President of the National Intelligence Academy Prof. Dr. Talha Köse wrote about Turkey’s cyber security approach and strategic priorities in the age of artificial intelligence for AA Analytics. *** Today, cyber security has turned into a multi-dimensional security field that includes the continuity of public services, durability of critical infrastructures, data security, corporate decision quality, social trust and strategic autonomy.
This is the main starting point of the report titled “Cyber Security and Turkey’s Strategic Priorities in the Age of Artificial Intelligence” published by the National Intelligence Academy [1]. The report defines artificial intelligence as more than just a new technology topic; It considers it as a strategic force multiplier that simultaneously transforms attack scale, defense speed, decision processes, supply chains and regulatory needs.
Changing cyber threat environment with artificial intelligence The most important effect of artificial intelligence in the cyber field is that it changes the nature and scale of threats at the same time. The traditional cybersecurity approach focused more on protecting devices, applications and databases. However, in artificial intelligence-supported systems, data sets, models, training processes, requests, add-ons, agent-based applications, cloud infrastructures and decision support mechanisms are also areas that need to be protected.
This situation directs security from being a matter of technical teams to the fields of law, governance, auditing, procurement, human resources and strategic planning. One of the most visible dimensions of AI-enabled cyber threats is that attacks are becoming faster, less costly and more convincing. Intelligent phishing, deepfake audio and video production, synthetic identities, fake administrator instructions and automated reconnaissance activities increase the capacity of threat actors.
As a result, individuals’ and societies’ perception of reality, their trust in states, institutions and even each other may be eroded in a shocking way. This erosion may increase individual, social and institutional vulnerabilities. In addition, these threats have a wide range of targets, from financial systems to public institutions, from defense supply chains to energy and communication infrastructures, as well as individual users.
As a result, in the age of artificial intelligence, cyber security has become a direct issue of social trust and institutional legitimacy. At this point, large language models and agent-based artificial intelligence systems also create a new risk area. These systems can provide efficiency in public services, corporate workflows and private sector processes, but if it is not clearly defined which data enters the model, which output turns into a corporate decision, which systems are connected to external cloud services and which processes are carried out without human control, the efficiency provided can turn into a governance gap.
Therefore, risks such as prompt injection, critical and sensitive information disclosure, data poisoning, model inference, excessive authority, and over-reliance on the model should be treated not only as technical vulnerabilities but also as governance issues that directly affect accountability and decision quality. In addition to all this, the moral grounds of these models and which values and approaches they prioritize are also controversial.
Therefore, it is not possible to predict exactly what risks may be encountered, especially in sensitive issues. Strong coordination and legal predictability The main priority for Turkey is to integrate dispersed applications in the field of artificial intelligence and cyber security with a common risk language, common standards and strong coordination mechanisms. The need for central coordination arises from the need to clarify responsibilities, event sharing, control expectations and response processes in an increasingly complex threat environment, rather than the desire to inspect any area unlimitedly.
This distinction should be particularly underlined. Strong coordination in cybersecurity produces a durable and legitimate security capacity when designed in line with the principles of the rule of law. The basis of this capacity is proportionality, accountability, clear definition of authorities and effective control mechanisms. The success of security policies should be evaluated by their ability to strengthen legal predictability and social trust, as well as their ability to eliminate threats.
For this reason, cyber security discussions should not be squeezed into a narrow framework that pits freedom and security against each other. This appearance of confrontation may hinder effective action on cybersecurity or weaken coordination with society. The approach that Turkey needs is a balanced cyber security architecture that protects critical infrastructures, ensures the continuity of public services, secures citizen data, while supporting the innovation capacity of the private sector and protecting fundamental rights.
Because strengthening state capacity in the age of artificial intelligence does not mean arbitrary management of the digital space. On the contrary, a well-designed cyber security architecture requires a framework that clarifies job descriptions, strengthens control mechanisms, limits data processing processes and places intervention powers on a legal basis. In this context, a foundation of trust-based cooperation should be established between public institutions, private sector, academia and civil society.
It should not be forgotten that critical infrastructure operators, technology providers, financial institutions and public digital services are in the same threat ecosystem. Resilience in cyber security is possible with common standards, compatible procedures and coordinated action of the entire ecosystem. Strategic priorities for Türkiye: A resilient and dominant digital ecosystem. Turkey’s possible goals can be read in three time frames.
In the short term, an artificial intelligence inventory should be created in public institutions and critical sectors to make it visible which systems work with which data, which external dependencies they have, and which decision processes they affect. Minimum security rules should be established for large language models and agent-based systems. Data classification, access authorizations, record keeping and human control mechanisms should be among the priority topics of this period.
In the medium term, public procurement, incident reporting, supply security, model auditing, management of third-party dependencies and sectoral resilience tests should be institutionalized. The capacity of cyber incident response teams should be strengthened and threat sharing should be made faster, safer and more measurable. In critical infrastructures, a resilience approach that focuses on ensuring service continuity beyond preventing attacks should be adopted.
In the long term, Turkey should build a strategic capacity that can manage foreign dependency in technology, develop domestic testing and certification capacity, and deepen the cyber security ecosystem with public-private sector-academy cooperation, because digital sovereignty in the age of artificial intelligence is not possible only by developing domestic software. Establishing control over data, testing the reliability of models, ensuring continuity in critical services and managing the risks that external dependencies may pose in times of crisis are also part of this sovereignty.
A strategy that is not embraced and supported by society has a low chance of success. Turkey’s goal should be to establish a cyber security ecosystem that foresees risks, strengthens institutional capacity, centers human control, has a solid legal basis and prioritizes social trust, rather than an approach that exaggerates threats or limits the use of technology. In the age of artificial intelligence, strong state capacity finds its true meaning when its legal framework is supported by clearly defined powers, institutional coordination, accountability and strategic autonomy principles.
Source: AA
Comments
You can write your views about this story. Comments may be moderated according to site settings.