cyber - a new war domain odtu teknokent most

INTERNATIONAL CYBER WARFARE AND SECURITY CONFERENCE & B2B MEETINGS
VOLUME 8 ISSUE 48
ISSN 1306 5998
YEAR 2013
CYBER - A NEW WAR DOMAIN
ODTU TEKNOKENT MOST INNOVATIVE TECHNOLOGY
PARK IN TURKEY
HISTORY OF NATO’S LAND POWER
AN INTERVIEW WITH MR.TOLGA OZBOLAT ODTU TEKNOKENT DIRECTOR
OF UNIVERSITY INDUSTRY COLLABORATION DEPARTMENT
CYBER SECURITY - FROM LUXURY TO NECESSITY
I
SE NTE
CU RN
RI AT
TY IO
C N
SP ONFE AL CY
EC REN BER
IA CE & WAR
L I B2 FA
SS B M RE A
UE EETI ND
NG
S
TURKEY’S NATIONAL CYBER SECURITY STRATEGY
AND THE NEXT STEP
VOLUME: 8
ISSUE: 48
YEAR: 2013
ISSN 1306-5998
Publisher Company
İmge Co.
Publisher & Editor in Chief
Ayşe AKALIN
[email protected]
6
Editor
Cem AKALIN
[email protected]
Administrative Coordinator
Yeşim BİLGİNOĞLU YÖRÜK
[email protected]
International Relations
Şebnem AKALIN
[email protected]
Translation
Tanyel AKMAN
[email protected]
7
Graphics & Design
Gülsemin BOLAT
Görkem ELMAS
[email protected]
Advisory Board
(R) Major General Fahir ALTAN
(R) Navy Captain Zafer BETONER
(R) Col. Fevzi BARUTÇU
Prof Dr. Nafiz ALEMDAROĞLU
Asst. Prof. Dr. Altan ÖZKİL
Kaya YAZGAN
Philipp REUTER
Ali KALIPÇI
Zeynep KAREL
14
İMGE Co.
Sancak Mah. 596 Sok. 59/7
Çankaya Ankara / Turkey
DEFENCE TURKEY
Administrative Office
Sancak Mah. 596 Sok. 59/7
Çankaya Ankara / Turkey
Tel: +90 (312) 447 1320
[email protected]
www.defenceturkey.com
Printing
Görsel Grup Basim Tanitim Tasarim
Matbaacilik Kağ.Kirt.San.İç Ve Diş Ti̇ c. Ltd.Şti
İstanbul Caddesi̇ İstanbul Çarşisi Kat: 2
No : 48 / 64 İski̇ tler - Ankara
Tel: 0 312 256 11 88 Fax: 0 312 256 18 88
[email protected] www.gorselbasim.com
30
Basım Tarihi
EKİM 2013
Yayın Türü
Süreli
İMGE Co.
© All rights reserved.
No part of publication may be reproduced by any
means without written permission.
36
ISSUE 48/2013
7 SSM’s Role in Cyberspace as a New Field of Warfare
8 Cyber – A New War Domain
10 Turkey’s National Cyber Security Strategy and the
Next Step
14 ODTU Teknokent is a Hub Where Research
that is Done at the University and in Companies is
Transferred to Industry and Commercialized
20 Aselsan’s Cyber Security Solution
22 Cyber Threat Intelligence and National
Framework for Turkey
24 History of NATO’s Land Power
26 Cyber Security - From Luxury to Necessity
30 Selex ES; Partnering to Fight Modern Cyber
Threats
32 Why has Cybersecurity Become Such an Issue?
33 STM and Integrated Cyber Security System (ICSS)
Feasibility Study Project
34 Smart and Secure: Tap-Proof Voice Calls on
Smartphones
35 Secure Access to Internet and Cloud Services
38 Get Protected Against the Most Disruptive Cyber
Warfare Tool with DDOS Mitigator
3
DEFENCE TURKEY
39 BITES; Innovative, Specialist and Technology
Developer of Turkey
40 UDEA; The Strongest Partner of RF Wireless
Technologies
41 BEAM; Software Testing and Verification
Solutions for Defence and Finance Sectors
42 Indigenous Solutions for
42 Defence & Space & Aviation by SDT
44 SIMSOFT; One of the Most Experience Company
on High-Fidelity Modeling and Simulation Systems in
Turkey
45 25 Years Experience of IT solutions and Criminal/
Forensic Medicine Laboratories by VERISIS
46 Last Man Standing or Self Defensive Software
47 Atos: Scenarios for the Future of Defence and
Security
48 Defence and Cyber Security Platform in Virtual
World
49 Proactive Cyberdefence for Critical Infrastructure
52 Oracle Security Solutions
53 End-To-End Cyber Resilience with SAP Solutions
56 Understanding a Space Called Cyber
ISSUE 48/2013
5
International Cyber Warfare and Security Conference 2013
“The New Road Map of Cyber Warfare and Security in Turkish Defence Industry”
Ayşe Akalın
Publisher & Editor in Chief
“International Cyber Warfare and Security Conference 2013 ” under the auspices of SSM (Undersecretariat for Defence
Industries) and organised by SASAD (Defence and Aerospace Industry Manufacturers’ Association), Defence Turkey
Magazine and TSSK (ODTU Teknokent Defence Industry Cluster) will gather Turkish & International Government Officials,
Cyber Security Experts & Professionals and Industry Executives & Representatives.
Within the aspect of this conference, discussions will cover; emerging threats and challenges on cyber warfare, the
policy of leading cyber nations in cyber warfare and security, legal aspects for cyber warfare, industrial perspective in
cyber warfare and security, new trends, new developments, technologies and solutions, next generation of cyber attacks,
mapping the future threat environment for the first time in Turkey. This conference aims to intend bilateral cooperation
and collaboration of Global and Turkish Defence Industry. I believe that this conference will be an information platform for
Turkey’s future strategy and road map on cyber warfare and cyber defence.
I would like to give special thanks to Mr. Murad Bayar, Undersecretary for Defence Industries, Mr. Faruk Özlü, Deputy
Undersecretary for Defence Industries, Col. Cengiz Özteke, The Commander of Turkish Armed Forces Cyber Defence
Command, Dr. Hasan Palaz, Vice President of TÜBİTAK (The Scientific and Technological Research Council of Turkey), the
advisory and executive board of the conference, the speakers and moderators, SSM, Economy Ministry, METU, TUBİTAK
all sponsors for their never ending supports and efforts.
We are pleased to share with you, an overview by Faruk Özlü, Deputy Undersecretary; an article by Col. Cengiz Özteke,
The Commander of Turkish Armed Forces Cyber Defence Command; an interview with Mr. Tolga Özbolat, Director of
University Industry Collaboration Department; a report on Cyber security; ODTÜ Teknokent Companies’ technical articles
on Cyber security solutions and capabilities geared towards the defence industry.
Enjoy this issue...
DEFENCE TURKEY
6
ISSUE 48/2013
DEFENCE TURKEY / Editor
Dear Colleagues,
Cyber defence has turned out to be an indispensable part of national defence due to dramatic advancement in
Information Technologies. Moreover, cyber defence industry seems to hold a promising branch of defence industry
thanks to private and public organizations’ on demand as technology consistently evolves. In the light of these
developments, we are delighted to host “International Cyber Warfare and Security Conference” addressing the key
concerns in cyber space. We strongly believe that this event will provide an unrivalled opportunity to discover the
emerging challenges and solutions with key experts.
Murad Bayar
Undersecretary for Defence Industries
ISSUE 48/2013
7
DEFENCE TURKEY
SSM’s Role in Cyberspace as a New
Field of Warfare
Dr. Faruk Özlü Deputy Undersecretary
Cyberspace has become a new
field of “warfare and security”. Our
mission statement saying “assuring the
continuous improvement of Turkey’s
defense and security capabilities”
gives us “a duty in cyberspace warfare
and security”.
This duty has rooted from our
strategic plan in which “gaining
competence in defense and security
technologies that will prepare Turkish
armed forces for future combat
environments” is stated. Performing
such a duty requires strong planning
in which we decide what should be
done in time in very detail. Making
such a plan, on the other hand,
requires knowledge yielded in parallel
to the creation phase of collective
consciousness through studies of
teams constituted by the partners of
the issue i.e. military and governmental
agencies,
defense
companies,
universities and other institutions.
For this purpose, SSM has
initiated several studies, created lots
of documents and reports, performed
many conferences and workshops.
SSM has initiated a study named
“Networked Enabled Capability (NEC)
Feasibility Study” to understand
and discuss the requirements of the
military redefined in this information
age from which cyber security issues
have originated. In that study’s design
decision section, it is stated that
“Information assurance and information
security will be the primary concerns”
emphasizing the security issue
deeply. Parallel to the similar studies
performed at NATO, USA and other
countries, SSM attempted to state and
document this new understanding of
capability brought to defense sector
with the enhancements.
SSM has worked with METU
(Mıddle East Technical University) and
Savunma Teknolojileri Mühendislik
Şirketi (STM) and the related the military
agencies and created an environment
where the collaborators come together
to create this “feasibility study”
under an academic discipline. With
this regard, 25 academic personnel
from METU and 10 engineers from
STM worked together for 18 months,
performing seminars and workshops
together with the military personnel.
The result was a huge document with
a roadmap dictating what should be
done in the short, mid and long term.
Following this study, SSM has
started several other projects on cyber
defense and related issues. One of them
was ISSDN i.e. Information Security
Simulation for Defense Networks in
which we have configured a state of the
art cyber security simulation system
and applied it to the Turkish Armed
Forces to see the possible threats
and defined needed precautions to
secure any kind of military network.
In the course of those studies, SSM
has performed, supported or hosted
several other workshops to create
a collective consciousness through
which valuable knowledge is created
to plan the future of Cyber Security.
It is now very well known that
cyberspace touches every system
and platform we are developing
and procuring.
It is clearly an
indispensable area for innovation and
technology. However, current systems
and platforms are not ready for this
new type of warfare and capability.
One of our missions now is to address
these vulnerabilities and make sure
that our Defense Industry and Turkish
military can recognize the full potential
of network enabled capability and the
risks it brings.
Turkish Military, in tactical and
strategic level, has various networks
some of which work over the Internet
and digital radios or using satellite
infrastructures. Most of these systems
are not fully secure or resilient in
cyber warfare perspective. Our
studies showed that unless major
improvements or significant changes
are made in how they are constructed
or operated, we cannot be sure that
we can protect these systems from the
threat of cyber-attacks growing from
day-to day.
Turkish Military has a separate
command to handle this issue. SSM
has already had a separate department
running the information systems,
various network and cyber security
projects. Considering the entire
governmental system of Turkey, last
year an initiative has been established,
named Cyber Security Coordination
Committee with the mission to run
and coordinate the studies for the
cyber security. This committee will
constitute working groups and ad hoc
committees to deal with the issue.
SSM is always ready to take place
in such groups and committees with
the experience gained through lots of
related projects.
For future plans, as stated in the
roadmap manifested in NEC feasibility
study, we are in the establishment and
assignment phase where each related
agency takes its position.
We are ready with a mature plan
to deal with this new field of warfare
and security as Cyber-attacks is one
of the biggest threats in today’s and
tomorrow’s world.
DEFENCE TURKEY
8
ISSUE 48/2013
Cyber – A New War Domain
Col. Cengiz Özteke
Commander of TAF Cyber Defence Command
Information
Technologies
(IT)
became an important part of our lives
with the incredible innovations in the
21st century. We are getting more
dependent upon this new technology.
Besides making our daily life easier, IT
has a lot of applications in our work life.
This is so obvious when we consider
time spent on sending e-mails,
preparing e-documents etc. We, as
human beings, became successful! in
getting this new cyber domain a new
war domain. Now cyber is inevitably
became the fifth war domain after land,
sea, air and space.
Cyber, as our new war domain,
has some differences from the other
war domains. What are the different
characteristics of cyber? The very
basic characteristic of cyber-attack is
its asymmetric feature. In other words;
bigger impacts can be achieved
with little effort. In the war domains
other than the cyber; you must
have sophisticated and expensive
weapons to dominate the adversary.
But in cyber, with a cyber-weapon,
developed by a few cyber experts
using little resource, you can endanger
adversary’s critical infrastructure like
electricity distribution infrastructure or
airborne early warning system.
Another main feature of cyberattacks is the difficulty in attack source
attribution. Cyber attackers, using the
capabilities of IT, can hide their tracks
or even leave tracks as if attack was
done by somebody else. This situation;
while decreasing the risk taken by the
attacker, on the other side, creates a
risk of not finding the perpetrator or
counter-attacking to an innocent party.
Besides, cyber-attacks are crossborders. Along with the improvements
in IT, state borders and jurisdictions
became blurred. This specification of
cyber-attacks, made the international
cooperation
and
coordination
mandatory.
Cyber domain contains disorder
and ambiguities. International law
that will be applied to cyber conflicts
are now being discussed in the
international community. The main
question of this discussion was “Can
existing international law be applied
to cyber conflicts?” In this regard,
answers to the following questions
were sought; “What is the equivalent
of the term Use of Force in cyber
domain?”, “Can cyber-attack be
considered as an Armed Attack?”,
“What is the proportionate and
appropriate response to a cyberattack?” and “Can a military campaign
be a response to a cyber-attack?”. In
this area, Tallinn Manual emerges as
an important effort. Another important
effort is the report published by the
United Nation’s Group of Experts.
Both studies, meet in the idea that;
existing international law can be
applied to cyber domain. Today, the
current question is; “How to adapt
international law to cyber domain?”
Similar questions are being raised
in NATO. “NATO’s assistance to an
ally which is exposed to a cyberattack” is the hot discussion topic.
The Article 5 of NATO agreement
states tht NATO and allies should take
necessary actions against an attacker
which attacked a NATO ally. Can this
Article 5 be applied for cyber-attacks
and if so in which circumstances?
These questions are being discussed.
This debate hopefully will end in
accordance with the collective defence
approach since cyber power has direct
effect in operational area.
Can we trust the software and
hardware used in cyber domain? Are
the hardware and software used in our
critical infrastructure a Trojan horse
that sends our sensitive information
to others? Or are they going to
execute our commands when we
need them? These questions are
being asked more frequently. Nations
cannot produce all their hardware and
software requirements. So how can
we trust these hardware and software
used in critical infrastructure that we
cannot control through its production?
There is no complete answer to this
question but some approaches in the
international community are being
researched to minimize the risks
using risk management methods. We
think these questions will gain more
importance in the future.
The most important and limited
resource of the nations preparing for
cyber defence is human resource
with the necessary skills. Graduates
usually prefer to work in other areas
other than cyber security. Motivational
precautions should be taken to
encourage people studying in this area.
So, what are we as Turkey doing
in cyber security area? Our starting
point was to add cyber threats as a
new threat to national security and
consider the cyber as an element
of national power. Starting with this
point of view. Transportation, Maritime
and
Telecommunication
Ministry
was appointed as the national cyber
coordinator by the Board of Ministers.
Turkey’s National Cyber Strategy and
Action Plan 2013-2014 was published
in December 2012. Then in 2013,
in order to respond rapidly to cyber
incidents and to coordinate and control
cyber incident response process,
National Cyber Incident Response
Center (USOM) was established. Two
national cyber security exercises were
executed since 2011 and planning of
another multi-national cyber security
exercise in 2014 is ongoing.
We as the Turkish Armed Forces
are executing our cyber program in
accordance with the national and
NATO policy. We established a new
command named “Cyber Defence
Command” in order to coordinate and
control the cyber program centrally.
Short-term, mid-term and long-term
capability targets were determined and
we are doing our best to achieve these
targets.
Along with the improvements
in wireless network technologies
and mobile equipment which uses
electromagnetic
spectrum,
cyber
domain and the electromagnetic
domain are becoming more interconnected. Parallely, cyber warfare
and the electronic warfare which can
be described as effecting network
technologies at the electromagnetic
spectrum, are coming closer. We
predict that these two areas will be
even closer and we are planning our
course of work in this direction.
The aim of our cyber efforts in
Turkish Armed Forces is to defend our
systems in peacetime but our ultimate
target is to support of units in the
operational field.
As we are getting more dependent
upon IT, we may expect increase in the
effects of cyber-attacks. These effects
will affect us every day more physically
than virtually. We must get ready for
that.
ISSUE 48/2013
9
DEFENCE TURKEY
DEFENCE TURKEY
10
ISSUE 48/2013
Turkey’s National Cyber Security
Strategy and the Next Step
Dr. Hayrettin Bahşi- Director, TÜBİTAK BİLGEM Cyber Security Institute
With the growing dependence on
information technologies in sectors
such as energy, transportation and
health which have direct influence in
society’s welfare, cyber security has
started to become a national security
issue that countries have to handle.
In this endeavor, many developed
countries prepared strategies with
the aim of managing cyber security,
a horizontal phenomenon which
has related to many other areas and
created action plans to realize goals in
accordance with the vision presented
in national cyber security strategies.
Therefore, these regulations provide
states more flexible structures to deal
with cyber security and the need to
have coordinated bodies.
The process of making up a
cyber security strategy turned to
a societal attempt in which states
encourage large participation. After
a comprehensive preparation, the
states are sensitive to monitor the
process and fulfill the responsibility of
adopting the plans.
Having taken steps to manage
cyber security in Turkey, a legislation
about carrying out, coordinating and
managing activities regarding cyber
security was published in Official
Gazette on 20th October 2012.
With the legislation Cyber Security
Council which is presided by Ministry
of Transport, Maritime Affairs and
Communication was established.
Undersecretaries of Ministry of Foreign
Affairs, Ministry of Interior, Ministry of
Defence and Ministry of Transport,
Maritime Affairs and Communication,
Undersecretariat of Public Order
and Security, National Intelligence
Agency, the head of General Staff’s
Presidency of Electronic Combat
and Information Systems, the head
of Institution of Information Systems
and Communication, the head of
TUBITAK, the head of Financial
Crime Investigation Council are the
members of the council along with
the senior officials selected by the
Minister of Transport, Maritime Affairs
and Communication. The mission of
Cyber Security Council is to determine
the measures taken for cyber
security, investigate plans, programs,
reports, methods, principles as well
as the standards and to apply and
coordinate all these activities.
The Action Plan for 2013-2014
and Cyber Security Strategy’s
renewed version which was prepared
with the coordination of the Ministry
of Transport, Maritime Affairs and
Communication and in consultation
with TUBITAK and contributed by
other state institutions was published
on 20th June 2013 on the Official
Gazette.
There are 29 points in National
Cyber Security Strategy (NCSS) and
2013-2014 Action Plan. These action
points contain necessary steps that
should be taken for the security
of state information networks and
those of critical infrastructures run
by state or private sector. The Action
Plan and NCSS envision formation
of cyber security understanding
on
societal
level,
determining
critical infrastructure as well as
their protection from cyber threats,
national coordination and taking
measures for research-development.
Struggle against cyber crimes is also
given considerable attention in both
documents.
Cyber security is the first and
foremost issue for the countries having
high level dependency on information
technologies. Cyber tools, useful in
Defence and offense, are increasingly
integrated into conventional warfare
and have a critical role in international
power balance. As a consequence
the terms cyber diplomacy, cyber
espionage and cyber army have been
frequently encountered. In some
strategy documents, it is evident that
these concepts are defined in detail
and successfully adopted to wider
national security
strategy. While
national cyber security strategies
are accessible through web, the
documents about cyber intelligence
and cyber army are highly classified
and are not shared with the public.
Risks and opportunities
in cyber diplomacy
Cyber diplomacy, a domain which
surely would increase its weight in
international relations, is usually
categorized into two subgroups.
Today, states are benefiting from
cyber diplomacy by using it as a
public diplomacy tool to reach out
citizens in other countries. The
enlarging existence of world leaders,
governments and other institutions
dealing with international relations in
social media constitute a remarkable
part of cyber diplomacy. With the
aim of explaining their policies to a
global audience, the administrations
formed units particularly involved in
effective use of Twitter, Facebook and
YouTube.
Extensive use of social media by
the states has created a new dimension
in strategic communication. The
type of diplomatic interlocutor has
started to extend from state-tostate negotiations to state-to-global
public communication. Therefore,
it is crystal clear that social media
which provides states the chance to
convince other nationals about their
international policies has instrumental
affect on ‘gaining hearts and minds’.
In National Cyber Security
Framework Manual published by
NATO’s CCDCOE in Estonian capital
Talinn, the second dimension of cyber
diplomacy is composed of states’
methods to obtain and preserve
confidential information. In the
recent years, diplomacy world has
experienced sensational diplomatic
leakages.
The Wikileaks incident has
launched wide discussions on
leaking,
spreading
and
using
confidential diplomatic documents.
There is no doubt that revelation
of official secrets have shaken
confidence crisis. These events has
signed beginning of a new era in
many issues including prevention
methods to protect confidential data
and diplomatic correspondence.
ISSUE 48/2013
11
DEFENCE TURKEY
DEFENCE TURKEY
12
The states likely to come up with a
new engagement to state-to-state
communication and inter institutional
information exchange.
New Dimension of Power
Struggle: Cyber Weapons
and Cyber Espionage
Over
the
flow
of
history,
technological progress has been
influential in shaping public’s security
perception and the way wars occurred.
Emergence of steamboats changed
the hands having superiority over
the seas just like the warplanes
transformed the warfare and led to rise
of the term of civil Defence. Therefore,
it is impossible to separate warfare
and cyber developments in a period
of time which is defined as ‘Digital
Age.’ The fact that majority of Defence
and offense systems are controlled
and commanded by military networks
increase the vulnerability of countries
where a cyber attack to military
networks would paralyze the combat
capabilities. Apart from military
networks, the intense dependency
of education, health and financial
systems on information technologies
have caused cyber security to be
handled as a national security matter.
Similarly, critical infrastructures having
direct impact on daily life such as
facilities of energy production and
transportation, dams, bridges and
ports are among the main targets in
terms of a cyber attack on national
level. Although security measures
have been tightened to provide more
security for these infrastructures, ‘No
system has complete safety.’ is more
than a motto when cyber space is
regarded.
The statements made by senior
officials are helpful to grasp how this
new threat is perceived by decisionmakers. Former Secretary of Homeland
Security in US used the analogy of
9/11 by saying ‘We should be ready
cyber 9/11.’ to explain the extent of
the threat her country face. The former
top NATO Commander Admiral James
Stavridis also spotlighted cyber threats
among threats directing against the
Alliance.
Analyzing cyber strategies of
countries would tell that not all of
these governments base its cyber
policies merely on defensive outlook.
Some administrations have apparent
tendencies to view cyber space as a
ISSUE 48/2013
domain of war like air, land, navy and
space. These states do not hesitate
to declare non-defensive strategy
and put efforts to reach sufficient
technological capabilities. In a military
environment like cyber space where
the clear cut divisions between offense
and Defence is getting thinner, creating
offensive capabilities are increasingly
seen as an indispensible integral part
of Defence strategy. US and UK could
be given examples of countries holding
offensive attitudes in cyber strategies.
One of the pioneers of software
sector, McAfee claimed in a report
published in 2007 that 120 countries
developed/developing cyber weapons.
Despite the lack of accurate data
having up-to-date figures, the concern
lies behind the assumption that the
hardships to control and regulate cyber
space would gain a chaotic character to
the extent that would cause permanent
damage on inter-state relations.
Other factors like the obstacles for
precise attribution and relative high
obtainability of cyber offensive tools
have paved the way not only states but
also non-state actors to acquire cyber
weapons. It could safely be argued
that the level of anxiety stemmed from
the possibility terrorist groups get
weapons of mass destruction would
be felt by the likelihood of transnational
illegal communities developing cyber
weapons. Furthermore, one more
concerning factor for states is the
need of an applicable cyber space
international law.
Spying activities have always had a
central role in shaping nations’ security
strategies. Technologic developments
have transformed the way intelligence
agencies gather confidential and
private information. On the one
hand, the opportunities offered by
cyber space have enlarged states’
capabilities for intelligence, but on
the other hand they make it possible
for civil bodies. From this point of
view, several group of information
ranging from clients data the banks
have to the know-how universities
developed. Evolution of cyber space
is likely to open a new discussion on
the relationship between this kind of
information and national security.
Organizing future’s cyber strategy
The nations’ preparation of national
cyber security strategies and making
them available for public could be
interpreted as the reflection of threat
perception to policy making. So far,
more than 30 administrations have
publicized cyber security strategy in
English. Additionally, there are also
some governments that either did not
choose to publicize the document or
translate it into English.
Taking the speed of cyber
developments into account, it is
strategically important to readjust
strategy documents in accordance
with the newest findings. Furthermore,
unlike the strategies about other
domains, the policies about cyber
space should be re-developed in a
much shorter period of time to catch up
the rapid changes. The growing threat
perception and increasing interest on
cyber space have pushed politicians
and decision-makers to improve their
understanding in a way which embrace
dangers coming from cyber space in
addition to conventional menaces.
Considering the abovementioned
threats, it can be fairly argued that
the importance of cyber security will
mount in the near future. Turkey should
be ready against constantly evolving
cyber menace and adopt the recent
changes into cyber strategy in order to
ensure public security. It is suggested
in National Cyber Security Framework
Manuel, published by NATO’s CCDCOE
that cyber security has five domains: 1)
Military Cyber 2)Counter Cyber Crime
3)Intelligence and Counter Intelligence
4)Critical Infrastructure Protection and
National Crisis Management 5)Cyber
Diplomacy and Internet Governance.
A closer look at Turkey’s national
cyber strategy makes one to suspect
not sufficient level of attention is
allocated to cyber intelligence and
cyber diplomacy. However, there are
two explanations for this. Firstly, we
may maintain the protection of civilians
and ensuring security of critical
infrastructures have been primary
focus of this strategy document.
Another explanation could be that
cyber military operations and cyber
intelligence may have been regarded
as issues related national security and
treated as highly confidential which led
them not to be publicized.
In both scenarios, preparing their
own cyber Defence strategies of
institutions having principal importance
for national security like Turkish Armed
Forces and intelligence agencies would
strengthen the nation’s resilience as
well as develop the capacity to take
countermeasures within the frame of
reciprocity.
ISSUE 48/2013
13
DEFENCE TURKEY
DEFENCE TURKEY
14
ISSUE 48/2013
ODTU Teknokent is a Hub Where
Research that is Done at the University
and in Companies is Transferred to
Industry and Commercialized
Mr. Tolga Özbolat, Director of University Industry Collaboration Department, ODTÜ Teknokent assessed activities of
ODTU Teknokent, projects, structure and finance of ODTU Teknokent cluster and R&D projects for Defence Turkey
Magazine.
© Defence Turkey
ISSUE 48/2013
Defence Turkey: Please accept
our very special thanks for devoting
your time to answer our questions.
As a start, could you please tell us
about ODTU Teknokent in terms of
the activities and projects being
carried out?
When talking about ODTU
Teknokent, we have to start with our
main source of power, ODTU (Middle
East Technical University), which
is the first and biggest campus
university in Turkey with 24.500
students. ODTU is an international
university with more than 1.400
international students coming from
68 different countries. Approximately,
2500 researchers are working in 40
undergraduate programs within 5
faculties. The university has 93 Ms,
60 Phd programs and 5 institutes.
40 research centers, 24 of which
are centers of excellence and 365
laboratories are giving services to
industry as well as academia. It is the
leading party for Turkey in projects
funded under 6th and 7th framework
programs, and we believe to sustain
our position in the league for Horizon
2020 programs. Combining ODTU’s
research capacity and know-how
with the innovative capacity of
entrepreneurs, ODTU Teknokent
has provided momentum to our
country’s technology accumulation.
Our model has become successful
with its management experience and
the projects undertaken, and has set
an example for the development of
other technology parks in Turkey.
Our reputation has crossed borders
and we are providing consulting
services for institutions willing to
set up technology parks abroad.
ODTU Teknokent holds 300 firms,
%89 of which are SME’s that employ
© ODTU Teknokent
15
DEFENCE TURKEY
ODTU Teknokent
Facilities
© ODTU Teknokent
approximately
4100
personnel
carrying out R&D activities in a
120.000 m2 enclosed area.
ODTU Teknokent is constantly
developing new policies and
supporting programs in these areas;
the
biggest
telecommunication
company of Turkey, Turk Telekom, is
going to be hosted in new incubation
(telecommunication) center where
will share know-how and projects
with smaller companies. This model
will give smaller companies the
chance to develop deeper knowhow in very specific areas and will
give bigger companies the chance
to share the risk and avoid being
oversized.
In general ODTU Teknokent’s
policy is to create incubation
programs
and/or
environments
around anchor companies; key
players of the international market,
and place smaller, flexible, capable
SME’s around these companies.
This model is going to be
applied to consumer electronics,
telecommunication and ICT and it is
already in use for Defence industry
and digital gaming. ODTU Teknokent
also has pre-incubation program
for digital gaming and animation
technologies.
University-industry collaboration
which covers consultancy from
academia to the industry, codevelopment
and
co-research
projects,
usage
of
research
infrastructure efficiently, training
candidate engineers as per the
request of industry, direct technology
transfer via start-ups, spin-offs
and patent licensing is the main
duty of ODTU Teknokent. Since
2002, ODTU Teknokent and ODTU
collaborated on 900 R&D projects,
signed 1600 contracts with more
than 500 different academics in 44
different academic departments. In
2012, 85 new projects were initiated
at Teknokent to facililtate universityindustry collaboration.
To
enable
technology
development in accord with the
strategic plan of the Undersecretariat
for Defence Industries (SSM), ODTU
Teknokent is giving support to a
joint program called Recruitment of
Researchers for Defence Industry
(SAYP), between ODTU, SSM, and
Aselsan, Roketsan, Tusaş. Within
the scope of the program, postgraduate researchers at ODTU, who
are at the same time employed in
The awards of
these main contractors are oriented
The New Ideas
for research projects that are
New Businesses
strategically chosen by SSM. Hence,
Competition 2013
were presented in the know-how and research capacity
3 categories to 11 is transferred from the university
Entrepreneurs by to the industry to help develop
ODTU Teknokent indigenous defence technologies.
There is also another program called
MIGEP (Collaboration Development
Program for Centers) that aims to
facilitate the use of the infrastructure
DEFENCE TURKEY
16
at the University’s thematic research
centers for R&D activities on projects
that are agreed upon by both the
University and industry. This program
is supported by the thesis of the
post-graduate researchers who are
at the same time employed in private
sector. For 2013, the privileged
sectors for MİGEP were defined to
be electrics and electronics and IT,
energy, biomedical and automotive
sector. Under the Teknokent Project
Office we are supporting companies
and academicians in managing
and writing FP7 and Horizon 2020
projects. Within the scope of TTO
(Technology Transfer Office) we are
financing and conducting patent
applications for the inventions
coming
from
the
Teknokent
companies and ODTU (and any other
candidate which seems suitable for
commercialization). The process
includes
commercialization
of
these inventions. ODTU Teknokent
is trying to build up its reputation
in the international market; we
are using accelerator programs
to present successful companies
to
the
international
market.
ODTU Teknokent is continuously
communicating with the international
key players of the prioritized sectors
and eagerly inviting them to conduct
their R&D projects in the technology
park. In a similar vein, clustering
activities
and
cooperation
in
international projects are carried out.
We have one ICT and one defence
industry cluster
Defence Turkey: You have
mentioned a cluster for the
defence
industry
companies;
could you please provide some
details about this?
Middle East Technical University
(METU) technology park, ODTÜ
© ODTU Teknokent
ISSUE 48/2013
© ODTU Teknokent
Teknokent hosts more than 70
Defence industry companies doing
R&D and has clustered them
into Teknokent Defence Industry
Cluster (TSSK) as of 2010. These
companies have complementary
vertical expertise that provide added
value to each other’s capability and
are developing new technology
products and services for Defence
and security.
The cluster aims at providing
added value to generate more
synergy and cooperation among
its members, with universities
for applied research in Defence
sector, and with major contractors.
The ultimate goals are to fulfill the
requirements of Turskish Armed
Forces and to position Turkish
Defence industry as a significant
player in the world market through
high technology solutions, products
and services that are presented to
international market.
The cluster’s mission is to
provide added value to generate
synergy and cooperation among
its members, with universities for
applied research in defence sector,
and with major contractors. The
ultimate goal is to position Turkish
defence industry as a significant
player in the world market through
high technology solutions, products
and services that are presented to
international market.
Offset is a powerful tool
for
establishing
international
cooperation. The companies that
produce high value added solutions,
products and services with high
technology are considered to be the
most efficient options for cooperation
through offset. Owing to the merits
that are mentioned about Teknokent
Defence Industry Cluster (TSSK)
companies, and the fact that ODTÜ
Teknokent is one of the key actors
of technological development in our
nation, TSSK cluster is considered
to be one of the most significant
strategic partners of SSM.
Defence Turkey: How do you
facilitate defence companies to
work together and how is the
cluster activities financed?
Currently, the cluster is financed
by the Turkish Ministry of Economy
for a $3.6 million project named UrGe (Development of International
Competitiveness), which aims at
internationalization and improving the
export capabilities of the cluster with
its members by creating sustainable,
competitive advantage for the firms
in Defence sector. Within the scope
of this project, TSSK members are
trained and certified on technical
requirements,
managerial
and
marketing issues; the cluster attends
ISSUE 48/2013
17
DEFENCE TURKEY
DEFENCE TURKEY
18
ISSUE 48/2013
© ODTU Teknokent
international trade shows and fairs,
visits other high-technology Defence
cluster(s), organizes trade missions
to countries of interest and hosts
foreign trade missions made to the
cluster in search for opportunities
of cooperation. Financed and
supported by the Turkish Ministry
of Economy, last February, TSSK
attended IDEX 2013 in Abu Dhabi
with BTT Information Technology,
EDA Engineering Design Analysis,
infoTRON,
Labris
Technology,
SimSoft and Verisis as well as
Aselsan, Ayyazılım, Bites, ETC-IS,
Figes, Havelsan, Milsoft, SDT, and
TAI.
Turkish Ministry of Economy has
special programs and incentives
to support SMEs and clusters
of various sectors. The ministry
intends to boost export by SMEs
and clusters through increasing the
international competitiveness of the
companies. The project is initiated
by a needs analysis that enables the
companies taking part in the project
to develop a road map throughout
the project cycle. The needs analysis
puts forward the cooperation
network
among
the
project
participants, namely the cluster
members; the training needs, the
improvement areas and the leverage
points of the companies in terms of
competitiveness. For a duration of
three years, the companies receive
training and consultancy on their
selected technical and managerial
topics and receive the funds to
attend five business development
events such as trade shows, fairs
or B2B meeting organizations
abroad. The ministry supplies funds
to host 10 delegations from abroad
to finance the travelling expenses
of these delegations and the costs
associated with organizing B2B
meetings with these delegations.
The Ministry of Economy provides
generous funds to enable Turkish
companies in all sectors, especially
SMEs to meet with foreign firms to
develop cooperation and realize
transactions through export.
Defence Turkey: Could you
please enlighten us about ODTU
Teknokent R&D activities of
Defence Industriy companies?
TSSK is comprised of SMEs
operating in the fields of manned
and unmanned vehicles; advanced
© ODTU Teknokent
materials,
CBRN
technologies,
protective vehicle and material
technologies;
human-machine
interface; cryptography, coding and
encryption, electronic intelligence
systems; modeling and simulation,
simulation systems; communication,
electronic and information systems;
sensors and electronic systems,
dataLink technologies as well as the
various related engineering services
such as testing, calibration, modeling
and maintenance. The driving force
of the cluster is the R&D projects
stimulated by the synergy between
university, industry and research.
The cluster members employ around
1000 R&D personnel and currently,
there are approximately 150 active
R&D projects being conducted for
Defence industry by the members of
TSSK.
Defence Turkey: Are there any
other points that you would like to
mention to the readers of Defence
Turkey?
It is worth to mention the
significance of dual use of
technologies
developed
in
companies, universities, research
centers and technology development
regions such as ours. As ODTU
Teknokent, we effort to facilitate this
by bringing together companies that
serve for different sectors, especially
defence, medical and automotive,
by
organizing
Project
Fairs,
company meetings and proctor our
companies’ new projects in order
to determine whether a critical
technology is being developed and
can be utilized for different sectors.
We try to inform our companies to
notify us about their progress and
their new technologies, so that the
dissemination of these can be done
to facilitate dual use.
Finally, I would like to state, once
again, that ODTU Teknokent is a
hub where research that is done at
the University and in companies
is transferred to industry and
commercialized. The University is a
magnificent supply of both academic
know-how and premium quality
human resource for companies in
the technology development region.
We would like to welcome more
international companies, with their
research centers and cooperate in
joint research programs and facilitate
collaboration with the University.
ISSUE 48/2013
19
DEFENCE TURKEY
DEFENCE TURKEY
20
ISSUE 48/2013
Aselsan’s Cyber Security Solution
Ali Yazıcı, Cryptology and Information Security Manager, ASELSAN
In today’s world where everything
is being digitized, the use of
information technologies and real-time
information exchange have become a
must, rather than a choice for every
sector. Cyberspace has broadened
unexpectedly and has become
an important part of our daily life,
social interactions, work life and the
services we receive from government
institutions.
Cyberspace has become vulnerable
to all kinds of cyber attacks and
cyber threats have changed, evolved
and increased over time. This has
necessitated innovative and original
cyber security measures ensuring
secure and continuous information
exchange through cyberspace.
ASELSAN
works
towards
developing next-generation innovative
and original technologies and develops
national solutions such as the VAG
System that ensures continuous
secure information exchange, and
the Mini IP Encryption device that is
ecologically friendly and suitable for
mobile technologies.
Virtual Air Gap System (VAG)
The ASELSAN 2180 VAG, namely
the Virtual Air Gap (VAG), is a unique
combination
of
hardware
and
Common Criteria EAL 4+ certified
software; it provides a secure network
traffic flow between private and public
networks in order to realize missioncritical
operations
fundamentally
by preventing transit IP traffic. The
ASELSAN 2180 VAG runs on internal
and external host machines (vag-int
and vag-ext) on top of Linux operating
system and mediates the information
flow with the support of external
software installed in its environment.
ASELSAN 2180 VAG system
is deployed between the external
network and the institution’s internal
network and does not use IP-based
communication for internal connection.
Therefore, the ASELSAN 2180 VAG
actually forms a “virtual air gap” border
providing high-level security.
The
system that runs the ASELSAN 2180
VAG is basically composed of internal
and external security components
(servers) and a shared memory
(shared disk) component. Figure-1
shows the general architectural view
of the ASELSAN 2180 VAG and its
environment.
ASELSAN 2180 VAG is protected
by a number of environmental
components in order to function
appropriately. These components
include firewall (FW), network-based
intrusion detection system (NIDS),
protocol filter and host based intrusion
detection system (HIDS) working on
both servers (vag-int and vag-ext).
Vag-int has a management interface
that enables administrative users
(with sufficient access rights) to
manage and monitor both internal and
external hosts’ system information,
configuration data, partial backups,
administrative users, audit logs and
user passwords.
Information flow over ASELSAN
2180 VAG is bi-directional: through
external to internal network and vice
versa. External network’s requests/
responses are taken by the external
host (vag-ext). The requests/responses
are passed through application level
controls by a process running on the
external host. Filtered and controlled
requests/responses are transferred
to the shared disk after encryption
and digital signing. The internal host
(vag-int) takes the requests/responses
from the shared disk after decryption,
and signature verification procedures.
If no problem occurs, the requests/
responses are recorded and transferred
to the respective application on the
internal network. Same information
flow is valid for connections from
the internal network to the external
network.
The
communication
between
vag-int and vag-ext is encrypted
and
cryptographically
signed.
Cryptographic
operations
are
performed by the functions of crypto
library of the operating system. Crypto/
Sign layer of the VAG architecture
that is shown in Figure 2 invokes two
cryptographic actions on the data
packets flowing from message layer
to disk access layer. Operational
Environment first encrypts the payload
of the data packet and then signs the
whole packet using the crypto/sign
module of the ASELSAN 2180 VAG.
This way, the disk has signed and
encrypted data packets which can
only be resolved by peer host. Figure-2
shows the internal architecture of the
VAG servers.
Mini IP Encryption Device
Mini IP Encryption Device has
been developed by ASELSAN to be
compatible with mobile technologies
and to make SECRET level classified
secure voice and data communication
possible over mobile and/or fixed IPbased networks; and it is an original,
innovative and environmentally friendly
solution. Mini IP Encryption Device,
which has copper and fiber optical
10/100/1000 Mbit/s ethernet interfaces
and an encryption speed that exceeds
155 Mbit/s, supports Internet Protocol
version 4 (IPv4) and version 6 (IPv6).
Mini IP Encryption Device, which
is capable of functioning in Tunnel
and Transport modes supporting
IPSEC and NATO NINE standards,
has
two
encryption
algorithms
that support different classification
levels. As a result it offers secure
data sharing capability by providing
real-time connection to networks
with different classification levels.
ISSUE 48/2013
Configuration, alarm management
and security management of Mini IP
encryption devices can be performed
and encryption keys can be loaded
remotely using state-of-the-art Secure
Network Management System over
SNMP.
Mini IP Encryption Devices that
support mobile IP can automatically
discover changing red network
topology and distribute this topology
securely among themselves; likewise
they can automatically discover each
other and perform cryptographic
verification without any need for
configuration and/or operator. Even
when there are no configured tunnel
tables (policies) on Mini IP Encryption
Devices they can find each other
dynamically and build tunnels using
the Secure Tunnel Establishment
Protocol (STEP).
21
Mini
IP
Encryption
Device,
environmentally friendly with its low
weight and low power consumption,
is an inseparable part of information
and communication technologies
and e-government applications with
its superior technical characteristics,
high processing speed and portable
mechanical properties that are suitable
even for tough military conditions.
As a conclusion, ASELSAN is
the biggest developer and producer
of cryptology and information security
products in Turkey; in parallel with
growing technologies and demands,
ASELSAN is planning to make
investments in the Cyber Security
area, which covers all cyber interests
including, among other subjects, cyber
defense and cyber espionage. At
ASELSAN, we think that cyber security
technologies should be developed
DEFENCE TURKEY
nationally, using original and innovative
ideas. In order to keep this development
healthy and sustainable, we aim to
create a “Cyber Security Technology
Development Ecosystem” where a cooperation between the government,
universities and the defense sector will
be implemented.
DEFENCE TURKEY
22
ISSUE 48/2013
Cyber Threat Intelligence and National
Framework for Turkey
Bahtiyar Bircan, Principal Researcher
TÜBİTAK BİLGEM Cyber Security Institute
Cyber-attacks are increasing and
changing face. Today cyber-attacks
are more sophisticated and targeted.
Nowadays cyber attackers are mostly
state sponsored or backed by large
crime groups.
From DDoS attacks to advanced
persistent threats (APTs) they are
conducting highly sophisticated and
coordinated attacks to carefully selected
targets. Different individuals and groups
in this rogue market are cooperating
very well during these attacks. They can
coordinate and initiate a cyber-attack in
a matter of minutes. Recent distributed
denial of service attacks and botnet
activities against different institutions
are examples of how coordinated cyber
criminals can be.
Unfortunately
detecting
and
responding to these attacks is very
slow. Attacks can be coordinated and
initiated in hours, but detecting and
responding to them may take months
and years. Lack of strong cooperation
between prevention mechanisms and
organizations is one of the causes.
So prevention fails partly due to not
cooperating very well, and partly not
being able to respond in timely manner.
There is a need for new approaches
to increase speed and effectiveness of
cyber-attack detection and prevention
mechanisms. These approaches should
accelerate detection process and enable
getting automatic prevention measures
in short period of time. Cyber threat
intelligence is one of these approaches.
It provides actionable intelligence that
can be used to prevent current cyberattacks.
Cyber threat intelligence is raising
trend in security industry. Today many
security vendors like FireEye, Mandiant,
IBM, McAfee established central threat
intelligence databases and integrate
it with their products. Microsoft and
HP recently announced that they will
launch real-time threat intelligence
feeds to public access.. Also there are
public web sites and commercial firms
supplying threat intelligence feeds.
Organizations like NATO and
European Union are also working on
cyber threat intelligence projects for
their systems. Some NATO member
countries implemented such system at
national level.
Actually automatic threat detection
and elimination concepts are not new.
They are widely used in military systems.
There are similarities between cyber-
attacks and attacks/threats in physical
world. If we look at military systems,
there are a lot of systems developed to
monitor and prevent malicious activities
of adversaries. One of them is missile
Defence systems. There are 3 in typical
missile Defence system. These parts are
:
›› Monitoring and detection: In this part
unknown/enemy missile and rockets
approaching to airspace are detected by
radar systems. Tracking radar systems
detect enemy missile and rockets
approaching to nation airspace and
inform control centre.
›› Battle management and control centre:
Target data about approaching missile
is received from tracking radar for
processing. At that point threat is analysed
and possible impacts are evaluated.
›› Intercepting missile firing unit: After
analysing threat impact, automatic
preventive action is started. Antimissile
launcher sends interceptor missile to
target in accordance with live updates.
Intercepting missile catches target
and target warhead is detonated in
neutral area, before target reaches
final destination. As a result threat is
intercepted and collateral damages are
reduced or eliminated.
How Does Threat Intelligence
Model Work ?
Like missile Defence systems threat
intelligence system consists of 3 parts.
These parts are threat identification
and data collection, threat analysis,
response and prevention.
Phase 1 : Threat identification
and data collection: At this phase
information about current cyber-attacks
is collected in central place. It is similar
to phase 1 in missile Defence system.
Information
about
cyber-attacks
can be external or internal. External
data is obtained from public sources
outside the company. Here attacks are
detected by external bodies and attack
information including IP address, URL,
Malware information etc. İs passed
to central database. External data
sources can be Spam RBL list, Botnet
tracker sites like SpyEye, Zeus Tracker,
commercial threat intelligence feed,
CERT/SANS/NVDB advisories, public
IP and file reputation databases and
social media sites like twitter. Internal
data is obtained from internal IT security
components.
These
components
can be firewalls, intrusion detection
systems, log management and SIEM,
web application firewalls, honeypots,
antivirus/endpoint protection software.
Phase 2 : Threat analysis and
assessment: At this phase collected
data is categorized and analysed to
better understand the nature of cyber
threats. Characteristics of cyber-attack
like IP address, URL, Malware hash
may vary and expire in hours and days.
Also data collected (especially external
data) should be inspected against false
positives and misinformation. Different
techniques like validation, correlation,
cleaning and de-duplication, reputation
checks, heuristics, behavioural and
contextual analysis are used. As a result
actionable intelligence about current
cyber threats is obtained.
Phase 3 : Response and prevention:
Last phase is creating preventive actions
from analysed data. Actionable threat
intelligence produced in previous phase
is converted in automatic prevention
action feeds. These feeds are converted
to ruleset for each security products.
Firewall block rules, IDS signatures,
antispam rules, DDoS prevention
actions, antivirus signatures are some
examples of these rulesets. Produced
rulesets are automatically pushed
to all relevant appliances connected
to threat intelligence system. As a
result, preventive action about specific
threat is automatically implemented
in all perimeter protection products in
minimal time and no user intervention.
National
threat
intelligence
framework for Turkey
In order to prevent cyber attacks
targeting
government
institutions,
military systems and critical infrastructure
facilities in Turkey effectively there is a
need to develop a national cyber threat
intelligence and Defence system. In this
centre information about cyber attacks
targeting facilities in Turkey should
be collected, analyzed and automatic
preventive actions should be issued
quickly.
Unlike missile Defence systems, this
system should include not only military
bodies but all relevant shareholders.
Government
agencies,
critical
infrastructure facilities, military forces,
private sector, financial institutions
and academic research organizations
should participate to this system.
Also close cooperation with security
vendor is vital for such system. Security
vendors can integrate their own threat
centers with this system to build better
prevention. In such model flow of
information can be in 2 way.
ISSUE 48/2013
›› From vendors to threat center : vendors
can send threat information about recent
attacks they detected to threat center.
In threat center information is analyzed
and resulting preventive rulesets are
automatically send to all participants in
system.
›› From threat center to vendors: in
this scenario attack detected in any
government agency is informed to threat
center. Threat center informs security
vendors about the attack. Security vendor
get attack information and automatically
issue rule update for their products.
For firewall vendor, update is in firewall
block rule for relevant attack IP address,
for antivirus vendor update is in virus
signature update, for antispam gateway
vendor update is in RBL rule for sending
IP address and hash of file used as an
attachment. Generated updates are
automatically pushed to all security
vendor products running in country. As
a result detection of one attack to one
agency triggers prevention mechanism
and further attack with same pattern
targeting other agencies is automatically
blocked.
Example scenario:
Cyber-attack targeting a financial
institution is discovered in the wild
23
by academic research institute.
Attack begins with phishing e-mails
with attachment containing custom
malware and continues with installing
trojan from known URL with driveby download technique. Research
institute analyses attack and issue
a report explaining attack details. In
report IP address sending e-mails,
example phishing e-mail subject and
body, attached malware hash and
possible filenames, URL address
used to download custom trojan and
IP address of command & control
servers are included. Report is sent to
national cyber threat center. National
threat center extract threat information
from report and automatically issue
prevention rules. Prevention rules are
issued for firewalls, antispam gateways
and URL filtering products. For firewalls
automatic block rule for IP address are
generated. For antispam gateway rule
including mail subject, mail body and
hash of attached file is generated. For
URL filtering block rule for said URL is
generated. Generated rules are pushed
automatically to all firewall, antispam
and URL filtering products connected to
threat centre.
Also antivirus vendor is informed
DEFENCE TURKEY
about attack. Antivirus vendor generates
virus signature update including
signature for malware coming in
phishing mail attachment and drive-by
download trojan. Generated signature
is pushed to all antivirus software
instances of antivirus vendor.
As a result threat is identified and
automatically prevented from spreading
to other financial institutions and
government agencies.
Conclusion
Cyber-attacks are increasing and
getting more sophisticated. Crime
groups and individuals work closely
and in good coordination to perform
these attacks. To effectively respond
and prevent cyber-attacks close
cooperation is needed. There is a
need to build a threat monitoring and
prevention centre to detect and prevent
cyber-attacks targeting critical military
and civilian facilities in country. This
centre should continuously monitor
cyber-attacks from external and internal
threat information sources and produce
actionable
intelligence.
Automatic
preventive actions should be taken
based this actionable intelligence.
DEFENCE TURKEY
24
ISSUE 48/2013
History of NATO’s Land Power
The
North
Atlantic
Treaty
Organization (NATO), also called
the (North) Atlantic Alliance, is an
intergovernmental military alliance
based on the North Atlantic Treaty
which was signed on 04 April 1949.
The organization constitutes a system
of collective defence whereby its
member states agree to mutual
defence in response to an attack by any
external party. The Korean War 19501953 galvanized the member states
and an integrated military structure
was built up under the direction of two
Allied Supreme Commanders. With the
benefit of aid and a security umbrella,
political stability was gradually restored
to Western Europe and the post-war
economic miracle began. New Allies
joined NATO: Greece and Turkey in
1952, and West Germany in 1955.
The Alliance’s expansion continued
to the present day and the number of
member nations has reached 28.
Among these members, only
two countries, Turkey (Izmir) and
Italy (Naples) have hosted NATO
headquarters without interruption
since 1953. The meaning of this is
twofold. First, that NATO is fully aware
of Turkey’s strategic importance.
When we look at the map, we can
see that Turkey was once the Soviet
Union’s next door neighbour. Turkey’s
geographical situation is unique in
the world. It is surrounded by the
Balkans, the Middle-East and the
Caucasus. One of the world’s most
important waterways runs through
Turkey. Second, Turkey has always
had a strong and efficient military.
From a NATO perspective, Turkey
has always been important. Given
her neighbours and her geostrategic
position, Turkey equally needs NATO.
Although the negotiations for the
Garrison Support Agreement (GSA)
have not been finalized, Turkish Army
are going beyond their commitment
for LANDCOM to reach its target of
achieving Full Operational Capability
(FOC), which is testimony to the
Alliance’s solidarity.
Within all these historic streams
NATO reconstructed itself under the
pressure of new necessities arising
from Prague Summit. On 19 June
2003, a further restructuring of the
NATO military commands began as the
Headquarters of the Supreme Allied
Commander, Atlantic was deactivated
and a new command, Allied Command
Transformation (ACT), was established
in Norfolk, Virginia, United States,
and the Supreme Headquarters Allied
Powers Europe (SHAPE) became the
Headquarters of Allied Command
Operations (ACO). ACT is responsible
for driving transformation (future
capabilities) in NATO, whilst ACO is
responsible for current operations.
As a result of the NATO review, the
number of land forces headquarters
was reduced from 11 to 6, and the
number of NATO personnel almost by
half. The sole land command. Allied
Land Command (HQ LC) was activated
in Izmir, Turkey on 01 December 2012.
LANDCOM provides expertise
in support of Alliance land forces’
readiness,
competency
and
standardization – including their
evaluation and certification; delivers a
planning capability in support of higher
headquarters and the NATO Force
Structure (NRF); and when directed by
Supreme Allied Commander Europe
(SACEUR), provides the core of the
headquarters element responsible
for the conduct of land operations
and the synchronization of land
forces’ command and control (C2) in
accordance with the Allied Level of
Ambition (LOA).
To accomplish this mission,
LANDCOM will provide advocacy for
NATO’s land forces and ensure their
effectiveness and interoperability in
the post-ISAF era. The most important
reason for LANDCOM’s creation was
to retain the level of cooperation,
cohesiveness, tactics, techniques,
procedures,
competencies
and
capabilities that the Alliance has
developed over the past 12 years
as part of the International Security
Assistance Force in Afghanistan.
Although NATO has always
protected its communications and
information
systems,
the
2002
Prague Summit placed cyber defence
on the Alliance’s agenda for the
first time. Since then, securing the
communication systems owned and
operated by the Alliance against the
background of rapidly developing
technology has been NATO’s top
priority regarding cyber defence.
(CAOC - Combined Air Operations Center)
(DACCC - Deployable Air Command and Control Centre)
ISSUE 48/2013
LANDCOM is fully aware that
the best action is a pre-emptive and
proactive approach and agrees that the
best defence against cyber-attacks is
user awareness and prompt reporting
of suspicious activity. The initial focus
of cyber defence training is to change
the mindset of the staff regarding the
issue.
In order to fulfill its mission of
providing expertise in support of
Alliance land forces readiness,
competency and standardization, in
other words its Land Advocacy role,
LANDCOM assumes an advisory/
leading role for the Graduated
Readiness Forces (Land) (GRF(L)).
The integration of cyber defence
capabilities both in peacetime and
during operations is one of the areas
25
focus. LANDCOM uses a three-step
approach to design a program, create
the training material, and develop
and maintain constant cyber defence
awareness.
As the growing sophistication of
cyber-attacks makes the protection
of the Alliance’s information and
communications systems an urgent
task for NATO, LANDCOM should
be prepared to execute Command
and control (C2) in a contested and
degraded network environment. To
achieve this, LANDCOM maintains
a focus on planning and executing
cyber defence scenarios and building
them into the existing NATO exercise
programs to create cyber security
awareness among training audiences.
This mindset change and awareness
DEFENCE TURKEY
will be exercised during contingency
planning, proactive and reactive
actions.
Cations LANDCOM focuses on
increasing the users’ cyber defence
awareness against emerging threats. It
pursues internal staff training programs
as well as courses administered
at the NATO Communications and
Information Systems (CIS) School
(Latina, ITALY) and NATO Defence
Against Terrorism Centre of Excellence
(Ankara,
TURKEY).
Moreover,
LANDCOM encourages staff to make
maximum use of the on-line course
opportunities offered by the NATO
Cooperative Cyber Defence Center of
Excellence (Tallinn, ESTONIA).
DEFENCE TURKEY
26
ISSUE 48/2013
Cyber Security - From Luxury to
Necessity
In this age of technology and
communication convergence, the
impact of technologies and innovations
that center on computers, cell phones
and the Internet is profound. The
following Market Insight considers
the increasing importance of Cyber
Security as an essential part of a nation
states defence infrastructure. Frost &
Sullivan defines Cyber Security as the
act of protecting critical information
or any form of digital asset stored in
a computer or in any digital memory
device.
It is important to understand
that complete cyber protection is
not achievable by using one form
of security solution, but needs an
amalgamation of different security
technologies. There are different forms
of threat with each one presenting
a different level of seriousness and
requiring its own unique solution.
The higher degree the terror, the
more advanced or complicated the
approach to enforce safety measures.
In order to understand Cyber Security
it is important to understand the
different kind of threats and the various
domains through which these threats
are transmitted.
Cyber Security Market: End to End Solution
Czar” “Cyber crime costs the UK
economy £27bn a year” - Government
of UK “Cyber- Warfare is a Growing
Threat” Cyber-warfare attacks, such
as the targeting of activists’ emails in
China, are a growing threat, according
to security experts. “On any given day,
there are as many as 7million DoD
(Depar tment of Defence) computers
and telecommunications tools in use
in 88 countries using thousands of
warfighting and suppor t applications.
Cyber Security Market:
Types of Threats
The Headlines
Cyber warfare is not limited to
governments attacking governments;
any part of the critical infrastructure
may be subject to attack, from banking
and utilities to transport or the supply
of essential goods and commodities.
“Cyber Threats” include every threat
that can be carried out across and
using the internet. Given this, Cyber
Security is on top of the agenda of
most Governments and companies as
outlined by recent headlines below.
“As technology and computers
and the internet become bigger and
bigger par ts of our lives, the effect
of cyber warfare will become more
pronounced.” - David Cameron, British
Prime Minister “US Appoints First
Cyber Warfare General” Pentagon
creates specialist online unit to
counter cyber attack amid growing
fears of militarisation of the internet.
“Obama Appoints Former Microsoft
Security Chief New Cyber security
The number of potential vulnerabilities,
therefore, is staggering.”
Types of Threats
There are a variety of threats with
the impact of each linked largely to
the role and function of the target. For
example the malware infected central
computer system of the Spanair flight
5022 in 2008 has been identified as the
principal cause of the crash with the
computer failing to pickup 3 technical
problems. It has been reported that
the virus was delivered through a USB
stick.
Key threats include:
›› Botnets - A collection of compromised
computers running malicious programs
under a command and control
infrastructure.
›› Denial of Service (DoS) - An
attack on a computer network that is
designed to disrupt normal traffic by
means of flooding the server with false
requests.
›› Hacking - An attempt, whether
successful or not, to access an
information system by an unauthorised
person, usually for malicious purposes.
›› Key Stroke Logging - A method
used to intercept each keystroke a user
types on the keyboard by means of a
small hardware device or program for
the purposes of stealing passwords or
data.
›› Malware - A generic term covering
a range of software programs, and
types of programs designed to attack,
degrade, or prevent the intended
use of Information Communications
Technology systems/Computers.
›› Phishing - A form of Internet fraud that
aims at stealing valuable information
such as credit card details, user ID’s
and passwords by tricking the user
into giving the attacker the confidential
information.
›› External Access - The simplest
access method to system resources
may very well be physical access.
This is an act of unauthorised access
to information contained in an H/W or
network.
ISSUE 48/2013
27
Cyber Security Market: The Need for Information Assurance
The Need for Complete
Information Assurance and
Situational Awareness
The need for achieving complete
situational
awareness
through
seamless dissemination of assured
information is driving the need for
mandating security measures within
the information environment.
The information environment is the
aggregate of individuals, organisations,
and systems that collect, process,
disseminate, or act on information.
The actors include leaders, decision
makers, individuals, and organizations.
DEFENCE TURKEY
Resources include the materials and
systems employed to collect, analyse,
apply, or disseminate information.
The information environment is where
humans and automated systems
observe, orient, decide, and act upon
information, and is therefore the
principal environment of decisionmaking. Even though the information
environment is considered distinct, it
resides within each of the four domains
[air, land, sea, space].
The information environment adds
to the complexity of modern warfare,
which now consists of air, land, sea,
space and (the non-geographical)
information domains. Its dimensions are
composed of physical infrastructure,
stored information and information
processes, as well as human decisionmaking. It is therefore a mistake to limit
the study of information operations to
the information dimension since they
have a much bigger role to play in the
physical and moral areas of strategy.
War should now be seen as being
conducted in five domains: in the air
and in space, on sea and on land, and
also in the information environment.
DEFENCE TURKEY
28
ISSUE 48/2013
Cyber Security Market : The Evolution of
Information as the Next Domain of Warfare
Trends in Cyber Security Spending
Since the Internet boom and
subsequent bust in 2000, operational
IT spending in most industries has
consistently increased in response to
the growing global economy and to the
emergence of new regulations forcing
companies to invest in technology to
meet their updated obligations.
On
average,
organisational
spending on security rose from
1.8% of total IT budget in 2007 to
1.9% in 2008. In 2009, IT security
budgets increased to 2.32% of their
IT operating budgets. However there
is a considerable variation in security
spending across various regions.
Cyber Security Market:
Spending by Regions, 2010
The
current
spending
on
information protection indicates that
Network Security, Security Operations
and Data Security are the areas of
highest spend. However, research
indicates that Identity and Access
Control, followed by Data Security are
the fastest growing segments at the
rate of 20% each year.
Cyber Security Market: Spending
by Solution Segments, 2010
Market Development
With
continuously
evolving
technology, the cyber security industry
seems to hold a promising future for
the companies already established in
this industry. With a long-term goal
of achieving cost effective solutions,
companies and governments are
increasingly funding R&D. Driven by
the increase in the dependence on
information the cyber security market
is witnessing an unprecedented
growth in the next decade. Aggressive
Product Innovation and Improvement
will drive wider adoption of cyber
security solutions.
Governments and Militaries will
drive this market as early adopters,
followed by the commercial sector
once the products and solutions are
tested and much more accessible and
affordable.
The Future
Governments play a vital role
in the security arena by setting
requirements, regulating behaviour,
and helping create best practice, as
well as indirectly through its size as a
customer. The costs of poor security to
business and society at large are rising
rapidly; the cost to government of poor
security is not solely measured in the
amount of data lost but also in the loss
of public trust.
The
gaining
importance
of
information systems in today’s warfare
shows that information security is
critical to the success of a conflict or
even a war. Cyber warfare is becoming
more and more powerful on today’s
battlefield. Effective use of cyber
technologies can gain dominance on
the battlefield or force the enemy to
retreat by shutting down its command
infrastructure
or
communication
network. The role of cyberwarfare is
seen to be growing and with digitisation
of conventional warfare technologies
as well as using more complex devices
allows cyberwarfare units to do more
damage than they could in past.
The information age is taking over
with growing need for automation
and digitisation; nations realise a
lack of skilled workforce to manage
and secure their cyber operations.
Cyberwarfare units have an important
mission to ensure a country’s
survivability, prosperity and stability.
In the past countries relied on
strength of conventional military
units but now the future of a country
may depend on how well trained its
cyberwarfare units are and how secure
its cyber operations are.
Each day, online newsletters and
trade journals report newly discovered
computer
security
vulnerabilities.
Most of the hackers who exploit
these vulnerabilities lack the political
motivation and malicious intent of
terrorists or hostile nations. For this
reason, most refrain from inflicting
the maximum possible damage on
compromised systems, and they rarely,
if ever, seek to maim or kill. Because
so many hackers are content merely to
deface the systems they compromise,
people may underestimate the havoc
true cyber terrorists or hostile nations
engaged in “information warfare”
could inflict on a country. In particular,
the effects of a compound attack
integrating physical and cyber attacks
could be devastating. Although cyber
terrorists and nation-states may
be more malicious and destructive
than other hackers, all rely on the
same methods and vulnerabilities to
penetrate computer systems. As a
ISSUE 48/2013
result, the best Defence against cyber
terrorism is to improve mainstream
computer security. Government must
expand institutions that respond
to security breaches; expand both
formal and informal mechanisms
for international cooperation in the
investigation and extradition of cyber
attackers; and invest in basic research
that
identifies
the
fundamental
principles that underlie complex,
interconnected infrastructures.
However, patching existing systems
is an essential but temporary solution;
the next generation of information
technologies must build improved
security into their basic structures.
This requires an unprecedented level
of co-operation between public and
private entities.
Key Considerations for Suppliers:
›› Utilise technologies to develop end to
end cyber security solutions
›› There is always a human element in any
security breach. Provide human factors
29
DEFENCE TURKEY
Cyber Security Market: Market Evolution
training within end user organisations.
›› Expand marketing efforts to roll out
tools/solutions to support different
intelligence assets.
›› Provide scientific research to plug
shortages in organisations.
›› Adapt business model to work as
a consultant alongside customer to
ensure IT requirements are properly
created and implemented. Audit
capabilities serve as an entry point to
opportunities.
DEFENCE TURKEY
30
ISSUE 48/2013
Selex ES; Partnering to Fight Modern
Cyber Threats
Over the past few years, cyber
threats and attacks around the
world have become more effective
and increasingly widespread, with
state organisations and international
corporations falling victim. At a more
subtly damaging level, in addition
to those high profile cyber-attacks
which end up being reported in the
media there are potentially thousands
of other cybercrime incidents which
go unreported or, more worryingly,
unnoticed across businesses and
organisations of all sizes.
But cyber security isn’t just about
fighting threats – there are opportunities
too. GCHQ’s Jonathan Hoyle asserted
that “as a nation seeking economic
advantage, we will also achieve a
significant boost to our prosperity if
we can position the UK as a nation
of choice for consulting business
in cyberspace and a cyber-centre
of excellence for skills, technology
and knowledge”, sending a clear
message about the UK’s objective to
be the world leader on cyber security.
It’s an aspiration that Selex ES, a
Finmeccanica company and one of the
world’s leading information assurance
and cyber security specialists, fully
supports. Selex ES has the objective
to not only ensure the cyberspace
is a global example of information
assurance best practice, but from this
security base, drive prosperity and
improve the lives of individuals and
communities.
Scoping the threat
The threat we are up against
uniquely makes no distinction between
the military and the civil environments.
All information and communication
systems, no matter where or what they
are designed for, are a natural conduit
for aggression. Our adversaries can
be well camouflaged and range from
the young hacker who wants to make
a name for himself in the dark market,
to teams of well organised (often
state sponsored) teams endowed
with funding and a sophisticated
operating mode. However, all have a
common goal to target the heart of our
economic system; whether to probe
and inventory the vulnerabilities of our
critical infrastructure, or to deplete the
intellectual property and knowledge
base of our societies.
At Selex ES, our Security Operations
Centres (SOCs) study the effects and
methods of cyber-attacks. Importantly,
we also draw on what our partners,
governments and their agencies are
prepared to make available about
the behaviour of these adversaries.
Intelligence is key to this threat
environment, and technology – whilst
a critical enabler – cannot substitute
for the experience that human analysis
can bring to developing this picture.
As a provider of security solutions
to
government
and
corporate
organisations, at Selex ES we
understand risk and programme
management,
complex
problem
solving, and technology. Drawing on
expertise and experience from across
military and civil sectors, we know
what it means to apply these skills
and techniques to security projects,
and we know that the majority of
situations require seamless integration
with legacy systems. We recognise
that cyber security requires specialist
expertise and we are well practiced
at developing flexible, cost-effective
solutions, without excessive disruption,
which knit-together existing systems
and infrastructure, with specialist
products and capabilities, to deliver
effective cyber defence.
NCIRC – impossible
without partnership
In September 2011, Selex ES
started its largest cyber programme
to date with the NATO Computer
Incident Response Capability Full
Operating Capability (NCIRC FOC),
leading a team – alongside Northrop
Grumman – which represents some
40 international suppliers, all selected
for their collective strength in cyber
defence. In partnership with NATO,
ISSUE 48/2013
31
DEFENCE TURKEY
the team are implementing and
maintaining state of the art detection
systems in 28 nations to protect its
fixed and deployed systems and
operations from the most sophisticated
attacks known, with a user base of
more than 22, 000 individuals. With
NATO encountering significant attacks
on its digital networks or individual
computers every day, the threat from
cyber-attacks is greater than it has
ever been and requires an entire ecosystem delivery capability, which is,
as NATO’s Ian West commented,
“impossible to achieve without an
effective partnership with industry”.
Today, Selex ES continues to build
on its expertise in this field by drawing
on synergies with other sectors and
offering similar services to commercial
customers, where Selex ES is actively
pursuing advanced programmes for
development of the latest generation
cyber intelligence and SCADA security
services, seeking to reach 360°
protection for the complex ecosystems
of its customer base.
In recognition of Selex ES’s
experience in defending against the
serious threat that cyber-attacks pose
to the security and economic well-being
of the UK, the company is working
alongside other leading defence and
security companies in partnership with
UK Government as part of the Defence
Cyber Protection Partnership (DCPP),
aimed at bolstering the security of
the UK against cyber-attack through
action within the defence industry.
The DCPP model is intended to lead
the way in industry collaboration and
action on cyber security and to act
as a useful template which can then
be followed by commercial sectors to
improve resilience across industry. The
DCPP will also share threat intelligence
and wider expertise on tackling cyber
threats from the defence sector with
other industry sectors and government
through the recently announced
national Cyber Security Information
Sharing Partnership.
As a world leader, benefiting from
more than 40 years of experience in
military Air Surveillance (radars and
C2 centers), ThalesRaytheonSystems
has introduced the CybAIRVision®:
a complete suite of products and
services to detect cyber intrusions
in air surveillance systems, at radar,
control center and national levels.
Co-located with the radar, the
CybAIR Radbox is designed for civil
and military airspace surveillance
radars. It monitors operational data,
alerts the user if the radar behaves
abnormally, performs technical and
operational supervision roles and
enables operators to visualize the
operational consequences of a cyberattack.
CybAIR
Radbox
combines
communication gateways already
providing network security (Firewall….)
with very innovative Air Surveillance
domain specific processes – CybAIR
Agents - to detect potential cyberattacks that would have penetrated the
radar network.
In addition to the state of the art
conventional signature-based tools,
CybAIR Agents offer real time radar
data flow analysis and detection of
abnormal behaviours like non-standard
message formats or inconsistent data
versus history or radar environment.
This very innovative approach enables
the software to detect any kind of
cyber-attack,
including
zero-day
incursions that exploit an unknown
vulnerability in the system, and insider
assault on a protected network.
CybAIR Agents and traditional
IT components are kept up-to-date
through periodic updates according
to R&D progresses and cyber threats
evolution.
In case of an alert, CybAIR Radbox
presents operational consequences
and guidelines to the operator to
investigate potential causes and
assess the nature of the warning. In
addition, CybAIR Radbox records
radar data flows to allow post-analysis.
CybAIR Radbox can be interfaced
with any military or civilian surveillance
radar and supports more than sixty
protocols (including ASTERIX, ISR2…).
It can be operated independently of
ThalesRaytheonSystems in line with
sovereign policy.
CybAIR
Radbox
has
been
successfully evaluated in 2013, by
the French Air Force and the French
defence procurement agency (DGA).
As a result of the field evaluation,
CybAIR Radbox has been integrated
in the French Air Force Concept of
Operations.
Additionally CybAIRVision® suite
also includes CybAIR Multilink as a
solution for Command and Control
centers which aggregates information
from several CybAIR Radbox, and
CybAIR Picture which provides national
supervision and cyber awareness.
Thales
Raytheon
Systems
CybAIRVision® is the immediately
available
Off-The-Shelf
solution
to insure Air Operations integrity
within the ever growing cyber threats
environment.
DEFENCE TURKEY
32
ISSUE 48/2013
Why has Cybersecurity Become Such
an Issue?
As a result of Turkey’s economic
growth, its deepening integration into
the world economy and its developing
information
and
communications
infrastructure, Turkey has seen the
cyber space assume a prominent
position in the daily life of Turkish state
organizations, businesses and citizens.
As of December 2012, the Internet
penetration rate is estimated at 46%
and 20% of Turkey’s population own
a smartphone, while the number of
mobile Internet users has more than
doubled between 2011 and 2012 in
the country .
Consequently,
Turkey
enjoys
greater interconnections with the rest
of the globe; allowing the country
to be part of the borderless world of
digital communications. The nation is
regarded highly by foreign investors,
both as a stable country and as an
attractive market. Moreover, Turkey
is becoming more and more active
on the regional and international
geopolitical scene and has become a
major political partner in Central Asia,
Gulf Countries, South-South East
Asia,the Middle East Region. However,
this increasing influence on the global
arena has created two parallel realities
for the nation, i.e. being an attractive
place for investment while also being
seen as an economic competitor
and political challenger, subjected
to state-endorsed espionage. To
combat such threats, Thales, a world
leader in Defence and Security,
has developed high grade network
encryption solutions to protect state
and corporate information up to the
highest classification level.
Turkey also faces internal and
external cyber threats from nonstate hacking groups and individuals.
Turkish state websites have been
victim to several cyber attacks, some
even aiming to cut off power across
the entire country . Such attacks
emphasize the necessity of improving
the nation’s cyber security of critical
infrastructure. Thales currently also
provides network monitoring solutions
for critical infrastructure in order to
be able to detect and react to cyber
attacks. Therefore, in view of its rising
political and economic importance and
the increasing number of cyber attacks
targeting the country, Turkey is a prime
target for cyber attackers. Specifically,
“Turkey is among the top 10 countries
subjected to cyber attacks”, according
to Professor Mustafa Alkan, Chairman
of the Information Security Association
at the National Cyber Security Strategy
Workshop in 2012 .
The Turkish Government has
not been a bystander to this issue,
but has also taken on initiatives to
improve the level of cyber security
and cyber defence in Turkey. The
recent launch of the National Cyber
Security Coordination Foundation is
a testimony to the work being done
to ensure the country’s stability and
reputation is protected.
As security specialists to the
French Government, NATO and the
United Nations, we have seen large
organisations struggle in tackling
cyber-space risks as the pressure
to ensure the security of sensitive
information mounts, and we know how
important it is for a country like Turkey
to not only protect, but also constantly
watch
their
critical
information
systems. Dedicated to responding
to these particular risks, Thales has
developed products and solutions for
government, military and corporate
customers. Thales’s solutions in the
cybersecurity field cover all needs:
from cryptography to penetration
tests, through to risk analysis,
security audits, network security
and encryption, as well as operating
system hardening, database security,
security architecture design, network
supervision and rapid reaction.
As a member-state of NATO and
one of the major military powers,
Turkey must ensure that all its military
networks and communications are
correctly protected against malicious
eavesdropping with the appropriate
solutions. Dedicated to this issue,
Thales has developed a comprehensive
range of network encryptors that fulfils
all operational requirements, from the
highest level of security classification
to the sensitive but unclassified
segment for every type of system
(satellite, radio, tactical).
Nevertheless, recent events have
shown that cyber security is not just a
matter of defence, but also a question
of national security, implying potential
impacts of a cyber attack against
critical infrastructure. In a world where
cyberspace has become a true theatre
of operations, cyber attacks against a
country’s critical infrastructure can be
a way to, if not defeat its adversary,
critically damage its infrastructure
and undermine its economic and
social life. From this point of view,
Stuxnet remains the best example
of how cyber attacks can damage
unprotected infrastructures. Therefore,
it is important that Turkey implements
protection and supervision measures
to achieve a satisfying level of security
of its critical infrastructure, and that
Turkey can rely on Thales’s know-how
and solutions for critical infrastructure
security. Thus, Thales has conceived
CYBELS, a solution supervising in realtime any given information system,
and providing cyber operators with the
means to detect, analyze and react in
case of cyber attacks. This is all thanks
to innovative technologies patented
by Thales and an ease of operation.
CYBELS offers the means to identify
and understand the key elements of
a cyber attack in order to react before
business is affected. CYBELS also
integrates a solution for cyber training
in order to train the operators and to
validate the reaction plan before being
implemented. Moreover, Thales and
Schneider Electric have partnered
in order to develop common cyber
security solutions designed for SCADA
and ICS.
Finally, following Turkey’s economic
growth, the Turkish financial sector
has been developing itself and is now
of absolute vitality to the country. This
is a domain where we cannot tolerate
any cases of security breach, identity
theft or disruption as it manages the
money and savings of citizens. Thales
can also play a role in this domain as
the company is the world leader for
payment security and more than 70%
of worldwide financial transactions are
secured by Thales.
Thanks to their recognized quality,
Thales’s solutions are implemented in
the most demanding environments in
terms of security. As examples, Thales
solutions are deployed to secure
financial transactions, the cloud
environment (Cloudwatt), satellite
communications such as Galileo,
tactical networks, SCADA and ICS
and urban security systems such as in
Mexico. Thales is now ready to be part
of Turkey’s cyber security strategy !
ISSUE 48/2013
33
DEFENCE TURKEY
STM and Integrated Cyber Security
System (ICSS) Feasibility Study
Project
Mr. Oral Gürel, Project Manager, STM A.Ş.
STM was established in 1991
with a decree of Defence Industry
Executive Committee, which is the
highest decision making authority in
Turkey regarding defence industry
matters. The main missions given to
STM are;
›› providing technical support, systems
engineering, project management,
technology transfer and logistics
support services to TAF (Turkish Armed
Forces) and SSM (Undersecretariat for
Defence Industries),
›› developing necessary software
technologies for defence systems,
and establishing and operating
national software centers for software
development and maintenance/
support.
Currently STM is conducting
activities in line with these missions
with a total of 450 employees
of which more than 95% holds
bachelor’s degree or higher. In 2012
STM achieved over 70 Million USD
of revenue and in 2013 about 85
Million USD of revenue is expected.
One of the Cyber Security
Solutions of STM to be elaborated
in this article is Integrated Cyber
Security System (ICSS) Feasibility
Study Project. ICSS Feasibility Study Project
Integrated Cyber Security System
(ICSS) Feasibility Study Project was
started in 2012 in order to meet the
basic needs of Cyber Security and to
implement the Cyber Security vision.
Integrated Cyber Security System has
been developed as a prototype and
within the scope of ICSS, which is
an R&D project in nature, a feasibility
study has been conducted on the
results obtained.
Within the scope of the development
of a prototype in which more than 20
skilled engineers participated;
›› An ontology and a national vulnerability
database covering aspects of cyber
defence have been created,
›› A Cyber Security Risk Analysis and
Evaluation System to be available to all
organizational units has been realized,
›› The technical infrastructure of a Cyber
Security Coordination Centre, which
will be able to make Cyber Security
vulnerability and risk assessment, which
will gather instant data to perform data
fusion has been created,
›› A system, which can create Joint Cyber
Security Picture from the data fused,
has been developed.
Through the ICSS Project, a system,
which centralizes vulnerability, network
topology and IT assets information
collected from the organizational units
and backbone network, has been
developed. The prototype calculates
the most effective cyber-attacks to
be carried out by cyber-attackers
and attack trees showing the ways
(vulnerability, topology, etc.) through
which they can perform attacks.
With the help of the attack tree, ICSS
users can calculate the risks inherent
in systems and analyse possible
remediation.
As fundamental capabilities are
shown in Figure 1, ICSS can gather
system and application logs and sensor
alerts in real time all over the network
through the central coordination
unit. All collected data are correlated
and cyber situational awareness is
provided to users. With the help of
vulnerability, assets, risks and instant
status information combining feature
of ICSS, consolidated cyber security
picture can be obtained and with this
picture decision-makers are able to
make integrated risk analyses and
action planning.
In ICSS project, in addition to
prototype development, a feasibility
study was conducted. In scope of
feasibility report National Integrated
Cyber
Security
Roadmap
was
presented including the requirements
for approaches and procedures.
National capabilities which must be
acquired have been determined as
a result of the comparison made
between the requirements and the
existing national capabilities. Finally,
important areas of R&D and technology
development
and
the
possible
difficulties in achieving the targeted
capabilities have been indicated.
ICSS project offers our country
very important gains. With ICSS,
foundations of a Centre of Excellence
have been laid. This will be a center
where new threats and methods of
Cyber Attacks that may arise in the
future can be tested and measures
can be developed. Thanks to the
flexible
and
scalable
technical
infrastructure of the ICSS, which has
been developed under an R&D project,
a long term, easily extendable system
has been put into practice. Moreover,
a Cyber Security Ontology and
National Vulnerability Database have
been provided for our country. The
infrastructure, which will lead to the
formation of the inter-institutional and
in-house Cyber Security processes
and their coordination structure, has
been prepared.
DEFENCE TURKEY
34
ISSUE 48/2013
Smart and Secure: Tap-Proof Voice
Calls on Smartphones
Protecting call confidentiality on smartphones is a problem that etches deep worry lines into the brows of IT
managers. Mobile phones are open to numerous avenues of attack by eavesdroppers. The TopSec Mobile, a
handy little encryption device from Rohde & Schwarz SIT GmbH puts an end to all those worries. Connected to
mobile phones over Bluetooth®, it encrypts calls using an approach that leaves no room for attack. It is also the
world’s first hardware encryption solution that works with unmodified iPhones.
Maximum security does not
compromise convenience
Smartphones are now an integral
part of our lives. It is hardly surprising
that people sometimes unthinkingly use
them to make calls that should be kept
confidential. Users are often unaware
of just how susceptible today’s mobile
phones and transmission paths are
to attack by resourceful hackers. In
fact, the need for effective means of
securing communications on mobile
phones is huge: The armed forces,
policymakers, government authorities
and businesses all need solutions that
let them use mobile phones without the
permanent risk that the confidentiality
of their calls is being compromised.
Fig. 2 End-to-end encryption with the TopSec Mobile
over Bluetooth®. Calls are transmitted
over an Internet connection using
secure voice over IP (sVoIP)
technology. VoIP is a global standard
that offers smartphones universal and
inexpensive access to the Internet over
mobile networks and WLAN. ( Fig. 2)
Mobile phones may come and
go, but TopSec Mobile remains
Fig. 1 The TopSec Mobile provides tapproof, end-to-end encryption for mobile
voice calls and works with laptops and
almost all commercially available iOS and
Android smartphones
The TopSec Mobile is a crypto
headset that connects to a smartphone
The TopSec Mobile (Fig. 1) is a
smart solution that accommodates the
popular habit of frequently upgrading
to the very latest phone models.
By using Bluetooth® to connect to
smartphones, the device can encrypt
and decrypt calls. Since practically all
smartphones today offer Bluetooth®,
the TopSec Mobile can work with all
leading Android mobile phones and
the iPhone, which together account for
around 85 % of the global smartphone
market.
The device is also unique in that
it is currently the only solution of its
kind to work with the iPhone. Prior
to the advent of the TopSec Mobile,
specialized encryption apps were
the only means of making tap-proof
calls on the iPhone, and they cannot
generally be classed as secure. Even
the encryption solutions available on
microSD cards, which typically afford
greater protection than software-only
encryption apps, are not completely
secure since they do not connect
directly to the phone’s microphone.
Just how simple it is
The TopSec phone app supports
both encrypted and unencrypted
VoIP calls. Encrypted calls take place
directly on the TopSec Mobile. The
device encrypts and decrypts calls
independently, without involving the
smartphone or laptop. When making
secure calls, users talk and listen
through the TopSec Mobile’s own
microphone and speaker, effectively
eliminating any manipulation by
malware.
VoIP calls have to be set up through
a server, and users must be registered
on the server in order to make and
receive calls. The TopSec Mobile
sets up encrypted connections using
SIP and IAX2, two common signaling
protocols. It works with both public
SIP servers and with the R&S®VoIPSERVER S110. The R&S®VoIPSERVER S110 is ideal for user groups
with special security requirements who
prefer to operate their own VoIP server.
ISSUE 48/2013
35
DEFENCE TURKEY
Secure Access to Internet and Cloud
Services
Cloud-based applications such as Dropbox, Salesforce and Amazon Web services are currently revolutionizing
business collaboration. Yet, at the same time, organized Internet crime is increasing dramatically. The
R&S®SITGate offers users innovative, continuous application validation to prevent information leaks.
Using social media
efficiently yet safely
The R&S®SITGate ( Fig. 1) can
identify and distinguish between several
hundred cloud-based applications. For
example, the
R&S®SITGate can permit the
posting of Facebook messages during
lunch hours but not at other times. The
R&S®SITGate also allows the definition
of user-specific rules so that the
marketing department can post news on
social media sites at any time, yet access
for other departments is restricted. This
enables organizations to implement
highly granular security policies to
control corporate communications.
A professional safeguard against
botnets and zero-day exploits
Attackers today work with highly
professional development
tools to exploit known and new
computer system vulnerabilities. Zeroday exploits targeting security gaps
in system functions are sold at high
prices on the black market and are
used to orchestrate cyber-attacks such
as Stuxnet and Flame. Infected host
systems can then harvest documents
and addresses without being detected.
Attackers can even use systems’
microphones and cameras to make
audio and video recordings – locally and
on accessible network resources. This
critical information is subsequently sent
over the Internet to a central command
server.
The
R&S®SITGate
continually
validates the (entire) communications
protocol of every single connection. All
dangerous transmissions are identified
– even those running over legitimate
channels. Every anomaly results in the
connection being aborted.
Single-pass technology
keeps track of everything
The R&S®SITGate incorporates
single-pass technology to concentrate
all the security checks at a single point
on the network. Single-pass technology
combines application detection and
protocol validation with malware and
antivirus protection, intrusion prevention
and web filtering. The required
signatures – for current malware, for
Fig. 1 The R&S®SITGate is a perimeter
firewall that validates all data traffic to and
from the Internet. As a zone-based firewall,
the R&S®SITGate rigorously controls
communications between different areas of
a network.
example – are continuously updated
online. With single-pass technology,
corporate security policies are as easy
and flexible to implement as configuring
local network access. This reduces
complexity significantly and thus the
numbers of false positives and false
negatives
DEFENCE TURKEY
36
ISSUE 48/2013
ISSUE 48/2013
37
DEFENCE TURKEY
DEFENCE TURKEY
38
ISSUE 48/2013
Get Protected Against the Most
Disruptive Cyber Warfare Tool with
DDOS Mitigator
As Turkey’s #1 Cyber Security vendor, Labris Networks Inc. is proud to announce its latest cyber warfare
defence tool: DDOS Mitigator Appliance
Distributed Denial of Service
(DDOS) attacks have been evolving
over the last 10 years. The impact of
these attacks on critical infrastructures
have been increasing day by day. Such
impact is created by many elements
such as the intelligence level of the
attackers, strong attack motives
and advancement of the attack
technologies which is claimed to be
backed by the governments.
What to know about DDOS Attacks
A basic denial of service (DOS)
attack involves bombarding an IP
address with large amounts of traffic.
If the IP address points to a Web
server, then it may be overwhelmed.
Legitimate traffic heading for the Web
server will be unable to contact it, and
the website becomes unavailable.
Service is denied.
A distributed denial of service
(DDOS) attack is a special type of
denial of service attack. The principle
is the same again, but the malicious
traffic is generated from multiple
sources – although orchestrated from
one central point. The fact that the
traffic sources are distributed – often
throughout the world – makes a DDOS
attack much harder to block than one
origination from a single IP address.
How to get protected
against DDOS Attacks
The DDOS attack seemed to be an
unsolved issue because of its chaotic
structure however recent technological
developments led cyber security
teams to mitigate the risk of online
unavailability. “Mitigation” is the right
word because one should keep in mind
that there can be always a huge attack
to make your services unavailable for
some time.
Although many local Internet Service
Providers (ISP) provides the DDOS
mitigation service whereby DDOS
attack identification and mitigation
occurs within ISP’s IP backbone before
it reaches the customer’s network,
now it’s widely accepted that it’s not
enough to rely on ISP only. Recently,
the commonly accepted concept is
the hybrid approach which combines
the advantages of network perimeter
based solutions – dedicated DDOS
Mitigator Appliances – as well as ISPbased solutions. The reason of using
DDOS Mitigator Appliances is the
insufficiency of ISP solutions about
preventing the malicious traffic under
1 Gbps. ISP Scrubbing Centers were
designed to mitigate the attacks over
1 Gbps or what we call “volumetric
attacks” where the threshold values
are used to identify the malicious
DDOS traffic, however according to
the latest researches, around 40% of
the attacks worldwide are named as
non-volumetric attacks under 1Gbps.
Identifying DDOS traffic is the first
stage of defence. DDOS Mitigator
Appliances are not only using threshold
values on inbound-outbound traffic,
but also using the advantage of 34+
different data sensors (TCP, UDP, ICMP,
HTTP GET, HTTP POST, TCP SYN etc..)
for the first phase of decision-making
process. The worldwide IP reputation
databases identifies the black IP’s
and dropping the packets which is
the second phase. In this phase, the
geographical traffic blocking allows
you to block the traffic originated from
irrelevant countries/regions which can
help much during state-sponsored
cyber-attacks. The third and the most
important phase is performed by the
Anomaly Engine having unique Deep
DDOS Inspection technology which
is scanning the traffic with heuristic
/ non-heuristic algorithms, network
memory and timely averages, deciding
if the traffic is benign or not, in only
milliseconds.
After the attack, the evidence file
can be printed out from management
interface screen on which you can
work. The IP addresses, countries of
the attackers or the attack type, target
service, start-end time can be seen for
further investigation.
In order to mitigate the DDOS
attack, the IT security tools are not
always sufficient; focused Security
Emergency Response Teams should
be established and kept up-to-date
for today’s latest attack scenarios.
Moreover, Advanced Persistent Threat
(APT) level attacks force victims to
get in direct touch with the vendor’s
research labs during the attack. The
customer and the vendor are advised to
get in touch not only during the attacks
but also before the attack. The chosen
vendor should be transferring the
necessary knowledge to the customer
ISSUE 48/2013
by up-to-date documentation and onsite technical trainings.
Why to get protected against DDOS
DDOS can be disruptive for a wide
range of your online services from e-mail
and web servers to specific application
servers that’s all vital for your missioncritical operations. Whether you’re
using an intranet or using secure webbased applications (SSL VPN etc..)
you’re likely to suffer a DDOS attack. An
online presence (simply an IP address)
is enough to experience it.
A successful DDOS attack can not
only result in time loss or money loss
but also image loss linked to your
online presence. It can be harmful as a
psychological attack tool during a “Cold
War” or can be used to distract Cyber
Security Teams during another serious
cyber-attack for intelligence gathering
such as malware or a virus activity
that should be investigated manually.
When you’re under an attack, all eyes
are on the attack, and there may not be
as many resources paying attention to
other parts of your network.
39
Summary
A real cyber war includes two-stage
mission. The first stage is intelligence
gathering from different resources
from the enemies’ systems by using
virus, malware, backdoors etc. When
you’re done successfully with this
stage, second stage comes out to be
easier and much disruptive which is
cutting off systems’ online availability.
An advanced persistent level DDOS
attack is a useful, cheap and easy-toperform tool to execute this command.
Originated from ODTÜ Teknokent Turkey’s powerful R&D hub - , Labris
Networks Inc.’s DDOS Mitigator
Appliance is designed to be an
intelligent shield against disruptive
DDOS attacks. By its best-of-breed
anomaly engine, unpredictable DDOS
traffics can be detected on real-time
for ultimate protection.
About Labris Networks Inc.
DEFENCE TURKEY
products. Labris ensures ultimate
network security through its extensive
product line including Firewall/VPN,
Web Security, E-Mail Security, Lawful
Interception and DDOS Mitigation
solutions on LBRUTM, LBRLOG,
LBRMNG
and
DDoS
Mitigator
appliances. Next-generation solutions
are developed to detect, identify all
kinds of real-time threats, applications
providing a smart shield against
intrusions, viruses, spam, malware and
DDOS attacks.
Being one of the Common Criteria
EAL4+ certified security gateway
brands in the world and rapidly growing
global player, Labris provides its
customers the top-level security with
optimum cost. Labris, headquartered
in ODTÜ Teknokent, Ankara, has
partners and offices serving Europe,
Middle East, North Africa, Caucasus
and Southeast Asia.
www.labrisnetworks.com
Since 2002, Labris Networks Inc.
has been an R&D focused and rapidlygrowing provider of network security
solutions through its globally-proven
BITES; Innovative, Specialist and
Technology Developer of Turkey
BITES is a Turkish multi-award
winning company unique in Turkey.
Since 2001 BITES is producing
the building blocks for 3D Virtual
Maintenance Trainer, Computer Based
Training, Advanced Software Solutions
and Simulation Technologies. We
are committed for the vision of being
‘Innovative, Specialist and TechnologyDeveloper’; our innovative applications
for defence sector can be deployed to
any platform (PC, laptop and mobile
devices). Besides Defence, BITES
also provide solutions for civilian
corporations.
Quality & Security Certificates:
›› MOD Facility Security Clearance
( National Confidential Level)
›› NATO Facility Security Clearance ( NATO
Confidential Level)
›› MOD Production Certificate,
›› ISO 9001:2008,
›› CMMI-Level 3
Main Activity Areas:
›› Defence
›› Aerospace Technologies
›› Civil Aviation
›› Information Technologies
›› Interactive Technologies
Core Capabilities
BITES has been designing,
producing and providing state-ofthe-art software solutions for about
ten years in Defence, Aerospace
Technologies and Civilian sectors.
Some of our products are as follows:
›› Computer Based Training Systems
(CBT),
›› Embedded Software Development,
›› Synthetic Environment Development, 3D
Modeling and Simulation Technologies,
›› Virtual Maintenance Training Systems,
›› Management Information System
Software (Tarining and Logistics),
›› Interactive Electronic Technical Manuals
(IETM)
›› Fleet Management Systems
›› Geographical Information Systems,
›› Mission Planning and Debriefing
Systems,
›› Image and Audio Processing.
BITES has been in Defence sector
for about ten years and producing
IT (CBT, software development,
simulation
technologies,
mission
planning and after action review, Fleet
Management and GIS applications)
solutions. BITES are also enhancing
our Cyber Security capabilities.
R&D Projects
We are one of a few SMEs in Turkey
with R&D department and active R&D
projects. We have already completed
two R&D projects which were
supported by TUBİTAK and Ankara
Regional Development Agency. An
R&D project has just started and five
projects are waiting for approval.
BITES has completed 13 projects
already and has 12 projects to be
completed within one year. In 2012,
BITES accomplished first exportation
about some of its products &services.
DEFENCE TURKEY
40
ISSUE 48/2013
UDEA; The Strongest Partner of RF
Wireless Technologies
UDEA has been working on
Wireless Technologies over years,
designing and producing RF receiver,
transmitter and transceiver modules,
development tools, evaluation boards
and also providing software support.
UDEA also provides solutions in the
area of active RFID products and
real time location systems (RTLS) on
person and assets particularly with the
new active RFID standard ISO180007. UDEA combines comprehensive
consulting services and leading-edge
technical expertise for every stage
of system’s growth, from design to
development. These efforts can be
categorized as;
›› Design
›› Simulation
›› Prototyping
›› Performance Evaluation
›› Evolution
UDEA can provide the following
supportive items to project for the
development of wireless needs.
Support for Preparation of Project
Plans. It can be safely assumed that
there will be many changes during the
system design. However, a carefully
scheduled and well defined master
project plan which shows the different
phases of the sub-projects and a
project plan which shows the tasks
and responsibilities in sub-projects
would be very helpful to be able to
achieve fast and successful results in
such an R&D project.
Protocol Development Support.
Since there may not be definite
standard at the moment it is more
likely that it will be a proprietary
protocol. There might be several
advantages or disadvantages of having
a proprietary protocol but most of the
disadvantages can be used as an
advantage if the protocol can be open
in terms of compatibility to existing
standards. UDEA can provide support
in development of such a protocol or
set of physical, data link, network or up
layer protocols.
Supply of Firmware/Software.
Some of the RF modules especially
high end/high performance ones
contain an embedded processor
and associated firmware which is
responsible for the execution of radio
related processes. UDEA can provide
this firmware and related software for
different requirements or specifications
and depending on the requirements
can design and code a new firmware
and development software.
UDEA work style is based on close,
frequent communication with our
customers. Constant communication
and collaboration enables us to
better understand specific needs of
our customers and to develop more
effective products and services.
ISM Band RF modules
Produced, approved and ready for
use embedded RF modules for OEMs
Integrating
software
applications
make the process simple and fast.
One of the main objectives of the
module production of UDEA’s is
OEM manufacturers in a variety of
different sectors RF production,
talent, experience, or in the event of
lack of opportunities to design and
produce their own solutions, such
as the high cost of their systems or
applications rather quickly integrated
into the module that it took. This way,
manufacturers of the final product will
save considerable amount of time,
cost, process and products to market.
The Remote Command Control
and the Platform Systems
UDEA RF wireless communication
applications, and provides engineering
services to the Defence industry
sectors.
This
project-oriented
engineering services support planning,
engineering design and project
management to provide a source of
complete turnkey projects include
several options.
RF receiver, RF transmitter and RF
transceiver modules, wireless data,
voice and video transmission is widely
needed in the remote command,
SCADA, telemetry, automatic meter
reading systems, alarm/ security,
and other industrial wireless control
applications
easily
and
readily
available.
Caller Systems (Hospital,
Restaurant, Taxi, etc.)
ODM designs are available in the
industry and developed a significant
part in the domestic market on SRD
(Short Range Radio Devices) network
applications, in ISM band RF modules.
UDEA was one of the first companies
that
perform
wireless
network
applications, and their Bluetooth,
GPRS technology is compatible
universally, and manage to work
together as a broad knowledge of the
know-how and experience.
UHF RFID
Radio Frequency Identification
(Radio
Frequency
Identification)
on any object in simple terms, is
an electronic tag that contains the
ISSUE 48/2013
information about the object (RFID
TAG) via radio frequency to a receiver
which will recognize (RFID READER).
This is established by the identification
technology. UDEA uses RFID and the
Electronic Product Code (EPC) on
products and services offered based
on its designs, RF carried out of the
mission of pioneering technologies.
UDEA has R&D, project, product
and production experience in RF
Wireless and EW Systems in Military,
Defence & Aerospace applications,
mainly in 300MHz to 10GHz frequency
spectrum(covering UHF, L, S, C and
X-Bands) with proven concepts,
designs,
prototypes,
pilot
and
volume productions, extensive R&D
capabilities including fully instrumented
R&D Labs and skilled manpower.
UDEA has been manufacturing both
41
custom design Military-Grade high
precision and high quality products for
special purposes and also has been
holding some contract awards for R&D
and pilot production phases of EW
Capable Radar , Radar Altimeter and
RF Seeker equipment for missiles.
UDEA have been singularly
focused on performance in wireless
since beginning operations in 1999,
and we continue to lead the industry
in performance innovation. We have
never relied on off-the-shelf, reference
design radio technology – it just
doesn’t deliver the capacity, range or
interference mitigation necessary to
make the dream of high performance
wireless a reality. Instead, we’ve
assembled a team of the best and
brightest wireless minds to our R&D
team, built a day by day expanding
DEFENCE TURKEY
production facility, just to deliver the
creative solutions needed to realize
our vision.
UDEA has been exporting some of
its high end wireless products, mostly
RF modules, to various countries,
mainly in Eastern Europe to Middle
East such as Lebanon, India, Kosovo.
Even though UDEA has been playing
a great role in meeting the increasing
domestic
demand
in
wireless
technologies, we have always been
trying to match and fulfill the demands
of any country where the necessity is
present.
BEAM; Software Testing and Verification
Solutions for Defence and Finance Sectors
BEAM Technology established
under Techno-Entrepreneur Program
of Ministry of Science, Industry and
Technology in 2011. As well as providing
qualified services for increasing
the quality and security of software
applications, BEAM is also developing
its own automated software testing and
verification solutions for defence and
finance.
Currently BEAM Technology is well
known with its secure development
services including implementation
of a Secure Development Life
Cycle, conducting dynamic and
static security analysis to software
applications, transferring know-how
on test automation and most of its
clients awarded with a reputable
international security certification for
products called “Common Criteria”.
However even reaching to more than
%100 growth rate since 2011, BEAM
also dedicated to R&D in its ODTÜ
Teknokent Premises and now launch
three products for increasing the quality
and security of software applications
and services. R&D efforts of BEAM is
awarded by TÜBİTAK two years in a
row by promoting the company to the
top 10 technology start-ups which will
be supported by Turkish Government in
the journey of US Market entry.
Product and Capabilities
BEAM Teknoloji is developing the
following three products to supports
its main cause which is reducing
the maintenance cost of Software
Applications by increasing the quality
and security during the development
life-cycle.
Upon investing more than 1M
USD for R&D, BEAM is now proud
to introduce CODCORE which is a
code-review platform supported by
static analysis. CODCORE is a unique
solution which helps developers to
find and fix vulnerabilities in the source
at early stages of development and
conform to the software development
best practices.
FOTON-P is a web based
automated functional testing solution
which reduces the user acceptance,
performance testing and functional
testing efforts and flexible enough to
fit in any development environments
quickly with the support of a professional
service of our experienced team.
LENS-R is a web based reporting
tool for security evaluators and testers
which helps its users to generate,
review and examine security flaws and
findings in multiple test targets.
BEAM is providing qualified service
and solutions to Defence Industry
Defence industry is one of the main
targets that BEAM provide qualified
services and solutions. With its already
established clients in Turkey and in
abroad, BEAM tried to increase the
quality and security of products that
is developed by defence contractors.
Most of the time, with the enforcement
of the buyer BEAM support the cause
of security certification of products
in order to prove that it is resistant for
security attacks.
Focus on Middle East and
Malaysia markets
BEAM is currently working in
defence, finance, telecommunications
and energy markets and provide its
solutions and services. In Turkey, BEAM
is working with well-known enterprises
and government agencies and on the
other hand its exporting these services
to Malaysia and Middle East.
Since the potential market is too
big to cover, BEAM is focusing on both
automation of services and recruiting its
consultant team.
DEFENCE TURKEY
42
ISSUE 48/2013
Indigenous Solutions for
Defence & Space & Aviation by SDT
Space & Defence Technologies
Inc. (SDT) is a privately owned
Turkish company operating in Turkish
defence sector and conducting high
technology software and hardware
development & system production.
SDT’s operation is run according to
internationally accepted engineering,
quality assurance, configuration
management
and
program
management standards like ISO
9001:2008, IEEE 12207, IEEE 1220,
MIL-STD-498
and
MIL-ST-973,
PMI handbook and various other
internationally recognized standards.
SDT Space & Defence Technologies
Inc. has been developing indigenous
software and hardware products and
integrated solutions for Defence,
Space and Aviation area since
February 2005. SDT’s facilities are
located at Middle East Technical
University (METU) Techno polis Area
in Ankara, Turkey.
High Technologies of
Product Range
SDT is specialized in certain
areas
like
Radar-EW
signal
processing,
image
processing/
pattern recognition, embedded
software/systems,
satellite
technologies and related simulation
& modeling systems and has a
variety of products in these areas
like Airborne Digital Data Recorders,
Airborne Moving Map Computers,
Airborne
Data
Acquisition
Equipment, Airborne Video Symbol
Generation Computers,
Video
Multiplexing Units, Missile Launcher
Control Systems, System Solutions
on Synthetic Aperture Radar
Technologies, System solutions
on
Electronic
Warfare
Signal
Analysis Systems, Automatic Target
Recognition Software based on
high resolution satellite images,
Geospatial Intelligence Management
Systems,
Embedded
Training
Systems for sensors and missiles,
tactical environment simulation
software and 3D visual models
and services like ruggedization
of industrial electronics units for
military conditions and electronics
card & unit production.
SAR & EW Capabilities
SDT has embedded real time
software development capability
under various software development
environments for avionics and
electronic units and also for sensors
like Synthetic Aperture Radar
(SAR) and Electronic Warfare (EW)
systems. SDT has also high level
software development capability for
applications like image processing
& exploitation, image archiving,
dissemination and service request
management for satellite imagery,
geospatial intelligence management
functions, mission planning and
sensor & weapon simulations and
tactical environment simulation.
Investment of R&D
SDT’s on-going R & D efforts
capability
resulted
qualified
military electronics products and
high technology remote sensing
applications. SDT has also been
developing various simulation and
modelling applications, concentrated
on
embedded
simulation
applications,
visual
modelling,
tactical environment simulation and
sensor simulations. It has expanded
its technological base especially in (i)
sensor signal and image processing
applications in airborne platforms,
UAVs and satellites, (ii) military
mission electronics equipment and
(iii) also simulation & modelling
applications in the local market and
would like to offer these products
and capabilities also to the export
market. Our advantage both in
Turkish market and export market
are that our products utilize new
technologies. As the company
structure and objectives,we are a
product focused company rather
than project focused company also
our products are cost effective with
high performance.
Reliable Partner of Domestic
and International Market
SDT is very well recognized
by SSM (Undersecretariat for
Turkish Defence Industries) and
also a full member of SASAD
(Association of Turkish Defence
& Aviation Industries) of Turkey.
Currently, SDT has some on-going
development
contracts
directly
with SSM and some of SDT’s ongoing development and production
contracts are with the main system
integrator
Turkish
companies,
ISSUE 48/2013
namely TAI, ASELSAN, ROKETSAN,
HAVELSAN and FNSS. SDT has an
important role in Synthetic Aperture
Radar (SAR) sensor of ANKA. The
SAR sensor provides an additional
capability to ANKA to obtain
intelligence data under all weather
conditions. ANKA’s SAR sensor is
indigenously developed by SDT
and ASELSAN as a result of a R&D
program funded by Turkish Scientific
Research Agency (TUBITAK) and
executed by SSM. SDT’s role in the
SAR sensor is development of SAR
signal processing algorithms, real
time software/firmware and also a
high speed digital data recorder for
SAR data. Flight test program of
the sensor has been successfully
completed and its integration to
43
ANKA is ongoing. Moreover, SDT
is also tasked to implement Inverse
SAR (ISAR) mode on this sensor to
fulfil Turkish Navy needs.
Under the SDT’s vision to
concentrate on sensor signal, image
and data processing, SDT has
extended its product and technology
base towards imaging sensors and
image processing applications.
Within this context, SDT is currently
tasked,
as
subcontractor
to
ASELSAN, to develop “Ground
Station User Service Subsystem”
to implement image exploitation,
archiving, user interface and order
management
functionalities
in
GOKTURK-I high resolution EO/
IR military observation satellite
program of Turkey. Besides, SDT is
under contract for automatic target
recognition algorithm and software
development based on SAR images
for Turkish Armed Forces. Moreover,
SDT is a partner in a European
Union (EU) Framework Program 7
(FP7), called ALICIA (All Condition
Operations and Innovative Cockpit
Infrastructure) to improve pilot’s
situational awareness on the cockpit
by utilizing sensor image processing
and data fusion technologies to
enable civilian aircraft to land, take
off and taxi under bad weather
conditions.
Moreover, SDT has started
DEFENCE TURKEY
to develop indigenous defence
products with his own financing
in Airborne Digital Data/Video
Recording area and created a product
line named as DDR- Product Family,
digital moving map applications,
missile launcher control electronics,
video coding/decoding system for
missile seeker and airborne digital
data acquisition devices to be used
for military platforms. Many of SDT’s
products are already being used
for the needs of Turkish Armed
Forces on Unmanned Air Vehicles
and aircraft for Cargo, Training and
Jet types. SDT has also developed
various simulation and modelling
applications,
concentrated
on
embedded simulation applications,
visual modelling, tactical environment
simulation and sensor simulations.
Value added capabilities &
technologies enable SDT to increase
her product range family. Thus, these
unique indigenous products have
become an important tool to bring
critical potential opportunities to get
SDT into World Defence Market.
DEFENCE TURKEY
44
ISSUE 48/2013
SIMSOFT; One of the Most Experience
Company on High-Fidelity Modeling
and Simulation Systems in Turkey
Simsoft was established on
17th of March 2006 by a group of
doctoral students and professors to
work on simulation systems, platform
management software, test simulators,
computer based training and serious
games as a University – Industry
Cooperation Company.
Simsoft has completed ISO
9001:2000 “Quality Management
System” studies in order to perform
vision, mission and principles in
national and international areas and
received ISO 9001:2000 “Quality
Management System” Certificate on
12th of December 2006.
Simsoft
has
started
CMMI
(Capability
Maturity
Model®
Integration) studies aiming a more
effective process in projects after
taking ISO 9001:2000 “Quality
Management System” Certificate and
now developing projects according to
CMMI Level-3.
Recent number of employee is
around 60 people, almost 98% of them
are technical staff.
Product and capabilities
Simsoft’s main activity fields
are
Modeling
and
Simulation,
Platform
Management
Software,
Test Simulators, Game Technologies,
Computer Based Training, HumanComputer Interaction (Usability Tests).
You could find the related products
and capabilities on these activity fields
below.
a. Modeling and Simulation
›› 2D / 3D Visualization
›› Image Generators (SimIG)
›› GIS Based Visualization
›› Distributed Simulation (HLA, BOM, RPR)
›› Embedded Simulation Systems
›› Virtual and Augmented Reality
›› Modeling
›› Weapon Systems
›› Platforms
›› Electronic Warfare
›› Sensor and Radar Systems
›› Communication and Link Systems
b. Platform Management Software
›› Mission/Task Planning, Analyzing and
Data Export
›› Combat ,Target Management Software
›› Data Transfer or Converting Between
Different Message Systems
›› Data Transfer Between Different Devices
(ANS, GPS, LRF, etc)
›› Fire Execution Management
›› Communication RealTime Platforms and
Devices
›› Command Control and Data Link
Software
›› ATO/ACO Messages
›› Tactical Picture Software
›› Data Fusion
›› Embedded Software
c. Test Simulators
›› Emulators
›› Real time and critical mission systems.
›› Replacing of real equipment and special
environment
›› Test Data Visualization (Telemetry
Software)
›› Test Data Recording and Archieving
›› Visualization of Bulk Test Data
›› Data Post Processing and Analyzing
d. Game Technologies
›› Computer Games (Turbo Baskets,
SimKopter)
›› Mobile Games
›› Multi-User Online Game
›› Decision Support Games (CBS Based,
Military Strategic and Training Games )
›› Developing Game Engine (Multi-User
Online Game Platform )
e. Computer Based Training
›› E-Learning (Computer Based Training on
Internet and LAN Network)
›› User Management Module
›› Content Visualization Module
›› Question Preparation Module
›› Exam Module
›› Chat and Forum Module
›› Questionnaire Module
›› Reporting and Analysis Module
f. Human-Computer Interaction
(Usability Tests)
›› User Centered Design
›› Interface Usability Tests
›› Effectiveness, Efficiency and Satisfaction
Tests of Systems
›› Eye Tracking
(Real Systems,
Applications, Portals,
Interfaces, Videos)
Web
Sites,
Simulation Solutions
of IT and Warfare
Simsoft provides effective solutions
for the defence industry with the
simulation projects on IT and Warfare.
You could find some related projects
below carried out by Simsoft.
›› Convoy Training Simulator
was
developed for Turkish Police Forces to
get trained on how to drive and use
firing systems of various armoured and
unarmoured vehicles.
›› Fennek Pedestal Mounted Stinger
System Embedded Training Simulator
was developed for gunners to get
trained on how to use the real Stinger
Launcher System in Fennek vehicle
while interacting with the real system.
›› Anti-Air Gun Training Simulator was
developed for gunners to get trained
on how to use Anti-Air Guns and their
weapon systems and to learn attacking
strategies.
›› GIS Based Naval Warfare Game System
was developed for fulfilling Turkish Naval
Forces warfare game needs in order to
strategically, tactical and operational
training .
›› Artillery Gun Simulator was developed
for training users of Fırtına Artillery Gun.
›› Light Gun Shooting Training Simulator
Project was aimed to improve users of
firearms decision-making ability and
sighting skills.
ISSUE 48/2013
›› Air Defence Test Software was
developed for testing air defence
systems on a unit basis approach.
›› Electronic Warfare Mission Analysis
Software was developed for performing
mission analysis in Land-Based Remote
Electronic Support / Electronic Attack
Acquisition Project.
›› Secure Internet Game Portal was
developed for child, young and adult
categories to learn how to use Internet
in a secure way.
Simsoft, in close cooperation with
universities and industry, takes part
45
in many research and development
projects on simulation systems
supported by EU, public and private
organizations.
DEFENCE TURKEY
››
››
Export activities
Some of the projects completed by
Simsoft under a main contractor was
developed for the end users abroad.
Some of them are being exported
directly. Here are some sample
projects below:
›› Fennek Pedestal Mounted Stinger
››
››
System Training Simulator (End User,
Netherland)
Trucks and Car Training Simulators (End
User, Azerbaijan)
Marine / Bridge Simulator (End User,
Turkmenistan)
Internet Safety Portal Games (Exported
to Spain)
Tactical War Game and Driving
Simulators (Being exported to
Turkmenistan)
25 Years Experience of IT solutions
and Criminal/Forensic Medicine
Laboratories by VERISIS
VERISIS A.S. is a 25 years old
company mainly focused on developing
IT solutions and consultancy, based
on Criminal / Forensic Medicine
Laboratories.
Capabilities
››
››
››
››
››
››
››
Forensic Laboratory Solutions
Custom Software Development
System Integration
Consultancy
Hardware nad Infrastructure
Distance Learning
Remote Sensing & Gis Solutions
Projects
›› Turkish Police Criminal Laboratories
Information Management System
›› Turkish Gendarmerie Criminal
Laboratories
Information
Management System
›› Turkish Gendarmerie Narcotics and
Psychotropic Profiling System
›› Turkish Police Bomb Squad
Automation
›› KOMPLE.DOC
Document
Management System
›› KOMPLE.ISO Quality Management
System
›› TEİS – Sales force tracking system
›› Turkish Military Smartcard Project
Products
Forensic Laboratories Information
Management System (CLIMS) is a
complete case management system
developed especially for forensic
laboratories to provide a chain of
custody with DNA and Narcotic Bank/
Matching features.
DNA Module as your National
CODIS Database.
›› Real Time DNA Bank, Matching and
Contamination warning,
›› Integration with equipment used in
Biology Laboratories,
CLIMS Narcotic profiling module
is a Data Bank and Narcotics
profile matching solution
›› National Drug Profile Bank,
›› Drug manufacturer Bank,
›› Profile matching sample to sample,
sample to Database,
CLIMS Crime Scene Investigation
Module has following Features
›› Mobile Crime Scene data entry with
hand held computers.
›› Performance Monitoring of Crime,
Evidence and Case Analysis,
Cloning System for Ballistics is
used to duplicate the firearm cartridge
cases, collected from the crime scene
for security and archival purposes.
Bomb Squad Automation System is
a solution for explosives departments
to trace/monitor the cases and
matching the trigger mechanisms of
found bombs.
R&D Investments
VERISIS have a separate R&D
Office located at METU Teknopark
since 2005. VERISIS R&D experts,
mostly have ICT related background,
research on the forensic sciences and
criminal facts. They develop software
related to forensic and criminal
solutions which are used by Police or
local military officers.
Besides we have some R&D studies
on Remote Sensing and Geographic
Information Systems together with the
Geological Engineering Department of
METU.
Domestic and International
Projects
VERISIS products is actively used
by Turkish Criminal Police Laboratories
for 10 years, by Turkish Gendarmerie
for 5 years.
VERISIS are in contact with the
Criminal / Forensic Departments of
Police or Local Military Officers of
different countries. In 2013 VERISIS
have exported their criminal solutions
to Kingdom of Saudia Arabia Ministry
of interior.
DEFENCE TURKEY
46
ISSUE 48/2013
Last Man Standing or Self Defensive
Software
Mr. Serhat Toktamışoğlu- MilSOFT
In this article, we’ll try to shed some
lights on software protection which
is actually an interesting sub area of
software security. It is part of software
security because it may be seen as the
last line of defence (for man-at-theend attacks) for securing your software
against certain type of software security
attacks. The reason why we call the
software protection as “last line of
defence” is that if the adversary passes
perimeter security measures (firewalls,
IDS, AV, etc.) then your software should
defend itself to protect its intellectual
property as well as to continue run as it
is programmed originally.
Software protection is part of
software security so it should be
considered as a major part of cyber
security concepts and studies. In
classical cyber warfare approaches,
the man-in-the-middle type of attacks
is common so perimeter security
plays a major role. However, software
protection complement but don’t rely
upon network firewalls or hardware
security. There are many solid cases
which you need to protect the software
and the content. To name some solid
examples; you can think of you’re
a military contractor and produce
critical embedded software which is
used in UAV systems. What happens
if the UAV is shot down (or hijacked)
in adversary’ territories? What if a
maliciously modified/patched version
of your fighter’s avionics code which
acts unreliable at a critical time was
uploaded into your state of art new
fighter jets? Or, imagine you wouldn’t
have enough time to destroy all critical
software and hardware used in your
state-of-the-art spy plane when it
was forced to land in your adversary’s
controlled region. What happens then?
To see what happens in real life
examples, you can visit the discussions,
concerns, claims and counter claims
on the net which occurred around
Iran-US, RQ-170 capturing incident
on
2011
(http://en.wikipedia.org/
wiki/Iran-U.S._RQ-170_incident)
and
Hainan Island Incident on 2001 (http://
en.wikipedia.org/wiki/Hainan_Island_
incident). These examples show the
importance of employing software and
hardware anti-tampering measures
in
critical
system
components.
The software protection is not only
essential for military systems but also
for many commercial applications
like game applications and consoles.
For some type of applications staying
unbreakable couple of weeks further is
the vital factor for the company’s profit.
The methods involved in software
protection like, code obfuscation, antidebugging techniques may not be
used only by the good guys. It can be
employed for the malicious purposes
like cloaking a virus code and hiding
some on purpose planted bugs in the
code. On the other hand, applying
software protection methods (both for
good causes or malicious purposes)
is a double-edged sword which has
some performance trade-offs. Because
of the runtime checks and obfuscation
methods applied to software it has
performance impact on runtime and
the code size increases. The challenge
in software anti-tampering studies are
to make these trade-offs negligible
comparing the benefits.
Another challenge in the area is
that almost all the public resources in
software protection area come from
academia. The commercial works stay
in the dark due to the fact “security
through obscurity” is partially valid in
software protection. You may think this
is not correct approach for security
but in software protection to stay
unbreakable couple of months, weeks,
days (even hours in war time) further is
vital. Therefore, academia plays a major
role as it share the knowledge and
studies the methods and the attacks at
the same time that helps the researcher
community grow.
The protection may not be only
interest
of
government/military
institutions or big companies. Imagine
you have a small company or individual
and you would like to protect your
intellectual property (patents etc.) in your
software against the big competitors
like multi-billion companies. If they
use your code (even patented), you
don’t have a big chance at court
against them as they have much bigger
legal capabilities then yours. So, the
protection methods may be your best
option to go. If you somehow go to the
court, the techniques like watermarking
and birth marking can also help you to
show the evidences of theft in the court.
It is also interesting to note that
software protection techniques like
code obfuscation are also commonly
used by virus and malware writers.
They use these techniques to hide
themselves from virus scanners and
provide polymorphic versions of the
same malware. Malware analyst’s
job gets more and more difficult if the
malware code is furnished with dynamic
and static obfuscation methods.
Producing self-protected software
against dynamic and static type of
attacks can also help you defend
your software against zero-day type
of attacks to some extent. Because
in order to create zero-day attacks,
your code must be investigated and
the security flaws should be identified.
If you furnish your binaries with antitampering techniques, this will make
the zero-day researcher’s job tougher.
A known correct motto is that “If
your computer can see the instructions,
then you can see them, too”, Bruce
Schneier. However, if you do your best
to make the reverse engineering time of
your code relatively bigger (there is no
exact academic measurement for that
now) than the original developing time
of the same code includes its all IPs,
we can say that you accomplished your
task successfully!
ISSUE 48/2013
47
DEFENCE TURKEY
Atos: Scenarios for the Future of
Defence and Security
This is a critical era for the entire Defence and security community, as we are confronted with conflicting
challenges that threaten to limit the operational effectiveness. Yet new capabilities, technologies and solutions
make it possible to transform mission outcomes, from front-line support, interoperability and adaptability to
capability, affordability and resource efficiency.
Knowledge centricity – creating
strategic advantage through
predictive analytics
There is a growing demand for
specific filtering of information and
its transformation into knowledge.
This requires a smart data fusion
from all kinds of sources; and data,
covering financial transactions, forensic
information and many other kinds of
content.
Atos is one of the main players that
aim to reduce complexity and support
decision making, and makes effective
use of semantic web technology for this
purpose. Semantic web characteristics
include
intelligent
services
and
networks and self-healing systems, as
both people and non-sentient objects
reason and communicate together
through connected intelligences, an
omnipresent web (Web 4.0).
Atos helps its Defence and security
clients move towards these Network
Enabled Capabilities, by taking complex
and divergent data streams and using
them to create actionable intelligence.
These capabilities contribute directly
to more effective command and
management structures in Defence and
security organisations. Atos’ secure
intelligence collection and assessment
system supports the entire workflow
of an intelligence service, from the
collection of the information, through
processing and analysis to distribution.
Cyber security – securing
cyberspace as an
integrated part of life
Cyber space technologies and
applications are an integral part of
many technologies, products, solutions
and services. Cyber criminality is
rapidly increasing, and in Defence and
security we need to take cyber warfare
and cyber terrorism fully into account.
There are many different systems, all
communicating with each other and as
additional players join the ecosystem,
complexity increases and so does the
possibility of a security problem in one
place that could end up infecting all the
others.
Cyber Risk & Business Impact
Assessments focus on identifying
crucial business processes, the crucial
information in those processes and
the required technology necessary for
a minimum baseline in cyber security.
Atos ScoutForce is a unique Cyber
Threat Assessment solution using best
of breed technology, combined with our
proven analysis and testing techniques.
This allows to rediscover the IT systems
and to know the weaknesses and risks.
That leverages the data generated
from multiple sources to answer three
key questions (3Ws) and to provide a
snapshot of what it really happening
inside the organization. The result is
the information needed to reduce the
overall risk and to avoid the cost of
potential security breaches.
Next-generation crime control
Today there is a cyber world that
exists in parallel to and integrated
with the real world. This needs to be
effectively policed, and that demands
efficient management and intervention
by trained executive forces equipped
with
technology. Next-generation
crime control requires specific solutions
for real-time knowledge exchange as
well as biometric and forensic analyses
monitored by specialist cyber police or
cyber Defence forces.
The main features of nextgeneration crime control technologies
that Atos focuses on are:
›› Smart combination of future technologies
like automated reasoning or semantic
storage;
›› Highly efficient collaboration between
applications;
›› Permanently available, real-time and
intelligent detection of criminals by next
generation identity management;
›› Advanced expert systems with artificial
intelligence in efficient cooperation with
conventional security forces;
›› Creation of security experience able to
anticipate crime situations.
People mobility and
network security
The
continued,
apparently
unstoppable increase in mobility
has a strong influence on the IT
and communication security of
organisations. We now need the most
effective solutions for protection against
unauthorised access to computers
and networks, which will be based
on advanced technologies for access
management, authenticity, encryption,
mobile devices, and other technology
assets.
Using Atos deployable IT and
communications solutions, it is possible
to be up and running at high speed and
secure in any part of the world, and to
keep working normally, no matter what
the conditions may be.
Joining it all together
Defence and security organisations
do not operate on their own but as
components within a large ecosystem.
Atos has worked closely with the
Defence and security community for
decades, and has deep and detailed
knowledge and understanding of
Defence equipment and support
requirements.
At Atos, there exist the depth, reach
and stretch to cover the complete
ecosystem demands. Atos’ extensive
track record covers work for Ministries
of Defence from the US, UK, Germany,
the Netherlands, France, Spain and
Australia, international organisations
such as NATO and Armed Forces from
Scandinavia and Eastern Europe to
Latin America and Asia.
Developing a MoD-wide IT strategy
defines the corporate security policy
and establishes the main directions and
trends in terms of information systems,
technical architecture, IT processes
and organisation and communications
networks belongs also to our field
of play. Communication equipment,
identity management infrastructure,
BPO, ERP, Web-Based Training, Joint
Command and Control Information
DEFENCE TURKEY
48
Systems are also all fields of
work that Atos has developed a
broad experience in with respective
MoD’s and NATO. AirC2IS from Atos
Turkey will be NATO’s first networkenabled capability by design. It will be
a system that is forward-looking and
will equip the operational users to face
the changing NATO environment and
security challenges. Atos also supports
the NATO automated personnel
management based on widely used
technologies.
Atos has also enabled and ensured
automated data exchange between C2
systems of several NATO and non-NATO
nations, which have heterogeneous data
structures and technologies, delivering
on predefined information exchange
requirements.
In
many
different
countries,
including Turkey, Spain, Germany, The
Netherlands and Arab Emirates, Atos
provides a great variety of Command &
Control Centers to police forces. These
range from single site to country-wide;
from purely police to integration with fire
brigades and emergency and rescue
services. Atos is not only able to ensure
integration into the command and
control centre, but also sets-up entire
PMR networks, from small event-related
networks to permanent, country-wide
ISSUE 48/2013
solutions, such as the Polycom network
in Switzerland.
For national police forces, border
guards and other security services
managed by interior ministries, Atos
delivers
electronic
identification
solutions. These range from ePassport
to fixed and mobile border checkpoint,
as well as surveillance of non-regulated
borders. We now have many references
for solutions of this kind, originating in
Spain, Bulgaria, Switzerland, Croatia
and Italy. For the Australian federal
police Atos developed the General
Evidence Management System (GEMS)
to support any type of investigation,
improving the efficiency of any
investigation team.
Born out of the union of Atos
Origin and Siemens IT Solutions and
Services, Atos is an international
information
technology
services
company with annual revenues of EUR
8.8 billion and 76.400 employees in 47
countries. Serving a global client base,
it delivers hi-tech transactional services,
consulting and technology services,
systems integration and managed
services. Atos is focused on business
technology that powers progress and
helps organizations to create their firm
of the future.
Defence and Cyber Security Platform
in Virtual World
Dr.Cüneyd Fırat-General Manager,C2TECH
Cyber security, according to
the definition of The International
Telecommunication Union (UTI), is
the creation and maintenance of
security mechanism that can protect
institutions, organizations end users’
assets. Besides affecting users and
their assets, cyberattacks expose
great risks to nationwide critical
infrastructures such as military,
financial, health and energy systems,
and their utilization as a form of military
threat among nations is a well known
fact. For that reason, candidate Cyber
Security strategy and solutions should
be evaluated in the context of national
security and encompass the whole
cyberspace simultaneously with the
same depth and resolution. To this end,
Turkey presented its Cyber Security
strategy under the title of ‘’National
Cybersecurity Strategy and 2013-2014
Action Plan’’ on June 20,2014.
Efforts related to the strategic plan,
action plans and policies supporting
them are in progress. Cyber Security
Council where the representatives
of such critical institutions as TSK
(Turkish Military Forces) CyberDefence
Center and EGM (General Directorate
of Security) Cybercrime Center take
place can be considered the most
important step.
C2TECH, a company developing
national solution and products of
Network Intelligence and Cyber
Security, plays an active role in Turkey
in the are. C2TECH has a very deep and
broad expertise on monitoring massive
scale network traffic. Its NetRASAT
and the other Cyber Security solutions
can reveal a detailed image of users
activities to security analists with its
ability to capture low level packets and
reconstruct the traffic.
Traditional Cyber Security solutions
are inadequate to avoid the constantly
increasing and evolving cyberattacks
of todys-‘s world. Particularly, in the
face of diverse attacks exploiting
unknown
vulnerabilities,
it
has
became indispensible to modify the
‘’Successful
Defence’’
definition
from ‘’keeping attackers outside’’ to
‘’they can infilitrate at times, but we
can detect early’’. In order for Cyber
Security experts to detect traffic
anomalies and suspicious activities
quickly, developing real-time traffic
monitoring systems has emerged
s as prominent requirement. Cyber
Intelligence is a real-time situational
awareness platform analysing online
network traffic s well as the records
acquired from critical infrastructures
and the other units.
ISSUE 48/2013
49
DEFENCE TURKEY
Proactive Cyberdefence for Critical
Infrastructure
The Stuxnet demonstrated that critical infrastructure networks are no longer protected by isolation. They
face the same as threats as other ICT networks, but the risks are far greater: a cyberattack against a critical
infrastructure network can result in cascading failures across critical infrastructure and the industries they
support. Yet, many critical infrastructure operators have done little or nothing to improve the cybersecurity
of their facilities. Given the risks, governments cannot wait for the private sector to take initiative. They need
to make cybersecurity a national security priority and work together with the private sector to prepare for
cyberattacks. In this paper, we propose cybersecurity strategies that not only improve cybersecurity, but also
make business sense in the 21st century.
Exposure to external attacks
Critical infrastructure networks are
increasingly using Internet protocols
and communicate with external
resources, sometimes over the public
Internet. The transition into Internet
Protocol (IP) based networks helps
reduce costs and improve efficiency,
but it also exposes these previously
isolated networks to external attacks.
Most systems and protocols used in
critical infrastructure networks were
developed for closed networks with
trusted devices and no connection
to the outside world. They contain
very little security features, and
more worryingly, they have never
been hardened. The biggest threat
are devices, such as programmable
logic controllers (PLCs) that control
physical equipment like pumps and
valves. When connecting industrial
control networks to corporate
networks and introducing other
forms of connectivity, it is important
to understand what the risks are and
perform the necessary actions to
mitigate the risks.
power companies: if they companies
do not pay the ransom, the criminals
carry out an attack. US intelligence
has attributed several power outages
around the world to cyberextortion.
Electric utilities and other critical
infrastructure are also the target of
constant probing. Probing is a part
of cyber-reconnaissance and it is
used to map network infrastructure
and locate vulnerabilities for future
attacks.
Strategic partnerships
with the private sector
Given the importance of critical
infrastructure networks, ad hoc
responses to cyberattacks are not
enough. As nations are prepared for
natural disasters, they must also have
a national cybersecurity strategy. In
most countries, the majority of the
critical national infrastructure and
cyber infrastructure is owned and
operated by the private sector. They
know their systems best, they have
the technical expertise, and most
importantly, they have access to their
own networks. Thus, a cybersecurity
strategy will only be effective, if the
private sector is committed to it and
they will not commit to it, unless they
can see the business benefits.
From a business perspective, the
transition into all-IP networks makes
sense: it reduces costs and improves
efficiency. From a purely security
perspective, critical infrastructure
networks should not be connected
to the Internet, because it exposes
the networks to outside attacks.
However, keeping your networks
isolated is not necessarily something
you can do, if you want to run a
successful business. The challenge
is combining these perspectives
and finding solutions that improve
cybersecurity, but are also good for
business. After all, Company CEOs
want to make a profit, not defend a
country.
Cyberthreats: Probing
and cyberextortion
The
increased
connectivity
enables cyber adversaries to have
access to network areas that they
would otherwise not have access
to, unless they were physically
inside a facility. Cyber adversaries
are putting more and more effort
into critical infrastructure networks:
they are doing more research and
are writing more malware addressed
specifically towards the exploitation
and disruption of industrial control
systems.
Cybercriminals
use
vulnerability intelligence to extort
Figure 1: Good cyber-hygiene and proactive cyberDefence
DEFENCE TURKEY
50
Proactive cyberDefence
In all types of cyberattacks the
initial access into a system is enabled
by a vulnerability in the system. These
vulnerabilities are simply errors made
by the coders during development.
Ideally, they should also be fixed
during development, because after
deployment the errors become
exploitable vulnerabilities. Security
researchers, security companies
and hackers, discover some of
the vulnerabilities. If they report
their findings, software developers
can create patches for the found
vulnerabilities. These vulnerabilities
are now known vulnerabilities. The
biggest cybersecurity threat are the
unknown, zero-day vulnerabilities
still remaining in the code.
Improving basic cyberhygiene
The risk of cyberattacks can
be
reduced
considerably
by
implementing basic cyberhygiene
measures, such as deploying
patches in a timely manner or using
vulnerability scanning to test software
products before release. Good
cyber-hygiene also covers the use of
signature-based security Defences,
such IPS/IDS solutions, vulnerability
scanners and firewalls. They are fairly
efficient in defending against known
attacks. However, they can only
detect pieces of malware, for which
an identifier, known as a signature,
already exists and has been
deployed. Attacks exploiting zeroday vulnerabilities can completely
bypass these Defences. Advanced
attacks, like Stuxnet, exploit multiple
zero-day vulnerabilities making them
extremely difficult to defend against.
Proactive cyberDefence
against advanced attacks
Fuzzing is a security testing
technique that can find previously
unknown, zero-day vulnerabilities
by triggering them with unexpected
inputs. By incorporating fuzzing best
practices into their development
and
procurement
processes,
organizations
can
significantly
improve the security and robustness
of their networks. The less
vulnerabilities there are in the system,
the harder it is to attack it. However,
ISSUE 48/2013
not all attacks can be prevented, thus
organizations must be able defend
against attacks.
The longer attacks stay undetected
the more damage they can cause.
Good abuse situation awareness, or
Internet threats awareness, is key to
establishing systematic and efficient
processes for responding to cyber
incidents. Organizations can improve
their abuse situation awareness by
automating information collection,
processing and reporting and
engaging in timely information
sharing with their cybersecurity
partners.
Improving cyberthreat situation
awareness
Comprehensive
situation
awareness is achieved by combining
threat and vulnerability intelligence
from internal and external sources.
Most organizations employ SIEM
systems and IPS/IDS solutions,
which provide valuable insight into
incidents within networks. However,
even serious cyber threats can be
dismissed as random attacks, if the
security personnel lack the global
abuse situation awareness needed to
examine events in coordination with
other security incidents. Similarly,
external abuse information requires
network-specific intelligence to be
applied into practice.
CyberDefence best practices
The
majority
of
critical
infrastructure is privately owned, and
it is the private companies that need
to make sure that their networks are
robust and secure. However, due to
the importance of these networks the
protection of critical infrastructure
cannot be left to the private sector.
An effective cybersecurity strategy
is based on partnership between
government and the private sector,
including both private companies
and industry organizations, as well
as international partners.
The role of critical
infrastructure operators
Complex supply chains are
typical for industrial control systems.
Systems purchased by critical
infrastructure operators, such as
power utilities, are typically compiled
by system integrators from devices
and software they purchase from
a variety of device manufacturers.
These device manufacturers, in turn,
purchase parts of their software from
third-party software developers.
The industrial control systems they
produce often contain a software
development kit (SDK), which can
be used to modify the software to
better meet the needs of the critical
infrastructure operator. Additionally,
open-source software is widely used
in critical infrastructure.
Develop better software
If a company is developing
its own software, the best way to
ensure the security and robustness
of the software they develop is to
identify and eliminate vulnerabilities
during software development. Large
software houses already include
fuzzing as a part of their secure
development
lifecycles:
Cisco’s
CSDL, Microsoft’s SDL and the
Adobe Product lifecycles are good
examples of this. Giants like IBM
and Google also promote fuzzing.
Software development for industrial
control systems (ICS) would benefit
greatly from the same approach. The
earlier the vulnerabilities are found,
the easier and cheaper it is to fix
them. Indeed, by building security
into your software you can avoid
costly, critical, and embarrassing
software blunders.
Only buy robust software
Many vendors are in a hurry to
push software onto the market, and
often times it is the user who ends
up doing the testing. By insisting
on using fuzzing as an acceptance
condition, you can make vendors
claim responsibility over the quality
and security of their products.
Operators are already starting to
use fuzzing as entry criteria for their
network suppliers. Why not use
fuzzing to ensure that all equipment
you accept into your network
is robust and secure? In critical
infrastructure networks, patching can
be difficult. The more vulnerabilities
you can fix prior to implementation,
the less patching you will need to do
later on.
ISSUE 48/2013
The role of industry organizations
Engaging industry associations
and industry leaders in the
development of a cybersecurity
strategy helps to ensure that adopted
policy is one that the private sector
can commit to. Industry associations
play a major role in motivating the
private sector and in ensuring that
the proposed cybersecurity policies
also make business sense. The
North American Electric Reliability
Corporation (NERC) introduced a
set of eight critical infrastructure
protection (CIP) standards (CIP-002
to CIP-009). These standards are
mandatory in the US and Canada,
and NERC has the authority to audit
energy producers and distributors
and fine them up to $1M per day
per violation. The challenge with
standards is keeping them up-todate.
Cybersecurity: A national priority
The mandate for cybersecurity
must come from a high level.
Protection must be implemented
by the network owners because
only they have access to their own
networks, but governments must use
their authority to make cybersecurity
a national priority. The role of the
government is to build partnerships
with the private sector and to get
the private sector to understand
that cybersecurity is not only a
means of insuring against malicious
compromise, but also a necessary
component of business continuity.
The private sector will only commit
to the cybersecurity effort if they can
see the benefits (i.e., if the efforts also
make sense at a business level).
51
increasing cybersecurity awareness
within the organization and partner
network, and improving cyberDefence
processes. For example, by collecting
abuse information from internal and
external resources, over the years,
the organization creates a valuable
database, which helps it monitor
networks even more effectively.
Global cooperation
Cybercriminals
act
globally,
but national borders restrict the
jurisdiction of law enforcement.
To catch cybercriminals and to
prosecute them more effectively,
cooperation between national and
international law enforcement is
needed. This is only possible through
the harmonization of cybercrime laws
and the timely sharing of information
between partners. Cybercriminals
move fast, so law enforcement must
also work at “Internet speed”. Timely
information sharing also helps build
a culture of transparency and trust
between global partners.
Conclusion
Cyberattacks can never be
fully avoided, but with the correct
cybersecurity strategies the risk
DEFENCE TURKEY
of cyberattacks can be reduced
considerably. By improving the
resilience of your critical infrastructure
networks,
you
can
make
it
significantly harder for the bad actors
to attack your system. Proactive
Defence is all about improving
national cyberDefence capabilities,
i.e., a nation’s ability to prevent and
detect cyberattacks.
By using fuzzing to test your
systems, you can find and fix
vulnerabilities, before your cyber
adversaries have a chance to exploit
them. By collecting the latest threat
information you can improve your
abuse situation awareness and
detect attacks at the earliest possible
moment.
However,
proactive
cyberDefence is not just about
implementing new technologies; it is
about improving internal processes
and building strong partnerships.
Timely
information
sharing
is an important part of proactive
cyberDefence, because transparency
strengthens
partnerships.
Transparency also serves another
purpose: it ensures that the efforts
we make to secure cyberspace do
not compromise the openness of the
Internet, which is the very source of
its success.
Timely information sharing
National actors play a key role
in promoting information sharing,
which is essential to successful
partnerships between the private and
public sector. The ability of a nation’s
core cybersecurity units to produce
and share relevant cybersecurity
information is an indicator of
its
cyberDefence
capability.
Technological solutions increase
automation and enable organizations
to do more with the resources they
have. However, the main goal is
Figure 2: Actors in the Critical Infrastructure
DEFENCE TURKEY
52
ISSUE 48/2013
Oracle Security Solutions
Oracle Database Security
From the outset, Oracle has
delivered the industry’s most
advanced technology to safeguard
data at the source—the database.
Oracle provides a comprehensive
portfolio of security solutions to
ensure data privacy, protect against
insider threats, and enable regulatory
compliance for both Oracle and nonOracle databases. Oracle’s powerful
preventive and detective security
controls include database activity
monitoring and blocking, privileged
user and multifactor access control,
data classification and discovery,
transparent
data
encryption,
consolidated auditing and reporting,
secure configuration management,
and data masking. With Oracle,
customers can deploy reliable data
security solutions that require no
changes to existing applications,
saving time and money.
Oracle Audit Vault and
Database Firewall
Monitor Oracle and non-Oracle
database traffic to detect and block
threats, as well as improve compliance
reporting by consolidating audit data
from databases, operating systems,
directories, and other sources.
Oracle Advanced Security
Comply
with
privacy
and
regulatory mandates that require
encrypting and redacting (display
masking) application data, such as
credit cards, social security numbers,
or personally identifiable information
(PII). By encrypting data at rest and
masking data whenever it leaves the
database, Oracle Advanced Security
provides the most cost-effective
solution for comprehensive data
protection.
Oracle Database Vault
Increase the security of existing
applications and address regulatory
mandates that call for separation-
of-duties, least privilege, and other
preventive controls to ensure data
integrity and data privacy. Oracle
Database Vault proactively protects
application data stored in the Oracle
database from being accessed by
privileged database users.
Oracle Label Security
Easily categorize and mediate
access to data based on its
classification. Designed to meet
public-sector
requirements
for
multilevel security and mandatory
access control, Oracle Label Security
provides a flexible framework that
both government and commercial
entities worldwide can use to
manage access to data on a “need
to know” basis in order to protect
data privacy and achieve regulatory
compliance.
Oracle Data Masking
Comply with data privacy and
protection mandates that restrict
the use of actual customer data.
With Oracle Data Masking Pack,
sensitive information such as credit
card or social security numbers can
be replaced with realistic values,
allowing production data to be safely
used for development, testing, or
sharing with out-source or off-shore
partners.
Oracle Identity Management
is a complete and integrated, nextgeneration identity management
platform that provides breakthrough
scalability; enables organizations
to achieve rapid compliance with
regulatory
mandates;
secures
sensitive applications and data
regardless of whether they are
hosted on-premise or in a cloud; and
reduces operational costs.
Built on an innovative modern
architecture that blends extreme
scalability with rich user experience,
Oracle Identity Management offers
a best-in-class suite of identity
management solutions that allow
organizations to simplify identity
lifecycle management and secure
access from any device for all
enterprise resources – both within
and beyond the firewall.
Access Management
Oracle provides the industry’s
most advanced security solution for
securing applications, data, Web
services, and cloud-based services.
Built on a uniquely integrated
modern architecture, Oracle Access
Management
software
gives
customers the flexibility to deploy a
comprehensive solution delivering
authentication,
single
sign-on,
authorization, federation, mobile and
social sign-on, identity propagation,
and
risk-based
authentication
and authorization at the network
perimeter.
Identity Governance
Oracle
Identity
Governance
empowers
user
self-service,
simplifies account administration,
and streamlines audit tasks resulting
in a lower overall total cost of
ownership for managing identities.
By delivering a comprehensive
platform for user registration, access
request, role lifecycle management,
provisioning, access certification,
closed-loop
remediation
and
privileged account management,
Oracle is delivering a solution that
both simplifies the process to
address today’s requirements and
enables organizations to address
emerging opportunities.
Directory Services
Oracle delivers the industry’s
only integrated directory solution
optimized for cloud, mobile, and
social ecosystems. With a complete
set of directory capabilities including
identity virtualization, storage, and
synchronization services, Oracle
provides breakthrough performance
for mission-critical enterprise and
carrier grade environments.
ISSUE 48/2013
53
DEFENCE TURKEY
End-To-End Cyber Resilience with SAP
Solutions
Cyberculture is growing faster
than cybersecurity, and this is
placing everything that depends
on cyberspace at risk. Private
data, intellectual property, IT
infrastructure, and even military
and national security – it can all be
compromised by deliberate attacks,
inadvertent security lapses, and the
inherent vulnerability of the Internet.
The fact is, cyberculture is
growing rapidly, and it has taken
on a life of its own that won’t stop.
The Internet has made access to
information ubiquitous. Almost all
business and government activities
now rely on digital connectivity. And
even traditional aspects of everyday
life – such as appliances and cars
– may soon come with their own IP
addresses.
As these examples illustrate,
dependence on the cyber domain
is no longer limited to advanced
technologies,
and
participation
in it is no longer a choice. The
economic, governmental, and social
advantages that a digital world can
enable are difficult to even quantify –
and there’s no going back.
For these reasons, governments
and their citizens must tackle
cybersecurity issues head on –
and make necessary changes in
habits and lifestyle to protect their
processes and assets. Lack of
effective cybersecurity threatens
not only the gains made possible
Managing the Cyber Resilience Lifecycle
by information technology, but also
other elements of daily life that are
now dependent on the Internet. It’s
time to refine the focus on what a
secure digital world can enable,
because an unsecured Internet is
worse than none at all.
Real-Time Protection:
Protecting Economies,
Governments, and Citizens
In today’s volatile sociopolitical
environment, governments have
to carefully protect the information
that they collect and process. To
achieve this, they need a thorough
information management policy
combined with real-time cyberreporting and analytical tools.
The technologies they deploy to
improve cybersecurity should also
boost cost-containment efforts and
empower leaders to make effective
decisions.
To help governments realize these
goals, SAP offers cyber-intelligence
software that supports quick analysis
of complex intelligence relationships and networks of IP-related
information. Intelligence agencies
can use it to share information
securely across teams, agencies,
and borders, as well as perform
integrated intelligence analysis of
structured and unstructured data. By
integrating and simplifying previously
complex, disconnected information
sources, agencies can have a clear,
shared intelligence picture that
helps them uncover and address
cyberattacks quickly and efficiently.
SAP software also supports
cyberspace-related
investigative
processes from case initiation to
close. Agencies can use it to gather
intelligence, organize investigative
data, and centrally manage all
intelligence-led policing processes.
In addition, investigators can classify
incidents, assign leads, and decide
on follow-up activities, increasing
agency efficiency and effectiveness.
Managing the Cyber
Resilience Lifecycle
With SAP software, governments
gain a more complete view of
intelligence data and can enable
investigative best practices and
evidence-based decision making.
Agents can process investigative
cases from initiation to close and
get insights to anticipate, solve,
and reduce incidents. They can
also analyze complex intelligence
relationships and networks of
seemingly disconnected people,
objects, locations, and events for a
clear, common intelligence picture.
›› Identify
and
catalog
critical
infrastructures that are vulnerable to
cyber compromises
›› Approach cybersecurity as the
ongoing management of continuous
risk, not as a safeguard against
specific future attacks
›› Foster the view that cybersecurity is
ultimately about protecting everything
of value – not just digital assets
›› Plan for resiliency so the government
can react swiftly when cybersecurity
is compromised despite protective
efforts
›› View bringing digital data into a
government’s virtual space as a risk
that must be managed similarly to
food imports, immigration, and other
customs
SAP Innovations for Cyber
Risk Management
Breakthrough technologies from
SAP can help governments of all
sizes drive change and create bestrun agencies that can cultivate
true, effective cyber resilience.
SAP solutions enable cyber risk
management in real time to assure
the security of government identities.
They’re also designed to help
agencies process Big Data in near
real time, drive new online services,
and “unwire” citizens and employees
by providing mobile access to
processes and data.
For
example,
in-memory
databases, such as the SAP HANA
DEFENCE TURKEY
54
platform, enable governments to
get more from their data faster. Data
is essential to making decisions,
improving operational efficiencies,
and
providing
government-togovernment (G2G), government-tocitizen (G2C), and government-tobusiness (G2B) services.
SAP software powered by SAP
HANA can also help agencies
transform operations by streamlining processes and integrating
massive amounts of data on a single
platform. They
can manage, access, and use
large volumes of data in real time
while enjoying fast, predictable
application performance.
Best-run
government
organizations also need business
intelligence (BI) solutions to extract
and transform data into actionable
insight for fast, informed decision
making. Using BI solutions from SAP,
they can deliver the right reports to
the right people at the right time
and even generate complex, ad hoc
reports and queries. SAP solutions
are designed to deliver superior
performance for critical intelligence,
analytics, and data warehousing
activities on any standard hardware
and operating system.
Identity Detection and Resolution
Identify and register IP-related
information or unknown persons and
organizations. Validate and classify
known persons and organizations.
Investigation Processing
Process investigative cases from
beginning to end; track relevant
information,
involved
people,
objects, locations, and events;
and manage relevant data and
documents.
ISSUE 48/2013
Intelligence Analysis and Reporting
Analyze massive amounts of data
with intuitive graphical tools, find
hidden connections and patterns,
draw conclusions, and share
results. Run management as well as
operational reports.
Identity Detection and Resolution
Government agencies can use
SAP software to efficiently identify
and register IP-related information or
unknown persons and organizations.
They can also quickly validate
and classify known persons and
organizations as part of an efficient
identify detection process.
With
governmental
cyber
resilience
intelligence
solutions
from SAP, intelligence professionals
have the tools to track accurate
intelligence data related to IPrelated
information,
persons,
objects, entities, locations, and
events, as well as understand their
interrelationships. Key functions
help people identify and categorize
relevant details and their relationships
to cases, leads, incidents, and
activities, as well as store, upload,
and classify outcomes.
By
discovering,
relating,
validating, and evaluating identities,
analysts and investigators can
discover unknown persons and
organizations of interest. At the same
time, analysts and investigators gain
a fuller view of intelligence data,
enabling consistent investigative
best practices and evidence-based
decision making.
Capabilities: Use Intelligence
More Effectively
Governmental cyber resilience
solutions
from
SAP
support
investigation
processing
so
agencies can efficiently manage the
investigative work process.
For example, in the event of a
serious cyber-attack against a federal
government office, investigators can
use a structured process based on
best practices to track incidents
and manage the investigation
process. They can plan and execute
activities in a coordinated manner;
collect comprehensive structured
information; and display, evaluate,
and share this information in a
transparent manner.
In addition, SAP software helps
agencies organize the data and
support the processes that are
typically used in intelligence and
policing, especially those processes
used to investigate cybercrimes.
This leads to faster decision making
during the investigation process,
a higher percentage of solved
incidents, and reduced cybercrime
rates.
Reporting and statistical analyses
happen automatically, rather than
manually. Predefined operational
key
performance
indicators
help management teams track
effectiveness and view trends, as
well as see “hot spots” and identify
the likely source of them. Executives
can then make better resource
allocations based on this data.
Benefits: Get the Full Picture to
Reach the Right Conclusions
With SAP software, government
agencies can efficiently process
investigative cases from initiation to
close. At every step, analysts and
investigators have the insights they
need to anticipate, solve, and reduce
criminal and terrorist incidents in
cyberspace.
Intelligence Analysis and Reporting
Using SAP software, agencies
can analyze massive amounts of
data using intuitive, graphical tools.
These tools reveal meaningful
connections and patterns that aren’t
obvious otherwise. Agents can draw
ISSUE 48/2013
conclusions and share insights
with stakeholders. And at any time,
they can run management and
operational reporting.
SAP software supports quick
analysis of complex intelligence
relationships and networks of IPrelated information, people, objects,
locations, and events. Intelligence
agencies can share information
securely across teams, agencies, and
borders. The software also provides
integrated intelligence analysis of
structured and unstructured data
with source tracking, access control,
visual analysis, and flexible modeling
of complex data sets.
The result? Agencies can integrate
and simplify previously complex,
disconnected information sources
to get a clear, common intelligence
picture. This consolidated data can
be analyzed using visual, interactive
tools that even support fast, ad
hoc analysis on raw data; no data
modeling is needed. As a result,
investigators can work freestyle
without dependence on IT and spend
their time on true analysis rather than
technical issues.
Find the Hidden Knowledge in Data
Developing
a
detailed
intelligence picture is vital to the
success of any cyber resilience
operation. But to target serious
and organized cybercrime, analysts
and investigators need to focus on
hidden associations and connections
between disparate, disorganized
data sets. This requires having the
right analytical and reporting tools.
Governmental cyber resilience
solutions from SAP provide a
robust, intuitive tool set that helps
analysts and investigators conduct
full investigations that can lead to
intelligence breakthroughs and more
informed decisions. For example,
the SAP Intelligence Analysis
for Public Sector application by
Palantir is a complete software
solution for intelligence analysts
and investigators. It integrates
structured and unstructured data
across classification and security
levels. At the same time, it helps
analysts perform advanced searches
efficiently,
leverage
enterprisewide
knowledge
management,
55
DEFENCE TURKEY
SAP Intelligence Analysis for Public Sector by Palantir Solution
and collaborate within and across
agencies.
In addition, SAP software
supports data cleansing and
consolidation on even the largest
data stores, improving data quality.
This helps ensure more accurate
analyses.
More Pictures, Less Words
Make Insights Easy
SAP software provides graphical
interfaces with intuitive, builtin user guidance that facilitates
efficient handling of large masses
of structured and unstructured data.
These features help investigators
quickly find the needle in the
haystack – and bring perpetrators of
cybercrimes to justice.
SAP software empowers decision
makers at every level by providing
robust analytics that help them
combine fragments of data from
multiple sources and gain a unified
view of crimes and threats. It also
offers powerful tools for information
management – complete with fullsource tracking, fine-grained access
control, flexible data modeling,
and data integration. All of this
functionality is available through a
powerful, intuitive interface.
For example, with the SAP
Intelligence Analysis for Public
Sector application,
an analyst or investigator can
begin an investigation and achieve
results within hours or days rather
than weeks. The software efficiently
automates hundreds of tasks that
are currently performed manually
within most agencies. By putting
advanced features at the fingertips
of information analysts, the solution
breaks down barriers to expedite
intelligence analysis, discovery, and
sharing.
Public Security Value Map with
End-to-End SAP Solutions
Cyber Resilience is an integral
part of SAP solutions that aim to
provide value to organizations in the
field of security. Please check SAP
web site and SAP Solution Explorer.
DEFENCE TURKEY
56
ISSUE 48/2013
Understanding a Space Called Cyber
Mr. Nigel Jones, Director of the Cyber Masters Programme, Cranfield University at the Defence Academy of the
United Kingdom.
There is no doubt that many
people have difficulty grappling
with the idea of cyber space, cyber
security, information security and
many other terms proliferating
through the media and public policy.
Part of it is because the ‘virtual’
label makes it seem so intangible,
and hard to touch. Those who try
to communicate the seriousness of
the threat have difficulty in making
it seem real and present. Part of
the problem is also because the
subject doesn’t seem to conform
to any traditional organisation
that one would expect in a higher
education institution or professional
interest group. When one opens
a discussion on security with an
engineer, it is not long before one
needs to get a psychologist in the
room too, and not just because one
is talking to an engineer. Rather,
security is a problem that must
work across disciplines and bring
an understanding of technology
and behaviour together. Presenting
a coherent whole across disciplines
is difficult for any one person or
group.
Some have tried to depict
cyberspace as having a number
of layers comprising the social,
people,
persona,
information,
data,
network
and
physical
layers. I prefer to think of them
as dimensions, as they are not so
easily separated in layers and are
much more interconnected. The
diagram below provides a graphical
representation of cyber space.
For me, these dimensions
raise a number of large real world
questions (giving a lie to the ‘virtual)
that we are trying to tackle in our
multi-disciplinary teaching and
research at Cranfield Defence and
Security
For me, these dimensions
raise a number of large real world
questions (giving a lie to the ‘virtual)
that we are trying to tackle in our
multi-disciplinary teaching and
research at Cranfield Defence and
Security.
The people dimension Why do
people behave as they do?
Understanding the motivations
and drivers of people is a critical
element of any criminal investigation
or security cultural and behavioural
change programme. Why people
are motivated to attack systems,
adopt certain technologies or act
securely are questions of particular
interest.
The persona dimension Who
is who and how do we know?
People online can have multiple
personas. @John is not the same
as John the person, who could just
as easily be @fred. How can we
really know who is who? How do
we build trust between people, and
between people and businesses
online? How easy is it to show
that an event on the internet is
associated with a particular person
in a particular place, good enough
to stand scrutiny in court?
The information dimension
How is data and information used
and exploited?
Information is an asset.
It
has value for scientists, health
administrators,
students,
consumers companies, marketers
and intelligence analysts. It also
has a value to criminals and spies.
Cranfield is interested in how
information is valued, managed
and exploited. We are interested in
how data becomes information and
knowledge, and how it is visualised
and processed to create new
knowledge.
The network dimension How
do I keep my networks, systems
and services secure and resilient?
The
connectivity
supplied
by infrastructure allows us to
communicate,
store,
process
information
and
to
control
processes in critical places such
as power plants and transport
systems. Keeping them secure
and online at a time when more
distributed architectures such as
cloud computing are implemented
is of critical importance for study
and research.
The physical world How
does the virtual world affect the
physical world and vice versa?
The other dimensions should
not be seen separately – people
work with networked technology to
provide services for other people.
One cannot either separate the
physical world from the virtual
world. In one sense the information
infrastructure runs on real kit in real
places in real jurisdictions (as well
as space). In another the impact of
a discussion on one forum can play
out in a city centre.
Together these dimensions
and challenges for research and
teaching point towards a set of real
world problems that we at Cranfield
are
addressing
by
bringing
technicians, engineers and social
scientist together.