By Menekse Tokyay
As a consequence of cyber attacks in Estonia and in Georgia in 2007 and 2008 respectively, NATO recognised that cyber security had to be placed at the forefront of new security challenges to be dealt with in the years ahead.
That in turn has required the strengthening of the Alliance’s cyber defence capabilities as the threats evolve and become increasingly more sophisticated, potentially undermining critical systems and infrastructure.
“A cyber attack can bring a country down without a single soldier having to cross its borders; and it is no exaggeration to state that cyber attacks have become a new form of permanent, low-level warfare,” says NATO Secretary-General Anders Fogh Rasmussen.
This new security challenge was on the agenda at the June 8th-9th meeting of NATO defence ministers in Brussels. Ministers agreed on an action plan and on a revised cyber defence policy which will not only ensure a quicker and more effective protection of NATO’s own network, but also provide the Allies and Partners with more assistance in preventing the cyber attacks, coping with them and limiting their impact.
The new strategy requires that all NATO structures be brought under a centralised protection system, and that all of its networks be monitored round the clock as of 2012.
“At this meeting, NATO took the decision to start co-operation with the EU; but the European approach on cyber defence is still limited with the computers’ security by focusing merely on the Computer Emergency Response Team (CERT),” explains Salih Bıçakçı, professor of international relations at Işık University and one of the top experts on cyber defence issues.
Meanwhile, Europe is grappling with the need to hash out a common strategy.
According to Can Buharalı, managing partner of Istanbul Economy Consulting (EDAM), since the EU has no specific common policy area yet for defence issues, it cannot currently implement an effective common defence policy against cyber attacks.
The United States has assumed a role as a potential leader in cyber defence. According to Buharalı, the latest decision by the Obama Administration to respond to cyber attacks with conventional weapons shows that this issue is gaining more traction worldwide.
However, he adds, all these initiatives serve only as declarations of intention, at least for now.
Although a crucial member of NATO, Turkey lags behind in these spheres and is not at an advanced level of organisation as regards cyber defence. “Despite including the cyber security issue into the National Security Politics Document, it is not so clear how to implement this concept,” Bıçakçı tells SETimes.
Establishment of a new Ministry of Technology is considered a promising step, Bıçakçı said, adding however that no state can ensure cyber security by excluding the private sector.
According to Mustava Ünver, department head at the Information Technologies and Communication Authority (BTK), it is important that the “state should take responsibilities on behalf of its citizens and ensure that both public and private sectors resist such attacks”.
With multiple panels and agencies involved, one of the chief problems in Turkey has been the overlapping of competencies.
Organisations playing a role include TÜBİTAK-BOME (Intervention Team for Computer-related Events), which executes the mission of CERT; BTK and TIB (Communication Directorate of Turkey), tasked with protecting the internet; and TÜBİTAK-UEKAE (National Research Institute of Electronics and Cryptology), which serves as NATO’s contact point in Turkey.
“This state-of-play prevents Turkey from being an important actor for the initiatives of NATO. However, as a result of its membership, Turkey will be much more willing to follow NATO’s strategy of strengthening cyber defence,” Bıcakcı tells SETimes.
On the other hand, TÜBİTAK-UEKAE Institute Deputy Director Mert Üneri thinks that at the state level, a kind of consciousness has been already established regarding cyber threats.
In late January, Turkey organised a simulated operation of national cyber security together with the leadership of TÜBİTAK and BTK. The goal was to test the security of 41 strategic national institutions’ systems against intrusions and attacks.
According to Binali Yıldırım, the January operation was completed successfully and there will be more operations in the future. However, he added, it remains essential to develop a system that would be alert constantly.
In all, experts say, the Alliance is heading in the right direction by considering the importance of soft security issues in the changing security environment. But there is still much work to be done.