While it bolsters its defenses elsewhere, Turkey is not leaving its cyberspace exposed as a center inaugurated last year works to help authorities detect incoming threats. The National Cybersecurity Intervention Center (USOM) scans 16 million IP addresses at all times in a bid to stave off online risks. This year alone, USOM detected 27,408 malicious links, 8,841 cybersecurity breaches and issued 878 security notices to public agencies warning them about cyberattacks.
A subsidiary of the Information Technologies and Communications Authority (BTK), USOM was conceived as part of a cybersecurity action plan and began working under the agency that preceded BTK. In 2016, it was reorganized and last year it moved to a new, more modern center in the capital Ankara.
Dubbed the country’s cyberspace outpost, USOM’s mission involves developing cybersecurity needs, creating alerts and warnings against cyberthreats, running intervention teams against critical security breaches and coordinating defenses against cyberattacks nationwide. The center also helped the country rise to 11th place globally and sixth in Europe on the International Telecommunications Union's Global Cybersecurity Index.
Under four main programs, USOM runs a series of projects on capacity building, rapid detection and prevention systems, threat intelligence acquisition, creation and sharing, and protection of critical infrastructures.
The center taps into young talent for its staff and nationwide cybersecurity needs and every year, it organizes a Capture The Flag event to find skilled white hat hackers. The FETIH (Conquest) Cyber Talimhane project run by USOM organizes training for cybersecurity experts in fully equipped laboratories. Named after Ottoman-era training grounds for soldiers, the project picks outstanding young talent to train in cyber defense. Turkey, which faces increasing cyberattacks, started holding cybersecurity exercises in 2011 and since then, USOM, in coordination with ministries and other agencies, took part in five national and two international exercises.
USOM’s diverse array of programs and applications include Avcı, Azad, Kasırga, Atmaca and Kule. All developed domestically, they help reinforce the country's cyber defenses. Avcı (Hunter) allows staff to detect systems and command control centers exposed to malware. Azad (Free) taps into machine learning and artificial intelligence (AI) to detect infected computers used in robot networks, known as botnets. Kasırga (Hurricane) involves scanning exploitations in systems used by critical public agencies, infrastructure and open sources, to ensure sustained security. Atmaca (Hawk), integrated with Kasırga, is at the forefront of regular control of millions of IP addresses for proactive detection of exposure to risks. Kule (Tower), a locally made software, helps efficient data management and allows for alerts to be sent faster to relevant authorities on cybersecurity shortcomings.
A broad range of work is carried out at the center, including analysis of malware, investigations of digital records and tests against potential hacks.
USOM serves as the main coordinator of intelligence sharing on cybersecurity with other countries and works with primary actors in the online international community, international corporations, judicial authorities, research centers, universities and the private sector.
Along with cyberthreats, USOM and BTK work on the establishment of technical infrastructure for a national mobile alert system for early warning and assistance to people living in areas exposed to natural disasters as well as wide-ranging cyberattacks.