British National Cyber ​​Strategy and Turkey

In 2008, I was appointed to London as a military attaché. For those who don't know, military attachés don't just represent their country in the military field. Attaches also carry out tasks such as coordination of logistics activities, coordination of military cooperation activities between the host country and their own country, and overseeing the activities of military personnel and ministry of defense personnel coming from their own country.

Military attachés also have intelligence-related duties. They collect the military developments in the countries they visit, the information they learned from the military attachés and diplomats of the other countries they contacted at the receptions, and the information in other fields ordered and send them to their own countries. For this purpose, they regularly scan the press of the country where they work, and if they detect an important issue, they report it to their country.
For this reason, I was following the important developments with intelligence value that I detected in England during my duty as attaché, like the military attaché of every country. For this purpose, the first thing I did as soon as I got to work in the morning was to scan the British press and if there was news that concerned Turkey, especially the armed forces, I would copy the news and send the summary to Ankara. In other words, I followed the British press regularly during the two years I worked in London.

For this reason, I subscribed to both UK-based and international journals on military, security and intelligence published in English. They would send me a printed copy of each issue of these magazines. Since I have an e-mail address in these magazines, they kept asking for my mail address when I returned to Turkey, as they do every year. I gave the address of my house in Ankara, and most of those magazines sent me every issue of them by post.
After a while, some of these journals stopped sending printed journals and started sending their publications softly to my email address. When I retired, my address changed and for various reasons I did not respond to e-mails from many. That's why only four journals currently send emails. I also check them out from time to time. As I was reading one of these today, I remembered what I experienced when I was an attaché and when I returned to Turkey, and I decided to write an article on this subject.

I think it was 2009. One day, while browsing the British press, I came across an article about the UK's cyber security. When I looked at other newspapers, I saw that the same issue was reported in all newspapers. In the following days, the details of the news began to come. If I remember correctly, a flash disk (flash dic) was found at a gas station. When the station employees couldn't find the owner, they checked the disc to see if there was anything important. They were alarmed by what they saw and immediately informed the police. And they were right to be worried because the disc contained very detailed information about thousands of employees of the British government (mostly police and soldiers).

Thereupon, British police and intelligence agencies quickly began investigating the incident. I don't know if they caught the criminals, but the statements made were worrying for England. It was mentioned that this was an organized espionage and an attempt to plot against government officials. Both the British press and the British State insisted on this issue, vigorously and seriously.
Even the results of this were reflected to us. Previously, we entered the Ministry of Defense from the side, not through the tight-scrutinized doors that everyone enters. The person we were going to meet would meet us at the door and let us in. After this incident, attachés were also allowed to enter through the doors under strict electronic and physical control.

When I saw the seriousness of the incident, I sent what I learned about it to Ankara. I said that cyber security issues are talked about a lot in the UK and I explained what happened. In the evaluation part of my article, it is stated that similar events can happen in Turkey, that it would be beneficial to increase security measures similar to the British, that countermeasures should be taken as well as the protection of information, etc. I stated the points.

Shortly after that, the British prime minister or a minister made a statement to the press in this direction. In this statement; It was said that the UK was heavily exposed to cyber attacks, most of the attacks were caused by Russia, and China came second, and these countries were openly warned. The thing that caught my attention the most was that they said that they would not be content with just defense anymore, that they would attack those who attacked England, that they set up a unit for this purpose, and that they resigned from the hackers in this unit.
When I read this news, I thought that it was determined that the countries named after the flash disk in the gas station had something to do with it. England must have been so angry about this that they were warning and even threatening some states by giving names from the mouths of the highest-ranking people, which is not uncommon. I sent this news to Ankara and sent a similar report.  

I informed him that we also need to be stabbed.

But my messages must not have been taken too seriously, as justifying all the warnings I made, an intense asymmetrical psychological operation began to be carried out on the Turkish Armed Forces over the internet after a short while. The trained cadres of the army were purged with the conspiracies that we know as Fetöists, but that a political party member said in a television program that they planned and executed in cooperation with the CIA, FETO and themselves (he used the phrase "we have caged the Army" if I remember correctly). Without a single shot being fired, all the staff of the Turkish army and trained personnel in critical missions were no longer a threat to the enemies of this country (as well as by the state).

I hope that our state has learned from what has happened today and has completed the necessary organization and developed measures against cyber threats. Because cyber threats have grown even more today. Not only can personal information be accessed over the internet, cyber attacks can be carried out on nuclear facilities, as in the example of Iran, cyber attacks can be made on the power plant in Ukraine, as alleged by the Russians, and a region can be left without electricity for 3-4 days. Thus, Hybrid Warfare, which is today's fashionable term, is mainly carried out with cyber warfare applications.

While browsing the magazine I mentioned above, I read that the UK government has been working on this issue extensively and has prepared and announced the National Cyber ​​Strategy. Now, I will try to explain in general terms what is written on the subject in this magazine. I write the information I get from the journal in italics to avoid confusion.

The UK government released its new National Cyber ​​Strategy on 15 December 2021. Interior Minister Priti Patel made a statement on the subject; “Cybercrime cripples life and facilitates other crimes such as fraud, harassment and domestic abuse. Billions of pounds are lost every year by cybercriminals who steal personal data or store it for blackmail and disrupt important public services or vital sectors of the national economy. This strategy will greatly improve government response to the ever-changing threat from cybercrime and strengthen law enforcement response in partnership with the NCSC [National Cyber ​​Security Center] and the National Cyber ​​Force. We all have a role to play in protecting ourselves from cybercrime. As a society, we need to take this threat seriously.” said.

The document, which was announced to the public and is quite comprehensive; It covers topics such as diversity, skills, professional standards, what government can do, and how to collaborate with universities and the technology sector. As understood from the presentation; The strategy determined seems quite ambitious. The government also plans to organize a training program for young people on this subject. In this training, a "Cyber ​​Explorers" online training platform will be created that will provide young people with cyber skills. In this context, the Royal Charter for the umbrella organization of the United Kingdom Cyber ​​Security Council was prepared and approved by the Queen. In addition, a new unit called the National Laboratory for Operational Technology Security and the National Cyber ​​Advisory Board (NCAB) has been established.

On the other hand, the implementation of minimum safety standards in all new smart products such as refrigerators and toys is emphasized in accordance with the newly enacted Product Safety and Telecommunication Infrastructure Law. In this regard, it is planned to create an organizational model in which local units that will spread throughout the country and operate regionally, instead of only London-based cyber companies, will participate. Elements such as Queen's University in Northern Ireland, centres, clusters or eco-systems around Belfast and Malvern will be part of this system.

Sir Jeremy Fleming, President of GCHQ (Government Communications Headquarters; Government Communications Headquarters/Centre/Headquarters), made the following statements on this subject: “The National Cyber ​​Strategy is built on the strong foundations of cybersecurity in the country where GCHQ is a part of its work, particularly through the NCSC. But it's not just that. It brings together all cyber activities, from existing capabilities to diverse communities and the use of offensive cyber capabilities through the newly formed National Cyber ​​Force.

The strategy essentially shows how the UK can build capacity across the country to continue to capitalize on the opportunities of cyberspace. To this end, as a leading responsible cyber power, it can form alliances with democratic partners around the world to protect a free, open and peaceful cyberspace.”

Mandiant Cyber ​​Threat Intelligence Advisor Jamie Collier welcomed the publicly announced cyber strategy as a positive and ambitious vision. out. “This strategy takes a broader view of cyberspace that goes beyond security and connects with themes of diplomacy, national power and statecraft. It offers a proactive vision in responding to both state-sponsored espionage and cybercrime, recognizing that publicizing and even cyber-sanctions regimes are not always successful in radically changing the actions of attackers. The recently announced National Cyber ​​Force marks a new concept for more directly deterring government operations by disrupting enemy network infrastructure.

The strategy also lays out a robust approach to tackling cybercrime, possibly in response to the devastating impact of malware in the UK and around the world over the past two years. There is a clear desire to disrupt the connected tools and services that empower the cybercrime ecosystem and crime groups. With £2.6bn devoted to cybersecurity over the next five years, the Government remains highly committed to its central vision of keeping the UK a safe and attractive digital economy. It is encouraging to see that spending plans are largely focused on sustaining existing initiatives, as this highlights that the UK Government has already built many of the key elements of national cyber capacity and can now build on that momentum. For example, laying the groundwork to set up the National Center for Cyber ​​Security (NCSC) five years ago really paid off, as the NCSC is now seen as an example by its international counterparts and is a frequent destination when heads of state visit the UK.”

As you can see, the UK has been attaching great importance to cyber security for a long time. For this purpose, necessary institutionalization activities were started 13-14 years ago. Not only was institutionalization satisfied, the doctrine, concept and policies related to the subject were determined. In parallel with the development, diversification and change of the threat, this doctrine, concept and policies and organizational structure have been developed. An annual budget of £2.6 billion has been earmarked for activities on cybersecurity. As a result, the UK now defines itself as a cyber power. In fact, according to the statements made by authorized mouths, England has risen to a leading position as a cyber power in the world.

I don't know how it is with us. But it is clear that Turkey, like the British, should attach great importance to this issue. Fetö plotters have clearly shown this. In addition, the news that many people, from people with the least education to professors, were defrauded over the internet, were reflected in the press and continues to be reflected every day. The computing systems of banks, companies, and even government agencies have been exposed to attacks.
Therefore; A cyber force like the armed forces should be established by accepting that cyberspace is also a field of struggle.

The most appropriate organizational structure for this force should be established.

A separate budget should be allocated for the activities of this structure.

It is understood that England has tried to educate the public on this issue.

An education and awareness-raising activities for the public should also be started in our country.

These educational activities are primarily; banks, companies, universities etc. It should start with institutions.

From time to time, warning messages sent to the phones by the police should not be contented with.

Most importantly, the doctrines, concepts and policies related to cyber warfare should be determined by taking into account the ideas and needs of all state institutions, and the road map to be followed should be set out clearly in a strategy document.