At the 3rd Cybersecurity Summit hosted by Turkey's BTK and organized by Kaspersky Lab Türkiye, the importance of cybersecurity and how it can be prevented were discussed. BTK President Dr. Ömer Fatih Sayan, who spoke at the event, emphasized that cybersecurity is one of the key issues at the center of Turkey's focus.
Kaspersky Lab organized the 3rd "Cybersecurity Summit" hosted by the Information Technologies and Communication Authority. The program was attended by Information Technologies and Communication Authority President Dr. Ömer Fatih Sayan, Kaspersky Lab META Region General Manager Amir Kanaan, Kaspersky Lab Senior Security Researcher Amin Hasbini, Kaspersky Lab Cybersecurity Solutions Architect Ramy AlDamati, and numerous industry representatives.
President Dr. Ömer Fatih Sayan, emphasizing that cybersecurity is at the center of the issues Turkey prioritizes, stated in his speech: "The changes and transformations we are experiencing in information technologies undoubtedly form the basis of the evolution we are witnessing in our era. Especially with the development of microprocessors, the usage areas of computers have expanded significantly and entered every area of our lives with various derivatives. These developments in computer and communication technologies have deeply affected not only the ICT sector itself but also other sectors, becoming the main actor in the profound changes that have begun. As you know, digital transformation has started to affect the daily lives of both states and everyone from 7 to 70 in every field, from national security to the economy, from the environment to urbanism."
Pointing out that digital technologies are not emerging anew, Sayan said: "The 3rd Industrial Revolution born from these technologies has reached a point where it will transform societies and the global economy as these technologies become more complex and integrated. We have now entered a new era called the 4th Industrial Revolution. As you know, the ICT sector is a highly competitive sector based on R&D and innovation containing high technology, with rapid technological progress and capital-intensive. Our generation is probably witnessing some of the most magnificent events in history. One is the creation of true machine intelligence, and the other is connecting all of humanity to a common digital network in a way that will change all economic paradigms of our planet. Although the scope and consequences of industrial revolutions, now distinguished by numbers, differ today, the only unchanging thing is that the rate at which countries adopt these technological innovations is the most important determinant of their development levels."
Cybersecurity is Part of National Security
Stating that technological capability is the most important determinant of economic development, international competitiveness, and consequently the welfare levels of countries, Sayan said: "As a country, public institutions, the private sector, and citizens, we must do our part in line with the 2023 targets set by our President. The more we use technology, the more dependent we become on it. Thus, we become more exposed to the risks it brings. Individuals, companies, critical infrastructures, and states are under serious cyber threats. Ensuring cybersecurity is no longer just a need to eliminate dangers in areas where technology is heavily used. Due to interconnected risks in social and economic life, cybersecurity has become a part of National Security and the biggest factor affecting the welfare of nations."
Emphasizing that while technology makes our lives easier, attention must also be paid to ensuring security, Sayan continued his speech: "As an institution, our efforts in this field continue intensively with the contributions of our sector. When we look at the developments in cybersecurity technologies, we see that investments are beginning to be made in cyber threat detection and prevention systems using analytical artificial intelligence and machine learning. In addition to these two concepts, we see the concept of 'automation' coming to the fore. The rapid prevention of cyber threats detected by artificial intelligence and machine learning on big data through automation systems constitutes an important part of a holistic cybersecurity strategy. For this reason, BTK, which houses the National Cyber Incident Response Center (USOM), uses machine learning and artificial intelligence capabilities in the projects we conduct in the fight against cyber threats."
Reminding that applications named AVCI, AZAD, and KASIRGA are actively used in detecting malicious software command and control servers, compromised systems, and systems infected with malicious software, Sayan said: "They continue to be developed to perform sophisticated analyses. On the other hand, important steps are being taken in our studies to detect systems included in botnets through machine learning. As a result of these efforts, 60 foreign-sourced BotNet command and control servers targeting individuals and institutions in our country have been detected and blocked, and compromised information belonging to our citizens has been obtained from 29 of these command servers." He shared the following information: "As a result, information of more than 5,000 mobile phone owners infected with malicious software was obtained from cyber attackers' command and control servers, identification of the relevant persons was made, and sharing was done with banks through BDDK, preventing their victimization."
Stating that BTK fulfills its regulatory duties towards the electronic communications sector in Turkey on one hand and continues its activities to fulfill the responsibilities assigned to it on the other, Sayan said: "Within the scope of the cybersecurity organization established in 2013, we continue to fulfill our cybersecurity-related duties at an increasing pace in the best way possible. As a result of these efforts, USOM is turning into a world brand and continues to perform important functions for the development of our country's cybersecurity ecosystem. In this framework, we are endeavoring to allocate more resources to USOM and advance the previously conducted studies. USOM continues its activities to conduct alarm, warning, and announcement activities to prevent cyber threats, take control of incidents with on-site intervention teams in critical situations, and provide national coordination in cyber incident response. USOM, equipped with malicious software analysis and digital forensics capabilities, has achieved significant gains in the employment and training of expert personnel in this field. Activities such as incident response, digital log examination, and penetration testing conducted by USOM personnel in many of our critical organizations have gained momentum."
Accessing Correct Information is Very Important in Cybersecurity
Emphasizing that accessing correct information is of great importance when it comes to cybersecurity, Sayan said: "In this respect, ensuring national coordination and cooperation among stakeholders, as well as establishing and developing international collaborations, is an indispensable part of the fight against cyber threats. As of the end of 2016, the number of Cyber Incident Response Teams (SOME), which was 544 in total, has now reached 933. Within the scope of the studies conducted by USOM, the SIP (SOME Communication Platform) Project, which enables the secure and fast sharing of cyber threats, vulnerabilities, and attacks between USOM and SOMEs, was launched in 2017 and has started to be actively used. Currently, 2,269 registered cybersecurity experts are using the SIP system."
Stating that notifications from many different countries reach USOM, Sayan said: "USOM is a member of Forum of Incident Response Teams (FIRST), Trusted Introducers (TI), and ITU-IMPACT organizations. Within the framework of the conducted studies, membership was also obtained in the international organization Cyber Alliance for Mutual Progress (CAMP) in 2017, and BTK-USOM was selected to the Operations Committee in this organization. In recent times, information flow from threat-sharing platforms within NATO has also been integrated into our institution. As USOM within BTK, our most important activities are to transmit the threats and vulnerabilities detected by our advanced cybersecurity experts to the relevant institutions along with the measures to be taken. USOM transmits both the cyber threat intelligence obtained from relevant stakeholders and the cyber threat intelligence detected and produced by our experts assuming the threat hunter role here to the relevant parties in the fastest manner."
President Sayan also shared the following regarding the complaints reported to USOM: "In 2017, cybersecurity notifications were sent officially to nearly 1,550 Institutions/Organizations/Businesses. Again, in 2017, 1,567 vulnerability notifications that needed to be addressed critically and urgently were made to institutions and organizations; more than 1,500 vulnerabilities were detected in the internet-facing services of institutions and organizations; and they were transmitted to the relevant parties along with the necessary measures. 18,026 malicious links (URL, IP, domain) used in malicious software and phishing were detected, checked, and blocked at the infrastructure level. This figure was 490 until 2017, but in 2017, there was an approximately 16-fold increase in the number of announced malicious links compared to the total of previous years. In 2018, by the end of the first four months, the number of detected malicious links has exceeded the total for 2017. Thus, attacks that could be carried out on internet users and systems nationwide have been prevented."
Drawing attention to the fact that DDoS attacks worldwide now reach 500 Gigabit/sn and above, Sayan said: "Cyber attacks targeting our country mostly aim at the electronic communications infrastructure and organizations operating in critical sectors such as energy, banking, and health, primarily public institutions. More than 90% of these attacks consist of Distributed Denial of Service (DDoS) and Phishing attacks. In 2017, the total number of attacks reported to USOM by electronic communications operators was 99,600. While the number of attacks in 2015 was 1,489, the number of reported attacks for 2016 is 8,625. In this context, it is seen that cyber attacks increased 11-fold compared to the previous year in 2017. One of the activities conducted by USOM is scanning and monitoring studies targeting our country's cyber domain, primarily critical infrastructures and institutions."
Sharing the information that in 2017, 16 million IPs in our country were scanned at various intervals for the detection of vulnerabilities published by product and software developers, Sayan noted that within the framework of new capabilities added to USOM in 2017, a total of 468 vulnerabilities were detected, including 158 SCADA, 94 VNC, 72 ElasticSearch, 23 MSSQL, and 121 Redis.
The Most Important Resource in National Cybersecurity: Human
Drawing attention to the fact that the most important resource in ensuring national cybersecurity is qualified workforce, Sayan said: "In this framework, we need to take the necessary steps quickly and close the shortage of cybersecurity experts in our country by training qualified specialists. As BTK-USOM, we are also conducting important studies in this regard and contributing to meeting the need for cybersecurity experts in our country. The SIBER YILDIZ competition we organize, trainings for SOMEs from various critical sectors such as health and energy, periodic consultation meetings to increase USOM-SOME coordination are among the studies we conduct in this sense. Studies such as cybersecurity exercises and competitions, sector-specific trainings for capacity building, i.e., training expert personnel in the field of cybersecurity, are being continued within our institution. Preparations for the FETIH project, which we will develop with in-house resources, are also continuing uninterruptedly. With the FETIH project, we will provide participants with the opportunity to conduct one-on-one cybersecurity tests in this laboratory and develop themselves in this regard."
Regarding the amendment made to the Electronic Communications Law No. 5809 with Law No. 6757 published on November 24, 2016, President Sayan said: "Our institution has been assigned the duties of preventing cyber attacks and ensuring deterrence. In this scope, BTK is tasked with conducting necessary preventive studies not only with operators but with all legal entities. With the same law, our institution has also been granted the authority to impose administrative fines up to 1 million TL on all natural persons and private law legal entities in case of failure to take necessary measures regarding cybersecurity."
Emphasizing that cybersecurity today is institutional rather than individual, Sayan concluded his speech: "Countries conduct their studies in the field of cybersecurity largely in secrecy. The potential damage parties could inflict on each other in the event of a possible cyber war frightens even the most advanced countries in this field, leading to the pursuit of more, larger, and more powerful capabilities. As BTK, we are determined and resolute to enhance all kinds of capabilities for our country's cybersecurity, together with our stakeholders in both the public and private sectors, in coordination with international stakeholders."
Following President Sayan's speech, Kaspersky Lab META Region General Manager Amir Kanaan, Kaspersky Lab Senior Security Researcher Amin Hasbini, and Kaspersky Lab Cybersecurity Solutions Architect Ramy AlDamati also made their presentations. The program ended after the panel titled "Cybersecurity Trends in the Public Sector."