Siber Defense

Cyber Defense is, in its broadest definition, the protection of data and information stored in computers, servers, and other electronic systems within cyberspace against all forms of threats and attacks. This concept encompasses a wide spectrum ranging from individual user protection to national security strategies and adopts a holistic approach. The foundation of cyber defense lies in safeguarding the three core properties of information: confidentiality, integrity, and availability. Confidentiality ensures that information is accessible only to authorized individuals; integrity prevents unauthorized or falsified alterations to information; and availability guarantees that authorized users can access information whenever needed.

Cyber defense is not limited to a purely virtual domain; cyberspace is formed by the interaction of physical and virtual spaces. The tangible effects in the physical world resulting from actions carried out in the virtual domain have made cyber defense an inseparable component of national security.

Historical Development

Although the protection of information and communication technologies has always been necessary, the strategic importance of the concept of cyber defense emerged at the beginning of the 2000s. The opening of the internet to civilian use in 1991 accelerated digitalization, creating new threat domains. NATO first brought the issue onto its political agenda at the 2002 Prague Summit.

The cyber attacks targeting Estonia’s public and private sector institutions in 2007 marked a turning point, uniting Allied Defense Ministers on the urgent need for immediate action in this area. Following this incident, NATO approved its first Cyber Defense Policy in January 2008. The 2008 Russia-Georgia conflict demonstrated that cyber attacks could function as a component of conventional warfare. As a result, at the 2016 Warsaw Summit, NATO formally recognized cyberspace as its own distinct “military operational domain.”

In Türkiye, efforts in the field of cyber security began early, and the country was among the first to develop national policies in this domain. In this context, under the coordination of the Ministry of Transport and Infrastructure, “National Cyber Security Strategies and Action Plans” covering the periods 2013–2014, 2016–2019, 2020–2023, and 2024–2028 have been prepared to ensure the continuity of this strategic approach. During this period, the National Cyber Incident Response Center (USOM) was established within the Information and Communication Technologies Authority (BTK) in 2013. Under USOM’s coordination, the establishment of Sectoral Cyber Incident Response Teams (CIRTs) in critical infrastructure sectors and Corporate CIRTs within institutions has shaped Türkiye’s technical cyber security structure.

Theoretical Approaches and Fundamental Principles

Cyber defense is built upon specific theoretical foundations and design principles that determine the effectiveness and reliability of defense mechanisms.

Kerckhoffs’ Principle

According to this principle, one of the foundational tenets of cryptography, the security of a cryptosystem must rely solely on the secrecy of the key, not on the secrecy of the algorithm. Even if all details of the algorithm are known, the system must remain secure.

Confusion and Diffusion

These two principles, introduced by Shannon, are fundamental to the design of block ciphers. Confusion aims to complicate the statistical relationship between the ciphertext and the key. Diffusion ensures that a small change in the plaintext spreads as widely as possible across the ciphertext, thereby obscuring the statistical relationship between plaintext and ciphertext. Structures such as MDS (Maximum Distance Separable) matrices are used for this purpose to achieve maximum diffusion.

Threat Classification

Cyber threats can generally be classified into three main categories: errors, accidents, and attacks. Errors refer to unintentional mistakes made by system users; accidents encompass uncontrollable events such as natural disasters. Attacks are organized and deliberate actions intended to harm systems. An effective cyber defense strategy must account for all three types of threats.

Zero Trust Approach

In contrast to the traditional “trust inside, distrust outside” model, the Zero Trust approach asserts that no user or device, whether inside or outside the network, should be trusted by default. This approach, combined with the “security by design” principle, forms an integral part of modern cyber defense strategies.

Application Areas and Methods

Cyber defense consists of organized activities and technical methods across various domains at the national level, collectively forming a nation’s cyber resilience.

National Cyber Security Domains

Five key domains require focused efforts to establish national cyber security.

Cyber Crime and Countermeasures

Cyber crimes can form the basis of large-scale attacks. Cyber crimes such as the theft of personal access credentials can serve as the starting point for critical infrastructure attacks. Organized crime groups, in particular, generate significant revenues through methods such as ransomware. Combating these crimes requires not only law enforcement measures but also the enactment of laws that understand cyber crime and the presence of specialized judicial personnel in this field.

Military Cyber Organization and Operations

Cyberspace has been recognized by NATO as a military operational domain. The use of cyber elements in hybrid warfare has become widespread. States are establishing units within their military structures capable of operating in cyberspace. Examples have emerged of physical responses to cyber attacks; for instance, the Israeli military bombed a building it alleged was responsible for launching cyber attacks.

Intelligence and Counterintelligence

Cyber intelligence supports decision-making processes by anticipating threats, risks, and opportunities in the cyber domain. States conduct cyber intelligence activities to protect national economic values and prevent technology theft. For example, China’s cyber attacks on the F-35 military aircraft project constitute an example of economic and military espionage.

Protection of Critical Infrastructure and National Crisis Management

Sectors such as telecommunications, energy, banking, healthcare, and transportation are considered critical infrastructure. Protecting these infrastructures against cyber attacks is a fundamental objective of national security. The Stuxnet attack on Iran’s nuclear facilities demonstrated how vulnerable critical infrastructure can be. Cyber Incident Response Centers (CIRTs) are established to ensure coordination during crisis situations.

Cyber Diplomacy and Internet Governance

The global nature of cyberspace necessitates international cooperation. Institutions such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF) play roles in managing the technical infrastructure of the internet. States actively engage in cyber diplomacy to influence these institutions and shape international legal norms.

Technical Methods and Tools

Cyber defense is achieved through the layered application of various technical methods and tools.

Security Software

Software such as antivirus programs and firewalls helps protect against malicious software and harmful network traffic. Antivirus software detects threats using known signature patterns or by analyzing program behavior.

Network Traffic Monitoring and Analysis

Tools such as Wireshark enable the capture and analysis of network packets, allowing the detection of potential anomalies or attack attempts.

Penetration Testing and Vulnerability Scanning

Ethical hackers or white-hat hackers, with institutional authorization, test systems to identify security vulnerabilities. Specialized distributions such as Kali Linux and their embedded tools are used during this process.

Encryption (Cryptography)

Used to protect the confidentiality and integrity of data. Symmetric and asymmetric key encryption algorithms render data unreadable to unauthorized access. Digital signatures are used to verify data integrity and authenticate the identity of the sender.

Attack Types and Defense Mechanisms

Denial of Service (DoS/DDoS) Attacks

These attacks aim to slow down or completely disrupt a server or network by overwhelming it with requests beyond its capacity.

SQL Injection

This technique exploits vulnerabilities in web applications to send unauthorized SQL commands to a database.

Cross-Site Scripting (XSS)

This attack type seeks to steal user session information or perform other malicious actions by injecting harmful script code into web pages.

Key Institutions and Structures

Cyber defense is conducted through the collaboration of various institutions operating at both national and international levels.

International Institutions

• NATO: NATO recognizes cyber defense as one of its core missions and conducts political, military, and technical activities in this domain. Key structures within the Alliance include the Cyber Defense Committee, which manages cyber defense policies; the NATO Cyber Security Centre (NCSC), which protects NATO networks; the Cyber Space Operations Centre, which supports military operations; and the NATO-accredited Cooperative Cyber Defence Centre of Excellence (CCDCOE) located in Estonia.

National Institutions (Türkiye)

• Ministry of Transport and Infrastructure: The primary institution responsible for determining and coordinating national cyber security policies and strategies, as mandated by Law No. 5809.

• Presidential Office of Digital Transformation (CBDDO): Undertakes the responsibility of developing projects aimed at enhancing information and cyber security.

• Information and Communication Technologies Authority (BTK): The regulatory body responsible for preventing cyber attacks and ensuring deterrence. The National Cyber Incident Response Center (USOM) operates under BTK.

• Defense Industries Presidency (SSB): Plays a key role in developing domestic and national cyber security technologies and coordinating the defense industry ecosystem. It is one of the principal institutions supporting the Türkiye Cyber Security Cluster.

• Türkiye Cyber Security Cluster: A public-private partnership platform supported by SSB and CBDDO, aiming to enhance the ecosystem, increase human resources, and improve the competitiveness of domestic products by bringing together local cyber security firms.

• Defense Industry Companies: Companies such as HAVELSAN and ASELSAN play leading roles in critical military digitalization projects such as the Command and Control Systems (SYS). National SYS platforms such as ADVENT have been developed by these companies.

Relevant Legal and Social Regulations

Cyber defense is framed by national and international legal regulations and strategic documents.

In Türkiye, the legal framework for cyber security is primarily based on the Electronic Communications Law No. 5809. This law assigns fundamental responsibilities and duties regarding cyber security to the Ministry of Transport and Infrastructure and the BTK.

National policies and actions are guided by periodically published National Cyber Security Strategies and Action Plans. These documents outline strategic objectives such as protecting critical infrastructure, developing national capacity, and supporting domestic and national technologies, along with the necessary action items to achieve them. Additionally, documents such as the “Information and Communication Security Guide”, which specifies rules that public institutions must follow, have also been issued.

Internationally, the principle that international law applies in cyberspace has gained broad acceptance. States support efforts to develop voluntary norms on responsible state behavior and confidence-building measures to reduce the risk of conflict.