LET’S NOT OFFER OUR DATA TO BIG THIEVES IN ORDER TO PROTECT AGAINST SMALL THIEVES

Defining the internet solely as a technological infrastructure that connects billions of terminals worldwide is not incorrect, but it is an incomplete description. With advancing technologies, the internet has become a new phenomenon that affects and forces change in every aspect of life. One of the established concepts most impacted by this phenomenon, which has taken shape over the past 20 years, is “security.” This impact is so profound that it has necessitated a new definition of security: cybersecurity.

To contribute to a better understanding of some of the ongoing international discussions, I would like to evaluate cybersecurity in terms of its impact on national policies.

In addition to their military capacities and economic power, countries’ ability to access necessary information is highly valuable in determining their place in the international system. This capability, which can be most simply defined as information superiority, can be measured by the ability to access others’ data as well as to protect one’s own data.

Considering that access to information is provided through information technologies and communication infrastructures, it is easy to understand why countries’ interest in cybersecurity has increased. This is why the need to localize information technologies and communication products is rapidly growing. We are witnessing that many countries willing to stay in the game are investing in these areas, and the pursuit of localization is rising globally.

So, what is the situation in our country?

There are significant efforts and incentives, but we are not using our time efficiently. The gap between us and certain countries is widening to our disadvantage. While I do not claim that it is impossible to close this gap later, it is clear that it will become much more difficult. Even if we cannot be a global leader, we must at least aim to catch the last wagon of the last train.

In the past, cybersecurity was associated only with concepts like hardware, software, infrastructure, and technical vulnerabilities. Today, however, it is also linked to terms like trade wars, defense industry, embargo, retaliation, and foreign policy. The recent Huawei ban in the United States, for example, is shaped by these very concepts. The technical aspect can sometimes be a cause and sometimes an excuse. From our perspective, the lesson to be learned here is this: No powerful country would want to leave its own information or that of its citizens at the mercy of foreign-made products, nor would it allow a technology firm from another country to infiltrate its network solely based on a price advantage. This is why localization in communication products is no longer an option but a necessity.

From a data security standpoint, I believe that the products we invest millions of dollars in as a country should also be scrutinized for cybersecurity. At the very least, they should be questioned. Indeed, some products that we use specifically to protect us might actually be extracting our information. In other words, we might be handing over both our money and data to the big thief to protect us from the small thief. Wouldn’t it be naive to assume this possibility is completely out of the question? We have seen that this reasoning was also cited in the ban imposed by the United States.

There are significant gaps in our approach to cybersecurity in our country. The general perception, unfortunately, remains narrowly focused on web security. The essence of the matter, however, is data security—the security of any hardware and software that produces, distributes, or processes data. From this perspective, every electronic system and the software that runs on them is part of cybersecurity.

Is there such a thing as a secure system?

Absolute security does not exist, but there are ways to identify, measure, and minimize all types of risks. How secure you are also depends on your potential adversaries. In other words, who are the entities that might target you? Developing a proportionate security approach based on this consideration is the smart thing to do. The detrimental approach, on the other hand, is to adopt a defeatist attitude like “they are already taking everything from us,” or to resort to radical measures like “unplug everything and stop working.” Neither of these extreme approaches is meaningful or beneficial. In the new generation of cybersecurity approaches, the countries that will win are those that can support “data-accessing technology companies” first within their own country and then internationally, while also creating mechanisms that prevent their own companies from becoming complacent.

In the period leading up to 2025 and 2050, data will determine whether countries “stay in the league.” Unfortunately, countries that fall out of the league will not be able to return. There is a growing awareness of cybersecurity and data security at the decision-making level in our country. However, this awareness alone is not sufficient in the 21st century, where states themselves have become sources of cyber threats and where control over data is the key element of power and continuity. The behavior that aligns with our ideal of independence should be to move beyond the rhetorical “cybersecurity and data security are important” trap and to address these needs with local capabilities. Under the current circumstances, we need to focus on the needs of tomorrow. Otherwise, we will continue to lag behind, and in this area, there is no significant difference between falling behind and not arriving at all.