Devlet Siber Savaşı: Özel Sektör Hedeflerine Doğru Stratejik Değişim

Yıl 2024, Cilt: 26 Sayı: 2, 200 - 219, 31.12.2024

Esra Merve Çalışkan

https://doi.org/10.54627/gcd.1598923

Öz

Özel sektör altyapısını hedef alan siber saldırıların artan karmaşıklığı, potansiyel devlet müdahalesi olanlar da dahil olmak üzere, ulusal güvenlik ve ekonomik istikrar üzerinde derin etkileri olan yeni bir güvenlik sorununu temsil etmektedir. Bu araştırma; karmaşıklıkları, kaynak gereksinimleri ve stratejik hedefleri temelinde özellikle devlet müdahalesinden şüphelenilen kampanyalara odaklanarak özel işletmeleri hedef alan gelişmiş kalıcı tehditlerdeki (APT’ler) kalıpları incelemektedir. Kapsamlı bir literatür taraması ve teorik analize dayanan bu çalışma, gelişen siber tehdit ortamının itici güçlerini ve sonuçlarını araştırmaktadır. Bulgular, özel sektör hedeflerine yönelik bu stratejik kaymanın devlet aktörleri için teknolojik rekabet, ekonomik bozulma ve kritik altyapıdaki güvenlik açıklarından faydalanma gibi birçok amaca hizmet ettiğini göstermektedir. Analiz, bu siber operasyonların devletlerin stratejik seçeneklerinin genişlemesini temsil ettiğini ve geleneksel askerî yeteneklerin yerini almaktan ziyade onları tamamladığını göstermektedir. Yakın zamanda yaşanan uluslararası çatışmalar, siber operasyonların genellikle konvansiyonel askeri faaliyetlerle birlikte işlediğini ve hem dijital hem de fiziksel alanların aynı anda mücadele edildiği daha karmaşık bir güvenlik ortamı yarattığını ortaya koymaktadır. Bu çalışma, siber savunmada kamu-özel sektör iş birliğinin geliştirilmesi için yeni çerçeveler ve temel özel sektör altyapısının korunması için hedefe yönelik politika tedbirleri önermektedir. Ortaya çıkan bu tehditlerin ele alınması, ulusal güvenlik politikası ve küresel ekonomik istikrar açısından önemli sonuçlar doğuracak şekilde, daha önce görülmemiş düzeyde uluslararası iş birliği ve siber güvenliğe yönelik yenilikçi yaklaşımlar gerektirmektedir. Bu araştırma, gelişen siber savaş taktiklerinin zamanında incelenmesini sağlayarak giderek birbirine daha fazla bağlanan dijital dünyada geleneksel güvenlik paradigmalarının temelden yeniden değerlendirilmesi ihtiyacının altını çizmektedir.

Anahtar Kelimeler

siber güvenlik, devlet destekli saldırılar, kritik altyapı koruması, siber savaş, özel sektör güvenliği, uluslararası güvenlik, siber caydırıcılık, teknolojik rekabet

State Cyber Warfare: The Strategic Shift Towards Private Sector Targets

Öz

The increasing sophistication of cyber-attacks targeting private sector infrastructure, including those with potential state involvement, represents an emerging security challenge with profound implications for national security and economic stability. This research examines patterns in advanced persistent threats (APTs) targeting private enterprises, focusing particularly on campaigns suspected of state involvement based on their complexity, resource requirements, and strategic objectives. Drawing on a comprehensive literature review and theoretical analysis, this study investigates the drivers and consequences of this evolving cyber threat landscape. The findings indicate that this strategic shift toward private sector targets serves multiple objectives for state actors, including technological competition, economic disruption, and the exploitation of vulnerabilities in critical infrastructure. The analysis demonstrates that these cyber operations represent an expansion of state strategic options, complementing rather than replacing traditional military capabilities. Recent international conflicts reveal that cyber operations often operate alongside conventional military activities, creating a more complex security environment where digital and physical domains are contested simultaneously. The study proposes new frameworks for enhanced public-private cooperation in cyber defense and targeted policy measures to protect essential private sector infrastructure. Addressing these emerging threats requires unprecedented levels of international collaboration and innovative approaches to cybersecurity, with significant ramifications for national security policy and global economic stability. This research examines evolving cyber warfare tactics, underscoring the need to reassess traditional security paradigms in an increasingly interconnected digital world.

Anahtar Kelimeler

cyber security, state-sponsored attacks, critical infrastructure protection, cyber warfare, private sector security, international security, cyber deterrence, technological competition

Kaynakça

• Ani Petrosyan, Statista. (2024). Distribution of cyber attacks on financial and insurance organizations worldwide from October 2021 to September 2022, by type. https://www.statista.com/statistics/1323911/cyber-attacks-on-financial-organizations-worldwide-by-type/#:~:text=Global%20most%20frequent%20cyber%20attacks%20in%20financial%20industry%202022%2C%20by%20type&text=Between%20October%202021%20and%20September,40%20percent%20of%20organizations%20worldwide. Accessed: 9 December 2024.
• Ani Petrosyan, Statista. (2024). Distribution of cyberattacks across worldwide industries in 2023. https://www-statista-com.eu1.proxy.openathens.net/statistics/1315805/cyber-attacks-top-industries-worldwide/. Accessed: 9 December 2024.
• Arquilla, J., & Ronfeldt, D. (1997). In Athena's Camp: Preparing for Conflict in the Information Age. Santa Monica, CA: RAND Corporation.
• Buchanan, B. (2020). The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics. Cambridge, MA: Harvard University Press.
• Center for Strategic and International Studies. (2023). Global Trends in Cyber Attacks: Analysis of State-sponsored Operations. Washington, DC: CISA Publications.
• Clarke, R. A., & Knake, R. K. (2020). The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. New York, NY: Penguin Press.
• Clausewitz, C. von. (1984). On War (M. Howard & P. Paret, Trans.). Princeton, NJ: Princeton University Press. (Original work published 1832)
• Crisanto, J. C., & Prenio, J. (2017). Regulatory Approaches to Enhance Banks' Cyber-security Frameworks. FSI Insights on Policy Implementation, 2, 1-24.
• Crowdstrike. (2023). Global Threat Report: Observations from the Front Lines of Cyber Threats. Sunnyvale, CA: Crowdstrike Inc.
• Deibert, R. (2020). Reset: Reclaiming the Internet for Civil Society. Toronto: House of Anansi Press.
• Der Derian, J. (2009). Virtuous War: Mapping the Military-Industrial-Media-Entertainment Network. New York, NY: Routledge.
• European Union Agency for Cybersecurity. (2023). Threat Landscape Report: The State of Cyber Security in Europe. Brussels: ENISA.
• Fox-IT. (2019). Operation Wocao: Shining a Light on One of China's Hidden Hacking Groups. Delft: Fox-IT International.
• Gilligan, J., Dix, R., Palmer, C., Sorenson, J., Conway, T., Varley, W., & Gagnon, G. (2013). The Economics of Cybersecurity: A Practical Framework for Cybersecurity Investment. AFCEA Cyber Committee White Paper Series. Fairfax, VA: AFCEA International.
• Goldman Sachs. (2023). The Cyber Security Premium: Economic Implications of State-sponsored Threats. New York, NY: Goldman Sachs.
• Haggard, S., & Lindsay, J. R. (2015). North Korea and the Sony Hack: Exporting Instability Through Cyberspace. East-West Center Policy Studies, 73, 1-23. http://www.jstor.org/stable/resrep06456
• Hammes, T. X. (2004). The Sling and The Stone: On War in the 21st Century. St. Paul, MN: Zenith Press. Healey, J. (2019). The Future of Cyber Operations and Defense. Georgetown Journal of International Affairs, 20(1), 167-189.
• Healey, J. (2023). Beyond Cyber War: State-sponsored Operations and Economic Security. International Security, 47(3), 198-224.
• Healey, J., & Jervis, R. (2019). The Escalation Inversion and Other Oddities of Situational Cyber Stability. Texas National Security Review, 3(4), 30-53.
• Hurley, J. S. (2017). Cyberspace: The New Battlefield - An Approach via the Analytics Hierarchy Process. International Journal of Cyber Warfare and Terrorism, 7(3), 1-15. https://doi.org/10.4018/IJCWT.2017070101 IBM Security. (2023). X-Force Threat Intelligence Index. Armonk, NY: IBM Corporation.
• Kaldor, M. (2012). New and Old Wars: Organized Violence in a Global Era (3rd ed.). Stanford, CA: Stanford University Press.
• Kello, L. (2020). The Virtual Weapon and International Order. New Haven, CT: Yale University Press. Keohane, R. O., & Nye, J. S. (1998). Power and Interdependence in the Information Age. Foreign Affairs, 77(5), 81-94. https://doi.org/10.2307/20049052
• Klimburg, A. (2023). The Darkening Web: The War for Cyberspace. New York, NY: Penguin Press.
• Krepinevich, A. F. (2017). Cyber Warfare: A Nuclear Option? Washington, DC: Center for Strategic and Budgetary Assessments.
• Lewis, J. A. (2002). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats. Washington, DC: Center for Strategic and International Studies.
• Lewis, J. A. (2006). Cybersecurity and Critical Infrastructure Protection. Washington, DC: Center for Strategic and International Studies.
• Libicki, M. C. (2013). Crisis and Escalation in Cyberspace. Santa Monica, CA: RAND Corporation.
• Libicki, M. C. (2021). Cyberspace in Peace and War. Annapolis, MD: Naval Institute Press.
• Lind, W. S., Nightengale, K., Schmitt, J. F., Sutton, J. W., & Wilson, G. I. (1989). The Changing Face of War: Into the Fourth Generation. Marine Corps Gazette, 73(10), 22-26.
• Lindsay, J. R. (2018). The Impact of China on Cybersecurity: Fiction and Friction. International Security, 39(3), 7-47.
• Lotrionte, C. (2018). Reconsidering the Consequences for State-Sponsored Hostile Cyber Operations Under International Law. The Cyber Defense Review, 3(2), 73-114. http://www.jstor.org/stable/26491225
• Mandiant. (2023). Advanced Persistent Threats: State Actors in Cyberspace. Reston, VA: Mandiant Inc.
• Maurer, T. (2018). Cyber Mercenaries: The State, Hackers, and Power. Cambridge: Cambridge University Press.
• Microsoft. (2023). Digital Defense Report. Redmond, WA: Microsoft Corporation.
• NATO. (2023). Strategic Concepts in Cyber Warfare. Brussels: NATO Strategic Communications Centre of Excellence.
• Nye, J. S. (2016). Deterrence and Dissuasion in Cyberspace. International Security, 41(3), 44-71.
• PwC UK & BAE Systems. (2017). Operation Cloud Hopper: Exposing a Systematic Campaign of Cyber Attacks. London: PwC UK.
• Recorded Future. (2021). North Korean State-Sponsored Cyber Operations, 2009-2020. Somerville, MA: Recorded Future Inc.
• Rid, T. (2011). Cyber War Will Not Take Place. Journal of Strategic Studies, 35(1), 5-32. https://doi.org/10.1080/01402390.2011.608939
• Rid, T. (2020). Active Measures: The Secret History of Disinformation and Political Warfare. New York, NY: Farrar, Straus and Giroux.
• Rustici, R. M. (2021). The SolarWinds Wake-Up Call: Geopolitical Competition in Cyberspace and the Private Sector. Washington, DC: Center for Strategic and International Studies.
• Sanger, D. E. (2018). The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age. New York, NY: Crown.
• Sanger, D. E., & Perlroth, N. (2021). Pipeline Attack Yields Urgent Lessons About U.S. Cybersecurity. National Security Analysis Series. New York, NY: The New York Times Company. https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html. Accessed: 18 December 2024.
• Singer, P. W., & Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford: Oxford University Press.
• Temple-Raston, D. (2021). A "Worst Nightmare" Cyberattack: The Untold Story of the SolarWinds Hack. NPR Security Report Series. Washington, DC: National Public Radio.
• Valeriano, B., & Jensen, B. (2019). The Myth of the Cyber Offense: The Case for Cyber Restraint. Cato Institute Policy Analysis, 862, 1-28. Available at SSRN: https://ssrn.com/abstract=3382340
• Van Creveld, M. (1991). The Transformation of War: The Most Radical Reinterpretation of Armed Conflict Since Clausewitz. New York, NY: Free Press.
• World Economic Forum. (2024). Global Risks Report 2024: The Impact of Cyber Threats on Economic Development. Geneva: World Economic Forum. https://www.weforum.org/stories/2024/01/global-risk-report-2024-risks-are-growing-but-theres-hope/. Accessed: 23 December 2024.