Tübitak Bilgem and Cyber Security
As we all know, information systems were a big impact on our last fifteen years. Many tedious chores which needed to be sorted out on paper, have been migrated to digital world because the ease and many other uses offered by digitalizing. The ability to carry the information and experiences acquired in many years to small portable storages and the fact that we can meet most of our business expectations with the help of smart phones are most important indicators of how rapid and astonishing the change is.
Despite some criticism, the famous psychologist Abraham Maslow’s states in his widely accepted theorem that feeling safe and staying away from danger weighs as important needs for humans as physiological needs like feeding and sleeping. History was a proof to this theorem until recently. However, advances in information security which lacked security has proven Maslow false. Our Defencelessness against the vulnerabilities identified in the information systems in the last decade, and the fact that security awareness was only born as a result of painful experiences pointed out to our weakness at this point.
From past to present
Tübitak Advanced Computing and Information Security Research Center (Bilgem) who undertakes the mission of establishing a national cyber security assurance and having our country to stand on its own feet on this paradigm, has launched the idea in 1997 that information security can’t be realized by only encryption methods, rather attacks on information systems and network-level should be considered important and a department that specializes in this area should be established. In the early years a comprehensive test lab under the name of the Network Security Group was founded. Microsoft and open source operating systems were evaluated in this laboratory with a view to security Defence products, such as the e-mail servers, databases, applications on active network devices and intrusion detection systems. This provided a significant know-how.
This know-how was used to establish the Common Criteria Test Center (OKTEM) project in 2001, carried out with the support of the General Staff with the purpose of implementation of internationally accepted standards. National laboratories gained the capability to evaluate information systems on their security properties based on the criteria provided by Common Criteria (CC). In the following years, this laboratory added the capabilities to test the COMSEC (Communications Security) for crypto devices. After intensive efforts since 2006, it gained expertise in issues on smart card security, especially on Side Channel Analysis (Side Channel Analysis) and Reverse Engineering (Reverse Engineering. With this know-how, it became one of the important test-centers in the world.
We were quite pleased with an occurrence in 2010 on the development of the Common Criteria certification. Along the collaboration with Tübitak Bilgem and the TSE, the long and arduous journey to produce internationally recognized certificates was complete. Thus, Turkey was the fourteenth Certificate-producing country.
Network Security Group carried out many projects in the field of security of information systems since its establishment to meet the needs of Turkish Armed Forces. Network Security Group became an influential authority in Turkey on the issues of information security with the responsibilities like designing security architecture of the information systems, secure installation / safety testing, risk analysis tasks.
Network Security Group carried out projects with public and some of the critical private sector institutions to share knowledge and experience available in order to raise awareness of information security across the country. Institutions scored significant gains from these projects starting with security, then Risk Analysis, Information Security Management System (ISMS) installation / consulting. Some public institutions demonstrated great efforts to address this issue by integrating information security management units into their highest level hierarchy.
Projects were usually carried out in the private sector in the fields of banking, telecommunications and automotive companies. These were the projects with little financial concern but they aimed the increase of the know-how and learning the new technologies. On the other hand, they provided an overall picture of the mentioned sectors in the analysis reports. In addition to this they contributed to a significant increase of the capacity of the country’s cyber security. We think that the existence of the new project proposals and the fact that a very high percentage of our customer on the project outputs are indicators that we are on the right track.
In the year of 2005 a project named The Information Society Strategy, which is initiated by the Information Society Department of the Ministry of Development, has been a remarkable milestone in the area of information systems. The project was aimed to make our country gain a progress on the way of becoming an information society and enable us to make good use of information technologies. One of the subjects of the project was Information Systems Security Program which was executed by the Network Security Group of Tübitak Bilgem. With this program, it was intended to meet the information systems security requirements of our country in general and especially the government offices. Pilot studies were realized for many government offices within the scope of this program. With these studies, it was meant to mitigate the information security risks of institutions and to raise awareness for corporate information security. Training sessions were offered for the personnel of critical government agencies and IT employees of universities. In the scope of the Government Information Security Project, which can be considered as the follow-up project of the mentioned project, the trainings are on-going for the government employees.
One of the important targets of the Information Systems Security Program was to constitute the required infrastructure for maintaining a proper and healthy response for information security incidents which occur in computer environments. To that end, the Computer Security Incident Response Team (TR-BOME) was established within Tübitak Bilgem. This team executed the training and coordination activities for establishing CSIR infrastructure for government offices. With the national exercises since 2008, government offices were provided with the ability to swiftly respond to information security incidents. We are still in close relation with government offices concerning the CSIR subjects. Furthermore as a national contact point, we are conducting joint studies with foreign institutions on the subjects of information systems rooted security problems concerning our country.
One of the emerging interest areas in cyber security is the critical infrastructures. The increased usage of smart systems in management of critical infrastructures has raised the risks in this area. As Cyber Security Institute we paid attention to this risk and with the support of Ministry of Development, we initiated a project and prepared reports which analyze the information systems of nation-wide critical infrastructures such as communication, energy, finance and water; and states the potential threats. We also performed security tests for the industrial control systems (SCADA) of some critical infrastructures. In the forthcoming stages, in coordination with the regulatory authorities, we will continue our studies in establishing the required precautions and cyber security focused revision of the legislations.
Nation-wide studies aside, with the confidence of fund of the knowledge, we made efforts to perform similar services abroad. Especially in the areas of Information Security Management Systems and Business Continuity we concluded successful projects. Partnerships were established with the contractor companies for some NATO projects in the context of meeting information security requirements. Information security trainings were provided for countries which are in close relationship with Turkey. We foresee similar activities will continue in the upcoming years with increasing frequency.
The Network Security Group, which breaks the shell and becomes one of the prominent information systems security centers, has gone to a name change and has become Information Systems Security Department and since July 2012, continues its activities under the roof of Cyber Security Institute. CSI presently continues performing projects for TSK, government offices and private institutions inside and outside of Turkey. With its every passing year extending, expert in its subject staff, CSI shows efforts to meet the information security requirements of institutions in a wide varying spectrum.
Knowledge Shared is Knowledge Gained
Especially the main aim of Information Systems Security Program was to offer our existing knowledge to the benefit of our country. With this purpose in mind, we conducted some studies with institutions and people who work on these subjects. For instance, we shared information on subjects like tendencies in information security and recent threats in the events which we organize twice a year one in Ankara and another in Istanbul. We tried to bring the important information security subjects to the table and provide solutions.
The benefit of the projects for the institutions that are worked with is undeniable, so is the added-value to a participant of a fulfilling training. However it is reasonable to claim that these benefits are narrow-scoped when considering the common public interest. With this philosophy in mind, we sought ways to effective information sharing and decided to start the National Information Security Gate (http://www.bilgiguvenligi.gov.tr). In this medium, we try to share our knowledge and the contributions of other volunteers who support the information security, with Turkey.
Since its foundation with its interactive infrastructure, National Information Security Gate offers unique content to its readers with the support and appreciation of experts in the cyber security area. Technical articles discussing recent information security subjects, comprehensive guide documents aiming to provide security of information security entities are prepared with seriousness and great care in this portal which has more than 4300 registered users and nearly 200 content supplying authors. Additionally, recently emerged security weaknesses are trailed and delivered to the readers by importance and prevalence in our country.
We believe that, National Information Security Gate is unique in our country, in the sense that it offers more than 1000 valuable content. And it also pleases us to see that this information sharing platform is able to compete with its counterparts in the world.
National Cyber Security Administration
Cyber security has been under debate as Turkish national policy since mid-2012. For this purpose, a number of steps were taken. Initially, Turkish Ministry of Transportation, Maritime Affairs and Communications was determined as the institute responsible for. Then, Cyber Security Council was founded and began its activities. The most concrete step taken by the Cyber Security Council was to determine National Cyber Security Strategy and 2013-2014 action plan. As Institute of Cyber Security, we perform effective works in determining National Cyber Security Strategy and action plans as well as realization of the action plans; and provide our knowledge to make available to national institutes. Our effort to provide contribution as we can will continue hereafter.
R & D Activities in the Field of Cyber Security
As Institute of Cyber Security, we achieved a very crucial knowledge over the past ten years. In order to transfer this knowledge to future in updated form, we believe that R & D activities must continue unabated. Tübitak Bilgem and other similar institutes in our country have achieved significant gains in this sense by carrying out a great deal of R & D activities. Our goal is to address issues awaiting solutions, especially in the field of cyber security. For this reason, the staff is employed to fulfill only R & D and we endeavor extensive facilities for them.
National Security Firewall was our first project carried out as an R & D project. This project, which operates in distributed manner; allows the management of dozens of points from a single center point; and has top-level performance in high-capacity lines, resulted as a very significant achievement for our country. National Security Firewall running at more than three hundred critical location has been working as cyber-Defence shield in different institutes. This project is also a wholesome project on behalf of reducing our dependence on foreign countries in the field of security products. Nowadays, we are working on the transfer of this project to private sector with the idea of completion of our mission in this project for our country and endeavor to provide new opportunities for the sector.
Side Channel Analysis for smart cards needs to be focused as our another R & D activity. Security of smart cards such as citizenship cards and credit cards which are used in many aspects of life is very critical issue. We achieved highly successful results in the tests targeted at extraction of sensitive information such as card’s PIN number and secret keys by using the information which is emerging from power, electromagnetic field and processing time during the operation of the card. To be able to perform such tests will prevent us to take wrong steps in selection and design of the smart cards in the future.
We carried out intensive work in recent years on behalf of adding activities similar to these two R & D activities. Our research revealed that there were dozens of topics must be focused on behalf of provision of information security in our country. In order to concentrate on certain areas, we tried to prioritize potential issues. As a result, we aimed to demonstrate concrete results in the near future by studying in four major areas.
The first field we studied on is malicious software. In recent years, the results of attacks on information systems depict that malicious software have been used at high rates. Particularly, being difficult of detection of well-known modified malicious software, prevention systems are getting incapable. In this sense, the infrastructure of malicious software detection and analysis is regarded as a necessity. To achieve this goal, we are making rapid progress conducted by Malicious Software Analysis Laboratory which is in the process of being founded at Institute of Cyber Security. We are aiming this laboratory to be the largest library of malicious software and to reach the capability to do analysis with the most effective methods.
To provide data to laboratory environment and use our experience more effectively, we have been conducting studies in two significant projects. One of them is Advanced Persistent Threat Analysis (APT) and the other is Cyber Intrusion Detection and Prevention System Development (STÖS)
In APT project, we will be conducting analysis in sampling selected staff’s computers of the defined as critical institutes of our country aiming at detection of malicious software not detected by known security mechanisms. We regard APT as the most important element of today’s cyber threat. We evaluate the results obtained by these analysis as critical to ensure the security of the country.
With STÖS project, we are aiming to identify and detect each level of attacks by using sensors and trap systems spread throughout the country. The most important motivation to launch this project was the benefits resulted from examination of the methods used in the attacks, reinforcement of Malicious Software Analysis Laboratory with obtained malicious software and identification of measures to be taken across the country by creating early warning mechanisms. We anticipate that we will have one of the world’s largest distributed architecture trap systems at the final of the project whose pilot installations has been initiated.
Another project conducted as R&D work is on the mechanisms of data leakage prevention. Especially in recent years, we have witnessed many news on uncontrolled data leakage from organizations. The increase in the popularity of this issue in the world, especially anti-virus companies has launched some products. On the other hand, significant deficiencies of methods to determine especially Turkish documents has motivated us to work in this field.
To sum up, we may say that we have made significant progress in cyber security for both Institute of Cyber Security and our country so far. Now and in the future, we will aim to continue to work by growing in the same motivation . We would like to enlighten our future with R & D works while fulfilling the mission in the name of raising awareness of our country about cyber security.
