Today, states are fighting on two fronts: one visible, the other invisible. In 2025, the number of actors tracked in the global cyber threat database increased by 10%, with nearly half consisting of state-sponsored groups. In the same year, AI-assisted cyberattacks rose by 47%, with energy systems, defense infrastructure and government institutions as primary targets.

Cyberspace is now capable of disabling power plants, paralyzing financial systems, targeting military communication networks and manipulating electoral processes. In response, leading global powers, including the U.S., China, Russia and the European Union, have placed cybersecurity at the center of their defense doctrines through deep institutional reforms.

Türkiye, too, entered this transformation with the establishment of the Cybersecurity Presidency and now with the Cyber Security Board, which held its first meeting on May 5. This new step symbolizes not merely an institutional restructuring but a profound paradigm shift in Türkiye’s understanding of digital sovereignty.

Board's Mission, First Meeting

Following the establishment of the Cybersecurity Presidency on Jan. 8, 2025, the 7545 Cybersecurity Law, which entered into force on March 19, 2025, institutionalized Türkiye’s new cybersecurity governance framework, including the Cyber Security Board, Türkiye’s highest decision-making body in the field of cybersecurity.

The Board’s first meeting was chaired by President Recep Tayyip Erdoğan and attended by ministers. This clearly demonstrates that the board is not merely a technical body. Rather, it is a high-level strategic coordination mechanism that unites intelligence, diplomacy, defense, internal security and technology under a single institutional roof. While the Board is responsible for determining cybersecurity policies and strategies, implementing the national technology road map, identifying critical infrastructure sectors and ensuring interinstitutional coordination, the Cybersecurity Presidency functions as the executive body responsible for implementing these decisions.

The decisions emerging from the board’s first meeting go far beyond a routine diplomatic communique. The meeting primarily reviewed the progress achieved under the 2024-2028 National Cybersecurity Strategy and Action Plan and comprehensively evaluated the core components of the national cybersecurity architecture. Protecting critical infrastructures, securing digital systems and enhancing capacity in domestic and national technologies were identified as priority areas.

In addition, a consensus was reached on strengthening interinstitutional coordination, increasing preparedness against cyber risks and improving rapid adaptation capabilities. Altogether, these decisions strongly reaffirm that cybersecurity is no longer merely a technical issue but a strategic domain encompassing economic, technological and societal dimensions.

Data Sovereignty for Independence

One of the most striking messages from the board meeting was its clear stance on data sovereignty. The meeting emphasized that data is not simply a technical element but a strategic asset, and identified the domestic storage and processing of Türkiye’s strategic data, as well as reducing dependency on foreign systems, as key priorities.

This approach is highly justified. Today, the question of where a state’s critical data is stored and under which country’s legal jurisdiction it falls is not merely a technical matter but a matter of sovereignty. Data is increasingly viewed as a strategic resource comparable to oil, and those who control it acquire both economic and political power. A state dependent on foreign systems for its critical infrastructure may become vulnerable to the discretion of those foreign powers during times of crisis or conflict, as we have seen in several cases.

The principle that “Türkiye’s data will remain in Türkiye” is a concrete guarantee of digital sovereignty and one of the most significant steps taken to institutionalize this determination is the Cyber Security Board’s decision to place the issue at the center of the national agenda.

Building Upon Existing Capacity

Developing domestic cybersecurity capacity is not a new objective for Türkiye. Over the years, Aselsan has produced national solutions in cryptology and information security, while Havelsan has developed indigenous security software within its Cyber Defense Technologies Center. Similarly, STM has contributed to the ecosystem through cyber threat intelligence and decision-support systems.

The National Cybersecurity Strategy and Action Plan, published in 2013, established the institutional framework for these efforts, while the Türkiye Cybersecurity Cluster, founded in 2017, sought to strengthen local product development capacity by bringing together the public sector, private industry and academia.

The board’s decision to prioritize capacity-building in domestic and national technologies represents a strategic acceleration built upon this existing foundation. Just as Türkiye transformed itself from a defense industry heavily dependent on foreign suppliers in the early 2000s into a global exporter today, it now seeks to achieve a similar transformation in cybersecurity. This path is undoubtedly long and challenging; however, placing the issue at the highest level of the national agenda constitutes a critical step in aligning political will with technical capability.

Comprehensive Security Umbrella

Perhaps the most concrete and legally binding outcome of the meeting was the official designation of 15 sectors as Critical Infrastructure Sectors. These include Digital Infrastructures and Digital Services, Electronic Communications, Energy, Finance, Water Management, Food and Agriculture, Manufacturing Industry, Defense Industry, Public Services, Health, Transportation, Media and Crisis Communication, Postal and Cargo Services, and Space.

The breadth of this list is striking. While the inclusion of sectors such as energy and defense industry is unsurprising, the addition of food and agriculture, as well as postal and cargo services, demonstrates that Türkiye views cyber threats not merely as military or technical concerns but as existential risks affecting society as a whole. The expansive definition of critical infrastructure reflects a determination to address the economic, societal and security dimensions of cyberattacks within an integrated framework.

Four Dimensions

The strategic importance of the decisions emerging from the Cyber Security Board’s first meeting becomes clearer when examined through four main dimensions: geopolitical timing, unity of command, the threat of disinformation and space.

First, focusing on the geopolitical timing, it can be said that the conflict process among the U.S., Israel and Iran in early 2026 once again demonstrated the cyber dimension of modern warfare in an exceptionally striking way. In these confrontations, digital infrastructures, critical systems and communication networks emerged not merely as supporting assets but as direct targets. Furthermore, attacks on the technological infrastructures of Gulf countries revealed how digital systems can become strategic vulnerabilities during wartime.

Türkiye’s decision to convene the Cyber Security Board immediately after this period and designate energy, defense industry and digital infrastructure as critical sectors was therefore a strategically well-timed move.

Secondly, we need to analyze this issue through the lens of speed and unity of command. Cyberattacks can unfold within seconds and spread their effects within hours. In such an environment, bureaucratic sluggishness can become just as decisive as technical deficiencies.

The board’s organization, directly under the Presidency, with meetings chaired personally by the president, reflects a clear recognition of this reality. Bringing together intelligence, defense, foreign affairs, internal security and technology actors around a single table eliminates siloed decision-making processes and enables an integrated and rapid response capacity against potential cyber crises. In this respect, the structure can be interpreted as a digital-age adaptation of the National Security Council model.

Third, disinformation is no longer merely a political problem but a weapon directly targeting both military operations and social stability. In modern hybrid warfare, public opinion manipulation, perception management and digital influence campaigns are conducted simultaneously with land, air and naval operations. With artificial intelligence increasingly being used as both an offensive and defensive instrument in this domain, the nature of the threat is undergoing a qualitative transformation.

Aware of this reality, Türkiye brought the “Artificial Intelligence Shield” strategy developed by the Presidency’s Directorate of Communications onto the board’s agenda during its first meeting. This strategy aims to strengthen the data security of public institutions, detect AI-assisted disinformation operations and establish an institutional defense line against international information manipulation. Any cybersecurity architecture that ignores this dimension would remain fundamentally incomplete.

Lastly, the inclusion of space among the critical infrastructure sectors may well be the board’s most visionary decision. Today, satellites are indispensable not only for communication and navigation, but also for military reconnaissance, precision-guided systems and critical infrastructure management. A cyberattack targeting satellite systems could collapse communication networks, disable GPS-dependent systems and disrupt financial transactions. The future battlefield will inevitably be built upon the integration of cyber and space domains.

Türkiye’s decision to incorporate this reality into its critical infrastructure framework today reflects a strategic foresight that considers not only current threats but also the security environment of the coming decades.

Sovereignty Beyond Borders

The first meeting of the Cyber Security Board and the decisions that emerged from it indicate a profound expansion in Türkiye’s understanding of national security. Just as territorial integrity is protected through land, naval and air forces, the protection of digital sovereignty is now being treated as an equally vital priority. Data sovereignty, domestic technology production, protection of critical sectors, defense against disinformation and space security, each of these issues alone carries strategic significance, but addressing them collectively under a high-level institutional structure signals the emergence of a holistic digital security vision.

Perhaps the most critical dimension of this vision is Türkiye’s explicit ambition not merely to defend itself in cyberspace but to become a deterrent actor. Becoming one of the countries where cyberattacks are most difficult and costly to carry out stems not from a passive security understanding, but from an active sovereignty strategy.

In the digital age, sovereignty is no longer measured solely by the protection of borders; it is also measured by the protection of data, infrastructures, narratives, and space assets. On May 5, Türkiye officially embraced this new reality and placed the defense of the digital homeland at the center of state strategy.

Find the original article here