Critical Infrastructure and Cyber Security in Türkiye

Joint Publication of KAS and EDAM by Uğur Özker

Due to its geopolitical position, Türkiye is the target of numerous cyber attacks every day. The publication by Uğur Özker discovers the existing regulations and public framework and gives recommendations and an evaluation as a way-ahead.



A strong cyber defense is a critical capability in today's world, where public safety on the one hand and critical infrastructure on the other are undergoing a full digital transformation. Cyber-attack methods are one of the largest and fastest growing categories of crime in the world due to the low cost of their implementation. Moreover, the magnitude of the damage they can cause when applied on critical infrastructures is another reason that makes cyber-attacks attractive to attackers.

Cyber-criminals are directly responsible for financial assets stolen online, data breaches, and the damage and loss caused to civil society by the disruption of critical infrastructure operators. Financial losses and damage to critical infrastructures cause losses of billions of US dollars each year, and in some sectors, attack attempts are increasing two to three times each year.

There are three main reasons why cyber-attacks are increasing at such a rapid pace. The first is that industrial enterprises, which include business processes in the field of operational technology, are increasingly using digital transformation based on signaling, sensor technology and the Internet of Things technologies, and their automation systems consist entirely of these arguments. A cyber-attack on these subsystems, which have become part of operational technology, brings with it many consequences that can have major impacts on the physical world.

Another reason for the increase in cyber-attacks is that financial systems are becoming more and more online every day. Financial technology makes our lives as risky as it makes our lives easier. Financial institutions especially such as banks should be very cautious when carrying out digital transformation. The slightest mistake can result in the loss of millions of US dollars in a matter of seconds. In fact, even central banks of states are frequently targeted by cyber-attackers who see the lure of this through global systems such as SWIFT.

The third and final reason that makes cyber-attacks popular is their ease. Moreover, the identity of the attackers remains mostly anonymous, which makes it as attractive as it is easy. Today, many different types of attack methods can be used in hybrid form and can leave critical infrastructure systems completely vulnerable and exposed, often due to the lack of knowledge and mistakes of the targeted victims.
When we put all these reasons together, cyber espionage is an epidemic and very widespread. Even the world's largest companies and public institutions lose terabytes of intellectual properties and financial assets through online systems every year. Anonymous and malicious attackers threaten our power grids, national financial systems, telecommunications infrastructures, healthcare organizations and even nuclear power plants. After all, when critical infrastructures are the target of cyber-attacks, the resulting threat poses a risk to the whole society beyond the public sector.

Due to its geopolitical position, Türkiye is the target of numerous cyber attacks every day. Türkiye is also very important for other countries, especially in the field of energy, due to its important energy projects such as tanap, blue stream, Baku-Ceyhan-Tbilisi pipeline. In addition, the country is an important international financial service provider, especially MEA region, with its 51 different domestic and foreign international bank institutions. In addition to all these, when we consider that the country is the connection point of the Asian and European continents and is surrounded by commercial seas on three sides, we can easily understand what a great danger it is facing in all sectors of critical infrastructure.