cyber - a new war domain odtu teknokent most
Transcription
cyber - a new war domain odtu teknokent most
INTERNATIONAL CYBER WARFARE AND SECURITY CONFERENCE & B2B MEETINGS VOLUME 8 ISSUE 48 ISSN 1306 5998 YEAR 2013 CYBER - A NEW WAR DOMAIN ODTU TEKNOKENT MOST INNOVATIVE TECHNOLOGY PARK IN TURKEY HISTORY OF NATO’S LAND POWER AN INTERVIEW WITH MR.TOLGA OZBOLAT ODTU TEKNOKENT DIRECTOR OF UNIVERSITY INDUSTRY COLLABORATION DEPARTMENT CYBER SECURITY - FROM LUXURY TO NECESSITY I SE NTE CU RN RI AT TY IO C N SP ONFE AL CY EC REN BER IA CE & WAR L I B2 FA SS B M RE A UE EETI ND NG S TURKEY’S NATIONAL CYBER SECURITY STRATEGY AND THE NEXT STEP VOLUME: 8 ISSUE: 48 YEAR: 2013 ISSN 1306-5998 Publisher Company İmge Co. Publisher & Editor in Chief Ayşe AKALIN a.akalin@defence-turkey.com 6 Editor Cem AKALIN cem.akalin@defence-turkey.com Administrative Coordinator Yeşim BİLGİNOĞLU YÖRÜK y.bilginoglu@defence-turkey.com International Relations Şebnem AKALIN sebnem.akalin@defence-turkey.com Translation Tanyel AKMAN info@defence-turkey.com 7 Graphics & Design Gülsemin BOLAT Görkem ELMAS info@defence-turkey.com Advisory Board (R) Major General Fahir ALTAN (R) Navy Captain Zafer BETONER (R) Col. Fevzi BARUTÇU Prof Dr. Nafiz ALEMDAROĞLU Asst. Prof. Dr. Altan ÖZKİL Kaya YAZGAN Philipp REUTER Ali KALIPÇI Zeynep KAREL 14 İMGE Co. Sancak Mah. 596 Sok. 59/7 Çankaya Ankara / Turkey DEFENCE TURKEY Administrative Office Sancak Mah. 596 Sok. 59/7 Çankaya Ankara / Turkey Tel: +90 (312) 447 1320 info@defenceturkey.com www.defenceturkey.com Printing Görsel Grup Basim Tanitim Tasarim Matbaacilik Kağ.Kirt.San.İç Ve Diş Ti̇ c. Ltd.Şti İstanbul Caddesi̇ İstanbul Çarşisi Kat: 2 No : 48 / 64 İski̇ tler - Ankara Tel: 0 312 256 11 88 Fax: 0 312 256 18 88 Info@gorselbasim.com.tr www.gorselbasim.com 30 Basım Tarihi EKİM 2013 Yayın Türü Süreli İMGE Co. © All rights reserved. No part of publication may be reproduced by any means without written permission. 36 ISSUE 48/2013 7 SSM’s Role in Cyberspace as a New Field of Warfare 8 Cyber – A New War Domain 10 Turkey’s National Cyber Security Strategy and the Next Step 14 ODTU Teknokent is a Hub Where Research that is Done at the University and in Companies is Transferred to Industry and Commercialized 20 Aselsan’s Cyber Security Solution 22 Cyber Threat Intelligence and National Framework for Turkey 24 History of NATO’s Land Power 26 Cyber Security - From Luxury to Necessity 30 Selex ES; Partnering to Fight Modern Cyber Threats 32 Why has Cybersecurity Become Such an Issue? 33 STM and Integrated Cyber Security System (ICSS) Feasibility Study Project 34 Smart and Secure: Tap-Proof Voice Calls on Smartphones 35 Secure Access to Internet and Cloud Services 38 Get Protected Against the Most Disruptive Cyber Warfare Tool with DDOS Mitigator 3 DEFENCE TURKEY 39 BITES; Innovative, Specialist and Technology Developer of Turkey 40 UDEA; The Strongest Partner of RF Wireless Technologies 41 BEAM; Software Testing and Verification Solutions for Defence and Finance Sectors 42 Indigenous Solutions for 42 Defence & Space & Aviation by SDT 44 SIMSOFT; One of the Most Experience Company on High-Fidelity Modeling and Simulation Systems in Turkey 45 25 Years Experience of IT solutions and Criminal/ Forensic Medicine Laboratories by VERISIS 46 Last Man Standing or Self Defensive Software 47 Atos: Scenarios for the Future of Defence and Security 48 Defence and Cyber Security Platform in Virtual World 49 Proactive Cyberdefence for Critical Infrastructure 52 Oracle Security Solutions 53 End-To-End Cyber Resilience with SAP Solutions 56 Understanding a Space Called Cyber ISSUE 48/2013 5 International Cyber Warfare and Security Conference 2013 “The New Road Map of Cyber Warfare and Security in Turkish Defence Industry” Ayşe Akalın Publisher & Editor in Chief “International Cyber Warfare and Security Conference 2013 ” under the auspices of SSM (Undersecretariat for Defence Industries) and organised by SASAD (Defence and Aerospace Industry Manufacturers’ Association), Defence Turkey Magazine and TSSK (ODTU Teknokent Defence Industry Cluster) will gather Turkish & International Government Officials, Cyber Security Experts & Professionals and Industry Executives & Representatives. Within the aspect of this conference, discussions will cover; emerging threats and challenges on cyber warfare, the policy of leading cyber nations in cyber warfare and security, legal aspects for cyber warfare, industrial perspective in cyber warfare and security, new trends, new developments, technologies and solutions, next generation of cyber attacks, mapping the future threat environment for the first time in Turkey. This conference aims to intend bilateral cooperation and collaboration of Global and Turkish Defence Industry. I believe that this conference will be an information platform for Turkey’s future strategy and road map on cyber warfare and cyber defence. I would like to give special thanks to Mr. Murad Bayar, Undersecretary for Defence Industries, Mr. Faruk Özlü, Deputy Undersecretary for Defence Industries, Col. Cengiz Özteke, The Commander of Turkish Armed Forces Cyber Defence Command, Dr. Hasan Palaz, Vice President of TÜBİTAK (The Scientific and Technological Research Council of Turkey), the advisory and executive board of the conference, the speakers and moderators, SSM, Economy Ministry, METU, TUBİTAK all sponsors for their never ending supports and efforts. We are pleased to share with you, an overview by Faruk Özlü, Deputy Undersecretary; an article by Col. Cengiz Özteke, The Commander of Turkish Armed Forces Cyber Defence Command; an interview with Mr. Tolga Özbolat, Director of University Industry Collaboration Department; a report on Cyber security; ODTÜ Teknokent Companies’ technical articles on Cyber security solutions and capabilities geared towards the defence industry. Enjoy this issue... DEFENCE TURKEY 6 ISSUE 48/2013 DEFENCE TURKEY / Editor Dear Colleagues, Cyber defence has turned out to be an indispensable part of national defence due to dramatic advancement in Information Technologies. Moreover, cyber defence industry seems to hold a promising branch of defence industry thanks to private and public organizations’ on demand as technology consistently evolves. In the light of these developments, we are delighted to host “International Cyber Warfare and Security Conference” addressing the key concerns in cyber space. We strongly believe that this event will provide an unrivalled opportunity to discover the emerging challenges and solutions with key experts. Murad Bayar Undersecretary for Defence Industries ISSUE 48/2013 7 DEFENCE TURKEY SSM’s Role in Cyberspace as a New Field of Warfare Dr. Faruk Özlü Deputy Undersecretary Cyberspace has become a new field of “warfare and security”. Our mission statement saying “assuring the continuous improvement of Turkey’s defense and security capabilities” gives us “a duty in cyberspace warfare and security”. This duty has rooted from our strategic plan in which “gaining competence in defense and security technologies that will prepare Turkish armed forces for future combat environments” is stated. Performing such a duty requires strong planning in which we decide what should be done in time in very detail. Making such a plan, on the other hand, requires knowledge yielded in parallel to the creation phase of collective consciousness through studies of teams constituted by the partners of the issue i.e. military and governmental agencies, defense companies, universities and other institutions. For this purpose, SSM has initiated several studies, created lots of documents and reports, performed many conferences and workshops. SSM has initiated a study named “Networked Enabled Capability (NEC) Feasibility Study” to understand and discuss the requirements of the military redefined in this information age from which cyber security issues have originated. In that study’s design decision section, it is stated that “Information assurance and information security will be the primary concerns” emphasizing the security issue deeply. Parallel to the similar studies performed at NATO, USA and other countries, SSM attempted to state and document this new understanding of capability brought to defense sector with the enhancements. SSM has worked with METU (Mıddle East Technical University) and Savunma Teknolojileri Mühendislik Şirketi (STM) and the related the military agencies and created an environment where the collaborators come together to create this “feasibility study” under an academic discipline. With this regard, 25 academic personnel from METU and 10 engineers from STM worked together for 18 months, performing seminars and workshops together with the military personnel. The result was a huge document with a roadmap dictating what should be done in the short, mid and long term. Following this study, SSM has started several other projects on cyber defense and related issues. One of them was ISSDN i.e. Information Security Simulation for Defense Networks in which we have configured a state of the art cyber security simulation system and applied it to the Turkish Armed Forces to see the possible threats and defined needed precautions to secure any kind of military network. In the course of those studies, SSM has performed, supported or hosted several other workshops to create a collective consciousness through which valuable knowledge is created to plan the future of Cyber Security. It is now very well known that cyberspace touches every system and platform we are developing and procuring. It is clearly an indispensable area for innovation and technology. However, current systems and platforms are not ready for this new type of warfare and capability. One of our missions now is to address these vulnerabilities and make sure that our Defense Industry and Turkish military can recognize the full potential of network enabled capability and the risks it brings. Turkish Military, in tactical and strategic level, has various networks some of which work over the Internet and digital radios or using satellite infrastructures. Most of these systems are not fully secure or resilient in cyber warfare perspective. Our studies showed that unless major improvements or significant changes are made in how they are constructed or operated, we cannot be sure that we can protect these systems from the threat of cyber-attacks growing from day-to day. Turkish Military has a separate command to handle this issue. SSM has already had a separate department running the information systems, various network and cyber security projects. Considering the entire governmental system of Turkey, last year an initiative has been established, named Cyber Security Coordination Committee with the mission to run and coordinate the studies for the cyber security. This committee will constitute working groups and ad hoc committees to deal with the issue. SSM is always ready to take place in such groups and committees with the experience gained through lots of related projects. For future plans, as stated in the roadmap manifested in NEC feasibility study, we are in the establishment and assignment phase where each related agency takes its position. We are ready with a mature plan to deal with this new field of warfare and security as Cyber-attacks is one of the biggest threats in today’s and tomorrow’s world. DEFENCE TURKEY 8 ISSUE 48/2013 Cyber – A New War Domain Col. Cengiz Özteke Commander of TAF Cyber Defence Command Information Technologies (IT) became an important part of our lives with the incredible innovations in the 21st century. We are getting more dependent upon this new technology. Besides making our daily life easier, IT has a lot of applications in our work life. This is so obvious when we consider time spent on sending e-mails, preparing e-documents etc. We, as human beings, became successful! in getting this new cyber domain a new war domain. Now cyber is inevitably became the fifth war domain after land, sea, air and space. Cyber, as our new war domain, has some differences from the other war domains. What are the different characteristics of cyber? The very basic characteristic of cyber-attack is its asymmetric feature. In other words; bigger impacts can be achieved with little effort. In the war domains other than the cyber; you must have sophisticated and expensive weapons to dominate the adversary. But in cyber, with a cyber-weapon, developed by a few cyber experts using little resource, you can endanger adversary’s critical infrastructure like electricity distribution infrastructure or airborne early warning system. Another main feature of cyberattacks is the difficulty in attack source attribution. Cyber attackers, using the capabilities of IT, can hide their tracks or even leave tracks as if attack was done by somebody else. This situation; while decreasing the risk taken by the attacker, on the other side, creates a risk of not finding the perpetrator or counter-attacking to an innocent party. Besides, cyber-attacks are crossborders. Along with the improvements in IT, state borders and jurisdictions became blurred. This specification of cyber-attacks, made the international cooperation and coordination mandatory. Cyber domain contains disorder and ambiguities. International law that will be applied to cyber conflicts are now being discussed in the international community. The main question of this discussion was “Can existing international law be applied to cyber conflicts?” In this regard, answers to the following questions were sought; “What is the equivalent of the term Use of Force in cyber domain?”, “Can cyber-attack be considered as an Armed Attack?”, “What is the proportionate and appropriate response to a cyberattack?” and “Can a military campaign be a response to a cyber-attack?”. In this area, Tallinn Manual emerges as an important effort. Another important effort is the report published by the United Nation’s Group of Experts. Both studies, meet in the idea that; existing international law can be applied to cyber domain. Today, the current question is; “How to adapt international law to cyber domain?” Similar questions are being raised in NATO. “NATO’s assistance to an ally which is exposed to a cyberattack” is the hot discussion topic. The Article 5 of NATO agreement states tht NATO and allies should take necessary actions against an attacker which attacked a NATO ally. Can this Article 5 be applied for cyber-attacks and if so in which circumstances? These questions are being discussed. This debate hopefully will end in accordance with the collective defence approach since cyber power has direct effect in operational area. Can we trust the software and hardware used in cyber domain? Are the hardware and software used in our critical infrastructure a Trojan horse that sends our sensitive information to others? Or are they going to execute our commands when we need them? These questions are being asked more frequently. Nations cannot produce all their hardware and software requirements. So how can we trust these hardware and software used in critical infrastructure that we cannot control through its production? There is no complete answer to this question but some approaches in the international community are being researched to minimize the risks using risk management methods. We think these questions will gain more importance in the future. The most important and limited resource of the nations preparing for cyber defence is human resource with the necessary skills. Graduates usually prefer to work in other areas other than cyber security. Motivational precautions should be taken to encourage people studying in this area. So, what are we as Turkey doing in cyber security area? Our starting point was to add cyber threats as a new threat to national security and consider the cyber as an element of national power. Starting with this point of view. Transportation, Maritime and Telecommunication Ministry was appointed as the national cyber coordinator by the Board of Ministers. Turkey’s National Cyber Strategy and Action Plan 2013-2014 was published in December 2012. Then in 2013, in order to respond rapidly to cyber incidents and to coordinate and control cyber incident response process, National Cyber Incident Response Center (USOM) was established. Two national cyber security exercises were executed since 2011 and planning of another multi-national cyber security exercise in 2014 is ongoing. We as the Turkish Armed Forces are executing our cyber program in accordance with the national and NATO policy. We established a new command named “Cyber Defence Command” in order to coordinate and control the cyber program centrally. Short-term, mid-term and long-term capability targets were determined and we are doing our best to achieve these targets. Along with the improvements in wireless network technologies and mobile equipment which uses electromagnetic spectrum, cyber domain and the electromagnetic domain are becoming more interconnected. Parallely, cyber warfare and the electronic warfare which can be described as effecting network technologies at the electromagnetic spectrum, are coming closer. We predict that these two areas will be even closer and we are planning our course of work in this direction. The aim of our cyber efforts in Turkish Armed Forces is to defend our systems in peacetime but our ultimate target is to support of units in the operational field. As we are getting more dependent upon IT, we may expect increase in the effects of cyber-attacks. These effects will affect us every day more physically than virtually. We must get ready for that. ISSUE 48/2013 9 DEFENCE TURKEY DEFENCE TURKEY 10 ISSUE 48/2013 Turkey’s National Cyber Security Strategy and the Next Step Dr. Hayrettin Bahşi- Director, TÜBİTAK BİLGEM Cyber Security Institute With the growing dependence on information technologies in sectors such as energy, transportation and health which have direct influence in society’s welfare, cyber security has started to become a national security issue that countries have to handle. In this endeavor, many developed countries prepared strategies with the aim of managing cyber security, a horizontal phenomenon which has related to many other areas and created action plans to realize goals in accordance with the vision presented in national cyber security strategies. Therefore, these regulations provide states more flexible structures to deal with cyber security and the need to have coordinated bodies. The process of making up a cyber security strategy turned to a societal attempt in which states encourage large participation. After a comprehensive preparation, the states are sensitive to monitor the process and fulfill the responsibility of adopting the plans. Having taken steps to manage cyber security in Turkey, a legislation about carrying out, coordinating and managing activities regarding cyber security was published in Official Gazette on 20th October 2012. With the legislation Cyber Security Council which is presided by Ministry of Transport, Maritime Affairs and Communication was established. Undersecretaries of Ministry of Foreign Affairs, Ministry of Interior, Ministry of Defence and Ministry of Transport, Maritime Affairs and Communication, Undersecretariat of Public Order and Security, National Intelligence Agency, the head of General Staff’s Presidency of Electronic Combat and Information Systems, the head of Institution of Information Systems and Communication, the head of TUBITAK, the head of Financial Crime Investigation Council are the members of the council along with the senior officials selected by the Minister of Transport, Maritime Affairs and Communication. The mission of Cyber Security Council is to determine the measures taken for cyber security, investigate plans, programs, reports, methods, principles as well as the standards and to apply and coordinate all these activities. The Action Plan for 2013-2014 and Cyber Security Strategy’s renewed version which was prepared with the coordination of the Ministry of Transport, Maritime Affairs and Communication and in consultation with TUBITAK and contributed by other state institutions was published on 20th June 2013 on the Official Gazette. There are 29 points in National Cyber Security Strategy (NCSS) and 2013-2014 Action Plan. These action points contain necessary steps that should be taken for the security of state information networks and those of critical infrastructures run by state or private sector. The Action Plan and NCSS envision formation of cyber security understanding on societal level, determining critical infrastructure as well as their protection from cyber threats, national coordination and taking measures for research-development. Struggle against cyber crimes is also given considerable attention in both documents. Cyber security is the first and foremost issue for the countries having high level dependency on information technologies. Cyber tools, useful in Defence and offense, are increasingly integrated into conventional warfare and have a critical role in international power balance. As a consequence the terms cyber diplomacy, cyber espionage and cyber army have been frequently encountered. In some strategy documents, it is evident that these concepts are defined in detail and successfully adopted to wider national security strategy. While national cyber security strategies are accessible through web, the documents about cyber intelligence and cyber army are highly classified and are not shared with the public. Risks and opportunities in cyber diplomacy Cyber diplomacy, a domain which surely would increase its weight in international relations, is usually categorized into two subgroups. Today, states are benefiting from cyber diplomacy by using it as a public diplomacy tool to reach out citizens in other countries. The enlarging existence of world leaders, governments and other institutions dealing with international relations in social media constitute a remarkable part of cyber diplomacy. With the aim of explaining their policies to a global audience, the administrations formed units particularly involved in effective use of Twitter, Facebook and YouTube. Extensive use of social media by the states has created a new dimension in strategic communication. The type of diplomatic interlocutor has started to extend from state-tostate negotiations to state-to-global public communication. Therefore, it is crystal clear that social media which provides states the chance to convince other nationals about their international policies has instrumental affect on ‘gaining hearts and minds’. In National Cyber Security Framework Manual published by NATO’s CCDCOE in Estonian capital Talinn, the second dimension of cyber diplomacy is composed of states’ methods to obtain and preserve confidential information. In the recent years, diplomacy world has experienced sensational diplomatic leakages. The Wikileaks incident has launched wide discussions on leaking, spreading and using confidential diplomatic documents. There is no doubt that revelation of official secrets have shaken confidence crisis. These events has signed beginning of a new era in many issues including prevention methods to protect confidential data and diplomatic correspondence. ISSUE 48/2013 11 DEFENCE TURKEY DEFENCE TURKEY 12 The states likely to come up with a new engagement to state-to-state communication and inter institutional information exchange. New Dimension of Power Struggle: Cyber Weapons and Cyber Espionage Over the flow of history, technological progress has been influential in shaping public’s security perception and the way wars occurred. Emergence of steamboats changed the hands having superiority over the seas just like the warplanes transformed the warfare and led to rise of the term of civil Defence. Therefore, it is impossible to separate warfare and cyber developments in a period of time which is defined as ‘Digital Age.’ The fact that majority of Defence and offense systems are controlled and commanded by military networks increase the vulnerability of countries where a cyber attack to military networks would paralyze the combat capabilities. Apart from military networks, the intense dependency of education, health and financial systems on information technologies have caused cyber security to be handled as a national security matter. Similarly, critical infrastructures having direct impact on daily life such as facilities of energy production and transportation, dams, bridges and ports are among the main targets in terms of a cyber attack on national level. Although security measures have been tightened to provide more security for these infrastructures, ‘No system has complete safety.’ is more than a motto when cyber space is regarded. The statements made by senior officials are helpful to grasp how this new threat is perceived by decisionmakers. Former Secretary of Homeland Security in US used the analogy of 9/11 by saying ‘We should be ready cyber 9/11.’ to explain the extent of the threat her country face. The former top NATO Commander Admiral James Stavridis also spotlighted cyber threats among threats directing against the Alliance. Analyzing cyber strategies of countries would tell that not all of these governments base its cyber policies merely on defensive outlook. Some administrations have apparent tendencies to view cyber space as a ISSUE 48/2013 domain of war like air, land, navy and space. These states do not hesitate to declare non-defensive strategy and put efforts to reach sufficient technological capabilities. In a military environment like cyber space where the clear cut divisions between offense and Defence is getting thinner, creating offensive capabilities are increasingly seen as an indispensible integral part of Defence strategy. US and UK could be given examples of countries holding offensive attitudes in cyber strategies. One of the pioneers of software sector, McAfee claimed in a report published in 2007 that 120 countries developed/developing cyber weapons. Despite the lack of accurate data having up-to-date figures, the concern lies behind the assumption that the hardships to control and regulate cyber space would gain a chaotic character to the extent that would cause permanent damage on inter-state relations. Other factors like the obstacles for precise attribution and relative high obtainability of cyber offensive tools have paved the way not only states but also non-state actors to acquire cyber weapons. It could safely be argued that the level of anxiety stemmed from the possibility terrorist groups get weapons of mass destruction would be felt by the likelihood of transnational illegal communities developing cyber weapons. Furthermore, one more concerning factor for states is the need of an applicable cyber space international law. Spying activities have always had a central role in shaping nations’ security strategies. Technologic developments have transformed the way intelligence agencies gather confidential and private information. On the one hand, the opportunities offered by cyber space have enlarged states’ capabilities for intelligence, but on the other hand they make it possible for civil bodies. From this point of view, several group of information ranging from clients data the banks have to the know-how universities developed. Evolution of cyber space is likely to open a new discussion on the relationship between this kind of information and national security. Organizing future’s cyber strategy The nations’ preparation of national cyber security strategies and making them available for public could be interpreted as the reflection of threat perception to policy making. So far, more than 30 administrations have publicized cyber security strategy in English. Additionally, there are also some governments that either did not choose to publicize the document or translate it into English. Taking the speed of cyber developments into account, it is strategically important to readjust strategy documents in accordance with the newest findings. Furthermore, unlike the strategies about other domains, the policies about cyber space should be re-developed in a much shorter period of time to catch up the rapid changes. The growing threat perception and increasing interest on cyber space have pushed politicians and decision-makers to improve their understanding in a way which embrace dangers coming from cyber space in addition to conventional menaces. Considering the abovementioned threats, it can be fairly argued that the importance of cyber security will mount in the near future. Turkey should be ready against constantly evolving cyber menace and adopt the recent changes into cyber strategy in order to ensure public security. It is suggested in National Cyber Security Framework Manuel, published by NATO’s CCDCOE that cyber security has five domains: 1) Military Cyber 2)Counter Cyber Crime 3)Intelligence and Counter Intelligence 4)Critical Infrastructure Protection and National Crisis Management 5)Cyber Diplomacy and Internet Governance. A closer look at Turkey’s national cyber strategy makes one to suspect not sufficient level of attention is allocated to cyber intelligence and cyber diplomacy. However, there are two explanations for this. Firstly, we may maintain the protection of civilians and ensuring security of critical infrastructures have been primary focus of this strategy document. Another explanation could be that cyber military operations and cyber intelligence may have been regarded as issues related national security and treated as highly confidential which led them not to be publicized. In both scenarios, preparing their own cyber Defence strategies of institutions having principal importance for national security like Turkish Armed Forces and intelligence agencies would strengthen the nation’s resilience as well as develop the capacity to take countermeasures within the frame of reciprocity. ISSUE 48/2013 13 DEFENCE TURKEY DEFENCE TURKEY 14 ISSUE 48/2013 ODTU Teknokent is a Hub Where Research that is Done at the University and in Companies is Transferred to Industry and Commercialized Mr. Tolga Özbolat, Director of University Industry Collaboration Department, ODTÜ Teknokent assessed activities of ODTU Teknokent, projects, structure and finance of ODTU Teknokent cluster and R&D projects for Defence Turkey Magazine. © Defence Turkey ISSUE 48/2013 Defence Turkey: Please accept our very special thanks for devoting your time to answer our questions. As a start, could you please tell us about ODTU Teknokent in terms of the activities and projects being carried out? When talking about ODTU Teknokent, we have to start with our main source of power, ODTU (Middle East Technical University), which is the first and biggest campus university in Turkey with 24.500 students. ODTU is an international university with more than 1.400 international students coming from 68 different countries. Approximately, 2500 researchers are working in 40 undergraduate programs within 5 faculties. The university has 93 Ms, 60 Phd programs and 5 institutes. 40 research centers, 24 of which are centers of excellence and 365 laboratories are giving services to industry as well as academia. It is the leading party for Turkey in projects funded under 6th and 7th framework programs, and we believe to sustain our position in the league for Horizon 2020 programs. Combining ODTU’s research capacity and know-how with the innovative capacity of entrepreneurs, ODTU Teknokent has provided momentum to our country’s technology accumulation. Our model has become successful with its management experience and the projects undertaken, and has set an example for the development of other technology parks in Turkey. Our reputation has crossed borders and we are providing consulting services for institutions willing to set up technology parks abroad. ODTU Teknokent holds 300 firms, %89 of which are SME’s that employ © ODTU Teknokent 15 DEFENCE TURKEY ODTU Teknokent Facilities © ODTU Teknokent approximately 4100 personnel carrying out R&D activities in a 120.000 m2 enclosed area. ODTU Teknokent is constantly developing new policies and supporting programs in these areas; the biggest telecommunication company of Turkey, Turk Telekom, is going to be hosted in new incubation (telecommunication) center where will share know-how and projects with smaller companies. This model will give smaller companies the chance to develop deeper knowhow in very specific areas and will give bigger companies the chance to share the risk and avoid being oversized. In general ODTU Teknokent’s policy is to create incubation programs and/or environments around anchor companies; key players of the international market, and place smaller, flexible, capable SME’s around these companies. This model is going to be applied to consumer electronics, telecommunication and ICT and it is already in use for Defence industry and digital gaming. ODTU Teknokent also has pre-incubation program for digital gaming and animation technologies. University-industry collaboration which covers consultancy from academia to the industry, codevelopment and co-research projects, usage of research infrastructure efficiently, training candidate engineers as per the request of industry, direct technology transfer via start-ups, spin-offs and patent licensing is the main duty of ODTU Teknokent. Since 2002, ODTU Teknokent and ODTU collaborated on 900 R&D projects, signed 1600 contracts with more than 500 different academics in 44 different academic departments. In 2012, 85 new projects were initiated at Teknokent to facililtate universityindustry collaboration. To enable technology development in accord with the strategic plan of the Undersecretariat for Defence Industries (SSM), ODTU Teknokent is giving support to a joint program called Recruitment of Researchers for Defence Industry (SAYP), between ODTU, SSM, and Aselsan, Roketsan, Tusaş. Within the scope of the program, postgraduate researchers at ODTU, who are at the same time employed in The awards of these main contractors are oriented The New Ideas for research projects that are New Businesses strategically chosen by SSM. Hence, Competition 2013 were presented in the know-how and research capacity 3 categories to 11 is transferred from the university Entrepreneurs by to the industry to help develop ODTU Teknokent indigenous defence technologies. There is also another program called MIGEP (Collaboration Development Program for Centers) that aims to facilitate the use of the infrastructure DEFENCE TURKEY 16 at the University’s thematic research centers for R&D activities on projects that are agreed upon by both the University and industry. This program is supported by the thesis of the post-graduate researchers who are at the same time employed in private sector. For 2013, the privileged sectors for MİGEP were defined to be electrics and electronics and IT, energy, biomedical and automotive sector. Under the Teknokent Project Office we are supporting companies and academicians in managing and writing FP7 and Horizon 2020 projects. Within the scope of TTO (Technology Transfer Office) we are financing and conducting patent applications for the inventions coming from the Teknokent companies and ODTU (and any other candidate which seems suitable for commercialization). The process includes commercialization of these inventions. ODTU Teknokent is trying to build up its reputation in the international market; we are using accelerator programs to present successful companies to the international market. ODTU Teknokent is continuously communicating with the international key players of the prioritized sectors and eagerly inviting them to conduct their R&D projects in the technology park. In a similar vein, clustering activities and cooperation in international projects are carried out. We have one ICT and one defence industry cluster Defence Turkey: You have mentioned a cluster for the defence industry companies; could you please provide some details about this? Middle East Technical University (METU) technology park, ODTÜ © ODTU Teknokent ISSUE 48/2013 © ODTU Teknokent Teknokent hosts more than 70 Defence industry companies doing R&D and has clustered them into Teknokent Defence Industry Cluster (TSSK) as of 2010. These companies have complementary vertical expertise that provide added value to each other’s capability and are developing new technology products and services for Defence and security. The cluster aims at providing added value to generate more synergy and cooperation among its members, with universities for applied research in Defence sector, and with major contractors. The ultimate goals are to fulfill the requirements of Turskish Armed Forces and to position Turkish Defence industry as a significant player in the world market through high technology solutions, products and services that are presented to international market. The cluster’s mission is to provide added value to generate synergy and cooperation among its members, with universities for applied research in defence sector, and with major contractors. The ultimate goal is to position Turkish defence industry as a significant player in the world market through high technology solutions, products and services that are presented to international market. Offset is a powerful tool for establishing international cooperation. The companies that produce high value added solutions, products and services with high technology are considered to be the most efficient options for cooperation through offset. Owing to the merits that are mentioned about Teknokent Defence Industry Cluster (TSSK) companies, and the fact that ODTÜ Teknokent is one of the key actors of technological development in our nation, TSSK cluster is considered to be one of the most significant strategic partners of SSM. Defence Turkey: How do you facilitate defence companies to work together and how is the cluster activities financed? Currently, the cluster is financed by the Turkish Ministry of Economy for a $3.6 million project named UrGe (Development of International Competitiveness), which aims at internationalization and improving the export capabilities of the cluster with its members by creating sustainable, competitive advantage for the firms in Defence sector. Within the scope of this project, TSSK members are trained and certified on technical requirements, managerial and marketing issues; the cluster attends ISSUE 48/2013 17 DEFENCE TURKEY DEFENCE TURKEY 18 ISSUE 48/2013 © ODTU Teknokent international trade shows and fairs, visits other high-technology Defence cluster(s), organizes trade missions to countries of interest and hosts foreign trade missions made to the cluster in search for opportunities of cooperation. Financed and supported by the Turkish Ministry of Economy, last February, TSSK attended IDEX 2013 in Abu Dhabi with BTT Information Technology, EDA Engineering Design Analysis, infoTRON, Labris Technology, SimSoft and Verisis as well as Aselsan, Ayyazılım, Bites, ETC-IS, Figes, Havelsan, Milsoft, SDT, and TAI. Turkish Ministry of Economy has special programs and incentives to support SMEs and clusters of various sectors. The ministry intends to boost export by SMEs and clusters through increasing the international competitiveness of the companies. The project is initiated by a needs analysis that enables the companies taking part in the project to develop a road map throughout the project cycle. The needs analysis puts forward the cooperation network among the project participants, namely the cluster members; the training needs, the improvement areas and the leverage points of the companies in terms of competitiveness. For a duration of three years, the companies receive training and consultancy on their selected technical and managerial topics and receive the funds to attend five business development events such as trade shows, fairs or B2B meeting organizations abroad. The ministry supplies funds to host 10 delegations from abroad to finance the travelling expenses of these delegations and the costs associated with organizing B2B meetings with these delegations. The Ministry of Economy provides generous funds to enable Turkish companies in all sectors, especially SMEs to meet with foreign firms to develop cooperation and realize transactions through export. Defence Turkey: Could you please enlighten us about ODTU Teknokent R&D activities of Defence Industriy companies? TSSK is comprised of SMEs operating in the fields of manned and unmanned vehicles; advanced © ODTU Teknokent materials, CBRN technologies, protective vehicle and material technologies; human-machine interface; cryptography, coding and encryption, electronic intelligence systems; modeling and simulation, simulation systems; communication, electronic and information systems; sensors and electronic systems, dataLink technologies as well as the various related engineering services such as testing, calibration, modeling and maintenance. The driving force of the cluster is the R&D projects stimulated by the synergy between university, industry and research. The cluster members employ around 1000 R&D personnel and currently, there are approximately 150 active R&D projects being conducted for Defence industry by the members of TSSK. Defence Turkey: Are there any other points that you would like to mention to the readers of Defence Turkey? It is worth to mention the significance of dual use of technologies developed in companies, universities, research centers and technology development regions such as ours. As ODTU Teknokent, we effort to facilitate this by bringing together companies that serve for different sectors, especially defence, medical and automotive, by organizing Project Fairs, company meetings and proctor our companies’ new projects in order to determine whether a critical technology is being developed and can be utilized for different sectors. We try to inform our companies to notify us about their progress and their new technologies, so that the dissemination of these can be done to facilitate dual use. Finally, I would like to state, once again, that ODTU Teknokent is a hub where research that is done at the University and in companies is transferred to industry and commercialized. The University is a magnificent supply of both academic know-how and premium quality human resource for companies in the technology development region. We would like to welcome more international companies, with their research centers and cooperate in joint research programs and facilitate collaboration with the University. ISSUE 48/2013 19 DEFENCE TURKEY DEFENCE TURKEY 20 ISSUE 48/2013 Aselsan’s Cyber Security Solution Ali Yazıcı, Cryptology and Information Security Manager, ASELSAN In today’s world where everything is being digitized, the use of information technologies and real-time information exchange have become a must, rather than a choice for every sector. Cyberspace has broadened unexpectedly and has become an important part of our daily life, social interactions, work life and the services we receive from government institutions. Cyberspace has become vulnerable to all kinds of cyber attacks and cyber threats have changed, evolved and increased over time. This has necessitated innovative and original cyber security measures ensuring secure and continuous information exchange through cyberspace. ASELSAN works towards developing next-generation innovative and original technologies and develops national solutions such as the VAG System that ensures continuous secure information exchange, and the Mini IP Encryption device that is ecologically friendly and suitable for mobile technologies. Virtual Air Gap System (VAG) The ASELSAN 2180 VAG, namely the Virtual Air Gap (VAG), is a unique combination of hardware and Common Criteria EAL 4+ certified software; it provides a secure network traffic flow between private and public networks in order to realize missioncritical operations fundamentally by preventing transit IP traffic. The ASELSAN 2180 VAG runs on internal and external host machines (vag-int and vag-ext) on top of Linux operating system and mediates the information flow with the support of external software installed in its environment. ASELSAN 2180 VAG system is deployed between the external network and the institution’s internal network and does not use IP-based communication for internal connection. Therefore, the ASELSAN 2180 VAG actually forms a “virtual air gap” border providing high-level security. The system that runs the ASELSAN 2180 VAG is basically composed of internal and external security components (servers) and a shared memory (shared disk) component. Figure-1 shows the general architectural view of the ASELSAN 2180 VAG and its environment. ASELSAN 2180 VAG is protected by a number of environmental components in order to function appropriately. These components include firewall (FW), network-based intrusion detection system (NIDS), protocol filter and host based intrusion detection system (HIDS) working on both servers (vag-int and vag-ext). Vag-int has a management interface that enables administrative users (with sufficient access rights) to manage and monitor both internal and external hosts’ system information, configuration data, partial backups, administrative users, audit logs and user passwords. Information flow over ASELSAN 2180 VAG is bi-directional: through external to internal network and vice versa. External network’s requests/ responses are taken by the external host (vag-ext). The requests/responses are passed through application level controls by a process running on the external host. Filtered and controlled requests/responses are transferred to the shared disk after encryption and digital signing. The internal host (vag-int) takes the requests/responses from the shared disk after decryption, and signature verification procedures. If no problem occurs, the requests/ responses are recorded and transferred to the respective application on the internal network. Same information flow is valid for connections from the internal network to the external network. The communication between vag-int and vag-ext is encrypted and cryptographically signed. Cryptographic operations are performed by the functions of crypto library of the operating system. Crypto/ Sign layer of the VAG architecture that is shown in Figure 2 invokes two cryptographic actions on the data packets flowing from message layer to disk access layer. Operational Environment first encrypts the payload of the data packet and then signs the whole packet using the crypto/sign module of the ASELSAN 2180 VAG. This way, the disk has signed and encrypted data packets which can only be resolved by peer host. Figure-2 shows the internal architecture of the VAG servers. Mini IP Encryption Device Mini IP Encryption Device has been developed by ASELSAN to be compatible with mobile technologies and to make SECRET level classified secure voice and data communication possible over mobile and/or fixed IPbased networks; and it is an original, innovative and environmentally friendly solution. Mini IP Encryption Device, which has copper and fiber optical 10/100/1000 Mbit/s ethernet interfaces and an encryption speed that exceeds 155 Mbit/s, supports Internet Protocol version 4 (IPv4) and version 6 (IPv6). Mini IP Encryption Device, which is capable of functioning in Tunnel and Transport modes supporting IPSEC and NATO NINE standards, has two encryption algorithms that support different classification levels. As a result it offers secure data sharing capability by providing real-time connection to networks with different classification levels. ISSUE 48/2013 Configuration, alarm management and security management of Mini IP encryption devices can be performed and encryption keys can be loaded remotely using state-of-the-art Secure Network Management System over SNMP. Mini IP Encryption Devices that support mobile IP can automatically discover changing red network topology and distribute this topology securely among themselves; likewise they can automatically discover each other and perform cryptographic verification without any need for configuration and/or operator. Even when there are no configured tunnel tables (policies) on Mini IP Encryption Devices they can find each other dynamically and build tunnels using the Secure Tunnel Establishment Protocol (STEP). 21 Mini IP Encryption Device, environmentally friendly with its low weight and low power consumption, is an inseparable part of information and communication technologies and e-government applications with its superior technical characteristics, high processing speed and portable mechanical properties that are suitable even for tough military conditions. As a conclusion, ASELSAN is the biggest developer and producer of cryptology and information security products in Turkey; in parallel with growing technologies and demands, ASELSAN is planning to make investments in the Cyber Security area, which covers all cyber interests including, among other subjects, cyber defense and cyber espionage. At ASELSAN, we think that cyber security technologies should be developed DEFENCE TURKEY nationally, using original and innovative ideas. In order to keep this development healthy and sustainable, we aim to create a “Cyber Security Technology Development Ecosystem” where a cooperation between the government, universities and the defense sector will be implemented. DEFENCE TURKEY 22 ISSUE 48/2013 Cyber Threat Intelligence and National Framework for Turkey Bahtiyar Bircan, Principal Researcher TÜBİTAK BİLGEM Cyber Security Institute Cyber-attacks are increasing and changing face. Today cyber-attacks are more sophisticated and targeted. Nowadays cyber attackers are mostly state sponsored or backed by large crime groups. From DDoS attacks to advanced persistent threats (APTs) they are conducting highly sophisticated and coordinated attacks to carefully selected targets. Different individuals and groups in this rogue market are cooperating very well during these attacks. They can coordinate and initiate a cyber-attack in a matter of minutes. Recent distributed denial of service attacks and botnet activities against different institutions are examples of how coordinated cyber criminals can be. Unfortunately detecting and responding to these attacks is very slow. Attacks can be coordinated and initiated in hours, but detecting and responding to them may take months and years. Lack of strong cooperation between prevention mechanisms and organizations is one of the causes. So prevention fails partly due to not cooperating very well, and partly not being able to respond in timely manner. There is a need for new approaches to increase speed and effectiveness of cyber-attack detection and prevention mechanisms. These approaches should accelerate detection process and enable getting automatic prevention measures in short period of time. Cyber threat intelligence is one of these approaches. It provides actionable intelligence that can be used to prevent current cyberattacks. Cyber threat intelligence is raising trend in security industry. Today many security vendors like FireEye, Mandiant, IBM, McAfee established central threat intelligence databases and integrate it with their products. Microsoft and HP recently announced that they will launch real-time threat intelligence feeds to public access.. Also there are public web sites and commercial firms supplying threat intelligence feeds. Organizations like NATO and European Union are also working on cyber threat intelligence projects for their systems. Some NATO member countries implemented such system at national level. Actually automatic threat detection and elimination concepts are not new. They are widely used in military systems. There are similarities between cyber- attacks and attacks/threats in physical world. If we look at military systems, there are a lot of systems developed to monitor and prevent malicious activities of adversaries. One of them is missile Defence systems. There are 3 in typical missile Defence system. These parts are : ›› Monitoring and detection: In this part unknown/enemy missile and rockets approaching to airspace are detected by radar systems. Tracking radar systems detect enemy missile and rockets approaching to nation airspace and inform control centre. ›› Battle management and control centre: Target data about approaching missile is received from tracking radar for processing. At that point threat is analysed and possible impacts are evaluated. ›› Intercepting missile firing unit: After analysing threat impact, automatic preventive action is started. Antimissile launcher sends interceptor missile to target in accordance with live updates. Intercepting missile catches target and target warhead is detonated in neutral area, before target reaches final destination. As a result threat is intercepted and collateral damages are reduced or eliminated. How Does Threat Intelligence Model Work ? Like missile Defence systems threat intelligence system consists of 3 parts. These parts are threat identification and data collection, threat analysis, response and prevention. Phase 1 : Threat identification and data collection: At this phase information about current cyber-attacks is collected in central place. It is similar to phase 1 in missile Defence system. Information about cyber-attacks can be external or internal. External data is obtained from public sources outside the company. Here attacks are detected by external bodies and attack information including IP address, URL, Malware information etc. İs passed to central database. External data sources can be Spam RBL list, Botnet tracker sites like SpyEye, Zeus Tracker, commercial threat intelligence feed, CERT/SANS/NVDB advisories, public IP and file reputation databases and social media sites like twitter. Internal data is obtained from internal IT security components. These components can be firewalls, intrusion detection systems, log management and SIEM, web application firewalls, honeypots, antivirus/endpoint protection software. Phase 2 : Threat analysis and assessment: At this phase collected data is categorized and analysed to better understand the nature of cyber threats. Characteristics of cyber-attack like IP address, URL, Malware hash may vary and expire in hours and days. Also data collected (especially external data) should be inspected against false positives and misinformation. Different techniques like validation, correlation, cleaning and de-duplication, reputation checks, heuristics, behavioural and contextual analysis are used. As a result actionable intelligence about current cyber threats is obtained. Phase 3 : Response and prevention: Last phase is creating preventive actions from analysed data. Actionable threat intelligence produced in previous phase is converted in automatic prevention action feeds. These feeds are converted to ruleset for each security products. Firewall block rules, IDS signatures, antispam rules, DDoS prevention actions, antivirus signatures are some examples of these rulesets. Produced rulesets are automatically pushed to all relevant appliances connected to threat intelligence system. As a result, preventive action about specific threat is automatically implemented in all perimeter protection products in minimal time and no user intervention. National threat intelligence framework for Turkey In order to prevent cyber attacks targeting government institutions, military systems and critical infrastructure facilities in Turkey effectively there is a need to develop a national cyber threat intelligence and Defence system. In this centre information about cyber attacks targeting facilities in Turkey should be collected, analyzed and automatic preventive actions should be issued quickly. Unlike missile Defence systems, this system should include not only military bodies but all relevant shareholders. Government agencies, critical infrastructure facilities, military forces, private sector, financial institutions and academic research organizations should participate to this system. Also close cooperation with security vendor is vital for such system. Security vendors can integrate their own threat centers with this system to build better prevention. In such model flow of information can be in 2 way. ISSUE 48/2013 ›› From vendors to threat center : vendors can send threat information about recent attacks they detected to threat center. In threat center information is analyzed and resulting preventive rulesets are automatically send to all participants in system. ›› From threat center to vendors: in this scenario attack detected in any government agency is informed to threat center. Threat center informs security vendors about the attack. Security vendor get attack information and automatically issue rule update for their products. For firewall vendor, update is in firewall block rule for relevant attack IP address, for antivirus vendor update is in virus signature update, for antispam gateway vendor update is in RBL rule for sending IP address and hash of file used as an attachment. Generated updates are automatically pushed to all security vendor products running in country. As a result detection of one attack to one agency triggers prevention mechanism and further attack with same pattern targeting other agencies is automatically blocked. Example scenario: Cyber-attack targeting a financial institution is discovered in the wild 23 by academic research institute. Attack begins with phishing e-mails with attachment containing custom malware and continues with installing trojan from known URL with driveby download technique. Research institute analyses attack and issue a report explaining attack details. In report IP address sending e-mails, example phishing e-mail subject and body, attached malware hash and possible filenames, URL address used to download custom trojan and IP address of command & control servers are included. Report is sent to national cyber threat center. National threat center extract threat information from report and automatically issue prevention rules. Prevention rules are issued for firewalls, antispam gateways and URL filtering products. For firewalls automatic block rule for IP address are generated. For antispam gateway rule including mail subject, mail body and hash of attached file is generated. For URL filtering block rule for said URL is generated. Generated rules are pushed automatically to all firewall, antispam and URL filtering products connected to threat centre. Also antivirus vendor is informed DEFENCE TURKEY about attack. Antivirus vendor generates virus signature update including signature for malware coming in phishing mail attachment and drive-by download trojan. Generated signature is pushed to all antivirus software instances of antivirus vendor. As a result threat is identified and automatically prevented from spreading to other financial institutions and government agencies. Conclusion Cyber-attacks are increasing and getting more sophisticated. Crime groups and individuals work closely and in good coordination to perform these attacks. To effectively respond and prevent cyber-attacks close cooperation is needed. There is a need to build a threat monitoring and prevention centre to detect and prevent cyber-attacks targeting critical military and civilian facilities in country. This centre should continuously monitor cyber-attacks from external and internal threat information sources and produce actionable intelligence. Automatic preventive actions should be taken based this actionable intelligence. DEFENCE TURKEY 24 ISSUE 48/2013 History of NATO’s Land Power The North Atlantic Treaty Organization (NATO), also called the (North) Atlantic Alliance, is an intergovernmental military alliance based on the North Atlantic Treaty which was signed on 04 April 1949. The organization constitutes a system of collective defence whereby its member states agree to mutual defence in response to an attack by any external party. The Korean War 19501953 galvanized the member states and an integrated military structure was built up under the direction of two Allied Supreme Commanders. With the benefit of aid and a security umbrella, political stability was gradually restored to Western Europe and the post-war economic miracle began. New Allies joined NATO: Greece and Turkey in 1952, and West Germany in 1955. The Alliance’s expansion continued to the present day and the number of member nations has reached 28. Among these members, only two countries, Turkey (Izmir) and Italy (Naples) have hosted NATO headquarters without interruption since 1953. The meaning of this is twofold. First, that NATO is fully aware of Turkey’s strategic importance. When we look at the map, we can see that Turkey was once the Soviet Union’s next door neighbour. Turkey’s geographical situation is unique in the world. It is surrounded by the Balkans, the Middle-East and the Caucasus. One of the world’s most important waterways runs through Turkey. Second, Turkey has always had a strong and efficient military. From a NATO perspective, Turkey has always been important. Given her neighbours and her geostrategic position, Turkey equally needs NATO. Although the negotiations for the Garrison Support Agreement (GSA) have not been finalized, Turkish Army are going beyond their commitment for LANDCOM to reach its target of achieving Full Operational Capability (FOC), which is testimony to the Alliance’s solidarity. Within all these historic streams NATO reconstructed itself under the pressure of new necessities arising from Prague Summit. On 19 June 2003, a further restructuring of the NATO military commands began as the Headquarters of the Supreme Allied Commander, Atlantic was deactivated and a new command, Allied Command Transformation (ACT), was established in Norfolk, Virginia, United States, and the Supreme Headquarters Allied Powers Europe (SHAPE) became the Headquarters of Allied Command Operations (ACO). ACT is responsible for driving transformation (future capabilities) in NATO, whilst ACO is responsible for current operations. As a result of the NATO review, the number of land forces headquarters was reduced from 11 to 6, and the number of NATO personnel almost by half. The sole land command. Allied Land Command (HQ LC) was activated in Izmir, Turkey on 01 December 2012. LANDCOM provides expertise in support of Alliance land forces’ readiness, competency and standardization – including their evaluation and certification; delivers a planning capability in support of higher headquarters and the NATO Force Structure (NRF); and when directed by Supreme Allied Commander Europe (SACEUR), provides the core of the headquarters element responsible for the conduct of land operations and the synchronization of land forces’ command and control (C2) in accordance with the Allied Level of Ambition (LOA). To accomplish this mission, LANDCOM will provide advocacy for NATO’s land forces and ensure their effectiveness and interoperability in the post-ISAF era. The most important reason for LANDCOM’s creation was to retain the level of cooperation, cohesiveness, tactics, techniques, procedures, competencies and capabilities that the Alliance has developed over the past 12 years as part of the International Security Assistance Force in Afghanistan. Although NATO has always protected its communications and information systems, the 2002 Prague Summit placed cyber defence on the Alliance’s agenda for the first time. Since then, securing the communication systems owned and operated by the Alliance against the background of rapidly developing technology has been NATO’s top priority regarding cyber defence. (CAOC - Combined Air Operations Center) (DACCC - Deployable Air Command and Control Centre) ISSUE 48/2013 LANDCOM is fully aware that the best action is a pre-emptive and proactive approach and agrees that the best defence against cyber-attacks is user awareness and prompt reporting of suspicious activity. The initial focus of cyber defence training is to change the mindset of the staff regarding the issue. In order to fulfill its mission of providing expertise in support of Alliance land forces readiness, competency and standardization, in other words its Land Advocacy role, LANDCOM assumes an advisory/ leading role for the Graduated Readiness Forces (Land) (GRF(L)). The integration of cyber defence capabilities both in peacetime and during operations is one of the areas 25 focus. LANDCOM uses a three-step approach to design a program, create the training material, and develop and maintain constant cyber defence awareness. As the growing sophistication of cyber-attacks makes the protection of the Alliance’s information and communications systems an urgent task for NATO, LANDCOM should be prepared to execute Command and control (C2) in a contested and degraded network environment. To achieve this, LANDCOM maintains a focus on planning and executing cyber defence scenarios and building them into the existing NATO exercise programs to create cyber security awareness among training audiences. This mindset change and awareness DEFENCE TURKEY will be exercised during contingency planning, proactive and reactive actions. Cations LANDCOM focuses on increasing the users’ cyber defence awareness against emerging threats. It pursues internal staff training programs as well as courses administered at the NATO Communications and Information Systems (CIS) School (Latina, ITALY) and NATO Defence Against Terrorism Centre of Excellence (Ankara, TURKEY). Moreover, LANDCOM encourages staff to make maximum use of the on-line course opportunities offered by the NATO Cooperative Cyber Defence Center of Excellence (Tallinn, ESTONIA). DEFENCE TURKEY 26 ISSUE 48/2013 Cyber Security - From Luxury to Necessity In this age of technology and communication convergence, the impact of technologies and innovations that center on computers, cell phones and the Internet is profound. The following Market Insight considers the increasing importance of Cyber Security as an essential part of a nation states defence infrastructure. Frost & Sullivan defines Cyber Security as the act of protecting critical information or any form of digital asset stored in a computer or in any digital memory device. It is important to understand that complete cyber protection is not achievable by using one form of security solution, but needs an amalgamation of different security technologies. There are different forms of threat with each one presenting a different level of seriousness and requiring its own unique solution. The higher degree the terror, the more advanced or complicated the approach to enforce safety measures. In order to understand Cyber Security it is important to understand the different kind of threats and the various domains through which these threats are transmitted. Cyber Security Market: End to End Solution Czar” “Cyber crime costs the UK economy £27bn a year” - Government of UK “Cyber- Warfare is a Growing Threat” Cyber-warfare attacks, such as the targeting of activists’ emails in China, are a growing threat, according to security experts. “On any given day, there are as many as 7million DoD (Depar tment of Defence) computers and telecommunications tools in use in 88 countries using thousands of warfighting and suppor t applications. Cyber Security Market: Types of Threats The Headlines Cyber warfare is not limited to governments attacking governments; any part of the critical infrastructure may be subject to attack, from banking and utilities to transport or the supply of essential goods and commodities. “Cyber Threats” include every threat that can be carried out across and using the internet. Given this, Cyber Security is on top of the agenda of most Governments and companies as outlined by recent headlines below. “As technology and computers and the internet become bigger and bigger par ts of our lives, the effect of cyber warfare will become more pronounced.” - David Cameron, British Prime Minister “US Appoints First Cyber Warfare General” Pentagon creates specialist online unit to counter cyber attack amid growing fears of militarisation of the internet. “Obama Appoints Former Microsoft Security Chief New Cyber security The number of potential vulnerabilities, therefore, is staggering.” Types of Threats There are a variety of threats with the impact of each linked largely to the role and function of the target. For example the malware infected central computer system of the Spanair flight 5022 in 2008 has been identified as the principal cause of the crash with the computer failing to pickup 3 technical problems. It has been reported that the virus was delivered through a USB stick. Key threats include: ›› Botnets - A collection of compromised computers running malicious programs under a command and control infrastructure. ›› Denial of Service (DoS) - An attack on a computer network that is designed to disrupt normal traffic by means of flooding the server with false requests. ›› Hacking - An attempt, whether successful or not, to access an information system by an unauthorised person, usually for malicious purposes. ›› Key Stroke Logging - A method used to intercept each keystroke a user types on the keyboard by means of a small hardware device or program for the purposes of stealing passwords or data. ›› Malware - A generic term covering a range of software programs, and types of programs designed to attack, degrade, or prevent the intended use of Information Communications Technology systems/Computers. ›› Phishing - A form of Internet fraud that aims at stealing valuable information such as credit card details, user ID’s and passwords by tricking the user into giving the attacker the confidential information. ›› External Access - The simplest access method to system resources may very well be physical access. This is an act of unauthorised access to information contained in an H/W or network. ISSUE 48/2013 27 Cyber Security Market: The Need for Information Assurance The Need for Complete Information Assurance and Situational Awareness The need for achieving complete situational awareness through seamless dissemination of assured information is driving the need for mandating security measures within the information environment. The information environment is the aggregate of individuals, organisations, and systems that collect, process, disseminate, or act on information. The actors include leaders, decision makers, individuals, and organizations. DEFENCE TURKEY Resources include the materials and systems employed to collect, analyse, apply, or disseminate information. The information environment is where humans and automated systems observe, orient, decide, and act upon information, and is therefore the principal environment of decisionmaking. Even though the information environment is considered distinct, it resides within each of the four domains [air, land, sea, space]. The information environment adds to the complexity of modern warfare, which now consists of air, land, sea, space and (the non-geographical) information domains. Its dimensions are composed of physical infrastructure, stored information and information processes, as well as human decisionmaking. It is therefore a mistake to limit the study of information operations to the information dimension since they have a much bigger role to play in the physical and moral areas of strategy. War should now be seen as being conducted in five domains: in the air and in space, on sea and on land, and also in the information environment. DEFENCE TURKEY 28 ISSUE 48/2013 Cyber Security Market : The Evolution of Information as the Next Domain of Warfare Trends in Cyber Security Spending Since the Internet boom and subsequent bust in 2000, operational IT spending in most industries has consistently increased in response to the growing global economy and to the emergence of new regulations forcing companies to invest in technology to meet their updated obligations. On average, organisational spending on security rose from 1.8% of total IT budget in 2007 to 1.9% in 2008. In 2009, IT security budgets increased to 2.32% of their IT operating budgets. However there is a considerable variation in security spending across various regions. Cyber Security Market: Spending by Regions, 2010 The current spending on information protection indicates that Network Security, Security Operations and Data Security are the areas of highest spend. However, research indicates that Identity and Access Control, followed by Data Security are the fastest growing segments at the rate of 20% each year. Cyber Security Market: Spending by Solution Segments, 2010 Market Development With continuously evolving technology, the cyber security industry seems to hold a promising future for the companies already established in this industry. With a long-term goal of achieving cost effective solutions, companies and governments are increasingly funding R&D. Driven by the increase in the dependence on information the cyber security market is witnessing an unprecedented growth in the next decade. Aggressive Product Innovation and Improvement will drive wider adoption of cyber security solutions. Governments and Militaries will drive this market as early adopters, followed by the commercial sector once the products and solutions are tested and much more accessible and affordable. The Future Governments play a vital role in the security arena by setting requirements, regulating behaviour, and helping create best practice, as well as indirectly through its size as a customer. The costs of poor security to business and society at large are rising rapidly; the cost to government of poor security is not solely measured in the amount of data lost but also in the loss of public trust. The gaining importance of information systems in today’s warfare shows that information security is critical to the success of a conflict or even a war. Cyber warfare is becoming more and more powerful on today’s battlefield. Effective use of cyber technologies can gain dominance on the battlefield or force the enemy to retreat by shutting down its command infrastructure or communication network. The role of cyberwarfare is seen to be growing and with digitisation of conventional warfare technologies as well as using more complex devices allows cyberwarfare units to do more damage than they could in past. The information age is taking over with growing need for automation and digitisation; nations realise a lack of skilled workforce to manage and secure their cyber operations. Cyberwarfare units have an important mission to ensure a country’s survivability, prosperity and stability. In the past countries relied on strength of conventional military units but now the future of a country may depend on how well trained its cyberwarfare units are and how secure its cyber operations are. Each day, online newsletters and trade journals report newly discovered computer security vulnerabilities. Most of the hackers who exploit these vulnerabilities lack the political motivation and malicious intent of terrorists or hostile nations. For this reason, most refrain from inflicting the maximum possible damage on compromised systems, and they rarely, if ever, seek to maim or kill. Because so many hackers are content merely to deface the systems they compromise, people may underestimate the havoc true cyber terrorists or hostile nations engaged in “information warfare” could inflict on a country. In particular, the effects of a compound attack integrating physical and cyber attacks could be devastating. Although cyber terrorists and nation-states may be more malicious and destructive than other hackers, all rely on the same methods and vulnerabilities to penetrate computer systems. As a ISSUE 48/2013 result, the best Defence against cyber terrorism is to improve mainstream computer security. Government must expand institutions that respond to security breaches; expand both formal and informal mechanisms for international cooperation in the investigation and extradition of cyber attackers; and invest in basic research that identifies the fundamental principles that underlie complex, interconnected infrastructures. However, patching existing systems is an essential but temporary solution; the next generation of information technologies must build improved security into their basic structures. This requires an unprecedented level of co-operation between public and private entities. Key Considerations for Suppliers: ›› Utilise technologies to develop end to end cyber security solutions ›› There is always a human element in any security breach. Provide human factors 29 DEFENCE TURKEY Cyber Security Market: Market Evolution training within end user organisations. ›› Expand marketing efforts to roll out tools/solutions to support different intelligence assets. ›› Provide scientific research to plug shortages in organisations. ›› Adapt business model to work as a consultant alongside customer to ensure IT requirements are properly created and implemented. Audit capabilities serve as an entry point to opportunities. DEFENCE TURKEY 30 ISSUE 48/2013 Selex ES; Partnering to Fight Modern Cyber Threats Over the past few years, cyber threats and attacks around the world have become more effective and increasingly widespread, with state organisations and international corporations falling victim. At a more subtly damaging level, in addition to those high profile cyber-attacks which end up being reported in the media there are potentially thousands of other cybercrime incidents which go unreported or, more worryingly, unnoticed across businesses and organisations of all sizes. But cyber security isn’t just about fighting threats – there are opportunities too. GCHQ’s Jonathan Hoyle asserted that “as a nation seeking economic advantage, we will also achieve a significant boost to our prosperity if we can position the UK as a nation of choice for consulting business in cyberspace and a cyber-centre of excellence for skills, technology and knowledge”, sending a clear message about the UK’s objective to be the world leader on cyber security. It’s an aspiration that Selex ES, a Finmeccanica company and one of the world’s leading information assurance and cyber security specialists, fully supports. Selex ES has the objective to not only ensure the cyberspace is a global example of information assurance best practice, but from this security base, drive prosperity and improve the lives of individuals and communities. Scoping the threat The threat we are up against uniquely makes no distinction between the military and the civil environments. All information and communication systems, no matter where or what they are designed for, are a natural conduit for aggression. Our adversaries can be well camouflaged and range from the young hacker who wants to make a name for himself in the dark market, to teams of well organised (often state sponsored) teams endowed with funding and a sophisticated operating mode. However, all have a common goal to target the heart of our economic system; whether to probe and inventory the vulnerabilities of our critical infrastructure, or to deplete the intellectual property and knowledge base of our societies. At Selex ES, our Security Operations Centres (SOCs) study the effects and methods of cyber-attacks. Importantly, we also draw on what our partners, governments and their agencies are prepared to make available about the behaviour of these adversaries. Intelligence is key to this threat environment, and technology – whilst a critical enabler – cannot substitute for the experience that human analysis can bring to developing this picture. As a provider of security solutions to government and corporate organisations, at Selex ES we understand risk and programme management, complex problem solving, and technology. Drawing on expertise and experience from across military and civil sectors, we know what it means to apply these skills and techniques to security projects, and we know that the majority of situations require seamless integration with legacy systems. We recognise that cyber security requires specialist expertise and we are well practiced at developing flexible, cost-effective solutions, without excessive disruption, which knit-together existing systems and infrastructure, with specialist products and capabilities, to deliver effective cyber defence. NCIRC – impossible without partnership In September 2011, Selex ES started its largest cyber programme to date with the NATO Computer Incident Response Capability Full Operating Capability (NCIRC FOC), leading a team – alongside Northrop Grumman – which represents some 40 international suppliers, all selected for their collective strength in cyber defence. In partnership with NATO, ISSUE 48/2013 31 DEFENCE TURKEY the team are implementing and maintaining state of the art detection systems in 28 nations to protect its fixed and deployed systems and operations from the most sophisticated attacks known, with a user base of more than 22, 000 individuals. With NATO encountering significant attacks on its digital networks or individual computers every day, the threat from cyber-attacks is greater than it has ever been and requires an entire ecosystem delivery capability, which is, as NATO’s Ian West commented, “impossible to achieve without an effective partnership with industry”. Today, Selex ES continues to build on its expertise in this field by drawing on synergies with other sectors and offering similar services to commercial customers, where Selex ES is actively pursuing advanced programmes for development of the latest generation cyber intelligence and SCADA security services, seeking to reach 360° protection for the complex ecosystems of its customer base. In recognition of Selex ES’s experience in defending against the serious threat that cyber-attacks pose to the security and economic well-being of the UK, the company is working alongside other leading defence and security companies in partnership with UK Government as part of the Defence Cyber Protection Partnership (DCPP), aimed at bolstering the security of the UK against cyber-attack through action within the defence industry. The DCPP model is intended to lead the way in industry collaboration and action on cyber security and to act as a useful template which can then be followed by commercial sectors to improve resilience across industry. The DCPP will also share threat intelligence and wider expertise on tackling cyber threats from the defence sector with other industry sectors and government through the recently announced national Cyber Security Information Sharing Partnership. As a world leader, benefiting from more than 40 years of experience in military Air Surveillance (radars and C2 centers), ThalesRaytheonSystems has introduced the CybAIRVision®: a complete suite of products and services to detect cyber intrusions in air surveillance systems, at radar, control center and national levels. Co-located with the radar, the CybAIR Radbox is designed for civil and military airspace surveillance radars. It monitors operational data, alerts the user if the radar behaves abnormally, performs technical and operational supervision roles and enables operators to visualize the operational consequences of a cyberattack. CybAIR Radbox combines communication gateways already providing network security (Firewall….) with very innovative Air Surveillance domain specific processes – CybAIR Agents - to detect potential cyberattacks that would have penetrated the radar network. In addition to the state of the art conventional signature-based tools, CybAIR Agents offer real time radar data flow analysis and detection of abnormal behaviours like non-standard message formats or inconsistent data versus history or radar environment. This very innovative approach enables the software to detect any kind of cyber-attack, including zero-day incursions that exploit an unknown vulnerability in the system, and insider assault on a protected network. CybAIR Agents and traditional IT components are kept up-to-date through periodic updates according to R&D progresses and cyber threats evolution. In case of an alert, CybAIR Radbox presents operational consequences and guidelines to the operator to investigate potential causes and assess the nature of the warning. In addition, CybAIR Radbox records radar data flows to allow post-analysis. CybAIR Radbox can be interfaced with any military or civilian surveillance radar and supports more than sixty protocols (including ASTERIX, ISR2…). It can be operated independently of ThalesRaytheonSystems in line with sovereign policy. CybAIR Radbox has been successfully evaluated in 2013, by the French Air Force and the French defence procurement agency (DGA). As a result of the field evaluation, CybAIR Radbox has been integrated in the French Air Force Concept of Operations. Additionally CybAIRVision® suite also includes CybAIR Multilink as a solution for Command and Control centers which aggregates information from several CybAIR Radbox, and CybAIR Picture which provides national supervision and cyber awareness. Thales Raytheon Systems CybAIRVision® is the immediately available Off-The-Shelf solution to insure Air Operations integrity within the ever growing cyber threats environment. DEFENCE TURKEY 32 ISSUE 48/2013 Why has Cybersecurity Become Such an Issue? As a result of Turkey’s economic growth, its deepening integration into the world economy and its developing information and communications infrastructure, Turkey has seen the cyber space assume a prominent position in the daily life of Turkish state organizations, businesses and citizens. As of December 2012, the Internet penetration rate is estimated at 46% and 20% of Turkey’s population own a smartphone, while the number of mobile Internet users has more than doubled between 2011 and 2012 in the country . Consequently, Turkey enjoys greater interconnections with the rest of the globe; allowing the country to be part of the borderless world of digital communications. The nation is regarded highly by foreign investors, both as a stable country and as an attractive market. Moreover, Turkey is becoming more and more active on the regional and international geopolitical scene and has become a major political partner in Central Asia, Gulf Countries, South-South East Asia,the Middle East Region. However, this increasing influence on the global arena has created two parallel realities for the nation, i.e. being an attractive place for investment while also being seen as an economic competitor and political challenger, subjected to state-endorsed espionage. To combat such threats, Thales, a world leader in Defence and Security, has developed high grade network encryption solutions to protect state and corporate information up to the highest classification level. Turkey also faces internal and external cyber threats from nonstate hacking groups and individuals. Turkish state websites have been victim to several cyber attacks, some even aiming to cut off power across the entire country . Such attacks emphasize the necessity of improving the nation’s cyber security of critical infrastructure. Thales currently also provides network monitoring solutions for critical infrastructure in order to be able to detect and react to cyber attacks. Therefore, in view of its rising political and economic importance and the increasing number of cyber attacks targeting the country, Turkey is a prime target for cyber attackers. Specifically, “Turkey is among the top 10 countries subjected to cyber attacks”, according to Professor Mustafa Alkan, Chairman of the Information Security Association at the National Cyber Security Strategy Workshop in 2012 . The Turkish Government has not been a bystander to this issue, but has also taken on initiatives to improve the level of cyber security and cyber defence in Turkey. The recent launch of the National Cyber Security Coordination Foundation is a testimony to the work being done to ensure the country’s stability and reputation is protected. As security specialists to the French Government, NATO and the United Nations, we have seen large organisations struggle in tackling cyber-space risks as the pressure to ensure the security of sensitive information mounts, and we know how important it is for a country like Turkey to not only protect, but also constantly watch their critical information systems. Dedicated to responding to these particular risks, Thales has developed products and solutions for government, military and corporate customers. Thales’s solutions in the cybersecurity field cover all needs: from cryptography to penetration tests, through to risk analysis, security audits, network security and encryption, as well as operating system hardening, database security, security architecture design, network supervision and rapid reaction. As a member-state of NATO and one of the major military powers, Turkey must ensure that all its military networks and communications are correctly protected against malicious eavesdropping with the appropriate solutions. Dedicated to this issue, Thales has developed a comprehensive range of network encryptors that fulfils all operational requirements, from the highest level of security classification to the sensitive but unclassified segment for every type of system (satellite, radio, tactical). Nevertheless, recent events have shown that cyber security is not just a matter of defence, but also a question of national security, implying potential impacts of a cyber attack against critical infrastructure. In a world where cyberspace has become a true theatre of operations, cyber attacks against a country’s critical infrastructure can be a way to, if not defeat its adversary, critically damage its infrastructure and undermine its economic and social life. From this point of view, Stuxnet remains the best example of how cyber attacks can damage unprotected infrastructures. Therefore, it is important that Turkey implements protection and supervision measures to achieve a satisfying level of security of its critical infrastructure, and that Turkey can rely on Thales’s know-how and solutions for critical infrastructure security. Thus, Thales has conceived CYBELS, a solution supervising in realtime any given information system, and providing cyber operators with the means to detect, analyze and react in case of cyber attacks. This is all thanks to innovative technologies patented by Thales and an ease of operation. CYBELS offers the means to identify and understand the key elements of a cyber attack in order to react before business is affected. CYBELS also integrates a solution for cyber training in order to train the operators and to validate the reaction plan before being implemented. Moreover, Thales and Schneider Electric have partnered in order to develop common cyber security solutions designed for SCADA and ICS. Finally, following Turkey’s economic growth, the Turkish financial sector has been developing itself and is now of absolute vitality to the country. This is a domain where we cannot tolerate any cases of security breach, identity theft or disruption as it manages the money and savings of citizens. Thales can also play a role in this domain as the company is the world leader for payment security and more than 70% of worldwide financial transactions are secured by Thales. Thanks to their recognized quality, Thales’s solutions are implemented in the most demanding environments in terms of security. As examples, Thales solutions are deployed to secure financial transactions, the cloud environment (Cloudwatt), satellite communications such as Galileo, tactical networks, SCADA and ICS and urban security systems such as in Mexico. Thales is now ready to be part of Turkey’s cyber security strategy ! ISSUE 48/2013 33 DEFENCE TURKEY STM and Integrated Cyber Security System (ICSS) Feasibility Study Project Mr. Oral Gürel, Project Manager, STM A.Ş. STM was established in 1991 with a decree of Defence Industry Executive Committee, which is the highest decision making authority in Turkey regarding defence industry matters. The main missions given to STM are; ›› providing technical support, systems engineering, project management, technology transfer and logistics support services to TAF (Turkish Armed Forces) and SSM (Undersecretariat for Defence Industries), ›› developing necessary software technologies for defence systems, and establishing and operating national software centers for software development and maintenance/ support. Currently STM is conducting activities in line with these missions with a total of 450 employees of which more than 95% holds bachelor’s degree or higher. In 2012 STM achieved over 70 Million USD of revenue and in 2013 about 85 Million USD of revenue is expected. One of the Cyber Security Solutions of STM to be elaborated in this article is Integrated Cyber Security System (ICSS) Feasibility Study Project. ICSS Feasibility Study Project Integrated Cyber Security System (ICSS) Feasibility Study Project was started in 2012 in order to meet the basic needs of Cyber Security and to implement the Cyber Security vision. Integrated Cyber Security System has been developed as a prototype and within the scope of ICSS, which is an R&D project in nature, a feasibility study has been conducted on the results obtained. Within the scope of the development of a prototype in which more than 20 skilled engineers participated; ›› An ontology and a national vulnerability database covering aspects of cyber defence have been created, ›› A Cyber Security Risk Analysis and Evaluation System to be available to all organizational units has been realized, ›› The technical infrastructure of a Cyber Security Coordination Centre, which will be able to make Cyber Security vulnerability and risk assessment, which will gather instant data to perform data fusion has been created, ›› A system, which can create Joint Cyber Security Picture from the data fused, has been developed. Through the ICSS Project, a system, which centralizes vulnerability, network topology and IT assets information collected from the organizational units and backbone network, has been developed. The prototype calculates the most effective cyber-attacks to be carried out by cyber-attackers and attack trees showing the ways (vulnerability, topology, etc.) through which they can perform attacks. With the help of the attack tree, ICSS users can calculate the risks inherent in systems and analyse possible remediation. As fundamental capabilities are shown in Figure 1, ICSS can gather system and application logs and sensor alerts in real time all over the network through the central coordination unit. All collected data are correlated and cyber situational awareness is provided to users. With the help of vulnerability, assets, risks and instant status information combining feature of ICSS, consolidated cyber security picture can be obtained and with this picture decision-makers are able to make integrated risk analyses and action planning. In ICSS project, in addition to prototype development, a feasibility study was conducted. In scope of feasibility report National Integrated Cyber Security Roadmap was presented including the requirements for approaches and procedures. National capabilities which must be acquired have been determined as a result of the comparison made between the requirements and the existing national capabilities. Finally, important areas of R&D and technology development and the possible difficulties in achieving the targeted capabilities have been indicated. ICSS project offers our country very important gains. With ICSS, foundations of a Centre of Excellence have been laid. This will be a center where new threats and methods of Cyber Attacks that may arise in the future can be tested and measures can be developed. Thanks to the flexible and scalable technical infrastructure of the ICSS, which has been developed under an R&D project, a long term, easily extendable system has been put into practice. Moreover, a Cyber Security Ontology and National Vulnerability Database have been provided for our country. The infrastructure, which will lead to the formation of the inter-institutional and in-house Cyber Security processes and their coordination structure, has been prepared. DEFENCE TURKEY 34 ISSUE 48/2013 Smart and Secure: Tap-Proof Voice Calls on Smartphones Protecting call confidentiality on smartphones is a problem that etches deep worry lines into the brows of IT managers. Mobile phones are open to numerous avenues of attack by eavesdroppers. The TopSec Mobile, a handy little encryption device from Rohde & Schwarz SIT GmbH puts an end to all those worries. Connected to mobile phones over Bluetooth®, it encrypts calls using an approach that leaves no room for attack. It is also the world’s first hardware encryption solution that works with unmodified iPhones. Maximum security does not compromise convenience Smartphones are now an integral part of our lives. It is hardly surprising that people sometimes unthinkingly use them to make calls that should be kept confidential. Users are often unaware of just how susceptible today’s mobile phones and transmission paths are to attack by resourceful hackers. In fact, the need for effective means of securing communications on mobile phones is huge: The armed forces, policymakers, government authorities and businesses all need solutions that let them use mobile phones without the permanent risk that the confidentiality of their calls is being compromised. Fig. 2 End-to-end encryption with the TopSec Mobile over Bluetooth®. Calls are transmitted over an Internet connection using secure voice over IP (sVoIP) technology. VoIP is a global standard that offers smartphones universal and inexpensive access to the Internet over mobile networks and WLAN. ( Fig. 2) Mobile phones may come and go, but TopSec Mobile remains Fig. 1 The TopSec Mobile provides tapproof, end-to-end encryption for mobile voice calls and works with laptops and almost all commercially available iOS and Android smartphones The TopSec Mobile is a crypto headset that connects to a smartphone The TopSec Mobile (Fig. 1) is a smart solution that accommodates the popular habit of frequently upgrading to the very latest phone models. By using Bluetooth® to connect to smartphones, the device can encrypt and decrypt calls. Since practically all smartphones today offer Bluetooth®, the TopSec Mobile can work with all leading Android mobile phones and the iPhone, which together account for around 85 % of the global smartphone market. The device is also unique in that it is currently the only solution of its kind to work with the iPhone. Prior to the advent of the TopSec Mobile, specialized encryption apps were the only means of making tap-proof calls on the iPhone, and they cannot generally be classed as secure. Even the encryption solutions available on microSD cards, which typically afford greater protection than software-only encryption apps, are not completely secure since they do not connect directly to the phone’s microphone. Just how simple it is The TopSec phone app supports both encrypted and unencrypted VoIP calls. Encrypted calls take place directly on the TopSec Mobile. The device encrypts and decrypts calls independently, without involving the smartphone or laptop. When making secure calls, users talk and listen through the TopSec Mobile’s own microphone and speaker, effectively eliminating any manipulation by malware. VoIP calls have to be set up through a server, and users must be registered on the server in order to make and receive calls. The TopSec Mobile sets up encrypted connections using SIP and IAX2, two common signaling protocols. It works with both public SIP servers and with the R&S®VoIPSERVER S110. The R&S®VoIPSERVER S110 is ideal for user groups with special security requirements who prefer to operate their own VoIP server. ISSUE 48/2013 35 DEFENCE TURKEY Secure Access to Internet and Cloud Services Cloud-based applications such as Dropbox, Salesforce and Amazon Web services are currently revolutionizing business collaboration. Yet, at the same time, organized Internet crime is increasing dramatically. The R&S®SITGate offers users innovative, continuous application validation to prevent information leaks. Using social media efficiently yet safely The R&S®SITGate ( Fig. 1) can identify and distinguish between several hundred cloud-based applications. For example, the R&S®SITGate can permit the posting of Facebook messages during lunch hours but not at other times. The R&S®SITGate also allows the definition of user-specific rules so that the marketing department can post news on social media sites at any time, yet access for other departments is restricted. This enables organizations to implement highly granular security policies to control corporate communications. A professional safeguard against botnets and zero-day exploits Attackers today work with highly professional development tools to exploit known and new computer system vulnerabilities. Zeroday exploits targeting security gaps in system functions are sold at high prices on the black market and are used to orchestrate cyber-attacks such as Stuxnet and Flame. Infected host systems can then harvest documents and addresses without being detected. Attackers can even use systems’ microphones and cameras to make audio and video recordings – locally and on accessible network resources. This critical information is subsequently sent over the Internet to a central command server. The R&S®SITGate continually validates the (entire) communications protocol of every single connection. All dangerous transmissions are identified – even those running over legitimate channels. Every anomaly results in the connection being aborted. Single-pass technology keeps track of everything The R&S®SITGate incorporates single-pass technology to concentrate all the security checks at a single point on the network. Single-pass technology combines application detection and protocol validation with malware and antivirus protection, intrusion prevention and web filtering. The required signatures – for current malware, for Fig. 1 The R&S®SITGate is a perimeter firewall that validates all data traffic to and from the Internet. As a zone-based firewall, the R&S®SITGate rigorously controls communications between different areas of a network. example – are continuously updated online. With single-pass technology, corporate security policies are as easy and flexible to implement as configuring local network access. This reduces complexity significantly and thus the numbers of false positives and false negatives DEFENCE TURKEY 36 ISSUE 48/2013 ISSUE 48/2013 37 DEFENCE TURKEY DEFENCE TURKEY 38 ISSUE 48/2013 Get Protected Against the Most Disruptive Cyber Warfare Tool with DDOS Mitigator As Turkey’s #1 Cyber Security vendor, Labris Networks Inc. is proud to announce its latest cyber warfare defence tool: DDOS Mitigator Appliance Distributed Denial of Service (DDOS) attacks have been evolving over the last 10 years. The impact of these attacks on critical infrastructures have been increasing day by day. Such impact is created by many elements such as the intelligence level of the attackers, strong attack motives and advancement of the attack technologies which is claimed to be backed by the governments. What to know about DDOS Attacks A basic denial of service (DOS) attack involves bombarding an IP address with large amounts of traffic. If the IP address points to a Web server, then it may be overwhelmed. Legitimate traffic heading for the Web server will be unable to contact it, and the website becomes unavailable. Service is denied. A distributed denial of service (DDOS) attack is a special type of denial of service attack. The principle is the same again, but the malicious traffic is generated from multiple sources – although orchestrated from one central point. The fact that the traffic sources are distributed – often throughout the world – makes a DDOS attack much harder to block than one origination from a single IP address. How to get protected against DDOS Attacks The DDOS attack seemed to be an unsolved issue because of its chaotic structure however recent technological developments led cyber security teams to mitigate the risk of online unavailability. “Mitigation” is the right word because one should keep in mind that there can be always a huge attack to make your services unavailable for some time. Although many local Internet Service Providers (ISP) provides the DDOS mitigation service whereby DDOS attack identification and mitigation occurs within ISP’s IP backbone before it reaches the customer’s network, now it’s widely accepted that it’s not enough to rely on ISP only. Recently, the commonly accepted concept is the hybrid approach which combines the advantages of network perimeter based solutions – dedicated DDOS Mitigator Appliances – as well as ISPbased solutions. The reason of using DDOS Mitigator Appliances is the insufficiency of ISP solutions about preventing the malicious traffic under 1 Gbps. ISP Scrubbing Centers were designed to mitigate the attacks over 1 Gbps or what we call “volumetric attacks” where the threshold values are used to identify the malicious DDOS traffic, however according to the latest researches, around 40% of the attacks worldwide are named as non-volumetric attacks under 1Gbps. Identifying DDOS traffic is the first stage of defence. DDOS Mitigator Appliances are not only using threshold values on inbound-outbound traffic, but also using the advantage of 34+ different data sensors (TCP, UDP, ICMP, HTTP GET, HTTP POST, TCP SYN etc..) for the first phase of decision-making process. The worldwide IP reputation databases identifies the black IP’s and dropping the packets which is the second phase. In this phase, the geographical traffic blocking allows you to block the traffic originated from irrelevant countries/regions which can help much during state-sponsored cyber-attacks. The third and the most important phase is performed by the Anomaly Engine having unique Deep DDOS Inspection technology which is scanning the traffic with heuristic / non-heuristic algorithms, network memory and timely averages, deciding if the traffic is benign or not, in only milliseconds. After the attack, the evidence file can be printed out from management interface screen on which you can work. The IP addresses, countries of the attackers or the attack type, target service, start-end time can be seen for further investigation. In order to mitigate the DDOS attack, the IT security tools are not always sufficient; focused Security Emergency Response Teams should be established and kept up-to-date for today’s latest attack scenarios. Moreover, Advanced Persistent Threat (APT) level attacks force victims to get in direct touch with the vendor’s research labs during the attack. The customer and the vendor are advised to get in touch not only during the attacks but also before the attack. The chosen vendor should be transferring the necessary knowledge to the customer ISSUE 48/2013 by up-to-date documentation and onsite technical trainings. Why to get protected against DDOS DDOS can be disruptive for a wide range of your online services from e-mail and web servers to specific application servers that’s all vital for your missioncritical operations. Whether you’re using an intranet or using secure webbased applications (SSL VPN etc..) you’re likely to suffer a DDOS attack. An online presence (simply an IP address) is enough to experience it. A successful DDOS attack can not only result in time loss or money loss but also image loss linked to your online presence. It can be harmful as a psychological attack tool during a “Cold War” or can be used to distract Cyber Security Teams during another serious cyber-attack for intelligence gathering such as malware or a virus activity that should be investigated manually. When you’re under an attack, all eyes are on the attack, and there may not be as many resources paying attention to other parts of your network. 39 Summary A real cyber war includes two-stage mission. The first stage is intelligence gathering from different resources from the enemies’ systems by using virus, malware, backdoors etc. When you’re done successfully with this stage, second stage comes out to be easier and much disruptive which is cutting off systems’ online availability. An advanced persistent level DDOS attack is a useful, cheap and easy-toperform tool to execute this command. Originated from ODTÜ Teknokent Turkey’s powerful R&D hub - , Labris Networks Inc.’s DDOS Mitigator Appliance is designed to be an intelligent shield against disruptive DDOS attacks. By its best-of-breed anomaly engine, unpredictable DDOS traffics can be detected on real-time for ultimate protection. About Labris Networks Inc. DEFENCE TURKEY products. Labris ensures ultimate network security through its extensive product line including Firewall/VPN, Web Security, E-Mail Security, Lawful Interception and DDOS Mitigation solutions on LBRUTM, LBRLOG, LBRMNG and DDoS Mitigator appliances. Next-generation solutions are developed to detect, identify all kinds of real-time threats, applications providing a smart shield against intrusions, viruses, spam, malware and DDOS attacks. Being one of the Common Criteria EAL4+ certified security gateway brands in the world and rapidly growing global player, Labris provides its customers the top-level security with optimum cost. Labris, headquartered in ODTÜ Teknokent, Ankara, has partners and offices serving Europe, Middle East, North Africa, Caucasus and Southeast Asia. www.labrisnetworks.com Since 2002, Labris Networks Inc. has been an R&D focused and rapidlygrowing provider of network security solutions through its globally-proven BITES; Innovative, Specialist and Technology Developer of Turkey BITES is a Turkish multi-award winning company unique in Turkey. Since 2001 BITES is producing the building blocks for 3D Virtual Maintenance Trainer, Computer Based Training, Advanced Software Solutions and Simulation Technologies. We are committed for the vision of being ‘Innovative, Specialist and TechnologyDeveloper’; our innovative applications for defence sector can be deployed to any platform (PC, laptop and mobile devices). Besides Defence, BITES also provide solutions for civilian corporations. Quality & Security Certificates: ›› MOD Facility Security Clearance ( National Confidential Level) ›› NATO Facility Security Clearance ( NATO Confidential Level) ›› MOD Production Certificate, ›› ISO 9001:2008, ›› CMMI-Level 3 Main Activity Areas: ›› Defence ›› Aerospace Technologies ›› Civil Aviation ›› Information Technologies ›› Interactive Technologies Core Capabilities BITES has been designing, producing and providing state-ofthe-art software solutions for about ten years in Defence, Aerospace Technologies and Civilian sectors. Some of our products are as follows: ›› Computer Based Training Systems (CBT), ›› Embedded Software Development, ›› Synthetic Environment Development, 3D Modeling and Simulation Technologies, ›› Virtual Maintenance Training Systems, ›› Management Information System Software (Tarining and Logistics), ›› Interactive Electronic Technical Manuals (IETM) ›› Fleet Management Systems ›› Geographical Information Systems, ›› Mission Planning and Debriefing Systems, ›› Image and Audio Processing. BITES has been in Defence sector for about ten years and producing IT (CBT, software development, simulation technologies, mission planning and after action review, Fleet Management and GIS applications) solutions. BITES are also enhancing our Cyber Security capabilities. R&D Projects We are one of a few SMEs in Turkey with R&D department and active R&D projects. We have already completed two R&D projects which were supported by TUBİTAK and Ankara Regional Development Agency. An R&D project has just started and five projects are waiting for approval. BITES has completed 13 projects already and has 12 projects to be completed within one year. In 2012, BITES accomplished first exportation about some of its products &services. DEFENCE TURKEY 40 ISSUE 48/2013 UDEA; The Strongest Partner of RF Wireless Technologies UDEA has been working on Wireless Technologies over years, designing and producing RF receiver, transmitter and transceiver modules, development tools, evaluation boards and also providing software support. UDEA also provides solutions in the area of active RFID products and real time location systems (RTLS) on person and assets particularly with the new active RFID standard ISO180007. UDEA combines comprehensive consulting services and leading-edge technical expertise for every stage of system’s growth, from design to development. These efforts can be categorized as; ›› Design ›› Simulation ›› Prototyping ›› Performance Evaluation ›› Evolution UDEA can provide the following supportive items to project for the development of wireless needs. Support for Preparation of Project Plans. It can be safely assumed that there will be many changes during the system design. However, a carefully scheduled and well defined master project plan which shows the different phases of the sub-projects and a project plan which shows the tasks and responsibilities in sub-projects would be very helpful to be able to achieve fast and successful results in such an R&D project. Protocol Development Support. Since there may not be definite standard at the moment it is more likely that it will be a proprietary protocol. There might be several advantages or disadvantages of having a proprietary protocol but most of the disadvantages can be used as an advantage if the protocol can be open in terms of compatibility to existing standards. UDEA can provide support in development of such a protocol or set of physical, data link, network or up layer protocols. Supply of Firmware/Software. Some of the RF modules especially high end/high performance ones contain an embedded processor and associated firmware which is responsible for the execution of radio related processes. UDEA can provide this firmware and related software for different requirements or specifications and depending on the requirements can design and code a new firmware and development software. UDEA work style is based on close, frequent communication with our customers. Constant communication and collaboration enables us to better understand specific needs of our customers and to develop more effective products and services. ISM Band RF modules Produced, approved and ready for use embedded RF modules for OEMs Integrating software applications make the process simple and fast. One of the main objectives of the module production of UDEA’s is OEM manufacturers in a variety of different sectors RF production, talent, experience, or in the event of lack of opportunities to design and produce their own solutions, such as the high cost of their systems or applications rather quickly integrated into the module that it took. This way, manufacturers of the final product will save considerable amount of time, cost, process and products to market. The Remote Command Control and the Platform Systems UDEA RF wireless communication applications, and provides engineering services to the Defence industry sectors. This project-oriented engineering services support planning, engineering design and project management to provide a source of complete turnkey projects include several options. RF receiver, RF transmitter and RF transceiver modules, wireless data, voice and video transmission is widely needed in the remote command, SCADA, telemetry, automatic meter reading systems, alarm/ security, and other industrial wireless control applications easily and readily available. Caller Systems (Hospital, Restaurant, Taxi, etc.) ODM designs are available in the industry and developed a significant part in the domestic market on SRD (Short Range Radio Devices) network applications, in ISM band RF modules. UDEA was one of the first companies that perform wireless network applications, and their Bluetooth, GPRS technology is compatible universally, and manage to work together as a broad knowledge of the know-how and experience. UHF RFID Radio Frequency Identification (Radio Frequency Identification) on any object in simple terms, is an electronic tag that contains the ISSUE 48/2013 information about the object (RFID TAG) via radio frequency to a receiver which will recognize (RFID READER). This is established by the identification technology. UDEA uses RFID and the Electronic Product Code (EPC) on products and services offered based on its designs, RF carried out of the mission of pioneering technologies. UDEA has R&D, project, product and production experience in RF Wireless and EW Systems in Military, Defence & Aerospace applications, mainly in 300MHz to 10GHz frequency spectrum(covering UHF, L, S, C and X-Bands) with proven concepts, designs, prototypes, pilot and volume productions, extensive R&D capabilities including fully instrumented R&D Labs and skilled manpower. UDEA has been manufacturing both 41 custom design Military-Grade high precision and high quality products for special purposes and also has been holding some contract awards for R&D and pilot production phases of EW Capable Radar , Radar Altimeter and RF Seeker equipment for missiles. UDEA have been singularly focused on performance in wireless since beginning operations in 1999, and we continue to lead the industry in performance innovation. We have never relied on off-the-shelf, reference design radio technology – it just doesn’t deliver the capacity, range or interference mitigation necessary to make the dream of high performance wireless a reality. Instead, we’ve assembled a team of the best and brightest wireless minds to our R&D team, built a day by day expanding DEFENCE TURKEY production facility, just to deliver the creative solutions needed to realize our vision. UDEA has been exporting some of its high end wireless products, mostly RF modules, to various countries, mainly in Eastern Europe to Middle East such as Lebanon, India, Kosovo. Even though UDEA has been playing a great role in meeting the increasing domestic demand in wireless technologies, we have always been trying to match and fulfill the demands of any country where the necessity is present. BEAM; Software Testing and Verification Solutions for Defence and Finance Sectors BEAM Technology established under Techno-Entrepreneur Program of Ministry of Science, Industry and Technology in 2011. As well as providing qualified services for increasing the quality and security of software applications, BEAM is also developing its own automated software testing and verification solutions for defence and finance. Currently BEAM Technology is well known with its secure development services including implementation of a Secure Development Life Cycle, conducting dynamic and static security analysis to software applications, transferring know-how on test automation and most of its clients awarded with a reputable international security certification for products called “Common Criteria”. However even reaching to more than %100 growth rate since 2011, BEAM also dedicated to R&D in its ODTÜ Teknokent Premises and now launch three products for increasing the quality and security of software applications and services. R&D efforts of BEAM is awarded by TÜBİTAK two years in a row by promoting the company to the top 10 technology start-ups which will be supported by Turkish Government in the journey of US Market entry. Product and Capabilities BEAM Teknoloji is developing the following three products to supports its main cause which is reducing the maintenance cost of Software Applications by increasing the quality and security during the development life-cycle. Upon investing more than 1M USD for R&D, BEAM is now proud to introduce CODCORE which is a code-review platform supported by static analysis. CODCORE is a unique solution which helps developers to find and fix vulnerabilities in the source at early stages of development and conform to the software development best practices. FOTON-P is a web based automated functional testing solution which reduces the user acceptance, performance testing and functional testing efforts and flexible enough to fit in any development environments quickly with the support of a professional service of our experienced team. LENS-R is a web based reporting tool for security evaluators and testers which helps its users to generate, review and examine security flaws and findings in multiple test targets. BEAM is providing qualified service and solutions to Defence Industry Defence industry is one of the main targets that BEAM provide qualified services and solutions. With its already established clients in Turkey and in abroad, BEAM tried to increase the quality and security of products that is developed by defence contractors. Most of the time, with the enforcement of the buyer BEAM support the cause of security certification of products in order to prove that it is resistant for security attacks. Focus on Middle East and Malaysia markets BEAM is currently working in defence, finance, telecommunications and energy markets and provide its solutions and services. In Turkey, BEAM is working with well-known enterprises and government agencies and on the other hand its exporting these services to Malaysia and Middle East. Since the potential market is too big to cover, BEAM is focusing on both automation of services and recruiting its consultant team. DEFENCE TURKEY 42 ISSUE 48/2013 Indigenous Solutions for Defence & Space & Aviation by SDT Space & Defence Technologies Inc. (SDT) is a privately owned Turkish company operating in Turkish defence sector and conducting high technology software and hardware development & system production. SDT’s operation is run according to internationally accepted engineering, quality assurance, configuration management and program management standards like ISO 9001:2008, IEEE 12207, IEEE 1220, MIL-STD-498 and MIL-ST-973, PMI handbook and various other internationally recognized standards. SDT Space & Defence Technologies Inc. has been developing indigenous software and hardware products and integrated solutions for Defence, Space and Aviation area since February 2005. SDT’s facilities are located at Middle East Technical University (METU) Techno polis Area in Ankara, Turkey. High Technologies of Product Range SDT is specialized in certain areas like Radar-EW signal processing, image processing/ pattern recognition, embedded software/systems, satellite technologies and related simulation & modeling systems and has a variety of products in these areas like Airborne Digital Data Recorders, Airborne Moving Map Computers, Airborne Data Acquisition Equipment, Airborne Video Symbol Generation Computers, Video Multiplexing Units, Missile Launcher Control Systems, System Solutions on Synthetic Aperture Radar Technologies, System solutions on Electronic Warfare Signal Analysis Systems, Automatic Target Recognition Software based on high resolution satellite images, Geospatial Intelligence Management Systems, Embedded Training Systems for sensors and missiles, tactical environment simulation software and 3D visual models and services like ruggedization of industrial electronics units for military conditions and electronics card & unit production. SAR & EW Capabilities SDT has embedded real time software development capability under various software development environments for avionics and electronic units and also for sensors like Synthetic Aperture Radar (SAR) and Electronic Warfare (EW) systems. SDT has also high level software development capability for applications like image processing & exploitation, image archiving, dissemination and service request management for satellite imagery, geospatial intelligence management functions, mission planning and sensor & weapon simulations and tactical environment simulation. Investment of R&D SDT’s on-going R & D efforts capability resulted qualified military electronics products and high technology remote sensing applications. SDT has also been developing various simulation and modelling applications, concentrated on embedded simulation applications, visual modelling, tactical environment simulation and sensor simulations. It has expanded its technological base especially in (i) sensor signal and image processing applications in airborne platforms, UAVs and satellites, (ii) military mission electronics equipment and (iii) also simulation & modelling applications in the local market and would like to offer these products and capabilities also to the export market. Our advantage both in Turkish market and export market are that our products utilize new technologies. As the company structure and objectives,we are a product focused company rather than project focused company also our products are cost effective with high performance. Reliable Partner of Domestic and International Market SDT is very well recognized by SSM (Undersecretariat for Turkish Defence Industries) and also a full member of SASAD (Association of Turkish Defence & Aviation Industries) of Turkey. Currently, SDT has some on-going development contracts directly with SSM and some of SDT’s ongoing development and production contracts are with the main system integrator Turkish companies, ISSUE 48/2013 namely TAI, ASELSAN, ROKETSAN, HAVELSAN and FNSS. SDT has an important role in Synthetic Aperture Radar (SAR) sensor of ANKA. The SAR sensor provides an additional capability to ANKA to obtain intelligence data under all weather conditions. ANKA’s SAR sensor is indigenously developed by SDT and ASELSAN as a result of a R&D program funded by Turkish Scientific Research Agency (TUBITAK) and executed by SSM. SDT’s role in the SAR sensor is development of SAR signal processing algorithms, real time software/firmware and also a high speed digital data recorder for SAR data. Flight test program of the sensor has been successfully completed and its integration to 43 ANKA is ongoing. Moreover, SDT is also tasked to implement Inverse SAR (ISAR) mode on this sensor to fulfil Turkish Navy needs. Under the SDT’s vision to concentrate on sensor signal, image and data processing, SDT has extended its product and technology base towards imaging sensors and image processing applications. Within this context, SDT is currently tasked, as subcontractor to ASELSAN, to develop “Ground Station User Service Subsystem” to implement image exploitation, archiving, user interface and order management functionalities in GOKTURK-I high resolution EO/ IR military observation satellite program of Turkey. Besides, SDT is under contract for automatic target recognition algorithm and software development based on SAR images for Turkish Armed Forces. Moreover, SDT is a partner in a European Union (EU) Framework Program 7 (FP7), called ALICIA (All Condition Operations and Innovative Cockpit Infrastructure) to improve pilot’s situational awareness on the cockpit by utilizing sensor image processing and data fusion technologies to enable civilian aircraft to land, take off and taxi under bad weather conditions. Moreover, SDT has started DEFENCE TURKEY to develop indigenous defence products with his own financing in Airborne Digital Data/Video Recording area and created a product line named as DDR- Product Family, digital moving map applications, missile launcher control electronics, video coding/decoding system for missile seeker and airborne digital data acquisition devices to be used for military platforms. Many of SDT’s products are already being used for the needs of Turkish Armed Forces on Unmanned Air Vehicles and aircraft for Cargo, Training and Jet types. SDT has also developed various simulation and modelling applications, concentrated on embedded simulation applications, visual modelling, tactical environment simulation and sensor simulations. Value added capabilities & technologies enable SDT to increase her product range family. Thus, these unique indigenous products have become an important tool to bring critical potential opportunities to get SDT into World Defence Market. DEFENCE TURKEY 44 ISSUE 48/2013 SIMSOFT; One of the Most Experience Company on High-Fidelity Modeling and Simulation Systems in Turkey Simsoft was established on 17th of March 2006 by a group of doctoral students and professors to work on simulation systems, platform management software, test simulators, computer based training and serious games as a University – Industry Cooperation Company. Simsoft has completed ISO 9001:2000 “Quality Management System” studies in order to perform vision, mission and principles in national and international areas and received ISO 9001:2000 “Quality Management System” Certificate on 12th of December 2006. Simsoft has started CMMI (Capability Maturity Model® Integration) studies aiming a more effective process in projects after taking ISO 9001:2000 “Quality Management System” Certificate and now developing projects according to CMMI Level-3. Recent number of employee is around 60 people, almost 98% of them are technical staff. Product and capabilities Simsoft’s main activity fields are Modeling and Simulation, Platform Management Software, Test Simulators, Game Technologies, Computer Based Training, HumanComputer Interaction (Usability Tests). You could find the related products and capabilities on these activity fields below. a. Modeling and Simulation ›› 2D / 3D Visualization ›› Image Generators (SimIG) ›› GIS Based Visualization ›› Distributed Simulation (HLA, BOM, RPR) ›› Embedded Simulation Systems ›› Virtual and Augmented Reality ›› Modeling ›› Weapon Systems ›› Platforms ›› Electronic Warfare ›› Sensor and Radar Systems ›› Communication and Link Systems b. Platform Management Software ›› Mission/Task Planning, Analyzing and Data Export ›› Combat ,Target Management Software ›› Data Transfer or Converting Between Different Message Systems ›› Data Transfer Between Different Devices (ANS, GPS, LRF, etc) ›› Fire Execution Management ›› Communication RealTime Platforms and Devices ›› Command Control and Data Link Software ›› ATO/ACO Messages ›› Tactical Picture Software ›› Data Fusion ›› Embedded Software c. Test Simulators ›› Emulators ›› Real time and critical mission systems. ›› Replacing of real equipment and special environment ›› Test Data Visualization (Telemetry Software) ›› Test Data Recording and Archieving ›› Visualization of Bulk Test Data ›› Data Post Processing and Analyzing d. Game Technologies ›› Computer Games (Turbo Baskets, SimKopter) ›› Mobile Games ›› Multi-User Online Game ›› Decision Support Games (CBS Based, Military Strategic and Training Games ) ›› Developing Game Engine (Multi-User Online Game Platform ) e. Computer Based Training ›› E-Learning (Computer Based Training on Internet and LAN Network) ›› User Management Module ›› Content Visualization Module ›› Question Preparation Module ›› Exam Module ›› Chat and Forum Module ›› Questionnaire Module ›› Reporting and Analysis Module f. Human-Computer Interaction (Usability Tests) ›› User Centered Design ›› Interface Usability Tests ›› Effectiveness, Efficiency and Satisfaction Tests of Systems ›› Eye Tracking (Real Systems, Applications, Portals, Interfaces, Videos) Web Sites, Simulation Solutions of IT and Warfare Simsoft provides effective solutions for the defence industry with the simulation projects on IT and Warfare. You could find some related projects below carried out by Simsoft. ›› Convoy Training Simulator was developed for Turkish Police Forces to get trained on how to drive and use firing systems of various armoured and unarmoured vehicles. ›› Fennek Pedestal Mounted Stinger System Embedded Training Simulator was developed for gunners to get trained on how to use the real Stinger Launcher System in Fennek vehicle while interacting with the real system. ›› Anti-Air Gun Training Simulator was developed for gunners to get trained on how to use Anti-Air Guns and their weapon systems and to learn attacking strategies. ›› GIS Based Naval Warfare Game System was developed for fulfilling Turkish Naval Forces warfare game needs in order to strategically, tactical and operational training . ›› Artillery Gun Simulator was developed for training users of Fırtına Artillery Gun. ›› Light Gun Shooting Training Simulator Project was aimed to improve users of firearms decision-making ability and sighting skills. ISSUE 48/2013 ›› Air Defence Test Software was developed for testing air defence systems on a unit basis approach. ›› Electronic Warfare Mission Analysis Software was developed for performing mission analysis in Land-Based Remote Electronic Support / Electronic Attack Acquisition Project. ›› Secure Internet Game Portal was developed for child, young and adult categories to learn how to use Internet in a secure way. Simsoft, in close cooperation with universities and industry, takes part 45 in many research and development projects on simulation systems supported by EU, public and private organizations. DEFENCE TURKEY ›› ›› Export activities Some of the projects completed by Simsoft under a main contractor was developed for the end users abroad. Some of them are being exported directly. Here are some sample projects below: ›› Fennek Pedestal Mounted Stinger ›› ›› System Training Simulator (End User, Netherland) Trucks and Car Training Simulators (End User, Azerbaijan) Marine / Bridge Simulator (End User, Turkmenistan) Internet Safety Portal Games (Exported to Spain) Tactical War Game and Driving Simulators (Being exported to Turkmenistan) 25 Years Experience of IT solutions and Criminal/Forensic Medicine Laboratories by VERISIS VERISIS A.S. is a 25 years old company mainly focused on developing IT solutions and consultancy, based on Criminal / Forensic Medicine Laboratories. Capabilities ›› ›› ›› ›› ›› ›› ›› Forensic Laboratory Solutions Custom Software Development System Integration Consultancy Hardware nad Infrastructure Distance Learning Remote Sensing & Gis Solutions Projects ›› Turkish Police Criminal Laboratories Information Management System ›› Turkish Gendarmerie Criminal Laboratories Information Management System ›› Turkish Gendarmerie Narcotics and Psychotropic Profiling System ›› Turkish Police Bomb Squad Automation ›› KOMPLE.DOC Document Management System ›› KOMPLE.ISO Quality Management System ›› TEİS – Sales force tracking system ›› Turkish Military Smartcard Project Products Forensic Laboratories Information Management System (CLIMS) is a complete case management system developed especially for forensic laboratories to provide a chain of custody with DNA and Narcotic Bank/ Matching features. DNA Module as your National CODIS Database. ›› Real Time DNA Bank, Matching and Contamination warning, ›› Integration with equipment used in Biology Laboratories, CLIMS Narcotic profiling module is a Data Bank and Narcotics profile matching solution ›› National Drug Profile Bank, ›› Drug manufacturer Bank, ›› Profile matching sample to sample, sample to Database, CLIMS Crime Scene Investigation Module has following Features ›› Mobile Crime Scene data entry with hand held computers. ›› Performance Monitoring of Crime, Evidence and Case Analysis, Cloning System for Ballistics is used to duplicate the firearm cartridge cases, collected from the crime scene for security and archival purposes. Bomb Squad Automation System is a solution for explosives departments to trace/monitor the cases and matching the trigger mechanisms of found bombs. R&D Investments VERISIS have a separate R&D Office located at METU Teknopark since 2005. VERISIS R&D experts, mostly have ICT related background, research on the forensic sciences and criminal facts. They develop software related to forensic and criminal solutions which are used by Police or local military officers. Besides we have some R&D studies on Remote Sensing and Geographic Information Systems together with the Geological Engineering Department of METU. Domestic and International Projects VERISIS products is actively used by Turkish Criminal Police Laboratories for 10 years, by Turkish Gendarmerie for 5 years. VERISIS are in contact with the Criminal / Forensic Departments of Police or Local Military Officers of different countries. In 2013 VERISIS have exported their criminal solutions to Kingdom of Saudia Arabia Ministry of interior. DEFENCE TURKEY 46 ISSUE 48/2013 Last Man Standing or Self Defensive Software Mr. Serhat Toktamışoğlu- MilSOFT In this article, we’ll try to shed some lights on software protection which is actually an interesting sub area of software security. It is part of software security because it may be seen as the last line of defence (for man-at-theend attacks) for securing your software against certain type of software security attacks. The reason why we call the software protection as “last line of defence” is that if the adversary passes perimeter security measures (firewalls, IDS, AV, etc.) then your software should defend itself to protect its intellectual property as well as to continue run as it is programmed originally. Software protection is part of software security so it should be considered as a major part of cyber security concepts and studies. In classical cyber warfare approaches, the man-in-the-middle type of attacks is common so perimeter security plays a major role. However, software protection complement but don’t rely upon network firewalls or hardware security. There are many solid cases which you need to protect the software and the content. To name some solid examples; you can think of you’re a military contractor and produce critical embedded software which is used in UAV systems. What happens if the UAV is shot down (or hijacked) in adversary’ territories? What if a maliciously modified/patched version of your fighter’s avionics code which acts unreliable at a critical time was uploaded into your state of art new fighter jets? Or, imagine you wouldn’t have enough time to destroy all critical software and hardware used in your state-of-the-art spy plane when it was forced to land in your adversary’s controlled region. What happens then? To see what happens in real life examples, you can visit the discussions, concerns, claims and counter claims on the net which occurred around Iran-US, RQ-170 capturing incident on 2011 (http://en.wikipedia.org/ wiki/Iran-U.S._RQ-170_incident) and Hainan Island Incident on 2001 (http:// en.wikipedia.org/wiki/Hainan_Island_ incident). These examples show the importance of employing software and hardware anti-tampering measures in critical system components. The software protection is not only essential for military systems but also for many commercial applications like game applications and consoles. For some type of applications staying unbreakable couple of weeks further is the vital factor for the company’s profit. The methods involved in software protection like, code obfuscation, antidebugging techniques may not be used only by the good guys. It can be employed for the malicious purposes like cloaking a virus code and hiding some on purpose planted bugs in the code. On the other hand, applying software protection methods (both for good causes or malicious purposes) is a double-edged sword which has some performance trade-offs. Because of the runtime checks and obfuscation methods applied to software it has performance impact on runtime and the code size increases. The challenge in software anti-tampering studies are to make these trade-offs negligible comparing the benefits. Another challenge in the area is that almost all the public resources in software protection area come from academia. The commercial works stay in the dark due to the fact “security through obscurity” is partially valid in software protection. You may think this is not correct approach for security but in software protection to stay unbreakable couple of months, weeks, days (even hours in war time) further is vital. Therefore, academia plays a major role as it share the knowledge and studies the methods and the attacks at the same time that helps the researcher community grow. The protection may not be only interest of government/military institutions or big companies. Imagine you have a small company or individual and you would like to protect your intellectual property (patents etc.) in your software against the big competitors like multi-billion companies. If they use your code (even patented), you don’t have a big chance at court against them as they have much bigger legal capabilities then yours. So, the protection methods may be your best option to go. If you somehow go to the court, the techniques like watermarking and birth marking can also help you to show the evidences of theft in the court. It is also interesting to note that software protection techniques like code obfuscation are also commonly used by virus and malware writers. They use these techniques to hide themselves from virus scanners and provide polymorphic versions of the same malware. Malware analyst’s job gets more and more difficult if the malware code is furnished with dynamic and static obfuscation methods. Producing self-protected software against dynamic and static type of attacks can also help you defend your software against zero-day type of attacks to some extent. Because in order to create zero-day attacks, your code must be investigated and the security flaws should be identified. If you furnish your binaries with antitampering techniques, this will make the zero-day researcher’s job tougher. A known correct motto is that “If your computer can see the instructions, then you can see them, too”, Bruce Schneier. However, if you do your best to make the reverse engineering time of your code relatively bigger (there is no exact academic measurement for that now) than the original developing time of the same code includes its all IPs, we can say that you accomplished your task successfully! ISSUE 48/2013 47 DEFENCE TURKEY Atos: Scenarios for the Future of Defence and Security This is a critical era for the entire Defence and security community, as we are confronted with conflicting challenges that threaten to limit the operational effectiveness. Yet new capabilities, technologies and solutions make it possible to transform mission outcomes, from front-line support, interoperability and adaptability to capability, affordability and resource efficiency. Knowledge centricity – creating strategic advantage through predictive analytics There is a growing demand for specific filtering of information and its transformation into knowledge. This requires a smart data fusion from all kinds of sources; and data, covering financial transactions, forensic information and many other kinds of content. Atos is one of the main players that aim to reduce complexity and support decision making, and makes effective use of semantic web technology for this purpose. Semantic web characteristics include intelligent services and networks and self-healing systems, as both people and non-sentient objects reason and communicate together through connected intelligences, an omnipresent web (Web 4.0). Atos helps its Defence and security clients move towards these Network Enabled Capabilities, by taking complex and divergent data streams and using them to create actionable intelligence. These capabilities contribute directly to more effective command and management structures in Defence and security organisations. Atos’ secure intelligence collection and assessment system supports the entire workflow of an intelligence service, from the collection of the information, through processing and analysis to distribution. Cyber security – securing cyberspace as an integrated part of life Cyber space technologies and applications are an integral part of many technologies, products, solutions and services. Cyber criminality is rapidly increasing, and in Defence and security we need to take cyber warfare and cyber terrorism fully into account. There are many different systems, all communicating with each other and as additional players join the ecosystem, complexity increases and so does the possibility of a security problem in one place that could end up infecting all the others. Cyber Risk & Business Impact Assessments focus on identifying crucial business processes, the crucial information in those processes and the required technology necessary for a minimum baseline in cyber security. Atos ScoutForce is a unique Cyber Threat Assessment solution using best of breed technology, combined with our proven analysis and testing techniques. This allows to rediscover the IT systems and to know the weaknesses and risks. That leverages the data generated from multiple sources to answer three key questions (3Ws) and to provide a snapshot of what it really happening inside the organization. The result is the information needed to reduce the overall risk and to avoid the cost of potential security breaches. Next-generation crime control Today there is a cyber world that exists in parallel to and integrated with the real world. This needs to be effectively policed, and that demands efficient management and intervention by trained executive forces equipped with technology. Next-generation crime control requires specific solutions for real-time knowledge exchange as well as biometric and forensic analyses monitored by specialist cyber police or cyber Defence forces. The main features of nextgeneration crime control technologies that Atos focuses on are: ›› Smart combination of future technologies like automated reasoning or semantic storage; ›› Highly efficient collaboration between applications; ›› Permanently available, real-time and intelligent detection of criminals by next generation identity management; ›› Advanced expert systems with artificial intelligence in efficient cooperation with conventional security forces; ›› Creation of security experience able to anticipate crime situations. People mobility and network security The continued, apparently unstoppable increase in mobility has a strong influence on the IT and communication security of organisations. We now need the most effective solutions for protection against unauthorised access to computers and networks, which will be based on advanced technologies for access management, authenticity, encryption, mobile devices, and other technology assets. Using Atos deployable IT and communications solutions, it is possible to be up and running at high speed and secure in any part of the world, and to keep working normally, no matter what the conditions may be. Joining it all together Defence and security organisations do not operate on their own but as components within a large ecosystem. Atos has worked closely with the Defence and security community for decades, and has deep and detailed knowledge and understanding of Defence equipment and support requirements. At Atos, there exist the depth, reach and stretch to cover the complete ecosystem demands. Atos’ extensive track record covers work for Ministries of Defence from the US, UK, Germany, the Netherlands, France, Spain and Australia, international organisations such as NATO and Armed Forces from Scandinavia and Eastern Europe to Latin America and Asia. Developing a MoD-wide IT strategy defines the corporate security policy and establishes the main directions and trends in terms of information systems, technical architecture, IT processes and organisation and communications networks belongs also to our field of play. Communication equipment, identity management infrastructure, BPO, ERP, Web-Based Training, Joint Command and Control Information DEFENCE TURKEY 48 Systems are also all fields of work that Atos has developed a broad experience in with respective MoD’s and NATO. AirC2IS from Atos Turkey will be NATO’s first networkenabled capability by design. It will be a system that is forward-looking and will equip the operational users to face the changing NATO environment and security challenges. Atos also supports the NATO automated personnel management based on widely used technologies. Atos has also enabled and ensured automated data exchange between C2 systems of several NATO and non-NATO nations, which have heterogeneous data structures and technologies, delivering on predefined information exchange requirements. In many different countries, including Turkey, Spain, Germany, The Netherlands and Arab Emirates, Atos provides a great variety of Command & Control Centers to police forces. These range from single site to country-wide; from purely police to integration with fire brigades and emergency and rescue services. Atos is not only able to ensure integration into the command and control centre, but also sets-up entire PMR networks, from small event-related networks to permanent, country-wide ISSUE 48/2013 solutions, such as the Polycom network in Switzerland. For national police forces, border guards and other security services managed by interior ministries, Atos delivers electronic identification solutions. These range from ePassport to fixed and mobile border checkpoint, as well as surveillance of non-regulated borders. We now have many references for solutions of this kind, originating in Spain, Bulgaria, Switzerland, Croatia and Italy. For the Australian federal police Atos developed the General Evidence Management System (GEMS) to support any type of investigation, improving the efficiency of any investigation team. Born out of the union of Atos Origin and Siemens IT Solutions and Services, Atos is an international information technology services company with annual revenues of EUR 8.8 billion and 76.400 employees in 47 countries. Serving a global client base, it delivers hi-tech transactional services, consulting and technology services, systems integration and managed services. Atos is focused on business technology that powers progress and helps organizations to create their firm of the future. Defence and Cyber Security Platform in Virtual World Dr.Cüneyd Fırat-General Manager,C2TECH Cyber security, according to the definition of The International Telecommunication Union (UTI), is the creation and maintenance of security mechanism that can protect institutions, organizations end users’ assets. Besides affecting users and their assets, cyberattacks expose great risks to nationwide critical infrastructures such as military, financial, health and energy systems, and their utilization as a form of military threat among nations is a well known fact. For that reason, candidate Cyber Security strategy and solutions should be evaluated in the context of national security and encompass the whole cyberspace simultaneously with the same depth and resolution. To this end, Turkey presented its Cyber Security strategy under the title of ‘’National Cybersecurity Strategy and 2013-2014 Action Plan’’ on June 20,2014. Efforts related to the strategic plan, action plans and policies supporting them are in progress. Cyber Security Council where the representatives of such critical institutions as TSK (Turkish Military Forces) CyberDefence Center and EGM (General Directorate of Security) Cybercrime Center take place can be considered the most important step. C2TECH, a company developing national solution and products of Network Intelligence and Cyber Security, plays an active role in Turkey in the are. C2TECH has a very deep and broad expertise on monitoring massive scale network traffic. Its NetRASAT and the other Cyber Security solutions can reveal a detailed image of users activities to security analists with its ability to capture low level packets and reconstruct the traffic. Traditional Cyber Security solutions are inadequate to avoid the constantly increasing and evolving cyberattacks of todys-‘s world. Particularly, in the face of diverse attacks exploiting unknown vulnerabilities, it has became indispensible to modify the ‘’Successful Defence’’ definition from ‘’keeping attackers outside’’ to ‘’they can infilitrate at times, but we can detect early’’. In order for Cyber Security experts to detect traffic anomalies and suspicious activities quickly, developing real-time traffic monitoring systems has emerged s as prominent requirement. Cyber Intelligence is a real-time situational awareness platform analysing online network traffic s well as the records acquired from critical infrastructures and the other units. ISSUE 48/2013 49 DEFENCE TURKEY Proactive Cyberdefence for Critical Infrastructure The Stuxnet demonstrated that critical infrastructure networks are no longer protected by isolation. They face the same as threats as other ICT networks, but the risks are far greater: a cyberattack against a critical infrastructure network can result in cascading failures across critical infrastructure and the industries they support. Yet, many critical infrastructure operators have done little or nothing to improve the cybersecurity of their facilities. Given the risks, governments cannot wait for the private sector to take initiative. They need to make cybersecurity a national security priority and work together with the private sector to prepare for cyberattacks. In this paper, we propose cybersecurity strategies that not only improve cybersecurity, but also make business sense in the 21st century. Exposure to external attacks Critical infrastructure networks are increasingly using Internet protocols and communicate with external resources, sometimes over the public Internet. The transition into Internet Protocol (IP) based networks helps reduce costs and improve efficiency, but it also exposes these previously isolated networks to external attacks. Most systems and protocols used in critical infrastructure networks were developed for closed networks with trusted devices and no connection to the outside world. They contain very little security features, and more worryingly, they have never been hardened. The biggest threat are devices, such as programmable logic controllers (PLCs) that control physical equipment like pumps and valves. When connecting industrial control networks to corporate networks and introducing other forms of connectivity, it is important to understand what the risks are and perform the necessary actions to mitigate the risks. power companies: if they companies do not pay the ransom, the criminals carry out an attack. US intelligence has attributed several power outages around the world to cyberextortion. Electric utilities and other critical infrastructure are also the target of constant probing. Probing is a part of cyber-reconnaissance and it is used to map network infrastructure and locate vulnerabilities for future attacks. Strategic partnerships with the private sector Given the importance of critical infrastructure networks, ad hoc responses to cyberattacks are not enough. As nations are prepared for natural disasters, they must also have a national cybersecurity strategy. In most countries, the majority of the critical national infrastructure and cyber infrastructure is owned and operated by the private sector. They know their systems best, they have the technical expertise, and most importantly, they have access to their own networks. Thus, a cybersecurity strategy will only be effective, if the private sector is committed to it and they will not commit to it, unless they can see the business benefits. From a business perspective, the transition into all-IP networks makes sense: it reduces costs and improves efficiency. From a purely security perspective, critical infrastructure networks should not be connected to the Internet, because it exposes the networks to outside attacks. However, keeping your networks isolated is not necessarily something you can do, if you want to run a successful business. The challenge is combining these perspectives and finding solutions that improve cybersecurity, but are also good for business. After all, Company CEOs want to make a profit, not defend a country. Cyberthreats: Probing and cyberextortion The increased connectivity enables cyber adversaries to have access to network areas that they would otherwise not have access to, unless they were physically inside a facility. Cyber adversaries are putting more and more effort into critical infrastructure networks: they are doing more research and are writing more malware addressed specifically towards the exploitation and disruption of industrial control systems. Cybercriminals use vulnerability intelligence to extort Figure 1: Good cyber-hygiene and proactive cyberDefence DEFENCE TURKEY 50 Proactive cyberDefence In all types of cyberattacks the initial access into a system is enabled by a vulnerability in the system. These vulnerabilities are simply errors made by the coders during development. Ideally, they should also be fixed during development, because after deployment the errors become exploitable vulnerabilities. Security researchers, security companies and hackers, discover some of the vulnerabilities. If they report their findings, software developers can create patches for the found vulnerabilities. These vulnerabilities are now known vulnerabilities. The biggest cybersecurity threat are the unknown, zero-day vulnerabilities still remaining in the code. Improving basic cyberhygiene The risk of cyberattacks can be reduced considerably by implementing basic cyberhygiene measures, such as deploying patches in a timely manner or using vulnerability scanning to test software products before release. Good cyber-hygiene also covers the use of signature-based security Defences, such IPS/IDS solutions, vulnerability scanners and firewalls. They are fairly efficient in defending against known attacks. However, they can only detect pieces of malware, for which an identifier, known as a signature, already exists and has been deployed. Attacks exploiting zeroday vulnerabilities can completely bypass these Defences. Advanced attacks, like Stuxnet, exploit multiple zero-day vulnerabilities making them extremely difficult to defend against. Proactive cyberDefence against advanced attacks Fuzzing is a security testing technique that can find previously unknown, zero-day vulnerabilities by triggering them with unexpected inputs. By incorporating fuzzing best practices into their development and procurement processes, organizations can significantly improve the security and robustness of their networks. The less vulnerabilities there are in the system, the harder it is to attack it. However, ISSUE 48/2013 not all attacks can be prevented, thus organizations must be able defend against attacks. The longer attacks stay undetected the more damage they can cause. Good abuse situation awareness, or Internet threats awareness, is key to establishing systematic and efficient processes for responding to cyber incidents. Organizations can improve their abuse situation awareness by automating information collection, processing and reporting and engaging in timely information sharing with their cybersecurity partners. Improving cyberthreat situation awareness Comprehensive situation awareness is achieved by combining threat and vulnerability intelligence from internal and external sources. Most organizations employ SIEM systems and IPS/IDS solutions, which provide valuable insight into incidents within networks. However, even serious cyber threats can be dismissed as random attacks, if the security personnel lack the global abuse situation awareness needed to examine events in coordination with other security incidents. Similarly, external abuse information requires network-specific intelligence to be applied into practice. CyberDefence best practices The majority of critical infrastructure is privately owned, and it is the private companies that need to make sure that their networks are robust and secure. However, due to the importance of these networks the protection of critical infrastructure cannot be left to the private sector. An effective cybersecurity strategy is based on partnership between government and the private sector, including both private companies and industry organizations, as well as international partners. The role of critical infrastructure operators Complex supply chains are typical for industrial control systems. Systems purchased by critical infrastructure operators, such as power utilities, are typically compiled by system integrators from devices and software they purchase from a variety of device manufacturers. These device manufacturers, in turn, purchase parts of their software from third-party software developers. The industrial control systems they produce often contain a software development kit (SDK), which can be used to modify the software to better meet the needs of the critical infrastructure operator. Additionally, open-source software is widely used in critical infrastructure. Develop better software If a company is developing its own software, the best way to ensure the security and robustness of the software they develop is to identify and eliminate vulnerabilities during software development. Large software houses already include fuzzing as a part of their secure development lifecycles: Cisco’s CSDL, Microsoft’s SDL and the Adobe Product lifecycles are good examples of this. Giants like IBM and Google also promote fuzzing. Software development for industrial control systems (ICS) would benefit greatly from the same approach. The earlier the vulnerabilities are found, the easier and cheaper it is to fix them. Indeed, by building security into your software you can avoid costly, critical, and embarrassing software blunders. Only buy robust software Many vendors are in a hurry to push software onto the market, and often times it is the user who ends up doing the testing. By insisting on using fuzzing as an acceptance condition, you can make vendors claim responsibility over the quality and security of their products. Operators are already starting to use fuzzing as entry criteria for their network suppliers. Why not use fuzzing to ensure that all equipment you accept into your network is robust and secure? In critical infrastructure networks, patching can be difficult. The more vulnerabilities you can fix prior to implementation, the less patching you will need to do later on. ISSUE 48/2013 The role of industry organizations Engaging industry associations and industry leaders in the development of a cybersecurity strategy helps to ensure that adopted policy is one that the private sector can commit to. Industry associations play a major role in motivating the private sector and in ensuring that the proposed cybersecurity policies also make business sense. The North American Electric Reliability Corporation (NERC) introduced a set of eight critical infrastructure protection (CIP) standards (CIP-002 to CIP-009). These standards are mandatory in the US and Canada, and NERC has the authority to audit energy producers and distributors and fine them up to $1M per day per violation. The challenge with standards is keeping them up-todate. Cybersecurity: A national priority The mandate for cybersecurity must come from a high level. Protection must be implemented by the network owners because only they have access to their own networks, but governments must use their authority to make cybersecurity a national priority. The role of the government is to build partnerships with the private sector and to get the private sector to understand that cybersecurity is not only a means of insuring against malicious compromise, but also a necessary component of business continuity. The private sector will only commit to the cybersecurity effort if they can see the benefits (i.e., if the efforts also make sense at a business level). 51 increasing cybersecurity awareness within the organization and partner network, and improving cyberDefence processes. For example, by collecting abuse information from internal and external resources, over the years, the organization creates a valuable database, which helps it monitor networks even more effectively. Global cooperation Cybercriminals act globally, but national borders restrict the jurisdiction of law enforcement. To catch cybercriminals and to prosecute them more effectively, cooperation between national and international law enforcement is needed. This is only possible through the harmonization of cybercrime laws and the timely sharing of information between partners. Cybercriminals move fast, so law enforcement must also work at “Internet speed”. Timely information sharing also helps build a culture of transparency and trust between global partners. Conclusion Cyberattacks can never be fully avoided, but with the correct cybersecurity strategies the risk DEFENCE TURKEY of cyberattacks can be reduced considerably. By improving the resilience of your critical infrastructure networks, you can make it significantly harder for the bad actors to attack your system. Proactive Defence is all about improving national cyberDefence capabilities, i.e., a nation’s ability to prevent and detect cyberattacks. By using fuzzing to test your systems, you can find and fix vulnerabilities, before your cyber adversaries have a chance to exploit them. By collecting the latest threat information you can improve your abuse situation awareness and detect attacks at the earliest possible moment. However, proactive cyberDefence is not just about implementing new technologies; it is about improving internal processes and building strong partnerships. Timely information sharing is an important part of proactive cyberDefence, because transparency strengthens partnerships. Transparency also serves another purpose: it ensures that the efforts we make to secure cyberspace do not compromise the openness of the Internet, which is the very source of its success. Timely information sharing National actors play a key role in promoting information sharing, which is essential to successful partnerships between the private and public sector. The ability of a nation’s core cybersecurity units to produce and share relevant cybersecurity information is an indicator of its cyberDefence capability. Technological solutions increase automation and enable organizations to do more with the resources they have. However, the main goal is Figure 2: Actors in the Critical Infrastructure DEFENCE TURKEY 52 ISSUE 48/2013 Oracle Security Solutions Oracle Database Security From the outset, Oracle has delivered the industry’s most advanced technology to safeguard data at the source—the database. Oracle provides a comprehensive portfolio of security solutions to ensure data privacy, protect against insider threats, and enable regulatory compliance for both Oracle and nonOracle databases. Oracle’s powerful preventive and detective security controls include database activity monitoring and blocking, privileged user and multifactor access control, data classification and discovery, transparent data encryption, consolidated auditing and reporting, secure configuration management, and data masking. With Oracle, customers can deploy reliable data security solutions that require no changes to existing applications, saving time and money. Oracle Audit Vault and Database Firewall Monitor Oracle and non-Oracle database traffic to detect and block threats, as well as improve compliance reporting by consolidating audit data from databases, operating systems, directories, and other sources. Oracle Advanced Security Comply with privacy and regulatory mandates that require encrypting and redacting (display masking) application data, such as credit cards, social security numbers, or personally identifiable information (PII). By encrypting data at rest and masking data whenever it leaves the database, Oracle Advanced Security provides the most cost-effective solution for comprehensive data protection. Oracle Database Vault Increase the security of existing applications and address regulatory mandates that call for separation- of-duties, least privilege, and other preventive controls to ensure data integrity and data privacy. Oracle Database Vault proactively protects application data stored in the Oracle database from being accessed by privileged database users. Oracle Label Security Easily categorize and mediate access to data based on its classification. Designed to meet public-sector requirements for multilevel security and mandatory access control, Oracle Label Security provides a flexible framework that both government and commercial entities worldwide can use to manage access to data on a “need to know” basis in order to protect data privacy and achieve regulatory compliance. Oracle Data Masking Comply with data privacy and protection mandates that restrict the use of actual customer data. With Oracle Data Masking Pack, sensitive information such as credit card or social security numbers can be replaced with realistic values, allowing production data to be safely used for development, testing, or sharing with out-source or off-shore partners. Oracle Identity Management is a complete and integrated, nextgeneration identity management platform that provides breakthrough scalability; enables organizations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. Built on an innovative modern architecture that blends extreme scalability with rich user experience, Oracle Identity Management offers a best-in-class suite of identity management solutions that allow organizations to simplify identity lifecycle management and secure access from any device for all enterprise resources – both within and beyond the firewall. Access Management Oracle provides the industry’s most advanced security solution for securing applications, data, Web services, and cloud-based services. Built on a uniquely integrated modern architecture, Oracle Access Management software gives customers the flexibility to deploy a comprehensive solution delivering authentication, single sign-on, authorization, federation, mobile and social sign-on, identity propagation, and risk-based authentication and authorization at the network perimeter. Identity Governance Oracle Identity Governance empowers user self-service, simplifies account administration, and streamlines audit tasks resulting in a lower overall total cost of ownership for managing identities. By delivering a comprehensive platform for user registration, access request, role lifecycle management, provisioning, access certification, closed-loop remediation and privileged account management, Oracle is delivering a solution that both simplifies the process to address today’s requirements and enables organizations to address emerging opportunities. Directory Services Oracle delivers the industry’s only integrated directory solution optimized for cloud, mobile, and social ecosystems. With a complete set of directory capabilities including identity virtualization, storage, and synchronization services, Oracle provides breakthrough performance for mission-critical enterprise and carrier grade environments. ISSUE 48/2013 53 DEFENCE TURKEY End-To-End Cyber Resilience with SAP Solutions Cyberculture is growing faster than cybersecurity, and this is placing everything that depends on cyberspace at risk. Private data, intellectual property, IT infrastructure, and even military and national security – it can all be compromised by deliberate attacks, inadvertent security lapses, and the inherent vulnerability of the Internet. The fact is, cyberculture is growing rapidly, and it has taken on a life of its own that won’t stop. The Internet has made access to information ubiquitous. Almost all business and government activities now rely on digital connectivity. And even traditional aspects of everyday life – such as appliances and cars – may soon come with their own IP addresses. As these examples illustrate, dependence on the cyber domain is no longer limited to advanced technologies, and participation in it is no longer a choice. The economic, governmental, and social advantages that a digital world can enable are difficult to even quantify – and there’s no going back. For these reasons, governments and their citizens must tackle cybersecurity issues head on – and make necessary changes in habits and lifestyle to protect their processes and assets. Lack of effective cybersecurity threatens not only the gains made possible Managing the Cyber Resilience Lifecycle by information technology, but also other elements of daily life that are now dependent on the Internet. It’s time to refine the focus on what a secure digital world can enable, because an unsecured Internet is worse than none at all. Real-Time Protection: Protecting Economies, Governments, and Citizens In today’s volatile sociopolitical environment, governments have to carefully protect the information that they collect and process. To achieve this, they need a thorough information management policy combined with real-time cyberreporting and analytical tools. The technologies they deploy to improve cybersecurity should also boost cost-containment efforts and empower leaders to make effective decisions. To help governments realize these goals, SAP offers cyber-intelligence software that supports quick analysis of complex intelligence relationships and networks of IP-related information. Intelligence agencies can use it to share information securely across teams, agencies, and borders, as well as perform integrated intelligence analysis of structured and unstructured data. By integrating and simplifying previously complex, disconnected information sources, agencies can have a clear, shared intelligence picture that helps them uncover and address cyberattacks quickly and efficiently. SAP software also supports cyberspace-related investigative processes from case initiation to close. Agencies can use it to gather intelligence, organize investigative data, and centrally manage all intelligence-led policing processes. In addition, investigators can classify incidents, assign leads, and decide on follow-up activities, increasing agency efficiency and effectiveness. Managing the Cyber Resilience Lifecycle With SAP software, governments gain a more complete view of intelligence data and can enable investigative best practices and evidence-based decision making. Agents can process investigative cases from initiation to close and get insights to anticipate, solve, and reduce incidents. They can also analyze complex intelligence relationships and networks of seemingly disconnected people, objects, locations, and events for a clear, common intelligence picture. ›› Identify and catalog critical infrastructures that are vulnerable to cyber compromises ›› Approach cybersecurity as the ongoing management of continuous risk, not as a safeguard against specific future attacks ›› Foster the view that cybersecurity is ultimately about protecting everything of value – not just digital assets ›› Plan for resiliency so the government can react swiftly when cybersecurity is compromised despite protective efforts ›› View bringing digital data into a government’s virtual space as a risk that must be managed similarly to food imports, immigration, and other customs SAP Innovations for Cyber Risk Management Breakthrough technologies from SAP can help governments of all sizes drive change and create bestrun agencies that can cultivate true, effective cyber resilience. SAP solutions enable cyber risk management in real time to assure the security of government identities. They’re also designed to help agencies process Big Data in near real time, drive new online services, and “unwire” citizens and employees by providing mobile access to processes and data. For example, in-memory databases, such as the SAP HANA DEFENCE TURKEY 54 platform, enable governments to get more from their data faster. Data is essential to making decisions, improving operational efficiencies, and providing government-togovernment (G2G), government-tocitizen (G2C), and government-tobusiness (G2B) services. SAP software powered by SAP HANA can also help agencies transform operations by streamlining processes and integrating massive amounts of data on a single platform. They can manage, access, and use large volumes of data in real time while enjoying fast, predictable application performance. Best-run government organizations also need business intelligence (BI) solutions to extract and transform data into actionable insight for fast, informed decision making. Using BI solutions from SAP, they can deliver the right reports to the right people at the right time and even generate complex, ad hoc reports and queries. SAP solutions are designed to deliver superior performance for critical intelligence, analytics, and data warehousing activities on any standard hardware and operating system. Identity Detection and Resolution Identify and register IP-related information or unknown persons and organizations. Validate and classify known persons and organizations. Investigation Processing Process investigative cases from beginning to end; track relevant information, involved people, objects, locations, and events; and manage relevant data and documents. ISSUE 48/2013 Intelligence Analysis and Reporting Analyze massive amounts of data with intuitive graphical tools, find hidden connections and patterns, draw conclusions, and share results. Run management as well as operational reports. Identity Detection and Resolution Government agencies can use SAP software to efficiently identify and register IP-related information or unknown persons and organizations. They can also quickly validate and classify known persons and organizations as part of an efficient identify detection process. With governmental cyber resilience intelligence solutions from SAP, intelligence professionals have the tools to track accurate intelligence data related to IPrelated information, persons, objects, entities, locations, and events, as well as understand their interrelationships. Key functions help people identify and categorize relevant details and their relationships to cases, leads, incidents, and activities, as well as store, upload, and classify outcomes. By discovering, relating, validating, and evaluating identities, analysts and investigators can discover unknown persons and organizations of interest. At the same time, analysts and investigators gain a fuller view of intelligence data, enabling consistent investigative best practices and evidence-based decision making. Capabilities: Use Intelligence More Effectively Governmental cyber resilience solutions from SAP support investigation processing so agencies can efficiently manage the investigative work process. For example, in the event of a serious cyber-attack against a federal government office, investigators can use a structured process based on best practices to track incidents and manage the investigation process. They can plan and execute activities in a coordinated manner; collect comprehensive structured information; and display, evaluate, and share this information in a transparent manner. In addition, SAP software helps agencies organize the data and support the processes that are typically used in intelligence and policing, especially those processes used to investigate cybercrimes. This leads to faster decision making during the investigation process, a higher percentage of solved incidents, and reduced cybercrime rates. Reporting and statistical analyses happen automatically, rather than manually. Predefined operational key performance indicators help management teams track effectiveness and view trends, as well as see “hot spots” and identify the likely source of them. Executives can then make better resource allocations based on this data. Benefits: Get the Full Picture to Reach the Right Conclusions With SAP software, government agencies can efficiently process investigative cases from initiation to close. At every step, analysts and investigators have the insights they need to anticipate, solve, and reduce criminal and terrorist incidents in cyberspace. Intelligence Analysis and Reporting Using SAP software, agencies can analyze massive amounts of data using intuitive, graphical tools. These tools reveal meaningful connections and patterns that aren’t obvious otherwise. Agents can draw ISSUE 48/2013 conclusions and share insights with stakeholders. And at any time, they can run management and operational reporting. SAP software supports quick analysis of complex intelligence relationships and networks of IPrelated information, people, objects, locations, and events. Intelligence agencies can share information securely across teams, agencies, and borders. The software also provides integrated intelligence analysis of structured and unstructured data with source tracking, access control, visual analysis, and flexible modeling of complex data sets. The result? Agencies can integrate and simplify previously complex, disconnected information sources to get a clear, common intelligence picture. This consolidated data can be analyzed using visual, interactive tools that even support fast, ad hoc analysis on raw data; no data modeling is needed. As a result, investigators can work freestyle without dependence on IT and spend their time on true analysis rather than technical issues. Find the Hidden Knowledge in Data Developing a detailed intelligence picture is vital to the success of any cyber resilience operation. But to target serious and organized cybercrime, analysts and investigators need to focus on hidden associations and connections between disparate, disorganized data sets. This requires having the right analytical and reporting tools. Governmental cyber resilience solutions from SAP provide a robust, intuitive tool set that helps analysts and investigators conduct full investigations that can lead to intelligence breakthroughs and more informed decisions. For example, the SAP Intelligence Analysis for Public Sector application by Palantir is a complete software solution for intelligence analysts and investigators. It integrates structured and unstructured data across classification and security levels. At the same time, it helps analysts perform advanced searches efficiently, leverage enterprisewide knowledge management, 55 DEFENCE TURKEY SAP Intelligence Analysis for Public Sector by Palantir Solution and collaborate within and across agencies. In addition, SAP software supports data cleansing and consolidation on even the largest data stores, improving data quality. This helps ensure more accurate analyses. More Pictures, Less Words Make Insights Easy SAP software provides graphical interfaces with intuitive, builtin user guidance that facilitates efficient handling of large masses of structured and unstructured data. These features help investigators quickly find the needle in the haystack – and bring perpetrators of cybercrimes to justice. SAP software empowers decision makers at every level by providing robust analytics that help them combine fragments of data from multiple sources and gain a unified view of crimes and threats. It also offers powerful tools for information management – complete with fullsource tracking, fine-grained access control, flexible data modeling, and data integration. All of this functionality is available through a powerful, intuitive interface. For example, with the SAP Intelligence Analysis for Public Sector application, an analyst or investigator can begin an investigation and achieve results within hours or days rather than weeks. The software efficiently automates hundreds of tasks that are currently performed manually within most agencies. By putting advanced features at the fingertips of information analysts, the solution breaks down barriers to expedite intelligence analysis, discovery, and sharing. Public Security Value Map with End-to-End SAP Solutions Cyber Resilience is an integral part of SAP solutions that aim to provide value to organizations in the field of security. Please check SAP web site and SAP Solution Explorer. DEFENCE TURKEY 56 ISSUE 48/2013 Understanding a Space Called Cyber Mr. Nigel Jones, Director of the Cyber Masters Programme, Cranfield University at the Defence Academy of the United Kingdom. There is no doubt that many people have difficulty grappling with the idea of cyber space, cyber security, information security and many other terms proliferating through the media and public policy. Part of it is because the ‘virtual’ label makes it seem so intangible, and hard to touch. Those who try to communicate the seriousness of the threat have difficulty in making it seem real and present. Part of the problem is also because the subject doesn’t seem to conform to any traditional organisation that one would expect in a higher education institution or professional interest group. When one opens a discussion on security with an engineer, it is not long before one needs to get a psychologist in the room too, and not just because one is talking to an engineer. Rather, security is a problem that must work across disciplines and bring an understanding of technology and behaviour together. Presenting a coherent whole across disciplines is difficult for any one person or group. Some have tried to depict cyberspace as having a number of layers comprising the social, people, persona, information, data, network and physical layers. I prefer to think of them as dimensions, as they are not so easily separated in layers and are much more interconnected. The diagram below provides a graphical representation of cyber space. For me, these dimensions raise a number of large real world questions (giving a lie to the ‘virtual) that we are trying to tackle in our multi-disciplinary teaching and research at Cranfield Defence and Security For me, these dimensions raise a number of large real world questions (giving a lie to the ‘virtual) that we are trying to tackle in our multi-disciplinary teaching and research at Cranfield Defence and Security. The people dimension Why do people behave as they do? Understanding the motivations and drivers of people is a critical element of any criminal investigation or security cultural and behavioural change programme. Why people are motivated to attack systems, adopt certain technologies or act securely are questions of particular interest. The persona dimension Who is who and how do we know? People online can have multiple personas. @John is not the same as John the person, who could just as easily be @fred. How can we really know who is who? How do we build trust between people, and between people and businesses online? How easy is it to show that an event on the internet is associated with a particular person in a particular place, good enough to stand scrutiny in court? The information dimension How is data and information used and exploited? Information is an asset. It has value for scientists, health administrators, students, consumers companies, marketers and intelligence analysts. It also has a value to criminals and spies. Cranfield is interested in how information is valued, managed and exploited. We are interested in how data becomes information and knowledge, and how it is visualised and processed to create new knowledge. The network dimension How do I keep my networks, systems and services secure and resilient? The connectivity supplied by infrastructure allows us to communicate, store, process information and to control processes in critical places such as power plants and transport systems. Keeping them secure and online at a time when more distributed architectures such as cloud computing are implemented is of critical importance for study and research. The physical world How does the virtual world affect the physical world and vice versa? The other dimensions should not be seen separately – people work with networked technology to provide services for other people. One cannot either separate the physical world from the virtual world. In one sense the information infrastructure runs on real kit in real places in real jurisdictions (as well as space). In another the impact of a discussion on one forum can play out in a city centre. Together these dimensions and challenges for research and teaching point towards a set of real world problems that we at Cranfield are addressing by bringing technicians, engineers and social scientist together.