How Türkiye can gear up to counter the coming cybersecurity challenge

As we move further into 2023, Türkiye is preparing a National Cybersecurity Strategy for the 2024-2027 period.

This much anticipated strategy takes shape at a critical juncture when the spectrum of cyber threats has expanded considerably, demanding innovative and dynamic responses.

The strategy and blueprint for the coming years present a golden opportunity to underscore the importance of strengthening connections within the country’s cybersecurity talent matrix.

Rotation of experts between public, private sectors, and academia in a well-orchestrated way may serve as an adept mechanism to achieve this objective.

Even advanced technological defences age and lose their cutting-edge status. But the human acumen driving these systems continues to evolve and adapt to the ever-changing cyber threats.

In this backdrop, Türkiye requires a nimble workforce, one that's capable of growing and adjusting in tandem with the shifting threat landscape. To nurture such a valuable pool of human resources in cybersecurity, demands a blend of strategic investment, collaboration, and targeted promotion.

The linchpin of this effort is investing in education and training initiatives designed to equip the workforce with hands-on expertise in cybersecurity. This could take the form of scholarships, internships, and a multitude of training opportunities to encourage and support students intent on carving out careers in cybersecurity.

Concurrently, it is vital to elevate cybersecurity as a viable and rewarding career choice, particularly among the youth. This entails shining a spotlight on the importance of cybersecurity and promoting the necessary skills and qualifications to excel in this sector.

Türkiye has certainly shown a clear commitment to increasing its investments in the cybersecurity sector and to the fortification of a resilient cybersecurity workforce.

In the last 20 years, 664 cybersecurity initiatives have benefited from total governmental funding of 1 billion Turkish liras, an investment that aims to fuel R&D efforts in the field.

In addition to the financial contribution, the government has focused on delivering high-quality education and training programmes at education institutions at all levels. All told, there's a discernible acknowledgement of the importance of cybersecurity and the necessity to channel resources into this sector to safeguard against potential threats.

Nonetheless as a general rule, states wrestle with the retention of cyber talent within civil service. This challenge is twofold, involving both financial and cultural aspects.

On the one hand, private firms often outbid governmental entities with better compensation, making it an uphill task for government agencies to retain skilled cybersecurity professionals. On the other hand, there is the problem of cultural mismatch, where the easy-going mindset of the cybersecurity and IT sectors contrasts with the more rigid structure typical of governmental agencies.

Governments’ cyber talent problem is quite severe. Yet, in cyberspace, state-level capability is significant but not singular.

The securing of government networks, while crucial, does not equate to getting rid of the broader societal cyber vulnerability. To address this, states often try to empower the private sector through capacity-building and regulatory imposition of cybersecurity standards. But these measures, often shaped and executed from a top-down perspective, can fall short in matching the accelerated pace of change in the field.

We need innovative solutions that can effectively harmonize the public and private sectors, promote coordinated effort and foster an environment of mutual learning.

Talent Mobility

To achieve this, Türkiye should embrace cross-sector collaboration at the individual worker level as a central tenet of its cybersecurity talent strategy, thereby facilitating a rich cross-pollination of skills and perspectives.

Such an approach would allow structured mobility of professionals between public, private, and academic sectors within the cybersecurity field.

This would involve a fluidity of roles, allowing participants to transition seamlessly from one layer to another. Such a dynamic movement across different industries could substantially augment the country's overall cybersecurity posture.

Although Türkiye has initiatives in place to harmonize the cybersecurity ecosystem, a more systematic approach to talent rotation will prove useful.

Such an approach promises a number of benefits.

Firstly, it can potentially amalgamate a wider array of perspectives and expertise concerning cybersecurity challenges, as each sector tends to foster unique experiences and insights.

Secondly, encouraging such fluid movement could catalyze collaboration and information sharing across industries on cybersecurity issues.

This would be a welcome addition to existing cooperative efforts. Lastly, creating such dynamic career trajectories helps professionals to stay abreast of the latest trends in cybersecurity, thereby ensuring that the ecosystem remains vibrant and versatile.

Successful implementation of talent mobility would necessitate an array of strategic policy measures.

First among these is the initiation of rotation programmes that allow professionals to oscillate between sectors. These programmes could broaden the horizons of professionals through diversified exposure and enrich their skill sets, thus improving the overall quality of cybersecurity efforts.

For instance, the US Department of Defense (DoD) has successfully implemented a public-private exchange programme. As part of the programme, DoD had exchanges with companies such as Amazon, Boeing, Deloitte, General Dynamics, Lockheed Martin, and Raytheon. A similar model would certainly improve Türkiye’s cybersecurity readiness.

An equally crucial step would be the creation of shared research platforms and interdisciplinary teams to confront specific cybersecurity challenges. These teams would serve as the linchpin for knowledge sharing across sectors.

The establishment of these interdisciplinary forces, along with internship and exchange opportunities, could boost the collaborative efforts required to tackle the pressing cybersecurity issues of our time.

As I advocate for increased fluidity between sectors, it's essential to respect ethical boundaries. This calls for the implementation of 'cooling-off' periods for public sector professionals transitioning to private sector positions, and vice versa.

During these periods, individuals would be prohibited from assuming certain roles or engaging in certain activities that could create potential conflicts of interest. This would help maintain the integrity of the exchange programme while fostering the beneficial cross-pollination of expertise and perspectives.

Türkiye’s forthcoming National Cybersecurity Strategy for the 2024-2027 period should prioritise the development and diversification of human talent.

To this end, an increased emphasis on cross-sector collaboration would create a more dynamic cybersecurity ecosystem and increase the strength and resilience of the country’s cybersecurity infrastructure. With this approach in place, the nation will be well-equipped to confront the ever-evolving cybersecurity challenges.