- Labeling “Cyber Incidents” as “Technical Failures”
In Turkish official institutions (such as TCDD or Municipal Metro operations), when a system halts due to a hacker attack, it is typically presented to the public as a “signaling fault,” “power outage,” or “technical maintenance.”
- The Reason: Admitting to being “hacked” is seen as admitting systemic weakness. A “technical failure” is perceived as a more “acceptable” and routine occurrence. However, in the world of 2026, it is technically difficult to separate long-term disruptions from underlying cyber-intrusions.
- Closed-Circuit Reporting Channels
While Turkey has units like USOM (National Cyber Incident Response Center) to track these events, their structure differs from Western counterparts:
- The West (USA/EU): Transparency laws require cyber-attacks on critical infrastructure to be disclosed to the public.
- Turkey: Notifications made to USOM are classified as “confidential.” Institutions report the attack to the state, but the state does not disclose it to the public. This creates the impression you mentioned—as if the event never happened.
- Strategic and Political Reasons
Railways are the logistical backbone of the country. In a geopolitically volatile region like Turkey, the following factors play a role:
- National Security Concerns: Disclosing the method of an attack is often viewed as providing a “roadmap” for enemy actors or other hackers.
- Prestige: With the promotion of “National Signaling” projects, admitting that these systems were breached by hackers could damage the country’s technological image.
- Lack of Mandatory Public Disclosure Laws
While new cybersecurity regulations (such as Law No. 7545 effective as of 2026) have tightened audits, these laws focus on internal penalties rather than requiring public transparency.
Turkey vs. The World: Reporting Comparison Table
| Region | Action Taken After an Attack | Public Narrative |
|—|—|—|
| USA (CISA) | Publishes detailed technical reports (with CVE codes). | “Line X was hacked; take these precautions.” |
| EU (ENISA) | Fines the company and discloses the report. | “A system vulnerability was found; data leaked.” |
| Russia/China | Often hides them or labels them as “sabotage.” | “Enemy elements were neutralized.” |
| Turkey | Internal report is filed; public is not informed. | “A technical malfunction is being resolved.” |
In summary: Your observation is spot on. Cyber-attacks on railway systems in Turkey are not reported not because they aren’t happening, but because of a policy of “strategic silence.” While other nations view cybersecurity as a matter of public awareness and disclose everything, Turkey treats it as a “state secret” and a “security matter,” keeping it behind closed doors. This creates the illusion that the system is untouched, hiding the true scale of the cyber-siege from the public eye.
Bir yanıt yazın