BTK President Dr. Ömer Fatih Sayan, speaking at the Cybersecurity Summit organized by Microsoft, made statements regarding the importance of cybersecurity. Sayan, who said, "In the cyber world, we are as strong as our weakest link," described the work carried out by the institution.
The Cybersecurity Summit, hosted by the Information Technologies and Communication Authority (BTK), was attended by BTK President Dr. Ömer Fatih Sayan, Microsoft General Manager Murat Kansu, and sector representatives.
Stating that digital transformation has fundamentally affected the entire world, President Dr. Ömer Fatih Sayan said, "This situation is not limited to digital technologies such as computer hardware, software, mobile devices, and communication networks, or newly emerging technologies. Dazzling developments are taking place in many areas, from gene sequencing to nanotechnology, from renewable energy to quantum information processing. The convergence of these technologies and their interaction in physical, digital, and biological fields heralds developments greater than we have ever witnessed before."
Sharing the information that cyber attacks targeting Turkey mostly target the electronic communication infrastructure and critical sectors such as energy, banking, and health, primarily public institutions, Sayan stated, "More than 90% of these attacks consist of Distributed Denial of Service (DDoS) and Phishing attacks. In 2017, the total number of attacks reported to USOM by electronic communication operators was 99,600. This number was 1,489 in 2015 and 8,625 in 2016. It is observed that cyber attacks increased 11-fold compared to the previous year in 2017."
Emphasizing that cyber attacks have increased in quality and magnitude over the last 2 years and highlighting his words "In the cyber world, we are as strong as our weakest link," Sayan said, "This is only possible through awareness in cybersecurity, having sufficient equipment against attacks, and close and effective cooperation between international organizations, states, civil society, and internet actors."
TECHNOLOGICAL DEVELOPMENTS ALSO MEAN RISK
Emphasizing that technological developments closely concern other sectors as well, Sayan explained the importance of cybersecurity with these words: "While technological developments drag us into a speed, they can also put us face to face with risks. Individuals, companies, critical infrastructures, and states are under serious cyber threats. Ensuring cybersecurity is no longer just a need to eliminate dangers in areas where technology is intensively used. Due to connected risks in social and economic life, cybersecurity has become a part of National Security and one of the most important factors affecting the welfare of nations."
Underlining that BTK sensitively fulfills its responsibilities, Sayan provided the following information about USOM working in this field: "USOM is becoming a brand and continues to be an organization that performs important functions for the development of our country's cybersecurity ecosystem. In this context, we are making efforts to allocate more resources to USOM and advance the work done in the past. USOM continues its activities to prevent cyber threats; to conduct alarm, warning, and announcement activities; to take control of incidents with on-site intervention teams in critical situations; and to provide national coordination in responding to cyber incidents. USOM has been equipped with malware analysis and digital analysis capabilities, and has achieved significant gains in the employment and training of expert personnel in this regard."
Stating that reaching the right information is of critical importance in ensuring cybersecurity, Sayan said, "In this respect, ensuring national coordination and cooperation among stakeholders, as well as establishing and developing international collaborations, is an indispensable part of the fight against cyber threats."
Drawing attention to the importance of USOM-SOME cooperation in protecting national cybersecurity, President Sayan provided the following information in his speech: "If we consider the two-way information flow between USOM and SOME, the immediate notification to USOM of malicious software, cyber attacks, and vulnerabilities detected by SOMEs is an important part of the cybersecurity equation. As of the end of 2016, the number of Cyber Incident Response Teams (SOME), which was 544 in total, has now reached 878. Within the scope of the studies conducted by USOM, the SIP (SOME Communication Platform) Project, which enables the secure and fast sharing of cyber threats, vulnerabilities, and attacks between USOM and SOMEs, was launched in 2017 and has started to be actively used. Currently, 2,092 registered cybersecurity experts are using the SIP system."
USOM WORKS LIKE A CYBER THREAT HUNTER
Stating that as USOM under BTK, they work like threat hunters in terms of cyber threat intelligence, Sayan shared the following data regarding complaints and notifications received in 2017: "Official cybersecurity notifications were sent to nearly 1,550 Institutions/Organizations/Operators. 1,567 notifications of critical and urgent vulnerabilities were made. More than 1,500 vulnerabilities were detected in the internet-facing services of institutions and organizations and forwarded to the relevant parties along with the measures to be taken. 16,736 malicious links (URL, IP, domain) used in malware and phishing were detected, checked, and blocked at the infrastructure level. This figure was recorded as 490 until 2017, increasing approximately 16-fold compared to the total of previous years in 2017."
Sayan also mentioned artificial intelligence in his speech. Expressing his view that the potential of artificial intelligence will accelerate economic development, Sayan said, "On the other hand, there are concerns that it may lead to a decrease in demand for labor and an increase in unemployment. Since artificial intelligence algorithms include decision-making processes, there are also some challenges in terms of ethics, justice, transparency, and accountability. In order for artificial intelligence to realize all its positive potential, its possible negative effects need to be sufficiently discussed and solutions found. I think we need to start discussing the issue of artificial intelligence from every angle in our country and put a roadmap in front of us on this matter."
Stating that as BTK, they use machine learning and artificial intelligence capabilities in projects conducted to combat cyber threats, President Sayan said, "In particular, our applications named AVCI, AZAD, and KASIRGA are actively used in detecting malware command servers, compromised systems, and systems infected with malware, and continue to be developed to perform more qualified and in-depth analyses. On the other hand, significant steps are being taken in detecting systems included in botnets through machine learning in our studies. As a result of these studies, 60 foreign-sourced BotNet command and control servers targeting individuals and institutions in our country have been detected and blocked, and compromised information belonging to our citizens has been obtained from 29 of these command servers."
"FETİH" PROJECT PREPARATIONS CONTINUE
Mentioning the capabilities granted to USOM such as 158 SCADA, 94 VNC, 72 ElasticSearch, 23 MSSQL, and 121 Redis, President Sayan stated that one of the most important resources in ensuring national cybersecurity is qualified human resources and added: "In this context, our work on establishing a practical cybersecurity training laboratory continues. Preparations for the FETİH project, which we have fully developed with internal institutional resources, are being continued uninterruptedly in this training laboratory we will create. With the FETİH project, we will provide participants with the opportunity to conduct one-on-one cybersecurity tests in this laboratory and develop themselves in this regard."
Evaluating the powers granted to BTK with the amendment made to the Electronic Communications Law No. 5809 with Law No. 6757 published on November 24, 2016, Sayan said, "In this scope, BTK is tasked not only with operators but with all legal entities to carry out necessary preventive work. In addition, with the same law, our Institution has been granted the authority to impose administrative fines up to 1 million TL on all natural persons and private law legal entities in case of failure to take necessary measures regarding cybersecurity."
CYBERSECURITY IS NOT AN INDIVIDUAL PROBLEM
Emphasizing that cybersecurity has ceased to be an individual problem, Sayan said, "Countries largely conduct their work in the field of cybersecurity in secrecy. The question of how much damage the parties can inflict on each other in the event of a possible cyber war worries even the most advanced countries in this field, leading to the search for greater and more powerful capabilities. For this reason, countries aim to minimize these risks and maximize information sharing through multilateral or bilateral collaborations they participate in. In this context, as BTK, we are determined and resolute to enhance all kinds of capabilities and capacities for our country's cybersecurity in coordination with international stakeholders together with our stakeholders both in the public sector and private sector."
Murat Kansu, General Manager of Microsoft, who spoke at the program, also touched on topics such as artificial intelligence, cybersecurity, and cloud computing. Stating that we are ahead of many countries in many subjects, Kansu said, "We will experience many technological developments related to artificial intelligence until 2020. This brings up the issue of artificial intelligence ethics. Here, we need to develop it without loading our social mistakes onto them. In 2021, we will start communicating through bots. We are advancing rapidly on robot systems especially in the banking sector. All of these are systems working on the cloud."
After the speeches, presentations were made on how to protect against cyber attacks related to cybersecurity, measures that can be taken, ensuring security, and interventions to be made.