ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY

DARICILI, Ali Burak

ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY

Ali Burak DARICILI (Bursa Teknik Üniversitesi, İnsan ve Toplum Bilimleri Fakültesi, Uluslararası İlişkiler Bölümü, Bursa, Türkiye)

Turkish Studies - Social Sciences

18 2

Yıl: 2019 Cilt: 14 Sayı: 3 Sayfa Aralığı: 409 - 425 Metin Dili: İngilizce İndeks Tarihi: 02-07-2020

ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY

Öz:

The Stuxnet Virus was released in June 2010 and has affectedIran's nuclear facilities in Bushehr and Natanz. It was claimed that theUnited States of America (USA) and Israel secret services together have arole in the planning of this cyber-attack. Following this cover activity, alsoknown as Operation Olympic Games in the literature, Iran considered theneed to take serious measures in the field of cyber security and aimed toreach an effective cyber security capacity in cyber space with theinvestments made in 2010.As it is seen, Iran's plans to develop a cyber security strategy wererealized within the scope of an action-reaction relation through aretaliation reflex after the mentioned attack to the nuclear facilities.Nevertheless, Iran's efforts to improve its cyber security capacity, whichbegan with a motivation for retaliation in the first place, turned into agoal to make Iran a strong actor in cyberspace with the measures takenin the following periods.On the other hand, Iran has serious efforts to improve its cybersecurity strategy especially in terms of attack. One of the most importantreasons for this is that Iran has a low level of technology developmentand use. More precisely, the fact that a significant part of criticalinfrastructure is still controlled by mechanical technologies provides Irana natural advantage in terms of cyber defense. Iran, which has started toinvest in the cyber-attack capacity instead of defense after 2010 with thisadvantage, has achieved its effective position in cyberspace today.As a result, it can be argued that Iran has introduced more seriousplans in the field of cyber security than in the past after Stuxnet Attack.In our article, the cyber security strategy of Iran which has a rapidlydeveloping cyber-attack capacity and the institutional structures thatplay a role in this strategy with the steps taken after the Stuxnet Attackwill be analyzed. In addition, the alleged cyber-attacks conducted by Iranwill be discussed as well.

Anahtar Kelime:

İRAN’IN SİBER GÜVENLİK STRATEJİSİNİN SALDIRI VE SAVUNMA KAPASİTESİ BAKIMINDAN ANALİZİ

Öz:

Stuxnet Virüsü, Haziran 2010 yılında açığa çıkmış ve İran'ın Buşehr ve Natanz'daki nükleer tesislerini etkilemiştir. Bu siber saldırının planlanmasında Amerika Birleşik Devletleri (ABD) ve İsrail gizli servislerinin birlikte rol oynadıkları iddia edilmiştir. Literatürde Olimpiyat Oyunları Operasyonu (Operation Olympic Games) olarak da bilinen bu örtülü faaliyet akabinde İran, siber güvenlik alanında ciddi tedbirler alması gerektiğini anlayarak, 2010 yılı sonrası yaptığı yatırımlar ile birlikte siber uzayda etkili bir siber güvenlik kapasitesine ulaşmayı hedeflemiştir. Görüldüğü üzere İran’ın siber güvenlik stratejisini geliştirmeye yönelik planlamaları, nükleer tesislerine yönelik söz konusu saldırı sonrasında bir etki-tepki ilişkisi kapsamında misilleme refleksi ile gerçekleşmiştir. Bununla birlikte ilk etapta bir misilleme motivasyonu ile başlayan İran’ın siber güvenlik kapasitesini geliştirmeye yönelik gayretleri, ilerleyen dönemlerde alınan tedbirlerle İran’ı siber uzayda güçlü bir aktör haline getirme hedefine dönüşmüştür. Öte yandan İran siber güvenlik stratejisini özellikle saldırı yönünden geliştirme noktasında ciddi gayret sarf etmektedir. Bunun en önemli nedenlerinden biri İran’ın teknoloji geliştirme ve bunu kullanma noktasında düşük seviyede olmasından kaynaklanmaktadır. Daha net bir ifadeyle kritik altyapılarının önemli bir kısmının hala mekanik teknolojiler ile kontrol ediliyor olması, İran’a siber savunma yönünden doğal bir avantaj sağlamaktadır. Bu avantajı ile birlikte savunmadan ziyade siber saldırı kapasitesine 2010 yılı sonrasında yatırım yapmaya başlayan İran, siber uzayda günümüzdeki etkili konumuna ulaşmıştır. Sonuç olarak, Stuxnet Atağı akabinde İran’ın siber güvenlik alanında geçmişe kıyasla daha ciddi planlamalar ortaya koyduğu iddia edilebilir. Bu iddia kapsamda makalemizde Stuxnet Atağı sonrasında atılan adımlar ile birlikte özellikle siber saldırı kapasitesi hızla gelişen İran’ın siber güvenlik stratejisi ve bu stratejide rol oynayan kurumsal yapılanmaları analiz edilecek, ayrıca İran tarafından gerçekleştirildiği iddia edilen siber ataklar irdelenecektir.

Anahtar Kelime:

Belge Türü: Makale Makale Türü: Araştırma Makalesi Erişim Türü: Erişime Açık

American Foreign Policy Council, (2013); The Iranian Cyber Threat, Revisited, https://china.usc.edu/sites/default/files/legacy/AppImages/house-2013-berman-cyberthreats.pdf, (Erişim Tarihi: 29.11.2018)
Anderson, C. ve Sadjadpour, K. (2018); Iran’s Cyber Threat, Report published by Carnegie Endowment for International Peace.
Anderson, Collin. (2017); Bears and Kittens, and Startup Cybersecurity Companies, https://medium.com/@collina/bears-and-kittens-and-startup-cybersecurity-companies5c8e037ea75c, (Erişim Tarihi: 01.07.2018).
Ateş, S.S. vd. (2017); Investigating Critical Points of Cyber Security: Prevention Terror Attacks in Airports, Turkish Studies, 12(32), ss. 33-48.
BBC, (2012); Cyber-attack on BBC leads to suspicion of Iran's involvement, https://www.bbc.com/news/technology-17365416, (Erişim Tarihi:30.12.2018).
BBC, (2016); Iran rolls out domestic internet, https://www.bbc.com/news/technology-37212456, (Erişim Tarihi:01.07.2018)
BBC Persian, (2018); Structure of Iran’s Cyber Warfare, http://nligf.nl/upload/pdf/ Structure_of_Irans_Cyber_Operations.pdf, (Erişim Tarihi: 01.02.2019).
Caravelli, J. ve Maier, S. (2016); Deciphering Iran’s Cyber Activities, a report published by King Faisal Center for Research and Islamic Studies.
CNN, (2017); UN experts urge Iran to respect rights of protesters, end Internet crackdown, https://edition.cnn.com/2018/01/05/middleeast/iran-protests-united-nations-intl/index.html, (Erişim Tarihi:01.01.2019).
CNRI, (2015); Mullahs Resort To Cyber Terrorism, https://www.ncr-iran.org/it/index.php/comunicatistampa/resistenza-iraniana/208-mullahs-resort-to-cyber-terrorism, (Erişim Tarihi:30.06.2018).
Darıcılı, A. B. (2017); Siber Uzay ve Siber Güvenlik; ABD ve Rusya Federasyonu’nun Siber Güvenlik Stratejilerinin Karşılaştırmalı Analizi, Dora Yayıncılık, Bursa / Türkiye.
Darıcılı, A. B. ve Özdal, B. (2017); Rusya Federasyonu’nun Siber Güvenlik Kapasitesini Oluşturan Enstrümanların Analizi, Ahmet Yesevi Üniversitesi Türk Dünyası Sosyal Bilimler Dergisi (BİLİG), Avrasya'nın Siyasal İktisadı Özel Sayısı, ss. 121-146.
Efegil, E. (2012); İran’ın Dış Politika Yapım Sürecini Etkileyen Unsurlar, Ortadoğu Analiz, 4 (48), ss. 53-68.
IHLS, (2013); Iran on the Cyber Offensive,http://www.inss.org.il/he/wpcontent/uploads/sites/2/systemfiles/Iran%20on%20the%20cyber%20offensive.pdf, (26.06.2018).
International Business Times, (2014); Anonymous to Attack AIPAC in Crusade Against Israel, https://www.ibtimes.co.uk/anonymous-attack-aipac-israel-cyber-crusade-308994, (Erişim Tarihi:01.02.2019).
Iran’s News Update, (2014); Layers of Internet Censorship in Iranhttps://irannewsupdate.com/news/infightings/1115-layers-of-internet-censorship-iniran.html, (Erişim Tarihi: 26.12.2018). IranWire (2013); Zarif, Hacked But Unscathed, https://iranwire.com/en/features/117, (Erişim Tarihi: 15.11.2018).
Kamacı, Y. (2013); 2009’dan 2013’e Yeşil Hareket’in Yolculuğu, http://politikaakademisi.org/2013/07/01/2009dan-2013e-yesil-hareketin-yolculugu/, (Erişim Tarihi: 26.12.2018).
MEHR Agency, (2014); Iran Loses $150 Billion a Year Due to Brain Drain, http://en.mehrnews.com/news/101558/Iran-loses-150-billion-a-year-due-to-brain-drain, (Erişim Tarihi: 26.06.2018).
Nebil, F. S. (2015); Observer yazdı: Elektrik kesintisi siber saldırıydı!, http://t24.com.tr/yazarlar/fusunsarp-nebil/ingiliz-observer-yazdi-elektrik-kesintisi-siber-saldiriydi,11760, (Erişim Tarihi: 08.02.2019).
Nebil, F. S. (2017); İranlı Gazeteci Açıkladı: Elektrik Kesintisi Siber Saldırıymış, http://turkinternet.com/portal/yazigoster.php?yaziid=56620, (Erişim Tarihi: 08.02.2019).
Observer, (2015); Iran Flexes Its Power by Transporting Turkey to the Stone Age, http://observer.com/2015/04/iran-flexes-its-power-by-transporting-turkey-to-the-stone-ages/, (Erişim Tarihi: 08.02.2019).
Pierluigi P. (2015); Yemen Cyber Army will release 1M of records per week to stop Saudi Attacks, https://securityaffairs.co/wordpress/37357/hacking/yemen-cyber-army-1m-saudi-records.html, (Erişim Tarihi: 09.02.2019).
Reuters, (2016); U.S. indicts Iranians for hacking dozens of banks, New York dam, (Erişim Tarihi: 10.02.2019).
Reuters, (2015); Iran's elite Revolutionary Guards are ramping up domestic surveillance, http://www.businessinsider.com/r-irans-guards-increase-monitoring-of-social-media-state-tv2015-3, (Erişim Tarihi: 07.02.2019).
Sanger, D. (2011); Israeli Test on Worm Called Crucial in Iran Nuclear Delay, http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?_r=0, (Erişim Tarihi:02.12.2018). Siber Bülten, (2014); ARAMCO Saldırısı, https://siberbulten.com/siber-saldirilar-2/aramco-saldirisi/, (Erişim Tarihi: 30.11.2018).
Slavin, B. and Healey, J. (2013); Iran: How a Third Tier Cyber Power Can Still Threaten the United States, Issue Brief published by Brent Scowcroft Center on Interntional Sucurity South Asia Center.
Small Media, (2018); Internet Censorship in Iran, https://smallmedia.org.uk/revolutiondecoded/a/RevolutionDecoded_Ch2_InternetCensorship.p df, (Erişim Tarihi: 30.11.2018).
Stecklow, S. (2012); Exclusive: Huawei partner offered U.S. tech to Iran, https://www.reuters.com/article/us-huawei-iran/exclusive-huawei-partner-offered-u-s-tech-toiran-idUSBRE89O0E520121025, (Erişim Tarihi:03.02.2019).
The Department of Defence of the USA (2015); The DOD Cyber Strategy, https://www.defense.gov/Portals/1/features/2015/0415_cyberstrategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf, (Erişim Tarihi: 26.06.2018).
The Wall Street Journal, (2013); U.S. Says Iran Hacked Navy Computers, https://www.wsj.com/articles/us-says-iran-hacked-navy-computers-1380314771, (Erişim Tarihi: 01.12.2018).
The Telegraph, (2016); Iranian models arrested and forced to give public self-criticism for posting pictures without headscarves, https://www.telegraph.co.uk/news/2016/05/16/iranian-modelsarrested-for-posting-pictures-without-headscarves/, (Erişim Tarihi: 26.06.2018).
USA Today, (2015); Feds: Iranian hacker targeted Vermont aerodynamics firm, https://www.usatoday.com/story/news/nation/2015/07/29/feds-iranian-hacker-targetedvermont-aerodynamics-firm/30860681/, (Erişim Tarihi, 01.12.2018).
U.S. National Security Agency; (2015); Iran - Current Topics, Interaction With GCHQ, https://theintercept.com/document/2015/02/10/iran-current-topics-interaction-gchq/, (Erişim Tarihi: 01.12.2018).
Voice of America, (2011); Iranian Hackers Attack VOA Internet Sites https://www.voanews.com/a/iranian-hackers-attack-voa-internet-sites116678844/172741.html, (Erişim Tarihi: 01.12.2018).
Washington Post, (2016); 10 harrowing details about Jason Rezaian and Yeganeh Salehi’s imprisonment in Iranhttps://www.washingtonpost.com/news/worldviews/wp/2016/10/03/10- harrowing-details-about-jason-and-yeganeh-rezaians-imprisonment-iniran/?utm_term=.22348bfd95ad, (Erişim Tarihi: 01.12.2018).
Wheeler, A. (2013); Iranian Cyber Army, The Offensive Arm of Iran’s Cyber Force, www.phoenixts.com/blog/iranian-cyber-army, (Erişim Tarihi: 03.01.2019).
Zakariaa, F. (2014); Iran's Emergence as a Cyber Power,http://www.strategicstudiesinstitute.army.mil/index.cfm/articles/Irans-emergence-ascyber-power/2014/08/20, (Erişim Tarihi: 10.01.2018)

APA	DARICILI A (2019). ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. , 409 - 425.
Chicago	DARICILI Ali Burak ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. (2019): 409 - 425.
MLA	DARICILI Ali Burak ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. , 2019, ss.409 - 425.
AMA	DARICILI A ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. . 2019; 409 - 425.
Vancouver	DARICILI A ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. . 2019; 409 - 425.
IEEE	DARICILI A "ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY." , ss.409 - 425, 2019.
ISNAD	DARICILI, Ali Burak. "ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY". (2019), 409-425.

APA	DARICILI A (2019). ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. Turkish Studies - Social Sciences , 14(3), 409 - 425.
Chicago	DARICILI Ali Burak ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. Turkish Studies - Social Sciences 14, no.3 (2019): 409 - 425.
MLA	DARICILI Ali Burak ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. Turkish Studies - Social Sciences , vol.14, no.3, 2019, ss.409 - 425.
AMA	DARICILI A ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. Turkish Studies - Social Sciences . 2019; 14(3): 409 - 425.
Vancouver	DARICILI A ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY. Turkish Studies - Social Sciences . 2019; 14(3): 409 - 425.
IEEE	DARICILI A "ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY." Turkish Studies - Social Sciences , 14, ss.409 - 425, 2019.
ISNAD	DARICILI, Ali Burak. "ANALYSIS OF IRAN'S CYBER SECURITY STRATEGY WITH REGARD TO THE ATTACK AND THE DEFENSE CAPACITY". Turkish Studies - Social Sciences 14/3 (2019), 409-425.