Turkey’s National Cyber Security Strategy and the Next Step
With the growing dependence on information technologies in sectors such as energy, transportation and health which have direct influence in society’s welfare, cyber security has started to become a national security issue that countries have to handle.
In this endeavor, many developed countries prepared strategies with the aim of managing cyber security, a horizontal phenomenon which has related to many other areas and created action plans to realize goals in accordance with the vision presented in national cyber security strategies. Therefore, these regulations provide states more flexible structures to deal with cyber security and the need to have coordinated bodies.
The process of making up a cyber security strategy turned to a societal attempt in which states encourage large participation. After a comprehensive preparation, the states are sensitive to monitor the process and fulfill the responsibility of adopting the plans.
Having taken steps to manage cyber security in Turkey, a legislation about carrying out, coordinating and managing activities regarding cyber security was published in Official Gazette on 20th October 2012. With the legislation Cyber Security Council which is presided by Ministry of Transport, Maritime Affairs and Communication was established. Undersecretaries of Ministry of Foreign Affairs, Ministry of Interior, Ministry of Defence and Ministry of Transport, Maritime Affairs and Communication, Undersecretariat of Public Order and Security, National Intelligence Agency, the head of General Staff’s Presidency of Electronic Combat and Information Systems, the head of Institution of Information Systems and Communication, the head of TUBITAK, the head of Financial Crime Investigation Council are the members of the council along with the senior officials selected by the Minister of Transport, Maritime Affairs and Communication. The mission of Cyber Security Council is to determine the measures taken for cyber security, investigate plans, programs, reports, methods, principles as well as the standards and to apply and coordinate all these activities.
The Action Plan for 2013-2014 and Cyber Security Strategy’s renewed version which was prepared with the coordination of the Ministry of Transport, Maritime Affairs and Communication and in consultation with TUBITAK and contributed by other state institutions was published on 20th June 2013 on the Official Gazette.
There are 29 points in National Cyber Security Strategy (NCSS) and 2013-2014 Action Plan. These action points contain necessary steps that should be taken for the security of state information networks and those of critical infrastructures run by state or private sector. The Action Plan and NCSS envision formation of cyber security understanding on societal level, determining critical infrastructure as well as their protection from cyber threats, national coordination and taking measures for research-development. Struggle against cyber crimes is also given considerable attention in both documents.
Cyber security is the first and foremost issue for the countries having high level dependency on information technologies. Cyber tools, useful in Defence and offense, are increasingly integrated into conventional warfare and have a critical role in international power balance. As a consequence the terms cyber diplomacy, cyber espionage and cyber army have been frequently encountered. In some strategy documents, it is evident that these concepts are defined in detail and successfully adopted to wider national security strategy. While national cyber security strategies are accessible through web, the documents about cyber intelligence and cyber army are highly classified and are not shared with the public.
Risks and opportunities in cyber diplomacy
Cyber diplomacy, a domain which surely would increase its weight in international relations, is usually categorized into two subgroups. Today, states are benefiting from cyber diplomacy by using it as a public diplomacy tool to reach out citizens in other countries. The enlarging existence of world leaders, governments and other institutions dealing with international relations in social media constitute a remarkable part of cyber diplomacy. With the aim of explaining their policies to a global audience, the administrations formed units particularly involved in effective use of Twitter, Facebook and YouTube.
Extensive use of social media by the states has created a new dimension in strategic communication. The type of diplomatic interlocutor has started to extend from state-to-state negotiations to state-to-global public communication. Therefore, it is crystal clear that social media which provides states the chance to convince other nationals about their international policies has instrumental affect on ‘gaining hearts and minds’.
In National Cyber Security Framework Manual published by NATO’s CCDCOE in Estonian capital Talinn, the second dimension of cyber diplomacy is composed of states’ methods to obtain and preserve confidential information. In the recent years, diplomacy world has experienced sensational diplomatic leakages.
The Wikileaks incident has launched wide discussions on leaking, spreading and using confidential diplomatic documents. There is no doubt that revelation of official secrets have shaken confidence crisis. These events has signed beginning of a new era in many issues including prevention methods to protect confidential data and diplomatic correspondence. The states likely to come up with a new engagement to state-to-state communication and inter institutional information exchange.
New Dimension of Power Struggle: Cyber Weapons and Cyber Espionage
Over the flow of history, technological progress has been influential in shaping public’s security perception and the way wars occurred. Emergence of steamboats changed the hands having superiority over the seas just like the warplanes transformed the warfare and led to rise of the term of civil Defence. Therefore, it is impossible to separate warfare and cyber developments in a period of time which is defined as ‘Digital Age.’ The fact that majority of Defence and offense systems are controlled and commanded by military networks increase the vulnerability of countries where a cyber attack to military networks would paralyze the combat capabilities. Apart from military networks, the intense dependency of education, health and financial systems on information technologies have caused cyber security to be handled as a national security matter. Similarly, critical infrastructures having direct impact on daily life such as facilities of energy production and transportation, dams, bridges and ports are among the main targets in terms of a cyber attack on national level. Although security measures have been tightened to provide more security for these infrastructures, ‘No system has complete safety.’ is more than a motto when cyber space is regarded.
The statements made by senior officials are helpful to grasp how this new threat is perceived by decision-makers. Former Secretary of Homeland Security in US used the analogy of 9/11 by saying ‘We should be ready cyber 9/11.’ to explain the extent of the threat her country face. The former top NATO Commander Admiral James Stavridis also spotlighted cyber threats among threats directing against the Alliance.
Analyzing cyber strategies of countries would tell that not all of these governments base its cyber policies merely on defensive outlook. Some administrations have apparent tendencies to view cyber space as a domain of war like air, land, navy and space. These states do not hesitate to declare non-defensive strategy and put efforts to reach sufficient technological capabilities. In a military environment like cyber space where the clear cut divisions between offense and Defence is getting thinner, creating offensive capabilities are increasingly seen as an indispensible integral part of Defence strategy. US and UK could be given examples of countries holding offensive attitudes in cyber strategies.
One of the pioneers of software sector, McAfee claimed in a report published in 2007 that 120 countries developed/developing cyber weapons. Despite the lack of accurate data having up-to-date figures, the concern lies behind the assumption that the hardships to control and regulate cyber space would gain a chaotic character to the extent that would cause permanent damage on inter-state relations. Other factors like the obstacles for precise attribution and relative high obtainability of cyber offensive tools have paved the way not only states but also non-state actors to acquire cyber weapons. It could safely be argued that the level of anxiety stemmed from the possibility terrorist groups get weapons of mass destruction would be felt by the likelihood of transnational illegal communities developing cyber weapons. Furthermore, one more concerning factor for states is the need of an applicable cyber space international law.
Spying activities have always had a central role in shaping nations’ security strategies. Technologic developments have transformed the way intelligence agencies gather confidential and private information. On the one hand, the opportunities offered by cyber space have enlarged states’ capabilities for intelligence, but on the other hand they make it possible for civil bodies. From this point of view, several group of information ranging from clients data the banks have to the know-how universities developed. Evolution of cyber space is likely to open a new discussion on the relationship between this kind of information and national security.
Organizing future’s cyber strategy
The nations’ preparation of national cyber security strategies and making them available for public could be interpreted as the reflection of threat perception to policy making. So far, more than 30 administrations have publicized cyber security strategy in English. Additionally, there are also some governments that either did not choose to publicize the document or translate it into English.
Taking the speed of cyber developments into account, it is strategically important to readjust strategy documents in accordance with the newest findings. Furthermore, unlike the strategies about other domains, the policies about cyber space should be re-developed in a much shorter period of time to catch up the rapid changes. The growing threat perception and increasing interest on cyber space have pushed politicians and decision-makers to improve their understanding in a way which embrace dangers coming from cyber space in addition to conventional menaces.
Considering the abovementioned threats, it can be fairly argued that the importance of cyber security will mount in the near future. Turkey should be ready against constantly evolving cyber menace and adopt the recent changes into cyber strategy in order to ensure public security. It is suggested in National Cyber Security Framework Manuel, published by NATO’s CCDCOE that cyber security has five domains: 1)Military Cyber 2)Counter Cyber Crime 3)Intelligence and Counter Intelligence 4)Critical Infrastructure Protection and National Crisis Management 5)Cyber Diplomacy and Internet Governance. A closer look at Turkey’s national cyber strategy makes one to suspect not sufficient level of attention is allocated to cyber intelligence and cyber diplomacy. However, there are two explanations for this. Firstly, we may maintain the protection of civilians and ensuring security of critical infrastructures have been primary focus of this strategy document. Another explanation could be that cyber military operations and cyber intelligence may have been regarded as issues related national security and treated as highly confidential which led them not to be publicized.
In both scenarios, preparing their own cyber Defence strategies of institutions having principal importance for national security like Turkish Armed Forces and intelligence agencies would strengthen the nation’s resilience as well as develop the capacity to take countermeasures within the frame of reciprocity.
