Facing growing concern over cybersecurity, the Turkish government is trying to recruit thousands of youngsters for training in cyber affairs. The country's National Intervention Center Against Cyber Attacks (USOM) even organized a competition called “Cyberstar” that attracted 27,000 young people.
Some former internet pirates have found new futures as white-hat hackers in information technology (IT) for the government. One of these, 18-year-old A.S., spoke with Al-Monitor on condition of anonymity about his experience in the IT world.
“I have been interested in computers since elementary school. In middle school, that became an obsession. I wasn't doing well in my other subjects because I was spending my days writing code, which eventually became my full-time job. For the past year, I have been working as a part-time cybersecurity expert for the government, making about $1,000 a month," said A.S., who hails from the low-income Zeytinburnu district of Istanbul.
His tale resembles the stories of hundreds of other young people.
Fatih Sayan is chairman of Turkey’s Information Technology and Communication Agency (BTK), which is part of the Ministry of Transportation, Maritime and Communications. He told Al-Monitor that Turkey has to confront hacking by developing proactive and preventive methods, in addition to reactive defensive methods. Sayan's agency coordinates the state’s civilian cyber capabilities, working with individuals and organizations to develop Turkey’s real-world potential in the virtual world.
Authorities say the power blackouts in March 2015, which cost Turkey $700 million, and another blackout a year ago were caused by cyberattacks against the national power grid. Also, the nationwide internet outages in December were caused by cyberattacks. Minister of Communication Ahmet Arslan said that there were 209 cyberattacks against public institutions in 2014, but that 2016 saw 8,560 such attacks recorded.
USOM was created to combat cyberattacks, boost security, determine the perpetrators and keep public institutions informed. About 400 branches of this unit are active in the country.
In 2016, the Ministry of Communications issued a detailed strategy to develop Turkey’s cybersecurity structure. Since then, the ministry has held regional meetings and organized a national cyber summit to find skilled hackers in Turkey. Also, many periodicals and bulletins on cybersecurity have popped up in the past two years, indicating growing interest in the field.
While Turkey’s cyber activities in the civilian sphere are making major strides, its efforts in the military are badly lagging. It is a hard-hitting reality that the intellectual capacity of the Turkish Armed Forces (TSK) was severely bruised by the series of purges that followed the July 15 coup attempt.
In 2013, the government set up a Cyber Defense Command within the TSK, and in 2015, IT security was incorporated into the National Security Policy Document — but there is still no sign of a strategic vision in the TSK or a road map of how it will achieve the document's aims. The TSK doesn’t have offensive cyber capability, and its defensive capability is limited to participating in related NATO exercises.
Cybersecurity expert Alper Basaran told Al-Monitor that cyberwarfare hasn't yet become a conventional capability of regular armies. “That is why the capacity for cyberwarfare is not an issue of resources, but of knowledge and technical know-how," he said. Today, all it takes is a laptop to gain access to extensive information about staging cyberattacks.
"Anyone motivated by nationalist and religious ideologies or hoping to make some money ... can launch serious attacks on targets in other countries without leaving a trace," Basaran said. "Attacks against Turkey nowadays are made by taking advantage of security gaps."
According to Basaran, Turkey must identify and fix these gaps nationwide by standardizing software and hardware.
Research earlier this year by an antivirus company in Turkey found that 42% of computers in Turkey are infected with harmful software. "That means that almost one of every two computers in Turkey has been targeted by someone," Basaran said.
Reyhan Guner, who is pursuing a doctorate in cybersecurity, said: “As the world discusses cyber doomsday scenarios, Turkey is still trying to catch the train. ... But we are facing the risk of conspiracy theories and irrelevant scenarios that would dilute the real issue. There is very little academic work in cybersecurity. We have a deficit of 15,000 cybersecurity experts. Turkey has the money and the political will to boost its cybersecurity and warfare capacity. But the real problem is the lack of qualified personnel.”
However, Oguz Kagan Pehlivan, who is working on a doctorate in communications law and cybersecurity at Bilkent University, doesn’t think Turkey’s worst problem in cybersecurity is the lack of trained personnel. To him, the real problem is the lack of ethical, legal and technological infrastructure and the absence of institutionalization.
“Big Data is the new oil. Where is that oil? The distribution of underwater fiber-optic cables worldwide and their routes are creating new geopolitics. In the 19th century, Bab el-Mandeb [Mandeb Strait] was of critical importance for the West’s colonies in the East. Today, what's important is the route of fiber-optic cables extending to India and China from Europe," Pehlivan said.
"When you talk of cyberwarfare, there is some degree of deterrence among big players such as China, Russia and the US, but [the threat of cyberwarfare] doesn’t offer deterrence against countries such as Iran, Syria, Lebanon and North Korea. That is why countries have to develop offense-oriented active and defensive cyberstrategies and tactics and train the needed personnel. This is what Turkey is trying to do."
But there are concerns about whether Turkey’s efforts to boost cybersecurity will affect the country’s balance between freedom and security, which has already been seriously affected since the July 15 coup attempt. Many wonder if the state will develop and use advanced cyber abilities domestically to monitor its own citizens, rather than protecting their freedoms and the country's critical infrastructure against foreign threats.
Turkey has to come up with robust ethical and legal principles to avoid the perception of “Big Brother is watching you.” It appears inevitable that we are heading to a new field of debate on citizens’ privacy versus state security requirements.