Informatics Technologies Shape Turkey’s Future
Defence Turkey
Prof Dr. Nazife Baykal, Director of Informatics Institute, Middle East Technical University, ODTÜ
‘‘Prof. Dr. Nazife Baykal is currently the head of the Informatics Institute, as well as the Cyber Defence and Security Center within. As her notable achievements in the scientific community at METU, it must be highlighted that she founded the Health Informatics Department at METU, much earlier than most of the universities around the world, together with the Work Based Learning program, which is uniquely the first in Turkey and turns the experiences of the students at professional life into academic credits and degrees, one of her significant achievements at the Informatics Institute. This Work Based Learning Program is accredited by Quality Assurance Agency (QAA) in the UK and is offered to students who wish to get academic degrees based on their professional experiences. She now opened up the Cyber Security graduate program at the Informatics Institute at METU alongside with the Cyber Defence and Security Research and Development Center. We now leave the floor to Dr. Baykal in this interview.’’
Defence Turkey: First of all we would like to thank you for this interview. Prof. Dr. Baykal, as the Director of the Informatics Institute, a leading institute in many fields in Turkey, could you inform us on the studies, areas of activities and organizations conducted by the Institute?
METU Informatics Institute was established in 1996 and is one of the earliest examples of its kind in the country. It is uniquely devoted to providing collaborative research and learning environment in informatics. It must be noted that our institute, firstly and fore-mostly, consists of precious faculty members and students. The institute has five departments and many masters and PhD programs under these departments. With more than 600 graduate students, these programs conduct research in a wide array of fields, such as Information Systems, Software, Cognitive Sciences, Modeling, Simulation, e-Learning, Health Informatics, Medical Informatics, e-Health, Bio-informatics, e-Government and recently, Cyber Security. The Informatics Institute aims to be the frontrunner institute in graduate education and research in the field of informatics in general. Innovation, producing new technologies, collaborating with the government and the industrial sector, and contribution to our country’s informatics knowledge are among the aims of our Institute. As to the mission of our Institute, we aim to function as a bridge between science and technology, to bring together stakeholders regarding the field, creating an interdisciplinary synergy between researchers coming from different departments. As a priority, we ascribe special importance to the collaboration between industry, university and government. In the 18 years that we have left behind, the Informatics Institute has graduated hundreds of students in fields induced by the developments in the scientific community, and has successfully completed theoretical and applied research projects.Driven by the interdisciplinary nature of its educational programs and collaborative research projects, the institute undertook yet another pioneering role and established a strong relationship between the academia and the industry, an effort that has significantly contributed to the bidirectional knowledge transfer between these two arenas.
Defence Turkey: As METU Informatics Institute, Cyber Defence and Security is amongst the issues you attach importance to. Last April, you accomplished the opening of the METU Informatics Institute’s Cyber Security and Defence R&D Center within the scope of METU’s investments on education and research. What would you like to say on the objectives and structure of this center? What are the activities executed here?
As the Informatics Institute, we realized the importance of the cyber defence and security really early and the fact that it is going to turn into the most significant security issue soon. Having realized this lack, we took the lead in opening up a research and development center within our institute. Thus, the Cyber Defence and Security Research Laboratory (CyDeS) was founded on April 15, 2014 with the collaboration of METU Informatics Institute and Comodo Group, Inc., as a unique example of a academy-industry cooperation. Cyber security was even more suitable for such a collaboration since it is more inherently connected than any other security area we know of, due to the nature of cyberspace. As an interdisciplinary center, CyDeS is expected to form necessary cooperation between the existing cyber defence and security experience of the university and the sectorial resources and aims mainly to conduct research and development activities and bring together university and industry resources.
Regarding CyDeS, we have many high-quality expectations. We can say that CyDeS aims to conduct national and international research and development studies, to produce graduate level theses studies, to develop products and methods, to conduct patent studies, to organize national and international meetings, workshops, conferences in order to raise awareness in the public and scientific community, to produce publications to keep all up to date and to contribute to Turkey’s cyber literature, to organize lectures/seminars for the industry, to conduct research/survey studies in order to increase the knowledge and awareness in the private sector, to follow and report the latest developments in international relations and international law regarding cyberspace and cyber security and to inform national actors, public institutions and organizations in the country regarding these international developments.
I believe Comodo’s contributions to the opening of such a research and development center should also be appreciated and be an example for the private sector, since cyber security requires the cooperation of multiple parties.
Defence Turkey: What must Turkey do in order to become one of the most effective countries of the world in terms of cyber security? What are your plans and strategies to this end as the Cyber Security Research and Development Laboratory?
To answer your question, I want to refer to a brief look around the world. When we look at the countries with the most developed cyber capabilities around the globe, we see, for instance, in the USA, that it takes cyberspace and cyber security seriously. There is a consolidated awareness and action plan regarding the cyberspace. Especially in the USA, UK, or Israel, when we have a look at the comments or speeches of the governmental cyber experts, we see that they view the cyber domain just as significant as other domains, as a front just like other conventional defence areas, which results in solid institutions, frameworks and action plans. Their militaries now plan, and to some extent, apply, the methods and opportunities provided by the cyberspace in their military domains. In the same vein, in the UK, for instance, education regarding cyber security is serious, with departmental programs fully backed by the UK government. Israel and Estonia are amongst countries that make themselves heard with massive amounts of projects related to the cyber security in their countries at all levels. Though their cyber policies are mostly mentioned to be posed against the West, Russia, Iran and China invest in the cyber security immensely, by either backing up cyber groups within their borders or direct investment in their own institutions. After this brief look around the globe, which our center follows closely, we can say that Turkey is also located at a special geopolitical location, and due to this, it is prone to cyber threats and attacks from all its neighboring regions. With this realization in mind, the most significant point is to raise awareness regarding the importance of cyber security, at all levels. Turkey, having already realized the importance of cyber security, and having devised an action plan regarding cyber security, now needs tangible, applicable plans. Turkey has gone a long way regarding cyber security and achieved a lot, but it seems that it needs some more time, since, besides the awareness, Turkey seems to be at a loss as to where it is directed. Keeping on track with the international institutions and organizations and engaging fully in their cyber security projects is a crucial way Turkey can improve its cyber knowledge and capabilities.
Defence Turkey: Could you evaluate the scientific studies and investments regarding the establishment of special departments within the universities on cyber security and defence as well as training of experts? What are your remarks on these issues?
When we have a look at the USA and UK, again as two examples, we see that cyber security and defence are now a fully-fledged academic discipline, with full or partial government support behind these programs. Again in the UK, GSHQ, for instance, approved the opening up of six departmental cyber security programs among the most significant top universities in the country this summer. The universities, behind the graduate cyber security studies, are now home to cyber security research centers in major countries. At this point, it is necessary to mention a RAND report that was published in 2014, indicating the dire need for cyber security experts in the USA, which can be also thought in the context of any other country such as Turkey. The report repeatedly indicated that the lack of cyber security experts poses a serious threat to national security, both at the federal and institutional levels, and there is an urgent need for opening up cyber security programs in the academic, as one recommendation of the report. RAND report is significant in the sense that it is a reference document regarding this need. Israel, again, is ahead of many countries in terms of cyber security knowledge and industry, with a huge budget assigned to educational cyber programs. As can be seen, cyber security education programs are on the rise, while they are not enough to cover the demand worldwide.
Turkey, in this respect, should also give importance to the educational cyber programs. A few universities in Turkey opened up cyber security programs. METU Informatics Institute has now a cyber security master program.
About the cyber security programs in academia, it must be mentioned that cyber security programs must be viewed as full programs of their own, regarding its importance, rather than a subfield under other engineering or security studies. In light of its cyber security action plan, Turkey must increase its scientific cyber security products, which can be in the form of human resources, research projects or patents, in addition to opening up and maintaining cyber security programs.
Defence Turkey: Cyber defence and security has become a part of NATO’s strategic concept as a result of the increase in cyber threats around the world in the recent years. As an expert following such studies closely, what would you like to say regarding the joint studies, trainings, operations and steps to be taken to this end?
After the attacks against its member country, Estonia in 2007 and the Stuxnet incident in 2010, NATO’s cyber engagements have been on the rise. It’s an issue taken really seriously, for the security and safety of both NATO itself and its member countries. Besides conferences and research projects, NATO opened up a center of excellence in Estonia, which published the Tallinn Manual and Peacetime Regime for State Activities in Cyberspace. Also in this autumn, NATO declared that cyber attacks will be evaluated under its Article 5, which means that cyber attacks will now have the status of conventional attacks and NATO will assess cyber attacks to the security of one of its members as an attack against it wholesale. This is an important step which can alter the future handling of cyberspace and cyber security. Since cyberspace is a globally shared platform by multiple stakeholders, all countries and parties must be engaged in the fight against cyber threats menacing states, and NATO is well-aware of this. It organizes, supports, or plans projects, institutions, research projects, conferences and so on, to foster a solid understanding of cyber security within its member and partner countries.
Defence Turkey: We know that you have given trainings to the experts of a number of NATO partner countries. Could you please comment on these educational programs?
The first thing to say regarding your question is that NATO ascribes special importance to Turkey. There are several reasons behind this, such as Turkey’s being a trusted NATO member, its geopolitical region and closeness to the most important regions in terms of geography and culture. NATO sees Turkey as a suitable country with the necessary expertise and know-how.
NATO, besides its allies and member countries, has also partner countries, with the prospects of being full members in the future. These countries have to upgrade and enhance their infrastructures and incidence response teams in the face of cyber threats, since any failures of them will be that of NATO. NATO thus supports and organizes these kind of educational training programs for these countries.
Besides the suitability of Turkey, the reason that METU Informatics Institute is repeatedly chosen for these programs is that, our institute has proved its proficiency in these programs. As Michael Gaul, the Senior Advisor, Strategy and Projects, in NATO´s newly created Emerging Security Challenges Division, emphasized during the training in January 2014, “Turkey has considerably contributed to the Science for Peace programs of NATO, having an important role in this field. Since cyber security is a global phenomenon, it requires global solutions. Especially the networks of partner countries are connected to our networks on operational and functional levels.” We have given these trainings on cyber security to the system administrators from Afghanistan, Macedonia, Moldavia, Montenegro and Azerbaijan within the scope of NATO’s Science for Peace and Security Program at our institute in METU, with now Ukraine in preparation.
NATO could have easily given these trainings elsewhere, but since the Informatics Institute has proved its adequacy and gained the full trust of our NATO members, we have successfully conducted our NATO training projects and it seems that we will be more responsible for similar projects in the future.
Defence Turkey: Which preliminary works are conducted at your institute for the cooperation with NATO and other types of international organizations in the future?
I have been the member of NATO’s panel, IST since 2007. In this context, a conference was conducted with the name Information Assurance and Cyber Defence, in 2010in Tallinn, Estonia, under my directorship. Within the scope of IST, Turkey is also in many other projects. Next year, IST 125 will be organized under Turkey’s leadership with the name “Defence Implications of Cloud Computing at Tactical Edge” and it will be surely be an important specialist meeting which aims to bring together the best experts on cloud computing to discuss the use of cloud at tactical edge for defence purposes.
CyDeS Center is also now an active member of the NISP, the Network and Information Security Platform, part of the EU cyber security strategy and participates in its working groups to contribute to the knowledge and programs of the platform.
Defence Turkey: What kind of steps has Turkey taken with the National Cyber Security Strategy and 2013-2014 Action Plan in which Turkey’s national responsibilities and authorities have been identified? Do you think Turkey is at the point she deserved to be or are there still some more steps to be taken? What are your comments?
As I previously mentioned, Turkey has a critical and significant geopolitical position due to its location in the Middle East and thus cyber security has an immanent importance to our country. Studies in this scope resulted in the June 2013 National Cyber Security Strategy Document and 2013-2014 Action Plan, as you mentioned.
With the speed in drafting of national action plans of other countries, we see that there are some differences and commonalities between them. For instance, while the USA and UK pay more attention to the role of private sector, workforce and diplomacy in their cyber security frameworks, the Baltic countries are more connected to NATO in determination of their cyber strategies. On this landscape, Turkey is more on the side where governmental organizations and academia are more charged with responsibilities. Our action plan identified the authorities that will be involved in the national cyber security of the country, such as Turkish Armed Forces, several ministries, TUBITAK, Cyber Security Council and universities. Within the scope of this action plan, Turkey has devised legal cyber regulations, conducted national cyber security exercises, organized conferences and trainings, signed various cyber security protocols and contracts. Turkey has achieved a long way and it must be appreciated. However, adopting a more critical approach, we can say that there is a shortage of tangible research and development products regarding the issue and a serious deficiency in competent cyber security personnel. Even though necessary steps to solve this problem are identified in the strategy document and some universities announced the launching of cyber security graduate programs, competent human resources can be considered as the most important problem. National products, both scientific and technical, need to be put into practice. Turkey still tries to find its way through cyber security, which is a phenomenon that can be observed in some other nations around the world. Academic programs are inadequate and need to increase in number and quality. The most significant problem seems to be stemming from the fact that Turkey has not yet adopted cyber security as a national priority and it is still secondary to other concerns.
Defence Turkey: Dear Prof. Dr. Nazife Baykal thank you for your time. Lastly, would you like to convey any messages to our readers?
As the last comment, I would like to add a few points. Cyber security has been seriously taken into consideration in the leading nations around the world, as I previously mentioned in this interview. When we come to cybersecurity issue in Turkey, however, it should be noted that, first and foremost, we must raise cyber security awareness at all levels. This is the first rule of cyber security, since it concerns everyone, regardless of age, gender or profession. Secondly, Turkey must be more alert and evaluate the cyber risks and threats in its region more closely and profoundly. Our country is surrounded by several conflict regions, the results of which might constitute serious cyber threats and attacks for our country. For this end, Turkey should engage in a more proactive and predictive against the cyber threats and opportunities stemming from its specific geography. One opportunity, for instance, is that Turkey is close to the conflict zones around she due to its historical and geographical ties with these countries, which must be a priority in Turkey’s cyber security understanding. As the last point, it must be repeatedly put forward that Turkey must speed up the output of research and development projects, tangible scientific outputs and must pay attention to increasing its experts and expertise, as soon as possible.