On 23 October 2017, Turkish Policy Quarterly (TPQ) hosted a discussion on cybersecurity titled, “Navigating the Cyber Storm: Implications for Governments and Businesses.” The event was sponsored by NATO’s Public Diplomacy Division, and hosted by partners Conrad Istanbul Bosphorus and Turcas. The Consulate General of Israel in Istanbul was also a co-partner.
The panel featured:
Speakers:
Siim Alatalu, Head of International Relations at NATO’s Cooperative Cyber Defence Centre of Excellence, Estonia
Minhac Çelik, Coordinator at Siberbülten, Turkey
Ram Levi, Founder and CEO of Konfidas Digital Ltd, Israel
Neil Robinson, Policy Officer at Emerging Security Challenges Division at NATO Headquarters, Belgium
Moderator:
Matthew Bryza, Member of the Board of Directors, Turcas Petrol; Senior Fellow, Dinu Patriciu Center of the Atlantic Council; CEO, Lamor Turkey; Member of the Advisory Board, Turkish Policy Quarterly.
Ambassador Matthew Bryza framed the discussion by talking about the current cyber threat landscape, claiming that both the range and complexity of threats are expanding – from stealing corporate secrets to launching attacks on the democratic system of another country. This renders it ever more pressing for the private and public sectors to work together to confront these threats, which is a theme that ran throughout the discussion.
The first speaker, Siim Alatalu, of the NATO’s Cooperative Cyber Security Centre of Excellence (CCDCOE) in Tallinn provided an overview of the enormous growth in cyberspace: almost half of the world is online (3.5 billion), and there are 16 billion devices online and counting. With increased connectivity comes opportunities but also significant risks to individuals, companies, and states. There are three key areas which affect society at large, according to Alatalu. The first involves the theft of intellectual property, in other words, when personal data is compromised. Second, is the growing skills gap. The last area concerns ransomware attacks – more than 4,000 attacks occurred every day in 2016.
Alatalu pointed to the fact that it has been 10 years since the landmark 2007 attacks launched by Russia against Estonia. This helped spur action, and a year later the NATO-accredited Cooperative Cyber Defence Centre of Excellence was launched in Estonia, which as an international organization, think-tank, and technology research center, has contributed significantly towards Estonia’s designation as a global cybersecurity frontrunner. Alatalu said that another positive development that stemmed from the Estonian experience has been the development of other countries’ national cybersecurity strategies. Alatalu argued that the international law of cyberspace remains a gray zone, although there have been important efforts in this regard.
Providing the view from NATO Headquarters, Neil Robinson clarified NATO’s approach to cybersecurity which is defensive in nature, focuses on resilience, and prioritizes the protection of its own networks and systems. Robinson also expounded on NATO’s efforts in the cybersecurity realm since it became part of the Alliance’s political agenda at the Prague Summit in 2002. The conceptual underpinnings of NATO’s first cyber defense policy were prepared in 2008, followed by a period of consolidation and centralization from 2010 to 2012. The year 2014 was a turning point for the Alliance, as it suffered from a severe distributed denial-of-service (DDoS) attack on several websites operated by NATO. Robinson explained that there were two key outcomes of the 2016 Warsaw Summit: 1) Cyberspace was recognized by all 29 sovereign NATO member states as a domain of operations; 2) Allies committed to the Cyber Defense Pledge – a high-level, political commitment to improve resilience against cyber threats.
Ram Levi articulated how Israel perceives various cyber threats, and well as the collaboration between the public and private sector. Cyber threats are becoming more and more serious stressed Levi – the number one threat is hacking, followed by human error and loss of information.
For the business world, this means that companies are needing to invest more in cyber resilience. Levi pointed out that currently, companies invest for the following three reasons: a requirement by a regulation or contractual agreement, a company’s leadership deems it important, and finally because the company has been hacked in the past.
On a national level, one of the biggest challenges is the attribution of cyber attacks, rendering deterrence difficult, underlined Levi. Governments are “taking off the gloves” in the sense they are increasingly attacking each other for information, money, and intelligence.
As a member of Prime Minister Benjamin Netanyahu’s National Cyber Initiative, Levi spoke about Israel’s efforts in becoming a cyber security leader over the past five years, and the broad range of regulations and government resolutions that impose cybersecurity requirements on both private and public bodies. Levi explained that an interesting example of this was the directive put on the central banks of Israel in 2015. It encouraged the banking sector to become more responsible in cybersecurity matters, and placed this responsibility in the hands of the board of directors of banks.
Levi also emphasized that the government actively supports the sector by fostering an entrepreneurial environment for cyber security startups to flourish. All of this has contributed to Israel taking serious steps to promote cyber readiness and resilience in the Israeli financial sector. This is not unique to the banking system, underlined Levi. Israel also boasts six academic centers of excellence that specialize on different aspects of the cyber space which aim to ensure the sustainability of this model.
Given that most Turkish think-tanks tend not to focus on cybersecurity, Minhac Çelik commended TPQ for taking up the topic. Çelik centered his comments on the relationship between states and non-state actors in cyber space, which has become the fifth domain of war. He mentioned three types of threats posed to states by cyberspace: everyday cyber attacks, asymmetric threats, and the riskiest one – existential threats to the state. He stressed that the lack of cyber-specific international laws means that cyberspace is ultimately unregulated. Unconventional ways must be adopted to address these unconventional threats, emphasized Çelik.
According to Çelik, while some states view cyberspace as a means to gather intelligence on their own citizens – through surveillance and regulations – other states have capitalized on its opportunities. For example, Estonia has created a new platform for diplomatic initiatives, i.e. the CCDCOE, while Israel has leveraged cyberspace for its economic benefit.
With regards to Turkey, Çelik identified two main problems: the lack of an effective information sharing cybersecurity platform, and a growing suspicion towards foreign cyber security companies. He stressed that the country needs to overcome this suspicion, and take part in international cyber discussions as much as possible.
The lively Q&A session allowed for further reflection on theoretical questions related to cyber security, as well as highlighted the importance of increasing cyber awareness amongst the public. Participants raised questions ranging from the debate on privacy versus security and threat perception differences between governments and businesses to the reliability of cyber security pundits.
|
