3rd International Cyber Warfare and Security Conference was Held in Ankara by SSM

The main theme of conference was “Strengthening the Cyber Security Ecosystem and Cyber Security Cluster”

Date: Issue 79 - February 2018

The 3rd annual Cyber Warfare & Security Conference was held in Ankara, on November 27-28, 2017 under the auspices of the Undersecretariat for Defense Industries; supported by the Prime Ministry, the Ministry of Transport, Maritime Affairs and Communications, the Ministry of Science and Technology, the Ministry of Development, Information Technologies and Communication Authority, TÜBITAK and SaSaD, and organized by Defence Turkey Magazine. 

The presentations were based on the 2017 Theme: “Strengthening the Cyber Security Ecosystem and Cyber Security Cluster”, “Increasing Competitiveness and Development”, with the participation of approximately 400 guests consisting of public, institutional and private sector representatives and senior officials.

Opening speeches for the two-day conference were presented by Vice President of Information Technology Institute Mr. Ahmet Kılıç, Deputy Undersecretary of Defense Industries Mr. Mustafa Şeker and Keynote speaker, Director of NATO Infrastructure Services, Dr. Gregory B. Edwards.

Mr. Mustafa Şeker, Deputy Undersecretary of Defense Industries, emphasized that cyber security is a very large area and that they will focus on the issue of clustering during this conference. “We want to create a clear road map at the end of the day, we aim to use the resources efficiently. The Turkish Armed Forces, public institutions and organizations have an increased awareness, but our competence is not yet at the desired level. A task has been given to us in order to increase the competencies of our local companies and to establish the ecosystem within the frame of the action plan that we have created. In this context, we will discuss the support we provide to our entrepreneurs today. We are willing to create a targeted cluster of exports, focused on technology and innovation, and that the products can be collected under one roof and made internationally marketable.” 

Mr. Ahmet Kılıç, Vice President of Information Technologies and Communication Authority (BTK), noted that the operations carried out from internet connected devices and the data produced are constantly increasing, and that cyber security has become a part of national security due to the risks of social and economic life. “The attacks cost more than $500 billion per year for cyberattacks, making attacks by cyber attackers easier with today’s technology, while the costs of protecting these against these daunting threats are increasing for nations and individual users.” He emphasized that cyberattacks will continue to increase and detection will become more difficult, and that new and up-to-date methods must be explored and used to defend them. 


Keynote Speaker- NATO Infrastructure Services Director, Gregory B. Edwards: “NATO Cybersecurity – A Look Beyond the Horizon”

The following the opening speeches, the Keynote Speaker- Dr. Gregory B. Edwards, Director Infrastructure Services, NATO, NCI Agency pointed out the agency’s contributions in cyber security for NATO. He noted that “Turkey understands that the threat is real and is involved and engaged as a nation, and as a military. I’m encouraged by that as I begin my presentation, talking about our contributions from an agency prospective to NATO. We think it’s important that we look beyond the horizon. Again, the threats are real. We have defenses in place today. We have capabilities in place today. But, in cyber security you are always thinking about the next step, being proactive in where we are headed.” Dr. Gregory B. Edwards elaborated on NATO’s mission of ‘Connecting the Force’ via the digital platform and the capabilities that they will modernize, resulting in cohesive services in NATO. 

Dr. Gregory B. Edwards provided insight into the reduction of Cyber Attack Surface through Data Center Consolidation. He shared “IT modernization is a fundamental capability that is talked about in NATO, as to how we will modernize the infrastructure we’re putting in place. There’s a contract in place allowing us to do that. Simply, what we are doing is reducing the attack surface. We have too many computers, too many nodes, too many servers that are deployed throughout NATO as an enterprise, we want to reduce that. We want to consolidate those into a data center, because we feel that there we can better protect and defend that particular environment from our applications to the core services that we provide. Another way to look at this is in terms of the common infrastructure in cyber security and operations. We are modernizing our roadmap, and we ask you, as a nation, industry, as academia to work with us to modernize and improve where we are headed.”

Dr. Gregory B. Edwards continued “We are increasing our ability to defend ourselves. We as an agency provide technical solution services to NATO that are necessary to defend NATO’s cyber enterprise. They extend all the way from helping to develop policy that is triggered on cyber defense, all the way to the extent of defense training. We think that these are the key services in NATO that are necessary to take us into the future for cyber defense. As we talk about raising the bar, what can we do to improve policy and strategy? Be more prescriptive. This is a very important point for us in that policy dictates what you are able to do. If you wait for the policy in cyber defense you could be at a disadvantage, you could be late in defending yourself in that regard. What we are suggesting is that policies be more incremental. Develop a policy that allows you respond to threats. You cannot wait for the policy to be developed and then respond. Let’s be more prescriptive. Also, our financial capabilities are limited. We are not going to buy everything that industry has to offer and employ that, it would be a foolish endeavor. What we are suggesting is that nations, Turkey, others, you have developed capabilities. Let us learn what those capabilities are and let us take advantage of those capabilities for NATO. It’s no different than what we do today from an air, land and maritime environment. Let’s do the same in cyber.”


Integrating Network Operations and Defense 

Dr. Gregory B. Edwards commented that “The people who watch your network day to day, looking for problems that are performance related, are the same people who look at your network and notice that there is a cyberattack, a cyber threat on your network. We are suggesting that those must always be intertwined, they must always stay together. If you separate them, you open yourself for a vulnerability that the enemy would love to exploit. The day to day watchers of the management of the network are the same individuals who are the cyber defenders of your network, and our suggestion is to keep them together. When there is discussion about adaptations and changes within NATO, this is the Professional advice, as subject matter leaders, that we give to leaders in that regard.” 

Compliance and Audit

NATO has teams who deploy and go into inspect the cyber environment. In that cyber environment, they identify what the problems are. Dr. Gregory B. Edwards underlined that there is shift now, they will go in and inspect and then fix what those problems are because there are threats that are being left and have to be taken care of. He said “In the past this team would deploy and again it would look at any nation’s environment that it was authorized to access and then give you a report. We are going to change this to where we are able to then stay with you and actually fix problems that are in your environment. A chain is only as strong as its weakest link. We want a strong chain in this area.” He continued saying “Again, it really is also about people. It is really not just about technology. It is about us. Those people have to be trained, nurtured and supported in this cyber environment. We must invest in our human capital, the people, the brains are what we use to take us forward. We say develop cyber warriors; we must be aware of an aspect of cyber that is about defense and how it is deployed.”


Cyber Hygiene – Internal Threat is Real

The term cyber hygiene was discussed. Dr. Gregory B. Edwards expressed that it is essential to thoroughly address known threats, an internal look, making sure all servers, software current versions and patches are in place. He noted that “Many in the cyber world have noticed that we have had an external focus. An external focus is important, but we’re fairly well defended in that area. There are many threats that arise from mistakes that we make inside and vulnerabilities that we know of.”


Leveraging National Solutions

Nations have come together to provide capabilities to NATO. Dr. Gregory B. Edwards stated “We worked with these nations under various programs to find where the capabilities can contribute directly to solving key problems in NATO. Cyber situational awareness is a key problem that we are focused on today. It is one that was brought to us by a group of nations.  We implore the nations, bring us your capabilities so that we can use them to contribute to the defense of NATO.” The IT modernization Project is a large one that will allow NATO to consolidate a lot of the external servers and devices that they have throughout their enterprise into a more centralized managed environment, one that they can better defend. Dr. Gregory B. Edwards shared “When you develop the architecture for your enterprise we think it is important that you think about cyber security, that’s the beginning step. We’ll extend ourselves into the deployable space where nations contribute forces to execute missions for NATO providing mission assurance. This is our focus.” Dr. Gregory B. Edwards shared how the agency is moving forward in developing a digital platform and how they are posturing themselves to be able to defend that digital platform as modernization occurs. Specifically, NATO is imploring support from industry, nations and academia in order be able to move forward in their objective beyond the horizon. 

Following the opening speeches, the conference continued with panelists to discuss the topic of “Cyber Security and Defense Policies of Countries”, “Strengthening the Cyber Security Clusters and the Cyber Security Ecosystem” and “New Technologies in Cyber Security”, where the cyber security directors from different countries, experts, NATO and Turkish representatives came together.


Session 1 “Cybersecurity and Defense Policies of Nations”

The first session of the conference, “Cybersecurity and Defense Policies of Nations”, was held with the participation of Rear Admiral Önder Çelebi- NATO Allied Command Transformation; Mr.Christian-Marc Lifländer- Head Cyber Defense Section Emerging Security NATO; Ms. Paula Walsh - Head of International Cyber Security Team UK Foreign and Commonwealth Office; Dr. Süleyman Anıl Retired NATO OTAN Head of Cyber Defense; Barış Egemen Özkan - Captain(N) OF-5 - SHAPE Cyber Operations and Exercise Branch Head NATO Allied Command Operations (ACO) and moderated by Mr. Mustafa Şeker Deputy Undersecretary of SSM. 

The first panelist of the session, Rear Admiral Önder Çelebi, serving NATO Allied Command Transformation as Assistant Chief of Staff for Command and Control, Deployability and Sustainability, discussed NATO’s defense policy and provided examples regarding how they are developing and improving cyber defense in NATO, capabilities and capacities. He stated “As you know, NATO, like individual nations and the other organizations, relies on information and communication systems to execute critical mission tasks such as consultation, planning, collaboration, logistics and command and control in order to execute a wide range of different critical missions. The allies are faced with an evolving complex threat environment. State and non-state actors can use cyberattacks in the context of military operations. In recent events, cyberattacks have been part of hybrid warfare. NATO and its allies rely on strong and resilient cyber defenses to fulfill the alliance core tasks of collective defense, crisis management and cooperative security. NATO needs to be prepared to defend its networks and operations against the growing sophistication of cyber threats and attacks. In order to pace with the rapidly changing threat landscape and maintain a robust cyber defense, NATO adopted an enhanced policy and an action plan, which was endorsed by allies at the Wales Summit in September 2014. The policy establishes that cyber defense is part of the alliance core task of collective defense and confirms that international law applies in cyber space and identifies and intensifies NATO’s cooperation with industry. The top priority, depending on the policy, is the protection of communication systems owned by and operated by the alliance. The policy also reflects allied decisions on issues such as stream-lined cyber defense governance, procedures for assistance for allied countries and the integration of cyber defense in operational planning. In addition, the policy defines ways to take awareness, education, training and exercise activities forward and encourages further progress in various cooperation initiatives.  Including those with partner countries and international organizations as well, it also foresees boosting NATO’s cooperation with industry including information sharing and best practices. Allies also have confirmed to enhancing information sharing and mutual assistance in preventing, mitigating and recovering from cyberattacks. NATO’s cyber defense policy is complimented by an action plan with concrete objectives and implementation timelines on a range of topics from capability development, education, training, exercise and partnerships. Allies pledged at the Warsaw Summit in 2016 to strengthen and enhance the cyber defense of national networks and infrastructure, as a matter of priority. Together with the continuous adaptation of NATO’s cyber defense capabilities, as part of NATO’s long-term adaptation, this will re-enforce the cyber defense and overall resilience of the alliance. When it comes to cyber issues it is easy to understand that NATO is only as strong as the weakest link. This pledge works at gaining the shared purpose and fair burden sharing of the nations to expend resources to strengthen their cyber defense, thus strengthening NATO. At Warsaw, allies also reaffirmed NATO’s defensive mandate and recognized cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in air, on land and at sea. As most crises and conflicts today have a cyber dimension, treating cyberspace as a domain will enable NATO to better protect and conduct its missions and operations.” He shared that the NATO computer response capability protects NATO’s own networks by providing centralized and round the clock cyber defense support to various NATO entities. This capability is expected to evolve on a continual basis to maintain the pace with the rapidly changing threat and technology environment. To facilitate an alliance wide and common approach to cyber defense capability development, NATO also defines targets for allied countries, implementation of national cyber capabilities via the NATO defense planning process. Rear Admiral Önder Çelebi noted “Cyber defense has also been integrated into NATO’s smart defense project initiatives. Smart defense enables countries to work together to develop and maintain capabilities they could not afford to develop or procure at all. It also helps countries to free resources and develop other capabilities. The smart defense projects in cyber defense so far include, the malware information sharing platform, multinational cyber defense capability development project and the multinational cyber defense education and training project. NATO is also helping member countries by sharing information and best practices and by conducting cyber defense exercises to help develop national expertise.” Rear Admiral Önder Çelebi shared information about the NATO communications and Systems school saying “It is going to be located in Portugal soon, where it will provide greater emphasis on individual cyber defense training and education. Also, we have the NATO school in Oberammergau, Germany and the NATO defense college in Rome, Italy which are other important NATO education and training facilities that improve individual and collective training.” 

Recognizing that cyber defense is about people as much it is about technology, Rear Admiral Önder Çelebi stated that “NATO continues to improve the state of its cyber defense education, training, exercises and evaluation. The annual cyber collation exercise, which is being conducted in Estonia right now, aims to integrate cyber defense elements and considerations into entire range of alliance exercise. NATO is also enhancing its capabilities of cyber education, training and exercise’s, including the cyber range which is based on a facility provided by Estonia. To enhance situational awareness a memorandum of understanding was developed in 2015. The MOU is signed between NATO and the national cyber defense authorities of each allied nations. It sets out arrangements for the exchange of a variety of cyber defense related information and assistance to improve cyber incident prevention, resilience and response capabilities.” NATO is facilitating the ability to federate via the Federated Interoperability by design initiative. Rear Admiral Önder Çelebi provided examples saying “We have a serious event that many you have already heard about: TIDE Sprint, a Think Tank event twice a year where we talk about interoperability challenges, the other is the Hackathon where we are looking for solutions to those challenges. We have the Cyber Warfare interoperability exercise where we are testing and verifying solutions. I would like to invite you to give your support for the participation in these events.”


“The UK’s National Cyber Security Strategy – Making the UK Secure and Resilient to Cyber Threats, Prosperous and Confident in the Digital World”

Mrs. Paula Walsh, Head of International Cyber Security Team, UK Foreign and Commonwealth Office discussed the UK’s 2016-2021 policy. The New 5-year strategy was launched last year with a vision that “The UK is secure and resilient to cyber threats and that it is prosperous and confident in the digital world.” She shared details about the UK’s new national cyber security center as part of this strategy and a whole of government approach linked to it. She emphasized the need for international partnerships, across governments, business, academia and society saying “Last year we launched the national cyber security center. It is our bridge between government and industry. It’s one expert organization focused on decrease the cyber risk and deliver better incident management, share knowledge and build capability. After one year in existence it has had 590 significant incidents, 30 of which required a cross-government response. Wannacry was a big test in May of this year for us where our hospitals, our national health service was hit. It’s also looking at the active cyber defense, preventing attacks. Another example of active cyber defense is that they have managed to reduce the amount of time that a phishing site can remain online from 27 hours to 1 hour. We are looking at some of these transformative techniques that you can use automatically to deliver better security. The cyber security information sharing partnership is a key tool for us in terms of sharing information with industry. International collaboration, we have been engaging over the last year with 50 countries and looking at what we can do better together.” 

Mrs. Paula Walsh also provided more details stating “Our national security strategy in 2015 identified cyberattacks as a tier 1 threat to the UK and that was quite fundamental for us recognizing there was around 6 threats and that was one of the top threats. 4 out of 5 people in the UK bought something online last year, that’s more than any other country, but that number is increasing in every country, it’s very much part of our world and the trust and confidence in that is absolutely fundamental. Our aim is that the UK is the safest place to live and do business online and that’s also what this strategy is looking to achieve. Underlying that, as well as the strategy, we have put 1.9 billion pounds, over the next 5 years, to help transform the way that we are looking at cyber security.” She noted that the scale of threat complexity is increasing and that 80% could be defeated by implementation of best practices. Mrs. Paula Walsh stated that “The previous strategy thought that the market would fix this, that we would see solutions coming out and we haven’t. It is covered in 3 different areas: Defend, Deter, Develop.” 


“NATO’s Role in Improving National Cyber Resilience”

Mr. Christian-Marc Lifländer, Head of Cyber Defense Section Emerging Security, NATO provided an overview of progress made in cyber defense across NATO. He highlighted the fact that, “On one hand the interconnected and open character of cyber space has offered really unprecedented opportunities to our economies and societies public and private sector. However, at the same time these characteristics make it easier for those who want to use cyber space for malicious activities. Cyber threats are growing both in numbers and in sophistication. My message to you today will be two-fold. It is a message of the need to improve resilience and a message of cooperation. “Article 5 of the NATO Treaty ‘An attack on one is an attack on all’ is really the strongest promise that sovereign nations can extend to one another. Mr. Christian-Marc Lifländer underscored this point saying “We have built this major international organization to make this promise credible. An organization that features a permanent consultation process, an elaborate military planning mechanism and an integrated command structure. The number one priority for NATO in cyber defense is really to ensure the protection of its networks.” He continued “For allied cyber defense, NATO will continue to act as a facilitator for the development of national cyber defense capabilities. One of those tools is the NATO defense planning process, which is largely focusing on the operational aspects of cyber defense and the military aspects of that domain. We have also made a decision to recognize cyber space as a domain of operations. Cyber defense remains a team sport; cooperation with allies, with partners, with international organizations, with industry and academia, it will remain fundamental for everything that we do.” He summarized by saying “Cyber defense remains a team sport. It doesn’t matter if NATO headquarters is protecting if our allies are not protected. It doesn’t matter if our allies are protected if the key trade partners or their neighbors or the industries upon which they depend are not protected. I will not pretend that it doesn’t take time and effort to develop these initiatives and relationships to build trust and share information. As Winston Churchill said ‘There is at least one thing worse than fighting with allies, and that is to fight without them.’ This work may not be fast or easy, but I think it is required and NATO is there to help you. We do this cyber defense work at NATO because it matters, and I think NATO matters because it does this cyber defense work.”

The Cyber Defense Pledge that was made at the Warsaw summit was meant to increase national cyber resilience and is intended to be an important tool to deepen cyber defense capabilities at home and cyber cooperation across the NATO alliance. Mr. Christian-Marc Lifländer stated that “The pledge has 4 key objectives: First, to generate a strategic level attention on cyber defense issues. Second, to promote and prioritize investment in cyber defense. We also wanted to link NATO cyber defense mandate focused on strategic and military systems with broader national cyber defense objectives. We wanted the cyber defense pledge to serve as a platform for allies to share national best practices across the alliance. The evolving cyber threat landscape continues to underscore the importance and urgent nature of this continuing effort. After our bilateral discussions with allies, I can tell you that I think we still need to focus on resourcing cyber defense, and here I do not only mean financing, finding financial tools, but also how do we recruit and retain personnel. How do we enhance information sharing, how do we establish situational awareness, and I think the NCSC certainly is one way at the national level is a way to ensure that all these aspects come together. But, for us our efforts to strengthen cyber defense really doesn’t end with allies as we all benefit when the NATO ecosystem is more secure, and NATO has more partners to collaborate with. There are several programs in play, but one that I would like to highlight is the Science for Peace and Security program where we have organized workshops, training courses and multi-year projects. This has been an important project in terms of allowing both organizations to automatize their sharing of information.” 


Dr. Süleyman Anıl, Retired NATO OTAN Head of Cyber Defense: “Cyber Warfare – the Tool of Choice for Modern Conflicts”

Dr. Süleyman Anıl, Retired, NATO OTAN Head of Cyber Defense discussed the Cyber threat landscape noting that it has become a national security issue. He shared “We have seen a glimpse of cyberattacks in Estonia in 2007 and then in Georgia, but the most interesting example was in Ukraine. When we looked at the Ukraine crisis and analyzed the cyber events there, we realized that the cyberattacks had started well before the attacks on the ground. Watching cyberattacks and having a good situational awareness will give an indication of what is coming up in conventional or non-conventional terms on the ground. Now it has become much more serious, recognized as a New domain of warfare by almost everybody and unfortunately there are challenges and especially in the legal aspects of this phenomenon.” He continued with detailed examples of threats to critical infrastructures saying “Stuxsnet was an eye opener and lesson for almost everybody, related to the lack of resilience or vulnerabilities in the systems.” The New element in hybrid warfare is the component of cyber space. Recognition is out there. Dr. Süleyman Anıl noted that “Nations including the US, France, Germany, Russia are updating their doctrines or strategies, reorganizing their structures, increasing investments and that reflects the recognition of the significance of cyber warfare within modern conflicts. The cost of conventional conflicts is so high now, use of non-conventional means is also another reason for cyber space being a tool of choice.” Dr. Süleyman Anıl mentioned the Tallinn Manuals pointing out that “In the western world there is the recognition of the existing international laws and conventions and UN charters that apply to cyber space equally. That is challenged right now by another group that is lead mainly by Russia and China and that is why the discussions in the UN are not getting anywhere. There are different efforts in different international organizations to minimize the risk of security in cyber space, but that process is very slow and that’s one of the reasons why the cyber threat landscape is elevated. There is good work which NATO sponsored but it is not an actual NATO product or document, the Tallinn Manuals 1 & 2 goes into the next level of this subject. Accepting that current international laws apply in cyber space is a starter, it doesn’t really state the practical boundaries of how a cyber operation should be conducted. The Tallinn Manuals gives the next level of details of how cyber operations can be done within the frames of international laws and regulations and conventions in place in an informal way. Because of the lack of agreement in the UN, the OSC or other international problems, I think probably organizations like NATO and the EU will adopt, if progress is not achieved in other the international organizations, the Tallinn Manuals, as a guidance document for cyber operations.”


“Cyber as a New Domain of Operations”

Barış Egemen Özkan, Captain(N) OF-5, SHAPE Cyber Operations and Exercise Branch Head, NATO Allied Command Operations (ACO) noted that the conference was a “Great opportunity from the national perspective to see all of the cyber stakeholders in the room coming from different disciplines, from military, government, private sector, industry and academia, having seen that everyone is interested here has given us hope for a better cyber posture from the national perspective.” A past to present look at NATO’s cyber perspective was presented by Barış Egemen Özkan. He noted that in 2002-2003 cyber was referenced for the first time in NATO documents. He commented that “Unfortunately the real trigger that alerted NATO were the cyberattacks in 2007 that knocked down most of the critical infrastructure of Estonia, which made NATO realize that cyber can be used as a destructive tool on the critical infrastructure of a nation. From that moment on, we have developed a couple of policies, revised them, but the last one is the enhanced cyber defense policy which was approved at the Wales summit in 2014. Cyber is part of collective defense which means that it can trigger article 4 and 5 operation for NATO and I would like to point out that international law applies in the cyber space domain. In the same meeting, the nations also signed cyber defense action plan which is the defining of responsibilities for different organizations within NATO toward operationalizing cyber. The second major milestone in NATO is the 2016 Warsaw summit, the point where nations recognized cyber as a domain of operation. Before that decision was made, we only had 3 domains, maritime, air and land domains. At the Warsaw summit the head of governments recognized that cyber space is the 4th domain.” He discussed the focus on mission assurance saying “There is a shift in focus from information assurance to mission assurance. We realize that with cyber it’s almost impossible to have 100% security on all of our networks, so rather than trying to close all the gaps, we want to shift our focus to mission assurance.” He discussed how social media is also part of the cyber space domain, noting the kinetic effect of cyber weapons and that they are unique and distinct from the weapons that we have been using in the other domains. Barış Egemen Özkan stated that “In order to operationalize cyber, these 5 factors must be in the picture; full spectrum situational awareness, network awareness, mission awareness and threat awareness, that we have to put in one place and make sure that we get all the impacts of the vulnerabilities and the threat. In order to establish a full spectrum situational awareness, information sharing is a critical enabler for us. We realize that nations are very hesitant to share their information and cyber intelligence, which is fair because it is precious information for them. But our intention and aim is to create trust through well-defined processes within NATO so the nations will be less reluctant to share this information.” An eye-opening figure was given, highlighting the impact of cybercrimes; as an outcome of research that was conducted 2 years ago, it was concluded that a minimum 1% of GDP is lost due to cybercrimes. Barış Egemen Özkan stressed that “We need to invest in cyber to save losses due to cyber-attacks. Remember, these days we are discussing 2% of GDP for military spending.” In summary Barış Egemen Özkan said “This new domain of operation requires a cultural revolution. What we are used to with the other domains is not working for the cyber space domain. It is a supported function, it is not a supporting function. It is a provided function rather than a provider function. Cyber is drifting from J6 functionality to the J3 operational functionality and we have to recognize this. In the beginning of this month we had a defense ministry meeting and the secretary general made it publicly known that this cultural revolution that we are going through in NATO is giving birth to a New organizational construct that is name the cyber operations center, it will come out as a result of the NCS adaptation package. We are still discussing this new organization, its functionality, resources, roles and responsibilities and the authorities that this new cyber operations center will have. In the future, you will see that the cyber operations center to fulfill the needs of the theater component or domain adviser of cyber space as a New domain of operation, as we have for the other domains; LANDCOM, MARCOM and AIRCOM.”


Session 2 “Cybersecurity Clusters: Collaborations to Strengthen the Cybersecurity Ecosystem”

Day 1 - Session 2- “Cybersecurity Clusters: Collaborations to Strengthen the Cybersecurity Ecosystem” was held on by moderator Mr. Oğuz Babüroğlu- Arama Search with the participation of Mr. Javier Tobal- Program Manager Spanish Cybersecurity Cluster; Mr. Ömer Korkut, STM Deputy General Manager; Mr. Salih Talay - Cyber Security Group Manager of Havelsan; Mr. Hakan Terzioğlu- Hague Member – Entrepreneur – Bizneta and Mr. İlhami Keleş -Secretary General of SAHA Istanbul Defense and Aerospace Cluster Association.


“Cybersecurity Clusters in Europe: The case of Spanish Cybersecurity Innovation Cluster” 

Mr. Javier Tobal, Program Manager, Spanish Cybersecurity Cluster discussed cluster participation in International activities, noting that their contribution to the Spanish GDP is almost 25% in the cyber security sector. The Cybersecurity Innovation Cluster of Spain (AEI Ciberseguridad y Tecnologías Avanzadas) is the association labelled as excellent by the Ministry of Industry as the National reference in the sector. The Cluster brings together around 90 members between large companies, SMEs, research centers, Universities, and other public and private organizations interested in promoting new technologies and business development in the cybersecurity and new digital technologies areas. AEI (the Cluster) is founder member of ECSO (European Cyber Security Organization), member of the Directors Board as well as member of the Partnership Board with the European Commission for the cPPP. The Cluster has a wide EU and international activity itself and through its members and is committed with development of projects and services for its members in collaboration with other Clusters. Mr. Javier Tobal noted that their success comes from the fact that “All member companies small and large have a willing mindset, they share opportunities, smaller companies can get income from projects by collaborating with other companies in the cluster.” The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote, encourage European cyber security. 


“Cyber Security Collaboration Activities in European Organization for Security”

Mr. Ömer Korkut, STM Deputy General Manager discussed how information and communication technologies have changed our habits and introduced new challenges. He stated “Improvements in these technologies have created a more connected world. In this new digital era connectivity, has brought significant benefits but it has also posed new threats to global security. Individuals, companies, institutions need to be protected in this hyper-connected cyber space. Since borders are blurred on the internet, cyber security has turned into an international challenge. It has been 10 years since the first major coordinated cyber-attack targeting and paralyzing a nation state’s IT infrastructure. The scope of the threat is only likely to grow as we continue down the path of digitalization. The cyber-attacks that are carried out in many different ways, from ransomware to cyber espionage, have been seriously damaging people, institutions and even states. According to Europol only Wannacry impacted over 10k organizations and 400k computers 150 countries and was responsible for $4 billion in damage. In 2004 the global cyber security market was worth $3.5 billion. As of 2017 we expect it to be worth more than $120 billion. The cyber security market grew by roughly 35x in 13 years. While all other tech sectors are driven by reducing inefficiencies and increasing productivity, cyber security spending is driven by cybercrime. The unprecedented cyber-criminal activity we are witnessing is generating so much cyber spending that it has become almost impossible for analysts to accurately track. Global spending on cyber security products and services is predicted to exceed $1 trillion cumulative over the next 5 years, from 2017-2021. This means 12-15% year over year cyber security market growth through 2021. On the other hand, attack surface is also growing very rapidly because of the continuing fast digitalization, therefore collaboration in industry is necessary to tackle cyber security properly.”  


European Organization for Security (EOS) 

EOS was created by European private sector providers in 2007 from all domains of security solutions and services. EOS is the voice of the European security industry and research community. Operating in 15 different countries, EOS Members provide security research, solutions and services across many security domains, including border, cyber, transport and crisis management. STM is the only Turkish company holding a membership of EOS at this time. The organization supports its member by providing access to business opportunities and by promoting at the highest level the implementation of innovative solutions in priority areas like cyber security, border control, crisis management, protection of critical infrastructures and transport security amongst others. The purpose of the organization is to provide a platform of collaborative work, insightful exchange of ideas and best practices between European institutions, European security industry, research centers, universities, local clusters and associations. Mr. Ömer Korkut noted that “The main objective of EOS is the development of a harmonized European security market in line with political, societal and economic needs through the efficient use of budgets. These topics are even more important when we are talking about cyber security. One of the working groups in EOS is the Cyber Security Working Group which aims to foster private-public dialogue between the industry, research institutions and the public sector to develop a harmonized European cyber security market. Cyber Security Working Group has the capacity to initiate dialogue and develop recommendations on sensitive issues such as cybercrime, intelligence, cyber defense, digital autonomy and other sovereignty related issues. I would like to emphasize intelligence here because in order to tackle today’s international cyber security challenges we need to be proactive not reactive.” 


Havelsan and Turkey’s Cyber Ecosystem

Mr. Salih Talay, Cyber Security Group Manager – Havelsan discussed the importance of cyber security technologies developed by the defense industries and their role in maintaining homeland security, the position of Havelsan and their work in the cyber ecosystem. Emphasizing the importance of collaboration to improve the readiness level of a nation against cyber warfare, Mr. Salih Talay said “There’s no doubt that almost all systems which are being utilized by us in everyday life such as: the energy distribution system, air traffic control systems, transportation, telecommunications and even the satellite systems, they are strictly dependent on the information technologies which are part of cyber space. Any incident that may occur in these systems may cause a significance decrease in the quality of life. It is clear that the biggest effects of an incident on critical infrastructure will harm national vital interests or if it’s an enterprise it will lose and prestige and competitive capacity of the enterprise. We, as Havelsan, are conducting several command and control systems in our projects for the Airforce, Army and Naval forces. Even for the foreign countries we are developing command and control systems and exporting them. Cyber security has become also the most important factor in the military platforms today.” Underscoring that international cooperation and coordination against cyber threats is mandatory, he shared that “Among Turkish Armed Forces Foundation companies, Havelsan took the lead in cyber security and, as we are producing the software and integrated solutions for our military and allied countries, we are the responsible company for cyber security goals. Havelsan’s first goal in cyber security was to become the main regional cyber defense provider with its expert staff. We’ve started to develop the national and local cyber security products and services that our country needs in accordance with the national cyber security strategy. Therefore, we established our cyber defense technology center.” Mr. Salih Talay expressed that “Addressing the current cyber security threats needs more action than developing national and local solutions. You have to be in competition with the global cyber security market and you have to use next generation technologies in order to defend against next generation cyber security attacks. Your solution has to meet 3 additional properties: they should be high quality, high continuity and of course they should provide high security.” The number of current registered partners in Havelsan’s cyber security ecosystem is 84 and 30 of these partners are actively holding a contract and working on current cyber security projects with Havelsan. Mr. Salih Talay shared details saying “11 of the partners are currently ranked as level A status, 28 partners are ranked as level B and 13 partners are ranked as level C. This leverage is mostly used to identify the right partners while collaborating on a project. With the cyber security ecosystem, Havelsan can easily find the right partner to build custom cyber security solutions for its local and global customers.”    


“International Collaboration Journey of Biznet and HSD”

Mr. Hakan Terzioğlu, Hague Member – Entrepreneur – Sales and Marketing Director at Biznet shared insight gathered from participation in conferences for the last 2 years and why they chose the HSD Hague security cluster. He noted that they started investigating from “The US and then we took it to Europe and ended up in the Middle East, to make sure we have looked everywhere.” Biznet is a private company that only does cyber security including OT and IT for the last 17 years and was established in Ankara, and now has grown to Istanbul with a total of 65 staff. Mr. Hakan Terzioğlu expressed “We are dealing with the triad of cyber security. It consists of people, process and technology. We must establish mutual trust and to protect mutual benefit of the collaborative parties. Clusters are the perfect environment and foundation to establish collaboration in a respectful manner for each party; this is why we believe that clusters are the best incubators for international collaboration. The HSD cluster is very organized and focused and that was what we were looking for. It has strong international ties and doing international collaboration with pan European and other overseas countries. They have a moto: the triple helix of cyber security (which is what we are all talking about, but with one difference, it’s working there in the HSD cluster. We need to grab this idea and take it even further and try to implement it for country as well, it’s a very good opportunity for collaboration.” Mr. Hakan Terzioğlu also gave examples of the tangible benefits they have received as part of HSD, he shared “We’ve also gained some role models for our existing customers in Turkey, some of the New stakeholders of HSD have already completed projects such as Smart Meters, for example, and they guided one of our customers on how to achieve that, how to prepare RFP and RFIs. They didn’t make the same mistakes that Alliander made, they learned from their mistakes and that is invaluable.”  

Last panelist of Session-2, SAHA Istanbul Defense and Aerospace Cluster Association Secretary General Mr.İlhami Keleş conveyed detailed information to the participants on the activity areas, organizational structure and the functioning of the SAHA Istanbul Defense and Aerospace Cluster Association as well as the members’ areas of activity and informed them on the activities held regarding Cyber Security. Mr.Keleş: “We continue to direct the Istanbul SAHA companies towards the area of cyber defense and endeavor to train human resources in this area by providing our companies the opportunities of the universities that cooperate with us to this end.”


Session 3 “Emerging Technologies for Cybersecurity”

Day 1- Session 3- “Cybersecurity Clusters: Emerging Technologies for Cybersecurity”” was held by moderator Mr. Mustafa Dayıoğlu, Director, Cyber Security Institute, TÜBİTAK SGE with the participation of Dr. David Pickard, Manager International Security Programs, BAE Systems; Alper Botan, Director of Security Solutions, Thales; A. Metin Balcı, PhD, ULAK Haberleşme AŞ; Mr. Emre Tınaztepe, Director of Development, Zemane; Mr. Murat Hüseyin Candan, CEO, Barikat Internet Security and Mr. Abdullah Genceller, Project Support Engineering Director, sayTEC.

In the beginning of the panel, moderator Mr. Mustafa Dayıoğlu briefly informed the participants on the new technologies emerging in the world regarding Cyber Security and address the question for the first panelist, the Director of Security Solution, Thales, Mr. Alper Botan about the requirements and solutions of Cyber Security and what type of cooperation they offered as a foreign company for the establishment of a national eco-system in Turkey.


Mr.Alper Botan, Director of Security Solution, Thales: “The Era of Digital Transformation Started”

The initial panelist of this session, Mr. Alper Botan, Director of Security Solution, Thales Turkey made a presentation on the strategies to be followed in the digital transformation era and the new generation cyber security approaches. Stating that a new revolutionary process was being experienced, Mr.Botan continued, “Now we attained at the era of digital transformation. Two thirds of the global 2000 companies list in the world placed digital transformation at the center of their company strategies. 85% of them consider that they have only two years left for achieving digital transformation and surviving this competitive environment. 92% of these companies regard that they have to launch automation systems with artificial intelligence, at least a part of in-house, within the next 12 months. In summary, this digital transformation is for real and presently we are experiencing this process. The world outdistanced the innovation process on this issue. We are going through the early implementation period and this process will continue until the end of 2019. As Turkey, we have a period of approximately 5 years ahead and we have to make use of this time well. We have to complete the adaptation period swiftly and take solid steps as soon as possible.”

Defining digital transformation under 4 topics, Mr. Botan, “If we analyze digital transformation under four main topics, first would be the sales and marketing approach specific to the customer, second would be the approach of outfitting and reinforcing the employee with the new and future digital technologies, third would be an innovation product and business model, and the fourth topic can be identified as the optimization of the activities conducted with the technological facilities.”

Underlining that the evolution in customer behavior entailed the digital transformation, Mr. Botan stated that maintaining information security and confidentiality in this process was critical. Mr. Botan emphasized the importance of relieving the concerns of the customers and continued: “For Digital Confidence we initially have to rely on the security systems, data and the systems processing them are being monitored.” 

Also speaking about the investments made by countries on digital transformation Mr. Botan stated that in France 5 main cyber security strategies were identified as part of the defense concept built in digital transformation and cyber security and continued: “This strategy document contains the establishment and development of cyber security R&D clusters while emphasizing on the requirement of rendering a forecasting and prevention based main national cyber security strategy until the end of year 2020. Moreover, the goal of positioning the cyber security products manufactured in France amongst the world’s best products in this area is also clearly stated in this document. Toward achieving this goal, determination was made regarding support for the innovation regions, research centers, cyber security clusters and incubators and the France National Information Systems Organization was established to this end. This institution which is authorized to execute all types of control is also the certification authority. The first-hand control mechanism of these strategies is being conducted also by this institution.”

Mentioning the specific cluster formed in France for digital transformation, Mr. Botan added that not only the startup companies but also the mentor companies took part in this cluster and continued: “Thales has also been selected as one of these mentor companies in cyber security area. The activities to be held within the scope of this cluster were identified as artificial intelligence, machine learning, big data analyses, block chain and cryptography. Following various eliminations, Thales determined 9 companies to be involved in this process on 11 October 2017 and these 9 companies launched their activities. Within this six-month period, these companies are expected to reveal various commercial products that can be offered to the market. While providing consultancy and market support to such companies, Thales will also include the products put forth in the Thales product range.”

Underlining the requirement of the proceeding with new approaches, measures and precautions in the next decade Mr. Botan added, “We need to develop new generation systems such as integrated threat intelligence systems, new generation sensors and anomaly systems, artificial intelligence assisted big data and artificial behavior analysis systems, etc.”


“BAE Systems – National Cyber Defense”

Dr. David Pickard, Manager International Security Programs BAE Systems discussed the company’s role in national cyber defense. BAE system is better known as a defense company in other sectors. With the majority of their work in air, sea and land, they have very important partnerships in Turkey in both the air and land sectors. Dr. David Pickard noted that “Cyber is only 7% of our global business but that is roughly 5,000 employees and we spend 11 billion every year with a network of 25 thousand suppliers worldwide. In cyber that’s often in the form of investment into early stage starting companies.” The company has a range of customers from nations, governments, institutions, commercial sector, but they also look at financial crime, looking at data sets for anomalies, exploring cloud and digital including forensics. He pointed out that they are one of 5 companies that is certified by the UK government to help companies to recover after cyber security incidents and communications intelligence and with a 40-year history working mainly for the UK government and other allies in those areas. Dr. David Pickard elaborated on threat intelligence coming from the managed services that that they are providing stating “We are currently tracking 137 attack groups. One recent example, last year BAE systems was called in by the SWIFT network to look at the Bangladesh bank and the amount of money that was being stolen out of the servers due to issues that had been found in the SWIFT network. $951 million being stolen, that’s a reasonable amount of investment and it wasn’t by cyber criminals, that’s by a nation state, because they wanted hard currency.  It wasn’t just a single exploit; it was a very complicated series of exploits. It took a long time to map as well as a long time for them to exploit it. Another example of an actor that we’ve tracked and uncovered recently is ‘Snake’ a Russian set, pulling together a lot of different pieces of evidence, and then looking at the targets that they go after. These are examples of the sort of threat data that we produce. We have this as a service and we are currently offering this service to Turkish companies. Hopefully we will be able to work more with Turkish companies in the future.”

Making a presentation on behalf of Ulak Haberleşme A.Ş, General Manager Metin Balcı, Ph.D. expressed that Ulak Haberleşme A.Ş was established in April by SSTEK founded under the Undersecretariat for Defense Industries and launched its activities in August and extended information on the activities of the companies to the participants. Mr. Balcı said, “As Ulak Haberleşme A.Ş, we launched our journey with the vision on ways of generating new generation communication technologies solutions through national resources in an environment with increased security. While accomplishing this, we aim to reinforce our existence in the international platform as we make maximum use of the accumulations in the eco-system and again by increasing the patent and intellectual property rights to the maximum level.”

Underlining that the Ulak Commercial and Public Safety Base Station Project was initiated five years ago upon the directive of the Undersecretariat for Defense Industries and that the product was currently under testing stage with the participation of the Telecom operators, Mr.Balcı added that the activities were completed as part of the MİLAT project launched 3 years ago toward establishing national network technologies. 

Delivering a presentation on behalf of sayTEC Company, Director of the sayTEC Sales Support Group Mr. Abdullah Genceller stated that the number of the victims of cyber security in 2016 were 560 million people and added that besides the individual attacks, now institutions and companies were involved in cyber warfare. Mr.Genceller delivered brief information to the participants on sayTEC services provided and their products in this area and said, “I would like to briefly speak of how we protect our companies and our institutions as sayTEC. We have disk-based systems for keeping data. We also have our own patented technologies that we develop in certain layers. We work on securing the integrity, unity and non-revisability of data arriving at the center through the software we develop and we have an 8-stage security infrastructure to this end.” Underlining that they were able to encrypt all types of IP communications and provided services to their customers to maintain the security of mobile devices and camera systems, Mr.Genceller added that they were capable of providing the security of in-vehicle smart systems in an encrypted way with the help of their own software.  


Barikat CEO Mr. Murat Hüseyin Candan: “Human Resources Should Form the Center of the Operation Center” 

Barikat Internet Security CEO Mr. Murat Hüseyin Candan shared the approach that embraced the cyber security issue as a whole without separating governmental and civilian associations and said: “We have to approach the cyber security issue in the following manner. In light of the published report within this scope; while the cyber attackers were able to hack the systems at a daily rate of 75% in 2004, the cyber security specialist or defenders of the systems were capable of noticing 8% of these attacks, so 92% of these attacks were either noticed after months or maybe after years or went unnoticed. It is assessed that since 2004, approximately $500 billion have been spent worldwide on cyber security. Despite all great amounts of investment made in this area, as we reached 2014, we are witnessing a ten-year period in which cyber attackers hacked systems on a daily basis at a rate of 100%, and merely 22% of these attacks were noticed daily by the preventers of the cyberattacks. This is how we put the cyber security problem through actual data. If we need to change certain things then we need to change this picture immediately. It is not possible to solve this problem through merely spending a lot of money on it. Instead of a highly invested center that resembles a space center, the Cyber Security Operation Center must have an approach, a point of view of its own. There are certain highly critical criteria in this approach as well. Cyber Security Operation Center is being defined as the place where a team with high capabilities operated and yet protection, detection, analysis and intervention remained in the background. For overcoming the vulnerability in cyber security, the human resources issue needs to be resolved. Unfortunately, the investments in cyber security are merely directed toward technology; yet investing in human resources that will make use of such technologies is also compulsory. We need to establish a structure where the technologies we own are used efficiently and the existing human resources capabilities are reinforced as soon as possible.” 


“Preparing for the Unexpected in Cyber Space”

Mr. Emre Tınaztepe, Director of Development, Zemane Information Technologies discussed the importance of recognizing perception rather than just the tools or products that are utilized. He compared cyberattacks to guerilla warfare, stating that depending only on usual, regular or expected cyberattacks are the key for understanding why we keep still failing at cyber security. He noted “We should consider cyber security as a whole which should contain at least 4 elements: technology, processes, people and the business. The absence of at least one of these elements will lead to what we call cyber security ignorance and it will be followed by an increased number of attacks. We should analyze what happens when an organization faces a cyberattack and how much time and resources it takes for an organization to realize that they are under a cyberattack. Unfortunately, 81% of the reported intrusions are not discovered by the internal security processes but rather by news reports, law enforcement notifications and external fraud monitoring teams. It takes approximately 146 days globally to discover a cyberattack, while this number is tripled for the EMEA region 469 days. The difference between these 2 numbers is due to the fact that the EMEA is facing less high-profile attacks when compared to other parts of the world. The high-profile attacks have already increased the level of awareness in the organizations in other parts of the world. I think this is also the reason why we started establishing security operations centers. The emergence of Technologies such as SIEM (security information event management) and the EDR (end-point detection and response) proves the fact that we should always expect a cyberattack and prepare for it.” Dr. David Pickard discussed the main purpose of SOCs; which is in essence a facility that houses a group of people who are responsible for monitoring and analyzing an organization’s security posture. He stated that “According to research covering 7 years of investigation of the SOCs globally, 82% of SOCs failed to score a maturity level of 1. Only 18% of SOCs scored a security operations maturity model level 3. This clearly indicates that we have finally accepted that we will be breached and started thinking about the solution.” Emerging technologies were discussed, such as Authentication technologies, Data Encryption, Asset Management technologies, log collection backed by AI and machine learning, Intelligent Incident Response and Threat Hunting Technologies.” He stressed that “Regardless of what product or technology we have, without qualified personnel and well-defined processes and procedures, these technologies will all be useless.”  

At the end of the session, the panelists assessed and underlined that the governmental mechanisms, incentives and other means needed to be used more effectively for achieving more qualified human resources in parallel with developing technologies and it was agreed that creating an education methodology extending to the base and increasing the interest of the youth in high schools and middle schools were necessary in particular, to increase skilled human resources and awareness in this area. 


Day 2: “Discussion on Turkish Cyber Security Cluster Model”

On day 2 of the conference Undersecretariat for Defense Industries (SSM) Cyber Security and Electronic Warfare Systems Department Head, Mr. Muhammet Sami Ulukavak shared opening speeches with participants. 

The main theme of Strengthening the Cyber Security Ecosystem and Cyber Security Cluster, Increasing Competitiveness and Development was discussed. The Academy of Public and Private Sector Workshop took place before the conference, exploring the results of Cyber Security Cluster model studies for establishment a Cyber Security Cluster in Turkey. 

Mr. Ulukavak stated that 80 percent of Cyber incidents can be avoided with simple applications and stated that they perform important activities as SSM for the development of national software and hardware. Mr. Ulukavak shared that the cyber security clustering model for the cultivation of the cyber security ecosystem will be developed. “We have studied the cluster samples in the world and they are managed by a structure. For clusters in Turkey, they will be established and most likely managed by an association. The cluster will have a board of directors and cluster management units. It will help the firm with the operations of the management units, such as strategic market development, human resources, legal transactions and documentation.”

Mr. Ulukavak said that companies are also facing trainee recruitment challenges and that a cyber security academy will be established within the scope of the cluster. Mr. Ulukavak said: “We will work on the project product organization with the clustering model that will be created, and we will work on selling the product both in the country and abroad as there will be work on the project product organization and there will be work done in these other fields and our work will not exclude them. Training activities will be conducted that will create local national awareness with the stakeholders and we will provide guidance so that existing funds will be used effectively both nationally and internationally. Informing participants on how to operate the conglomerate, Mr. Ulukavak stated “We will determine the application conditions of the companies that will be included in the cooperative.” 


Day 2 – Session 1: “Government, Academia and Industry Cooperation on Cyber Security” 

Following the opening remarks on day two, the session was conducted under the title “Cooperation of the Government, Academia and Industry in Cyber Security.” Assoc. Prof. Bilgin Metin from Boğaziçi University, Head of the Department of Information Society at the Ministry of Development Mr. Furkan Civelek, Director of Cyber Security and Big Data at STM Dr. Emin İslam Tatlı and Assoc. Prof. Ahmet Koltuksuz from Yaşar University attended as panelists during this session. 

Head of the Department of Information Society at the Ministry of Development Mr. Furkan Civelek took the floor first and conveyed information to the participants on the activities being conducted under the auspices of the Ministry of Development. Mr. Civelek: “We need to deliver a strategic, long term vision in order to create a successful eco system in Cyber Security area. We need to identify where we will position ourselves in a ten-year time frame. Moreover, training the human resources that will be in-charge of R&D and Product & Development will be one of the most critical parameters of this strategy. The incentives for R&D and innovation will have to be provided in a way to direct companies to this point, in parallel with the aforementioned strategic vision. Lastly, a demand should be created for national companies that are sufficient, elevating them to a scale where they could compete with their rivals.” 

Head of the Administrative Information Systems Cyber Security Center at the Boğaziçi University Prof. Dr. Bilgin Metin extended information to the participants on the activities conducted by the BUSİBER center operating under the auspices of the academy. Stating that the center worked on increasing the competence of trained human resources and generating national solutions regarding cyber security and for governmental cyber security, Prof. Metin added that they have been organizing summer and winter camps with the help of the cooperation between the industry and academia for providing human resources to the sector. Prof. Metin said, “We did not only explain the cyber security tools in these trainings, but also emphasized the background of the processes. Within this context, we provided training courses to the governmental institutions considering information security management as well.” 

Pointing out that they organized a workshop on Domestic and National Solutions on 8 May 2017, Prof. Metin said that they conducted training on cyber security awareness with the participation of various NGOs in different regions of the country and added that they translated the foreign literature on cyber security to Turkish. Stating that they aimed to provide all types of support to a cyber academy to be established with Boğaziçi University, Prof. Metin said, “While we discuss the establishment stages of the academy, we have to launch the training courses as soon as possible. On the other hand, we have to involve the Non-Governmental Organizations in this structure as well. The content of the training courses must be well-identified.” 

Underlining the urgent need to fill the gap between the theory and practice, Prof. Metin told that as Boğaziçi University they planned to create an atmosphere that would increase the practice of the students within two-year period through increasing such implementations. Prof. Metin said that they provided scholarships to the students with the help of the sponsorships they received and that these students seized the opportunity to practice in certain projects at the summer camp they held this year and expressed their wish to increase such examples. 

Director of Cyber Security and Big Data at STM, Dr. Emin İslam Tatlı shared his views considering the model needed to be formed for the development of the cooperation among University, Academia and Industry with the participants in his presentation.


Dr. Emin Tatlı: “The Cooperation between Academia and Industry should be Transferred to Practical Life”

Drawing the participants’ attention to the issues Turkey has been experiencing in the Cyber Security area, Dr. Tatlı shared that there were certain critical steps that needed to be taken by Industry, Government and Academia, and continued: “All these problems are needed to be identified from scratch. Cyber Cluster Management must provide the appropriate guidance in innovation at this point. The innovation issue stands out at this point. We must be able to access the abroad market with the unique products on a global scale and here the cluster has a very critical mission. Academia and Industry in Turkey require a rather transitive type of cooperation. While it develops innovative products, the industry requires academic know-how in the business package. Yet, in academia there is a need for R&D projects in which graduate and PhD students can seize the opportunity to work in practical life so that they are trained in a qualified fashion. With this model, in which both parties will win, we can speak of a good model with the funds provided to the academic students. We now have to adopt this model from the current academic consultancy model in Turkey.”


Havelsan and Yaşar University - Cooperation between University-Academia and Industry 

Assoc. Prof. Ahmet Koltuksuz from Yaşar University made a presentation covering a concrete example regarding the cooperation between University and Industry. 

Assoc.Prof. Koltuksuz stated that the cluster activities excited them and the academicians conducting academic studies can direct their enthusiasm towards the areas required by the country within the framework of the strategies built by the cluster and shared a fruitful example of the cooperation between Academia and Industry with the participants. Assoc.Prof. Koltuksuz: “Following our theoretical studies, we launched our activities with the target of revealing a product. To this end, we built a simulator named IFSIM. For training purposes, we built a simulator capable of providing either attack or defense training. During the organization in which we presented this product, we conducted negotiations with the representatives of Havelsan for the commercialization of this product and this negotiation turned into a concrete cooperation in the aftermath. We held a conference within this context and we will be conducting a joint activity comprising 11 universities in the Aegean region in 2018. This product we delivered turned into a cyber modelling cyber warfare, cyber intelligence laboratory center that we jointly established with Havelsan.” 

Extending detailed information on the simulator Assoc. Prof. Koltuksuz continued, “There is a huge database that operates in the background of this simulator. All cyberattacks that took place are registered over this database and we are capable of evaluating the activity, which is conducted easily by repeatedly simulating these attacks and giving points to trainees. This system also has a significant infrastructural architecture that is easily updated. The codes of this project were developed in a period of five years. Five PhD and 7 post-graduate students worked on the background. Currently 2 PhD and 3 post-graduate students are working on this project for implementing new concepts as well. This project, launched with an academic enthusiasm rather than commercial purposes, turned into a good product with the help of a successful scenario. We believe that we built a fruitful project example for the cooperation between academia and industry through this project.“


Day 2 - Session 2: “Strengthening Cybersecurity Ecosystem with a New Turkish Cyber Security Cluster”

Upon the completion of the first session of the day, the second session was held under the title “Cyber Security Clustering through the academic perspective.” This panel was moderated by Dr. Ahmet Ercan from Yıldırım Beyazıd University and President of the Northern Cyprus Campus of the Middle East Technical University Prof. Nazife Baykal, Head of the Information Technologies Department at the Prime Ministry Mr. Alpaslan Kesici, Cyber Security and Protection Projects Manager at the SSM Mr. Mustafa Özçelik, ODTÜ Teknokent Deputy General Manager Ms. Hanzade Sarıçiçek and Havelsan R&D Technology and Academy Director Assoc. Prof. İzzet Gökhan Özbilgin attended the session as panelists. 


Goal for the year 2023 - 150 Companies and $1 Billion Turnover 

In the session, discussing how clustering should be established through the perspective of the government, university and industry, Manager of Cyber Security and Protection Projects Manager at the Undersecretariat for Defense Industries Mr. Mustafa Özçelik took the floor initially. 

In his presentation titled “What is a Cyber Security Cluster? What are the centers of attraction? What are the model implementations in the world?” Mr.Özçelik extended the following points to the participants: “When we elaborate on the cluster model in the world, we are speaking of a natural formation in which the cooperation between the institutions is effective. We can define the Cyber Cluster we discuss today as a thematic cluster under an industrial clustering. In order to achieve synergy, we need to establish a healthy relation between the Cyber Security Cluster and Industry and Institutions. We wish to support our SMEs becoming globalized in financial, infrastructural and technological aspects and put them into forefront. Our companies will manufacture their products, but it is not easy for them to turn these products into worldwide products alone, and at this point we expect the cluster to assume the role of an umbrella organization. The cyber security market reached the level of $80 billion and we adopted the goal of reaching 150 companies with a share of $1 billion by the year 2023.”

Noting that countries such as Canada, America, United Kingdom, France and Singapore had different types of clusters, Mr. Özçelik shared the attraction points of the cluster which they will be declaring with the participants as well. Mr.Özçelik: “The companies reaching out to us after this conference, wishing to be involved in the cluster need certain reasons. We identified certain attraction points within this context. Accessing the local and foreign markets, branding, funding, access to capabilities, access to information and open source innovation concepts will be our attraction points. Our goal is to turn this cluster into the supplier of the government, we aim to make this cluster a brand and render it a counterpart in cyber security procurements. Without doubt, it is not easy to achieve this assertive goal, yet we will strive to fulfil this target through certain certifications and complying with various security criteria. Access to foreign markets is our other target; we are able to effectively conduct the marketing via the existing SSM offices abroad and through the ones to be established. We will attach importance to the interaction and information sharing with the other clusters as well. We surely need to build long term strategic cooperation with foreign companies. On the other hand, we attach great importance to the certification issue too; the concept of reliable products manufactured in Turkey would bring branding along. To achieve successful branding, we aim the cluster to provide professional support and consultancy to the companies as well. Moreover, we plan to prioritize the open source innovation concept. The technology in the cyber world does not change in a period of 50 years; technologies here may alter within just a year. At this point, the products developed by the start-up companies with 3-4 staff need to be transferred to relatively greater companies since such companies are capable of moving the technologies that they developed forward only to certain levels, these products need to be branded in the following process and in this context, we will also be supporting the acquisitions of start-up companies. Access to capabilities will be one of our most crucial issues. To be able to fulfil the human resources deficit, we will be focusing on summer and winter camps, long term internship opportunities and on the cyber security academy. In respect to funding, transfer of the governmental incentives to the cluster will be prioritized. The incentives provided in Turkey are not small, but they have to be scaled in line with the strategies. The cluster is expected to make agreements and protocols with governmental institutions to this end. We will be discussing the credit facilities within this context as well.”

ODTÜ Teknokent Deputy General Manager Ms. Hanzade Sarıçiçek mentioned that as ODTÜ Teknokent they have been directing a huge cluster with 340 companies and 6500 R&D staff since 2000 and shared her experiences in this area with the participants: “A wide variety of companies in different scales from start-up companies with only 2 personnel to major companies such as Aselsan and Havelsan remain under our cluster. 110 companies exist within our TSSK (ODTÜ Teknokent Defense Industry Cluster) which has been active since 2010. We are once again the umbrella organization of our Teknokent Information Technologies and Telecommunication cluster. 160 companies remain under this cluster as well and 20 of them are active in Cyber Security area.” 

Sharing that each cluster had a unique structure, objective and vision Ms. Sarıçiçek continued, “Cluster establishment is a difficult and painful process, the formation of the legal and administrative structure, identification of the operational conditions, selection of the members and their inclusion in the cluster require an intense moral and material effort. A possessive umbrella organization bears great importance at this stage. The severe support of the Undersecretariat for Defense Industries in the establishment of this cluster will enable the acceleration of this process. But, in the aftermath the existence of a single association would not be sufficient, the cluster members need to possess this cluster and a management structure in which the cluster members have a say need to be created. As ODTÜ Teknokent, we have a single chair in the executive boards of TSSK and our other clusters of which we are umbrella organizations and the board elected in the general assembly direct these clusters.”

Mentioning that she witnessed numerous areas and functions under the Cyber Security Cluster in the presentation at the morning’s session, Ms. Sarıçiçek said that this structure will require a more comprehensive management structure. Ms. Sarıçiçek also noted that as the activities of the cluster increased during the process, the management structure may be strengthened gradually. 


President of METU’s Northern Cyprus Campus Prof. Nazife Baykal: “We have to raise Cyber Strategists”

Rector of Middle East Technical University’s Northern Cyprus Campus Prof. Nazife Baykal shared her opinions on the increasing responsibilities of academia within the Cyber Security Clusters with the participants. Prof. Baykal said, “As of the level achieved by technology, we have been heading towards a world where the line between virtual and real world is unclear. A cyberattack that will occur tomorrow will be one we do not know today. In light of these developments, the responsibilities falling on the academy increase each day. When we speak of an increasing responsibility of academia we actually mean this; when manufacturing national products with added value, academia has a critical responsibility. While such unique products are being put forth, academia is the place generating the infrastructure and information; moreover, the labor competence and training also fall under the responsibility area of academia. These two tasks bear highly critical importance for the structuring of both clusters and national cyber security. Numerous infrastructures, algorithms, science, technology and methodology we utilize in the products are the components we have been aware of for more than 50 years. I acquaint oneself with the artificial intelligence in the 90s when I was a student, most of the time we use the same algorithms. So, what has changed? All these projects we implemented as pilot projects at those times became investments that may turn into end products with added value with the development of Big Data, Cloud Technologies and the development of technology. Now, industry and academia have to cooperate more intensely and more frequently over scientific output. A structure that excludes artificial intelligence and smart systems may likely fight back attacks that have not been experienced yet. However, we now must design autonomous systems that are capable of learning, identifying security flaws by itself, forecasting threats that have not been experienced and taking action against such threats. To achieve this, the cooperation of Academia, Industry and Government is indisputable. In summary, academia must be a component in all the areas we generate technology. Unless the technology development processes are fed with the cyber security know-how and formation from academia, the damage may be huge. We are manufacturing multi-functional devices, yet a device we bought for $100 may return damage of hundreds and thousands of USD due to security vulnerabilities.” 

Underlining the importance of raising cyber strategists as part of developing human resources and capabilities, Prof. Baykal said, “We do not yet have our cyber strategists who will generate our strategies, direct us towards the steps we need to take, and provide information to the decision makers by processing data. On the other hand, we are training Cyber Security Experts then again, we either send them abroad or lose them to other industries. If we manage to train qualified human resources in coordination with academia, our probability of employing them will increase as well. Therefore, we will be using the time and resources spent on training experts in the most effective manner.” Stating that the manpower deficit in Cyber Security not only existed in Turkey but it existed in the whole world, Prof. Baykal said, “Where the requirement for cyber security experts in America in 2022 is predicted to be 1.8 million people, Turkey will be in need of 30 thousand cyber security experts in the next five years.” 

Havelsan R&D Technology and Academy Director Assoc. Prof. İzzet Gökhan Özbilgin extended information on the existing clusters in Turkey and their operations through the perspective of the private sector to the participants: “The cluster has numerous parameters. There will be many cyber security companies in various scales, they will have different expectations, companies such as Havelsan will have very different expectations. Therefore, the strategies must be very clear and the performance here has to be monitored closely. At this cluster, we need to put forth a road map that will increase our rate of local participation patiently without expecting too much gain in the short run. I assess that this cluster will be providing us more advantages if we adopt this model.” 

Underlining that this cluster has to be turned into a global center of attraction Assoc. Prof. Özbilgin added, “This cluster has to become a global attraction center. Surely, we have to stand firm about being local and national yet in certain times we have to be able to adopt global approaches as well, otherwise we would remain in our local market.” 

Taking the floor for the governmental sector’s point of view, Head of the Department of Information Technologies at the Prime Ministry, Mr. Alpaslan Kesici said that the cyber security concept presently affected countries rather than individuals and added, “In Turkey, the cyber security awareness of the government increased significantly, and we launched the governmental structures to this end. The Ministry of Transport, Maritime Affairs and Communication, Information and Communication Technologies Authority and the Undersecretariat for Defense Industries assume critical responsibilities in this area. Meanwhile, the Presidency and the Prime Ministry gather the relevant institutions at certain intervals and follow the developments closely.”

Mr. Kesici stated that they held various workshops in the past period with governmental institutions, academicians, NGOs (non-governmental organizations) and companies providing services in the cyber security area that they regard as parties related with the cluster and added, “The active participation and contribution of the parties are essential for a powerful eco-system. I would like to share the four articles with you that put forth the cluster and cyber eco-system in the cyber security action plan within the cyber strategy document of 2016-2019. According to this action plan, a cyber security eco-system national business model needs to be created, cyber security technology road map and research groups need to be formed, indigenous products and technologies related with cyber security need to be supported and finally the inventory of the companies providing services in cyber security has to be prepared. We will be discussing these four articles and finalizing them with yesterday’s and today’s sessions.” 


Goodwill Agreement Signed by METU- ITU University and SSM 

At the end of the 3rd International Cyber Warfare and Security Conference, a goodwill agreement was signed between the Undersecretariat for Defense Industries and the Middle East Technical University (ODTÜ) and Istanbul University (ITU) for the formation of a working group on the cyber security academy for the elimination of human resource deficiencies within the cyber security cluster.

According to the goodwill agreement, for the immediate improvement of Turkey’s lack of human resources in cyber security, joint activities are to be conducted by forming a cyber security academy workgroup in order to inform the decision makers regarding the establishment of a model for an academy, identification of a strategy and a road map and the assignment of roles. 


Cyber Security Cluster Declaration Declared to the Public 

Deputy Undersecretary for Defense Industries Mr. Mustafa Şeker made a brief comment on the structure of the cluster after the ceremony and stated that they accomplished workshops and activities within 2017, with all  shareholders in the eco-system, and held decision workshop in the beginning of November. Mr. Şeker: “Various workshops were held separately with the academicians, government executives and the executives of the private sector under the leadership and coordination of this workgroup, and within the scope of these workshops all problems experienced by each of the shareholders were revealed and the model of a cyber security cluster as a recommendation for a solution was studied. Finally, for the sound analysis and association of the output of all of the previously mentioned workshops, a Decision Workshop in November 2017 was held where all shareholders were represented, and the model of the cyber security cluster was revealed in detail. We discussed this issue here for two days.”

According to the declaration made to the public opinion by the Deputy Undersecretary for Defense Industries a cyber security cluster will be established. Mr. Mustafa Şeker noted that for the establishment of this cyber security cluster, initially a founding board of directors will be formed by the relevant shareholders and by this board the activities for the establishment of a foundation, which will be in charge of the management, will be launched. Companies conducting product development and providing services through domestic and national resources will be identified and included in the cluster as per the conditions of becoming a member. 

In the short and medium term, an information portal will be formed, and a primary product and technology road map will be determined. Activities and training to increase domestic and national awareness will be held with the participation of all shareholders. Mechanisms will be built to train human resources. The certification and standardization of companies will be held by the mechanisms built under the auspices of the cluster as well