Cyber Security

MOTIVATIONS

---

• Taking measures against the common cyber threats in different sizes and in different ways in Turkey
• The technology and trend of cyber security, and the ability to make national innovations in this area
• Awareness of ecosystem stakeholders against cyber threats and crimes
• Protection of systems with domestic and national products
• Elimination of legal gaps in cyber security

APPLICATIONS

---

• Cyber Security Management System

The cyber security system creates a security concept for a smart and sustainable city in terms of both technology and management, and can also include centers such as information security infrastructure, security management center, access management center and identity management center. As an example, NIST Cyber Security Infrastructure provides a computer security guidance policy on how institutions can assess and improve the ability to prevent, detect, and respond to cyber-attacks.

• Cyber Security Technical Protection System

It may include several centers, such as a technical protection system, an information security infrastructure, a security management center, an access management center and an identity management center. The information security infrastructure constitutes the technical basis of the whole system and, therefore, provides a multitude of security functions. Duties of information security infrastructure centers include disaster recovery, emergency monitoring, key management, security management, security assessment and identity management.

• Cyber Safety Operational and Maintenance Systems

It is the whole of the applications which provides systematic follow-up of regular / periodic work in order to ensure the continuous and healthy operation of IT assets and operation and support activities with the aim of operating IT related assets (application, hardware, network, database, archive, etc.) in a healthy manner. Ex: Maintenance of IOT devices, maintenance of smart data center etc.

• Redundancy of Cyber Systems

The redundancy in a cyber-system consists of creating multiple resources serving the same jobs and  architects that take place of each other in case of loss of primary system resources. Service continuity and parameters of business models based entirely on cyber systems, such as critical applications and electronic commerce, are of great importance. In order for these parameters to be realized at high levels, it is necessary that the cyber systems should be affected at the minimum level from malfunction and cyber-attacks.

• Continuously Adaptable Risk and Protection Assessment System

Increasing complex infrastructures increase the threat potentials of information security systems. Therefore, systems must be adapted to continuous risks and protection requirements. Ex: DevSecOps Portal

• Smart Data Center Security

Data centers need to be set up and managed in accordance with standards to counter threats to data centers, vulnerabilities such as suspicious malware, manipulations, or theft / fire. As well as ISO 27001, the application of special protocols for smart cities can ensure that these systems are managed on the basis of the required level principles.

• Management of Cyber Risks in Cloud Technologies

In cloud technologies, protection and privacy of data, security of virtual infrastructure and platforms, securement of all cloud applications, monitoring of cloud traffic, integration with other cloud services are covered. Ex: Penetration tests, cloud monitoring, data transfer protocols

• Security of IOT

The most important element in IOT is data. Data may be attacked on each layer. The content must be transmitted in confidentiality and integrity without changing the content from the first user to the end user. The attacker can be found attacking the sensors in order to be able to carry out the threats to the virus, altering the content of the data obtained by the secret listening, destroying the data, reproducing the data, and attacking the servers and applications. Implementation of elements such as Intrusion Detection System, Wireless Sensor and Network Management and Control Encryption Algorithm, Access Control Authentication Mechanism, Key Share Antivirus Program, Specification and Implementation of Security Rules are recommended to establish a reliable IOT mechanism.

• M2M Communication Security

Cyber security in M2M (wireless communication between machines) communication is a new field that goes beyond traditional IT security. The M2M cyber security system looks at security vulnerabilities in restricted, computer-controlled and highly automated environments, and there is no direct user access / intervention. Such environments include wireless sensor networks, industrial control systems, or smart network infrastructure. It relies on real-time embedded systems with critical protection, often interconnected using wired (e.g. Ethernet, RS-485) or wireless (e.g. 802.15.4) network standards.

• Protection from Electromagnetic Fields

Magnetic fields created by high-voltage electrical cables and electromagnetic fields generated by satellites, radios, wireless networks, telecommunication equipment cause such signal impairments. Shielded cables can be used as an example to prevent cable transmission paths from being affected by electromagnetic fields.

• Smart Password Management Applications

Such applications make it difficult to predict password from cyber threats. It also prevents additional unauthorized entries to keep the certificate secure. Sensitive information can be protected with strong encryption.

• Fraud Detection

Fraud is a term that can be seen in different ways almost every sector, which can be subject to forensic investigation leading to financial and reputational loss. In the case of payment system, it means to gain unfair advantage by trading from any business or ATM by someone else’s credit or debit card, thus damaging the actual card holder, the workplace or the bank. The mentioned transactions, performed by fraudulent persons, can be done in a physical or virtual environment.

• Computer Emergency Response Teams

Computer Emergency Response Teams (CERT) or Computer Security Incident Response Teams (CSIRT) are generic names given to teams established to interfere with computer security incidents. Due to the rapid rise in the Internet and therefore security breaches, these teams work in areas such as open and event analysis, job attendance planning, training and instant network characterization. It supports on issues such as incident response, warning, fight against exploits, risk analysis, work attendance planning, security consulting, awareness raising, penetration testing, technology monitoring, configuration and operation of security applications.

• Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) are devices or software that monitor malicious activity or policy violations against networks or systems. The main task of this system is to identify malicious activities and report on the course of the attack. Ex: Computer Based Intrusion Detection System, Signature Based, Anomaly Based software applications that determine malicious activities.

• Intrusion Prevention Systems (IPS)

Intrusion Prevention System (IPS) is an intrusion detection and prevention system. IPSs detect and block the internet traffic that contains the attack. IDS / IPS systems work on Firewall. With the applications written in this subject, the signatures prepared according to the attack types can be easily selected and operated by the user.

• Security Event Management and Correlation System (SIEM)

It is the system that collects, stores and processed Digital records (log recording) generated by software, system and hardware resources that actively work in one or more network structures on a single system, makes available for human use comprehensibly, stores Digital records and reports in accordance with the standards. Ex: Detecting abnormalities by defining smart rules and informing appointed people through desired channels.

• Block Chain Based Cyber Security System

Using security methods such as block-chain security measures, cryptographic algorithms, digital signatures and abstract functions, systems are made ready for cyber-attacks. It is used for the banking sector, financial institutions, health services, electronic voting, IOT and computer networks.

• Cyber Threat Tools and Prevention Methods

The attack that hackers or hacker groups that specialize in computer and internet are doing with the aim of harming the sites or computers such as bank, police, gendarmerie, state, person, firm is called Cyber Attack. In the event of such attacks, information can be retrieved or information can be destroyed by inserting worms, Trojans, worms, and exploits. Malware, Viruses, worms, Trojans, backdoors, message fog, root user sets, phone dialers, vulnerability exploiters, keyboard listening systems, browser peeling, spyware and unsafe network environments increase the risk of cyber-attacks. Network security depends on the security of the network elements that make up the backbone. It is possible to attack the systems and gain access to the information by exploiting the security vulnerabilities of the products on the network.
Distributed Denial of Service (DDOS) Attacks: A DDoS attack is defined as a type of cyber-attack that is intended to prevent an online application or service from running and to prevent the system from responding using the full bandwidth.

Password Capture Attacks: Social Engineering and Password Estimation methods are the main methods used in this type of attack.

Side Channel Attacks: Devices that are implementations of cryptographic algorithms produce, at some unintended output, other than open data and closed data, and this information can be easily measured. If these outputs are in some way connected to confidential information stored in the device, these links are called side channel information.

• Safe Design and Engineering

When smart city model is being built or operated, it should be ensured that safe systems and simulations are operated safely and securely.

• Safe Disposal

Deleting data that does not need to be stored using standard delete commands is not enough. This data should be destroyed safely and permanently. If the tools are not used to securely and permanently erase the data, there is a risk that the most important data for institutions will be disguised by unwanted persons. Time, money and most importantly, the reputation loss of institutions is not possible to compensate. Using secure data destruction equipment, which can be verified in accordance with the standards for safe data destruction, is the best way to safely destroy data without risk. Depending on the level of safety required, the disposal of digital data is done in three different ways.

– Wipe (Secure data deletion)

– Degaussing or Degauss Process (Magnetic Track Deterioration)

– Physical fragmentation

• IT Comprehensive Identity Management

It is the provision of the storage, processing or display of the most basic data of all information processing systems. In addition to this basic objective, the security of a system that does not control access to data is equivalent to being aware of the existence of that system or application. With the widespread use of computer systems, the applications of identity management must be added to these applications. An example is the identification of identity management processes and the creation of a healthy access to information system participants (customers, suppliers, employees, IT staff, virtual identities).

• IT Comprehensive Validation and Authorization

In authentication and authorization systems, the use of biometric solutions increases both physical and logical security. Thanks to additional secondary verification systems to the card systems, the obtained information and the information in the system can be verified, thus preventing unauthorized access altogether. Ex: Card systems, iris or face recognition, fingerprint.

• Network Monitoring

Network monitoring is a system or software that continuously monitors network devices using SNMP and Flow protocols and sends information to the network administrator, usually by e-mail, in case of an interruption-failure. Network monitoring usually occurs using a software application and tool. Network monitoring is one of the most important resources of the network management system. With the help of network monitoring software or applications, it is tried to control the data flow on network, system and network devices integrity and health status, stabilization of web applications.

• Cyber Security Awareness Training

It provides training to raise awareness about cyber security concepts, threats and prevention methods to the information technology and system users. The post-training awareness level measurement / evaluation exams are carried out in the context of the current attack methods and the measures to be taken against them in the context of the scenarios. Thus, attendees and managers are increasingly aware of the level of education.

CHALLENGES

---

• Deficiencies in the promotion, dissemination and branding of domestic and national manufactured products
• The newness of technology and security measures, inadequacy of standardization and legal infrastructure Works
• Domestic equipment is not sufficient in the area of cyber security
• Insufficient human resources in the area of cyber security
• Deficiencies in directing young, dynamic and curious influence to these areas
• Not handling security issues at the required level in financing and transformation plans
• Unable to create a holistic approach to cyber threats