ANKARA – The release of secret government audio recordings by activist rivals of the ruling party — in particular from a Foreign Ministry meeting in March — has awakened Turkish officials to the need to bolster cyber capabilities.
The National Security Council recently declared the rival group, the Gulenists, a "national security threat." The group is thought to have wiretapped secret meetings and Turkish leaders, including President Recep Tayyip Erdogan, in recordings released from December to March.
In the recording of the Foreign Ministry meeting, then-Foreign Minister Ahmet Davutoglu, Chief Intelligence Officer Hakan Fidan, Davutoglu's undersecretary and a top military official are heard discussing Turkey's military scenarios against neighboring Syria. Davutoglu admitted the authenticity of the audio contents and said that its release meant "declaring war at Turkey."
"If a bunch of political rivals can do that, a more institutional foreign enemy can do even more harm to our national security," said a top government official who deals with cyber solutions. "Obviously there is a certain degree of weakness, and to overcome that, we must develop serious cyber capabilities against both [foreign] military and non-military sources."
Even before this scandal, Turkey was developing national solutions against potential threats, including terrorist organizations.
"In the near future, not only existing programs will gain pace but new solutions will emerge," the official said. "Cyber espionage is an existing threat which in the future can have a military dimension."
Turkey's scientific research institute, TUBITAK, operates a cybersecurity institute, SGE, which is in charge of most programs. SGE's 2013-14 action plan to counter cyber threats mentions seven areas of work: building legal infrastructure; supporting legal proceedings through expertise; strengthening national cyber infrastructure; building a rapid reaction force against cyber threats; improving human resources in the field; developing local solutions; and expanding cyber defense capabilities.
Other players that deal with cybersecurity solutions include the government watchdog Information and Communication Technologies Authority, the General Staff, military electronics specialist Aselsan and military software specialist Havelsan. But TUBITAK accounts for 70 percent of all existing Turkish cybersecurity programs.
"Today, cyber defense has become an imperative component of nations' defense strategies," Turkey's chief procurement official, Ismail Demir, said in a speech at the recent International Cyberwarfare and Security Conference here. "The ever-increasing interest of public and private institutions on cyberwarfare has put forward the necessity of rising awareness on a global scale."
The Nov. 27-28 conference, under the auspices of the Undersecretariat for Defense Industries (SSM), Turkey's procurement agency, gathered 450 participants, including military delegations, cyber defense public officials, and industry representatives and cyber experts from Albania, Azerbaijan, Britain, Canada, Finland, France, Germany, Hungary, Italy, South Korea, Turkey and the US.
"The main [issue] ... is co-developing active cyber defense capabilities beyond boundaries and issues of transnational channels for information sharing," Demir said.
In 2013, Turkey hosted about a dozen conferences on cybersecurity and new technologies. At the end of 2013, Col. Cengiz Özteke, commander of the General Staff's division for electronic systems and cyber defense, said the military considers cybersecurity as the country's "fifth force."
But most experts remain cautious despite hectic activity to tackle cyber challenges.
"There is increasing awareness among policymakers and government and security apparatus in general of the risks posed by cyber attacks and cyber manipulation," one cybersecurity expert said. "There is general — though superficial — recognition of the potential risks of cyber attacks and possible ramifications. But concrete action and corresponding reorganization and institutional coordination to address this has been very slow, if not totally absent."
An industry source who deals with cyber solutions agreed and cited two reasons: relative unfamiliarity of policy and decisionmakers, both in military and civilian realms, regarding technology and cybersecurity issues; and the Turkish state structure's traditional weakness toward coordinated action.
"There is a general reflex of competition and lack of trust. When it comes to cyber programs, this problem becomes even more acute with top-down, one-man decisionmaking style," he said.
In a report released Dec. 2 by California-based cybersecurity firm Cylance, coordinated attacks were described by Iran-based hackers on more than 50 targets in 16 countries, including Turkey and the US. Targets included critical industries, government agencies and universities.
A London-based specialist said some Turkish companies claim to have developed advanced capabilities, but no evidence supports such claims.
"For instance, one top executive recently claimed that Turkey ranks third in the world [after the US and Israel] in terms of cyberwarfare capabilities," he said. "No insider can take this claim seriously.
"Efforts and programs based on public-servant cyber expertise simply do not produce the desired outcome. Cyber defense is an art, and you need to garner the best and most creative of individuals, whom you cannot easily find among public-sector employees. Those with such merits do not often agree to [work] in a tightly regulated and formatted environment," he said. ■