Türkiye has formally elevated cybersecurity to the core of its national security doctrine following the first meeting of the Cybersecurity Board chaired by President Recep Tayyip Erdogan at the Presidential Complex in Ankara on May 5.

In a written statement issued after the meeting, the board stressed that cybersecurity was no longer a purely technical issue but an inseparable component of national security. Officials said discussions focused extensively on current cyber risks, future threat trends and the international developments shaping the digital security environment.

The statement also underlined that increasing global competition, regional instability and ongoing conflicts had made cyber threats “more complex and multidimensional”, requiring cybersecurity to be treated as a strategic issue with economic, technological and social dimensions.

According to the board, the newly established Cybersecurity Presidency will continue efforts to protect Türkiye’s digital assets, develop a proactive structure against emerging threats, strengthen the country’s national cybersecurity architecture and support a secure digital future.

Cybersecurity specialist Serhat Altinevlek described the meeting as a reflection of Türkiye’s long-term strategic adaptation to the digital era. He argued that Ankara had recognised the significance of cyber threats earlier than many assumed, tracing the origins of the country’s cyber transformation back to the rapid spread of the internet between the 1990s and early 2000s.

“Türkiye does not appear to be late in the field of cybersecurity at all,” Altinevlek said. “On the contrary, it has a structure that is continuously improving and evolving.”

He noted that the expansion of information technologies in the private sector and academia had gradually created the need for new legal frameworks and institutional mechanisms. According to Altinevlek, concepts such as cybercrime and digital security entered Türkiye’s legislative agenda after 2005, while investments accelerated in critical infrastructure sectors including e-government services, banking and energy systems.

The specialist pointed to the establishment of institutional structures such as the Cyber Security Council under the Information and Communication Technologies Authority (BTK), the national computer emergency response team TR-CERT and the cyber-focused SISAMER research centre as major milestones in Türkiye’s digital security journey.

Turning point

Altinevlek contended that the establishment of the Cybersecurity Presidency in early 2025 marked a significant turning point because it centralised decision-making and strategic coordination under a single institutional framework.

“In light of current geopolitical developments and increasing asymmetric threats, I believe it is particularly important that all relevant institutions are represented within this council and that it is chaired directly by the President,” Altinevlek said, describing the structure as distinct from many international examples.

The first meeting of the board brought together institutions spanning intelligence, internal security, defence and infrastructure sectors, highlighting the increasingly interconnected nature of cyber threats.

Digital media specialist Oguzhan Saruhan said the symbolism of the meeting itself carried a powerful message.

“The most important meaning of this meeting is that Türkiye now sees cybersecurity not merely as an IT issue handled by technical experts, but as one of the strategic domains at the centre of the state’s security architecture,” Saruhan said.

“The fact that the meeting was held at the Presidential Complex under President Erdogan’s chairmanship is symbolically very significant. It demonstrates that cybersecurity has moved beyond being an issue for IT departments and has reached the level of national security.”

Protecting critical infrastructure

Saruhan argued that the participation of institutions such as the National Intelligence Organization (MIT), the Interior Ministry, the Defence Industry Presidency and the Ministry of Transport and Infrastructure illustrated how cyber threats now directly target critical state functions rather than isolated computer systems.

“Today cyberattacks no longer target only computer systems,” he said. “Energy infrastructure, banking systems, communication networks, airports and public databases have all become direct targets.”

Both experts emphasised that the nature of cyber warfare had fundamentally changed over the past decade.

Where cyberattacks were once associated primarily with website disruptions or data theft, they now carried the potential to paralyse essential services, damage economies and generate public panic.

Saruhan referred to major global incidents in which hospitals became inoperable, fuel pipelines were shut down and millions of personal records were leaked, warning that cyber threats increasingly affected the daily lives of ordinary citizens.

“This is no longer simply about data loss,” he said. “It is about the disruption of daily life, economic instability and the risk of widespread social panic.”

The board’s statement echoed these concerns by emphasising the growing complexity of global cyber competition amid regional tensions and geopolitical fragmentation.

Digital sovereignty and domestic technology

Altinevlek argued that Türkiye’s concept of the “Cyber Homeland”, which he described as a form of digital sovereignty, had become increasingly important in a world where data routes and digital infrastructure could themselves trigger diplomatic crises.

“I would like to underline that the motto of ‘domestic and national technology’ must be addressed in a multidimensional way within the field of cybersecurity, making it a highly critical and strategic issue,” he said.

The emphasis on domestic and national technology also reflected broader concerns regarding dependence on foreign digital infrastructure and software systems.

Saruhan warned that overreliance on external technologies could eventually create strategic vulnerabilities.

“When you become fully dependent on another country’s technologies for your security infrastructure, data storage systems or critical software, you are effectively handing over part of your own security,” he said.

He noted that many countries, from the United States to China, were attempting to build sovereign digital ecosystems for precisely this reason, and argued that Türkiye was pursuing a similar path by strengthening its approach to digital sovereignty.

Hybrid threats redefine security

The discussions also highlighted how hybrid warfare has transformed modern geopolitical competition.

Saruhan stressed that contemporary conflicts were no longer fought solely through conventional military force, but increasingly through cyberattacks, disinformation campaigns and digital manipulation.

“States no longer compete only through military power on the battlefield,” he said. “Cyberattacks, disinformation operations and digital manipulation have become important parts of modern security strategies.”

Recent fraud attempts in Türkiye further reinforced these concerns. Saruhan referred to scams that emerged during the COVID-19 pandemic, when citizens received fake vaccination appointment messages or fraudulent e-government notifications designed to steal personal information.

He also cited counterfeit MHRS healthcare appointment systems, fake cargo delivery alerts and fraudulent banking security messages as examples of how cyber threats now directly exploit public trust and psychological vulnerabilities.

“What stands out here is that the attacks are not only technically sophisticated; they are psychologically sophisticated,” Saruhan said. “Fraudsters manipulate fear, panic, urgency and people’s trust in official institutions.”

AI-driven threats accelerate risks

Artificial intelligence emerged as another major focus in the broader debate surrounding the board’s future agenda.

Although the official statement did not explicitly frame AI as a separate category, both experts argued that the rise of AI-driven threats formed an essential backdrop to the meeting.

Altinevlek warned that next-generation cyber threats would increasingly involve AI-supported automated systems, including both defensive technologies capable of identifying attacks and autonomous offensive systems targeting critical infrastructure.

He suggested that future Turkish cybersecurity initiatives could include AI-based threat detection systems, automated defensive responses and broader regulatory frameworks addressing digital manipulation.

“As everyone knows, these complex next-generation threats will particularly involve AI-based automated systems,” he said.

Saruhan similarly argued that artificial intelligence had fundamentally altered the rules of cyber conflict.

“In the past, phishing attacks appeared more amateurish; they contained spelling mistakes and people could recognise that they were fake,” he explained. “Today, with artificial intelligence, it is possible to generate flawless Turkish messages tailored specifically to individuals.”

According to Saruhan, AI systems are now capable of analysing social media activity, identifying personal interests and crafting highly personalised fraud scenarios that appear convincing to targets.

He warned that attacks were increasingly occurring “at machine speed rather than human speed”, with AI systems capable of automatically scanning for vulnerabilities, adapting attacks in real time and analysing defensive systems autonomously.

At the same time, AI itself was becoming a new surface for attacks.

Saruhan noted that cybersecurity planners were now discussing risks such as poisoning AI models with false data, manipulating automated decision-making mechanisms or compromising critical AI systems used in defence, healthcare and smart-city infrastructure.

“Türkiye’s sense of urgency begins precisely here,” he said. “Digital threats are no longer only a technical matter; they are a security issue capable of producing economic, political and social consequences.”