-attacking to an innocent party.
Besides, cyber-attacks are cross-borders. Along with the improvements in IT, state borders and jurisdictions became blurred. This specification of cyber-attacks, made the international cooperation and coordination mandatory.
Cyber domain contains disorder and ambiguities. International law that will be applied to cyber conflicts are now being discussed in the international community. The main question of this discussion was “Can existing international law be applied to cyber conflicts?” In this regard, answers to the following questions were sought; “What is the equivalent of the term Use of Force in cyber domain?”, “Can cyber-attack be considered as an Armed Attack?”, “What is the proportionate and appropriate response to a cyber-attack?” and “Can a military campaign be a response to a cyber-attack?”. In this area, Tallinn Manual emerges as an important effort. Another important effort is the report published by the United Nation’s Group of Experts. Both studies, meet in the idea that; existing international law can be applied to cyber domain. Today, the current question is; “How to adapt international law to cyber domain?”
Similar questions are being raised in NATO. “NATO’s assistance to an ally which is exposed to a cyber-attack” is the hot discussion topic. The Article 5 of NATO agreement states tht NATO and allies should take necessary actions against an attacker which attacked a NATO ally. Can this Article 5 be applied for cyber-attacks and if so in which circumstances? These questions are being discussed. This debate hopefully will end in accordance with the collective defence approach since cyber power has direct effect in operational area.
Can we trust the software and hardware used in cyber domain? Are the hardware and software used in our critical infrastructure a Trojan horse that sends our sensitive information to others? Or are they going to execute our commands when we need them? These questions are being asked more frequently. Nations cannot produce all their hardware and software requirements. So how can we trust these hardware and software used in critical infrastructure that we cannot control through its production? There is no complete answer to this question but some approaches in the international community are being researched to minimize the risks using risk management methods. We think these questions will gain more importance in the future.
The most important and limited resource of the nations preparing for cyber defence is human resource with the necessary skills. Graduates usually prefer to work in other areas other than cyber security. Motivational precautions should be taken to encourage people studying in this area.
So, what are we as Turkey doing in cyber security area? Our starting point was to add cyber threats as a new threat to national security and consider the cyber as an element of national power. Starting with this point of view. Transportation, Maritime and Telecommunication Ministry was appointed as the national cyber coordinator by the Board of Ministers. Turkey’s National Cyber Strategy and Action Plan 2013-2014 was published in December 2012. Then in 2013, in order to respond rapidly to cyber incidents and to coordinate and control cyber incident response process, National Cyber Incident Response Center (USOM) was established. Two national cyber security exercises were executed since 2011 and planning of another multi-national cyber security exercise in 2014 is ongoing.
We as the Turkish Armed Forces are executing our cyber program in accordance with the national and NATO policy. We established a new command named “Cyber Defence Command” in order to coordinate and control the cyber program centrally. Short-term, mid-term and long-term capability targets were determined and we are doing our best to achieve these targets.
Along with the improvements in wireless network technologies and mobile equipment which uses electromagnetic spectrum, cyber domain and the electromagnetic domain are becoming more inter-connected. Parallely, cyber warfare and the electronic warfare which can be described as effecting network technologies at the electromagnetic spectrum, are coming closer. We predict that these two areas will be even closer and we are planning our course of work in this direction.
The aim of our cyber efforts in Turkish Armed Forces is to defend our systems in peacetime but our ultimate target is to support of units in the operational field.
As we are getting more dependent upon IT, we may expect increase in the effects of cyber-attacks. These effects will affect us every day more physically than virtually. We must get ready for that.
