‘Cyber warfare ministry’ fights emerging front of new Türkiye

A future Cyber Warfare Ministry is in the works in Ankara. The Cybersecurity Directorate of the Turkish Presidency, established last year, is the first stage of this concept. This ministry will likely bring together preventive intelligence, philosophical intelligence and hybrid intelligence models. A report by professor Talha Köse, director of the National Intelligence Academy, published this month, depicts the doctrinal basis of this structure. Essentially, a new Türkiye creates a new front.

The vision of the Cyber Warfare Ministry is what is required to protect the future of Türkiye. The Cybersecurity Directorate today is the core of this structure, and it will be necessary to upgrade it to the ministry level in the future. As much as there is a need to protect the land, skies and seas of this country, there is a need to protect the children from the dangers on the screens of cellphones.

The Cybersecurity Directorate is now authorized across the digital state and the public sector, meaning the Information and Communication Technologies Authority (BTK) is no longer the cybersecurity regulator. The BTK has handed over all authority and the National Cyber Incident Response Center (USOM) to the new directorate. In December 2025, the digital state, the operation of the e-government service, artificial intelligence in the public sector and data management were brought under one roof. At the helm of this new structure is a valuable person whom I once worked with in the same venue: Ümit Önal. Önal served as CEO at Türk Telekom for about seven years after his tenure in Turkuvaz Media, before his appointment to his new strategic tenure on Oct. 24, 2025, by President Recep Tayyip Erdoğan. His remarks at the STRATCOM 2026 summit are a testament to the new doctrinal basis: “Cybersecurity is now a matter of national security.”

Philosophical intelligence

This doctrinal basis is laid out by Köse in his April 2026 report. Köse’s presence is no coincidence. The National Intelligence Academy has positioned itself as the only academic hub generating doctrines in the Turkish intelligence ecosystem. Here is a key sentence from the report: “The biggest risk in the era of artificial intelligence is not merely a lack of access to technology, but weaknesses exhibited in coordination, human resources, and an unevenly distributed decision-making network.”

Köse highlights that the real danger is a lack of coordination, not the failure to have foreign technologies. The common feature of the school shootings in Kahramanmaraş and Şanlıurfa, which had digital traces, was the failure to see the whole picture. Red flags were there, and they were noticed by probably 10 different agencies. Nevertheless, seeing the big picture was impossible. Another statement in the report further delves into the doctrine: “The real necessity is seeing the risks beforehand and taking all institutional measures in a timely manner.”

A philosophical intelligence doctrine makes up the basis of this statement: a superior mindset that can detect the nature and root of the threat and the cultural or philosophical ground that gave rise to that threat.

It is not enough to trace technical tracks of the attack; you should understand what worldview motivated the assailant. You have to see through the meaning to understand the intention, to discover the unseen. This is what Köse tries to explain as philosophical intelligence understanding. It is not sufficient to learn the lessons from the school shootings; you have to know all about it before it happens and prevent it.

Hybrid intelligence

What we face as threats are hybrid in nature, a multilayered type of attack combining digital and physical elements, as well as economic and human nature aspects. Take a phishing attack targeting a research and development center, for instance. It might be a combined attack in the form of a LinkedIn contact, a conference invitation, a subcontractor tender and state intelligence working simultaneously.

A cyber warfare ministry has to establish a three-tier architecture working in synchronization, including tracks provided by human intelligence working in the field, digital patterns captured by signals intelligence and patterns mined from data by open-source intelligence (OSINT). Frankly, the raw data feeds from the National Intelligence Organization (MIT), police intelligence and gendarmerie intelligence would not signal a cohesive risk unless the information is effectively processed, which is the task of the Cybersecurity Directorate. Hybrid intelligence is the ability to see the whole picture moment by moment.

Invisible shield

In the last decade, Türkiye has built a historic arsenal, from Bayraktar TB2, Akıncı, Kızılelma and Hürjet to Atmaca and Kaan. Yet, the protective shield of this superiority is often underdiscussed. It is counterespionage in cyberspace. A recent case proves this point. Iran’s Shahed-136 drone was rebranded by Russia as Geran-2 and was employed in the Russia-Ukraine conflict. These systems shot down in Ukrainian airspace were dismantled by Western intelligence engineers, their software was decrypted, their supply chain was mapped, and all were reverse-engineered. The result was that secrets of Iran’s own weapons were an open book for rival intelligence services, and this information was directly used against Iran and its allies in the recent U.S.-Israel-Iran war.

The doctrinal lesson is clear: A state could see its weapons acting as a boomerang, harming it when it fails to protect itself in cyberspace. Espionage to expose its software architecture, control protocols, GPS routes and supply chains leads to the same outcome as the physical theft of the weapon. A successful electronic infiltration can deliver the secrets of your superiority to your rivals. Accomplishments of the Bayraktar TB2 in Karabakh and Ukraine, and the efficiency of Akıncı in Syria and Libya, rendered Türkiye one of the high-profile targets of technological espionage. Thus, Aselsan, Roketsan, TUSAŞ, Baykar, Havelsan, TUBİTAK Sage, MKE and dozens of subcontractors should operate under the same cyber shield.

This shield goes beyond conventional defense and includes counter-espionage. Rather than focusing on preventing the attack, it concentrates on detecting the assailant, tracking it and setting up a trap to read the opponent’s intentions, and when necessary, infiltrating the electronic systems of the opponent. Türkiye has to achieve this capacity to prevent a repeat of what happened to Iran’s Shahed. The arsenal Türkiye built in the past decade can only be beneficial with the cyber shield it can build within the next decade.

How the system should work

The shooting in Kahramanmaraş took place at a school, but it actually started somewhere thousands of miles away, in terms of the digital world. Online groups feeding the thoughts of the assailant and other networks involved in other murders have sprouted in the digital world. After the incident, 940 social media accounts were shut down, 1,866 websites were blocked, and 111 Telegram groups were removed. However, the issue was how, by whom and with what authority this network can be monitored. What matters is that this should take place before the attack itself.

First, preventive measures should be at the highest level. Türkiye’s data architecture is scattered across different agencies. Sensing cyber threats against our children is possible with a holistic approach. The Cybersecurity Directorate can use AI and Big Data authorization to detect a culture of violence emerging and growing in closed groups. Preventive measures are not a blackout of screens after an incident; they involve detecting the signals of danger before it happens.

Second, the inspection mechanism should function. A state’s power is measured through its view beyond plain sight. The Cybersecurity Directorate is now tasked with marking the limits against next-generation threats, such as fake voice recordings and videos, holding platforms, gaming groups and social media companies thriving on children accountable.

Third, the authority should have the power to shut down threats. If you cannot inspect a platform, you should shut it down. China’s hard intervention model in the digital space can be considered controversial if you look at it through the lens of democratic tradition. But I think the courage of taking hard, preventive measures cannot be disputed when it comes to the safety of our children. Türkiye should adapt to this model: inspecting whatever we can and shutting down whatever we can’t. Seeking a third option means paying the price.

Another necessity is reducing bandwidth, which is an effective tool, landing somewhere between shutting down and monitoring. Deliberate reduction of traffic to a platform has been an efficient method to bring companies not complying with decisions of content removal to the negotiation table swiftly. Bandwidth reduction should be part of a gradual plan: first, a warning, then fines, then bandwidth reduction, and finally, complete shutdown. I might be judged and deemed too anti-democratic, but I am open to such criticism, as this is a matter of slaughtered, innocent children.

The fifth point for the system to work is setting up “hotlines” between MIT, police intelligence and gendarmerie intelligence. This grouping should be able to see signs of escalating violence. When an extremist network emerges, MIT’s external intelligence should work in synchronization with the Cybersecurity Directorate’s digital tracking system. Amid a threat at a school, police intelligence should be able to be in the field within minutes. When a terror link is detected in a rural area, gendarmerie intelligence should be able to access data immediately.

These links between agencies should also be physical. All three intelligence agencies should have permanent liaison offices within the Cybersecurity Directorate, and they should remain open around the clock to defend the country.

Another essential component of the system is judges and prosecutors alert against threats. The Cybersecurity Directorate’s authority only means something when it is combined with swift legal action and proper legitimacy. The biggest obstacle in emergency intervention in cyberspace is red tape between the agencies. Time consumed by the bureaucracy is time stolen from the life of a child. An independent legal department working around the clock should be established at the Cybersecurity Directorate in the legal framework supported by legal regulations of the Justice Ministry. Cybersecurity prosecutors and judges should work on the same floor, next to each other.

The system should work this way: Critical demands by MIT, police intelligence and gendarmerie intelligence are delivered to cybersecurity prosecutors specialized in the field. The prosecutor immediately handles the request, forms the legal basis and applies to the judge. The judge issues a verdict, and the technical crew working on the same floor applies the verdict within seconds. Then, intelligence staff expands nationwide monitoring.

There is only one way out of the dilemma of “swift but illegal” and “legal but slow,” namely, a swift, legal, democratic and vigilant system. Every minute a judge is absent means inaction of the state, and every moment a judge is present indicates the state’s strategic power. If the assailant is awake all the time, the state should be too.

The digital defense of schools is another matter. The school management systems, e-school infrastructure and counseling service records should be protected under one roof. A counselor’s warning about a child should not be lost in the cracks in the system.

Lastly, artificial intelligence should reach out to the family. The most tangible task of the Public Artificial Intelligence General Directorate will be producing tools for a healthy reading of children’s digital footprints for parents and educators. A change in behavioral patterns or tendency to join closed groups can be relayed to the families as early warning signals.

Time for cyber warfare ministry

Children today live in two worlds, the one with real-world streets, schools and houses, and one with a screen, apps and online groups. The state focused on the first one for decades. The shooting in Kahramanmaraş demonstrated that this second world has been an invisible challenge. The Cybersecurity Directorate is the state’s mark in this second world. We have to ensure genuine cyber protection for the future of Türkiye. We have no time to lose. The architecture to protect this country has been largely built. Now is the time to activate it with vigilant cybersecurity prosecutors and judges in the legal department of the Cybersecurity Directorate, intelligence liaison offices working around the clock, a gradual system of sanctions, a willingness to enforce shutdowns and a bandwidth reduction option.

The current structure of the directorate, regardless of its comprehensive authority, may not be sufficient against future challenges. In an era where AI has become deeply embedded in military systems, economic infrastructure, collective memory and everyday life, it is necessary to fight across a wide front, from autonomous weapon systems to digital propaganda, from biometric data wars to infiltration operations based on machine learning. The world is rapidly becoming mechanized, and threats are becoming mechanized just as quickly. In such an age, an ordinary directorate is not enough for a nation to protect itself.

If the air force protects the skies, the navy the seas and the land forces the land, then the structure that will protect the cyber domain can only be organized as a ministry, acting as a wartime agency and with the discipline of an army unit. The Cybersecurity Directorate will be the core of a future Cyber Warfare Ministry, like the National Security Agency (NSA) of the U.S., an entity that can see and think of everything on a global scale.

DAILYSABAH