Tarih: Issue 49 - January 2014
This conference under the auspices of SSM (Undersecretariat for Defence Industries) gathered 450 participants covering military delegations, cyber defence officials, industry representatives and cyber experts from Turkey, US, UK, Germany, France, Canada, Italy, Finland, Hungary, Albania, Azerbaijan and South Korea. Emerging threats and challenges on cyber warfare; the policy of leading cyber nations in cyber warfare and security; legal aspects for cyber warfare; industrial perspective in cyber warfare and security; new trends, new developments, technologies and solutions and next generation of cyber attacks were discussed in round tables during the Conference.In his remarks delivered at the opening ceremony on the first day of the Conference, Undersecretary for Defence Industry Mr. Murad Bayar mentioned that cyber warfare was increasingly widespread and growing, that up to now we were face-to-face with very serious leaks and spills and that due to their frequency these threats were now being handled as a military matter. In addition, Bayar said that as Turkey they had developed a co-ordination committee in the cyber security area and had established a command within the Turkish Armed Forces.
The International Business Development Director of Lockheed Martin, Mr. Mark Gittins, on the other hand, indicated that cyber threats had become more organised and said, “Threats in the 2000s were not this large. Today, organised cyber attacks are taken place. Firms must reshape their technology infrastructure.” Aside from organisations, governments and states, industry and the financial sector were targets of these cyber threats.
Participating as a keynote speaker at the Conference, Mr. Hasan Yaşar, Technical Manager in the CERT Programme at Carnegie Mellon University’s Software Engineering Institute, delivered his remarks under the heading, ‘Cyber War Situational Awareness and the Best Defence Applications.’ In his remarks Mr. Yaşar mentioned the history of cyber warfare, at what stage other nations were on the subject of cyber warfare and the meaning and usage of ‘cyberspace,’ ‘cyber attack,’ ‘cyber espionage’ and ‘cyber warfare’ in cyber terminology to participants. Additionally, Mr. Yaşar commented on our present stage in cyber warfare in 2013 and touched on the type of solutions introduced to cyber warfare with examples from Turkey and certain other countries.
Havelsan’s Deputy General Manager, Mr. Murat Saral, in his opening remarks, stated that cyber security was important in the areas of transportation, communication, health, social security and judiciary and noted that even in household computers spy programmes were present, that measures should be taken against threats in every area and that these types of attacks were the most effective and inexpensive. After the opening remarks, round table discussions commenced at the Conference.
Round Table 1
“Emerging Threats and Challenges on Cyber Warfare”
The first round table at the Conference on the subject of “Emerging Threats and Challenges on Cyber Warfare” commenced with Asst. Prof. Ali Aydın Selçuk of the Department of Computer Engineering of the TOBB Economy and Technology University as the moderator. The round table started with the speech of Lt.Col. Greg Holman, Canada Armed Forces, NATO. In his presentation entitled, “Cyber Defence Governance: Proper Governance is Key to Success,” Colonel Holman started by seeking an answer and explaining to the audience the question of how one can establish a balance in “military operational dynamics within cyber dimensions.” Continuing by explaining the measures that can immediately be taken against cyber threats, Col. Holman, in his presentation, stated that cyber defence is not only about technology but also a matter for the commander as well. In the subsequent parts of his speech Colonel Holman mentioned that cyber threats had significantly increased and stated what stance the military must take in a situation such as this.
Speaking at the round table entitled, “Contemporary Cyber Threats and Limitations of Prevention Technologies,” the Director of the TUBITAK Institute of Cyber Security, Mr. Hayrettin Bahşi emphasized that cyber threats in terms of attack targets had undergone an important evolution and against these threats the target at no time possessed efficient technical solutions and that on this matter even if there were emerging technologies, these had not reached a sufficient level of maturity. In his presentation, Mr. Hayrettin Bahşi also gave examples of how cyber threats can be perceived and added that incoming threats must be rapidly perceived and counteracted in the same rapid manner.
Speaking on global industrial cyber security trends, Frost & Sullivan’s Director for Turkey, Mr. Philipp Reuter provided important information to participants on the cost of security trends and the position of the major companies in this market. Reuter indicated that approximately 50 billion dollars was spent on cyber security, cyber warfare and research in 2013. In his presentation Reuter also made salient comments on how national and market participants can be protected from cyber attacks. In his closing remarks, Reuter’s also mentioned the activities of automation firms in the cyber market.
Panelist Mr. Can Yıldızlı, CEO of Intelrad and DoD Grand Champion 2011, spoke of the importance of cyber intelligence in cyber warfare, cyber threats and the cyber intelligence model established as an effective intervention against cyber warfare threats. Additionally, in his presentation, Yıldızlı also spoke on the applicability of this model and the advantages and difficulties of such a transformation process.
Among the overseas speakers that participated in the Conference, the Chief of Cyber Defence Centre of the Brazilian Army, Lt. General Jose Carlos Dos Santos, provided information of Brazil’s Cyber Defence Strategy and the importance of cyber intelligence. Adding that they were ready for two major events to take place during the coming period in Brazil, Dos Santos mentioned that the main point to be noted in cyber security was co-operation and intelligence. Gen. Dos Santos, added that Brazil realised that cyber security was crucial in terms of national security after 2008 and stated that activities continued in this regard.
Round Table 2
“The Policy of Leading Cyber Nations in Cyber Warfare and Security” and “Legal Aspects for Cyber Warfare”
In the second round table, discussions continued under moderator Prof. Dr. Nazife Baykal, Director of Informatics Institute of the Middle East Technical University, with the themes: “The policy of leading cyber nations in cyber warfare and security” and “Legal aspects for cyber warfare.”
In this session, the Head of Division for IT Security of the German Federal Ministry of the Interior, Dr. Rainer Mantz, took the floor first. Dr. Mantz gave a presentation covering Germany’s strategy involving cyber security and an analysis of global threats as seen by Germany. Providing information to the audience on the shared responsibility in the face of this threat, Dr. Mantz stated that they expect the participation of certain agencies in the National Cyber Response Centre in the near future.
Legal Advisor, Joint Forces Cyber Group, UK MoD, Sqn. Ldr. Hannah Harrison, in her presentation gave information on answers that should be sought in providing solutions to such questions as: What are your legal rights against cyber attacks? How can we respond? When can boundaries be protected? Emphasizing that the international law against cyber attacks was prepared many years ago and that it must be expanded, Harrison, in particular noted that laws against cyber attacks concerned the national security of nations and since it contains privy information it is not openly discussed and for this reason it becomes difficult to expand laws in this regard.
Participating on behalf of Finland, Col. Aapo Cederberg, Senior Adviser at Emerging Security Challenges Programme in Geneva Centre for Security Policy (GCSP) provided information to participants on the subject of “Finland’s Cyber Security Strategy.” Describing the meaning of cyber security in Finland in his opening remarks, Col. Cederberg briefed the participants on Finland’s comprehensive security measures on cyber warfare and threats. Indicating that Finland was ready against cyber threats Cederberg underlined that in crisis management as well as in terms of crisis management centres, Finland was prepared against these types of threats.
Stating that they accepted cyber space as the power, a part of national force, Col. Cengiz Özteke, Commander of TAF Cyber Defence Command, mentioned the measures that Turkey has adopted against cyber attacks and stated that their starting point was to see cyber attacks as a national threat and that they accepted cyber space as the power and a part of national forces. Noting that we were becoming more and more dependent on new technologies, Özteke said that the ever-growing cyber space brought cyber warfare with it. Expressing his view that cyber space warfare is the fifth warfare platform next to land, air, sea and space, Özteke explained that this new warfare area showed certain differences from other warfare areas and that one of the most basic difference was that cyber warfare demonstrated an asymmetric structure. Col. Özteke said that major effects can be achieved against cyber warfare with minimal effort. Özteke said that whereas other warfare platforms required more expensive equipment and weapons, in cyber warfare critical damages can be brought against the other side with very little experts and that the difficulty in locating the source of the attack was another characteristic of a cyber attack.
Providing information on the work undertaken on cyber attacks and security in Turkey, Özteke indicated that the Council of Ministers had appointed the Ministry of Transportation, Maritime Affairs and Communications as the overall co-ordinator, had established the Cyber Security Board as the cyber security governance authority, had prepared the National Cyber Strategy and Action Plan, and, additionally, in order to rapidly counter cyber attacks and co-ordinate counter time periods, had formed the National Cyber Incident Response Centre.
Stating that as the Turkish Armed Forces they were implementing their cyber programme in harmony with national and NATO units, Col. Özteke said that they formed the Cyber Defence Command under the Chief of Staff Headquarters and that co-ordination was carried out in this manner. Expressing the view that cyber warfare and electronic warfare technologies were fast approaching each other, Col. Özteke said that they estimated both areas would be even closer to each other in the future and that work continued according to this viewpoint. “We are aiming to maximize our defence against cyber attacks at the highest level. We are planning to fight against the increase we see in cyber attacks. This affects us every day. Cyber attacks have moved from virtual to becoming more realistic and physical in results. We need to be prepared against these physical effects” indicated Özteke.
Participating on behalf of South Korea in the Conference, Mr. Choi Young Cheol, Deputy Director of Policy Planning, South Korean Ministry of Defence, stated that South Korea had adopted measures on cyber warfare and security and that they continuously exchanged information on cyber threats with the international community and were focused in finding joint solutions against cyber threats.
Under the heading: ‘Where are we now? Current cyber security developments in Hungary,” Mr. Tas Keleman, Head of Defence Policy, Hungarian Ministry of Defence provided information on what critical industries would be effected by cyber attacks and what measures can be taken against such attacks. Mr. Keleman added that since cyber threats have also military aspects and due to the seriousness of these aspects, that the Hungarian Ministry of Defence had approved two months ago the Cyber Defence Concept that defined cyber defence principles.
Round Table 3
“Industrial Perspective in Cyber Warfare and Security: New Trends, New Developments, Technologies and Solutions”
Mr. Mete Arslan, Head of C4I Department of the Undersecretariat for Defence Industries under the title: “Industrial Perspective in Cyber Warfare and Security: New Trends, New Developments, Technologies and Solutions” was the moderator in the third round table.
The first presentation was made by the Marketing and Business Development Director of Havelsan, Mr. Alparslan Kuloğlu. Under the heading, “Ready to Cyber Attacks?” Kuloğlu, during the first part of his presentation, gave various examples of global cyber crimes that took place in which its effects were widespread from 1982 to the present. Indicating that 556 million individuals are affected by cyber crimes the world over, Kuloğlu said: “In one year the cost to the world in terms of the loss of time reached 380 billion dollars.” Emphasizing that the world and America have allocated serious budgets for cyber security, Kuloğlu stated that: “America has put aside an important budget for cyber security. What was 3.2 billion dollars in 2012 reached 3.7 billion dollars in 2013. It’s expected that America’s cyber security budget in 2015 will climb to 10 billion dollars. In 2013 numbers America’ defence budget will be is approximately 632 billion dollars and this budget’s one sixth of one thousand is reserved for cyber security.” Underlining that awareness on the question of cyber security in Turkey must be increased, Kuloğlu in particular said that Turkey must participate more in national and international exercises in the following years, that simulation work in the area of cyber security must be expanded and that information security sensitivity of individuals starting at an early age must be started.
In his presentation to the participants at the round table, Mr. Ali Yazıcı, Cryptology and Information Security Manager of Aselsan, began with providing information on the place of cyberspace in our lives, its use and importance. Mentioning the latest increase in cyber attacks and threats take took place, Yazıcı stated that Aselsan had developed important systems and programmes against cyber threats and attacks.
Mr. Randy Warner, Manager of Intel Fusion, Information Systems and Global Solutions of Lockheed Martin provided information on where Lockheed Martin was on cyber security and its voyage from the past to the present. In addition, stating that cyber threats had increased, Warner shared the view as to how these threats can be met and stated that the real solution lies in intelligence.
Mr. Aldo Pietro Paggi, Security and Smart System Division, VP International Sales Technical Support Cyber Security and Information Assurance of Selex ES commenced his remarks by providing information on Finmecanica and Selex firms. Informing the participants on NATO’s NCIRC and ANWI programmes, Paggi in his remarks at a later stage touched upon the subjects of the cyber security process and the prevention of cyber threats.
The last speaker of the third round table was Mr. Yılmaz Çankaya, Head of Application and System Security Division of TUBITAK’s’s Cyber Security Institute under the heading of “Cyber Security Training and Simulation.” In the last part of his remarks Mr. Çankaya mentioned the importance of establishing a successful cyber security training infrastructure, modeling and simulation.
Round Table 4
“Next Generation of Cyber Attacks: Mapping the Future Threat Environment”
In the fourth round table under moderator Mr. Bünyamin Karadeniz, Business Development Manager of Havelsan, the first speaker was Mr. Alper Botan who spoke on the topic of “Thales-Yaltes Cyber Security Solutions.” As the Ankara Region Manager of Yaltes, Botan first informed the participants on the activities of Yaltes and Thales. Drawing attention to the subject of what the new cyber threats are and to whom they are intended, Botan said, “Cyber criminals, state supported actors, social or political protest groups are the leaders in cyber threats. Their objectives may be material interest, industrial theft or politically motivated. In order to counter these attacks and threats more secure security architectures, active defence approaches and defence systems where the design or configuration are specially made are necessary.” In the latter part of his presentation Botan mentioned in particular Yaltes-Thales’ expertise in cryptology and drew attention to the importance of security services.
In her presentation, Ms. Cecilia Aguero of Cyber Technical Capture, Thales Raytheon Systems gave information on Thales Raytheon and informed the participants on the new generation cyber threats. Ms. Aguero provided information on Thales Raytheon’s past activities on cyber security and the new systems that they have developed. Aguero added that this system that Thales Raytheon had developed can be used at a central or national level as a detection system for any abnormal operational behavior.
In his presentation, Mr. Oral Gürel, Project Manager at STM talked on the subject of ‘”STM and Cyber Security Solutions.” He informed the participants about the Integrated Cyber Security System (ICSS), the Feasibility Study Project, the Information Security Simulation for Defence Networks (ISSDN) and on the European Cyber Security Protection Alliance (CYSPA).
Cyber security expert Mr. İbrahim Baliç in his presentation mentioned that the use of cyber weapons was increasing each passing day and gave various examples on cyber weapons. Baliç said, “If we were to give examples of these weapons, ‘Flame,’ identified in 2012, targets Middle East countries, is documented to have been in existence since 2008 and is considered as one of the most powerful cyber weapons. In addition, ‘Stuxnet,’ identified in 2010, was created against Iran’s nuclear plants and as a target-oriented cyber weapon is seen as an important cyber weapon.” Baliç emphasized that cyber weapons are low cost, its domain high and conceptually compared to a weapon is more functional. Baliç continued by saying, “The cost of a missile is approximately between 600,000 and one million dollars and its domain is approximately 2,500 km. The Unit price of a cyber weapon is approximately 40,000 dollars on the black market and its domain and damage can be described as limitless.” Stating that in the cyber weapon industry cyber weapons are divided into defensive and offensive weapons, Baliç said that they expected worldwide cyber weapon industry’s sales volume to reach 4 million dollars between 2014 and 2024. In the last part of his presentation Ibrahim Baliç provided detailed information on ‘O-Day’ used for untapped or unknown security weaknesses.
General Mihaly Zala from the Hungary National Security Authority gave a presentation on new cyber threats and the Hungarian approach to these threats. Indicating that the approach of the Hungarian government on cyber threats had changed after 2010. He went on to add that realising the importance of cyber security in 2010, the Hungarian authorities started their activities in this direction. General Zala stated that the Hungarian National Defence Security Strategy was published during the first quarter of 2013 and that the law prepared on this subject went into effect during the third quarter of 2013. In the last part of his presentation General Zala informed the listeners on what type of defence can be applied against cyber threats.
Providing the closing remarks to the Conference, Deputy Undersecretary for Defence Industries Dr. Faruk Özlü first thanked Defence Turkey, SaSaD and ODTU Teknokent that took part in the organizing committee of the First International Cyber Warfare and Security Conference to be organized. In the latter part of his remarks he emphasized that cyber security was not only a military matter but also important in civilian life as well.
On the second day of the Conference a working group was realized that would play an important role in drawing a road map on cyber security. In addition, with the participation of many local and foreign firms, B2B contacts continued throughout the day.