Open Doors in Asymmetric Warfare

Asymmetric warfare is a form of conflict that operates outside of conventional combat methods, typically characterized by the use of technological superiority in small-scale, creative operations. Remotely accessible technologies play a critical role in this type of warfare. Israel’s operation against Hezbollah demonstrated a capability that extended beyond merely monitoring a group’s movements to inflicting physical harm. The arming of ordinary communication devices, such as pagers, with explosives once again highlighted the role of technology in asymmetric infiltration and attack tactics.

The concept of the Internet of Things (IoT) can introduce a new dimension to these conflict scenarios, particularly for remotely accessible devices, including electric vehicles. Remotely controlled vehicles can create defensive vulnerabilities in both logistical and operational processes. Specific electronic components like battery management systems or autonomous driving algorithms—along with any IoT-enabled product that is becoming increasingly prevalent in homes, institutions, and essentially every sphere of human activity—can be manipulated to open the door for sabotage.

Signaling Warfare: The Hezbollah Example

The operation carried out by Israel using pagers demonstrates how critical signaling technologies are in modern warfare. This event reveals that signal-based warfare is not only capable of causing communication disruptions but also of physically destroying targets. Next-generation intelligence and warfare doctrines encompass a wide spectrum, from small-scale operations to mass attacks. Every technology that allows remote access carries the same inherent risks. We have all witnessed remote attacks capable of triggering mass-scale incidents.

If their adoption becomes widespread, it would be relatively easy for attackers to remotely interfere with electric vehicles—disrupting traffic and, even if only partially, daily life in megacities. This is because IoT represents interconnected technologies that continuously communicate and share data. This technology creates serious security risks and ethical concerns. However, this underlying dynamic exposes the same risks across every field associated with IoT.

“IoT poses a security risk because the device owner and the data owner are not necessarily the same person. This is because there is no legal basis for the actual ownership of data. The data owner is the data curator or controller. Here, we highlight the point about the legal impossibility of owning data. This is because data does not have an owner; instead, there is an organization that has the legal right to control and manage the data.” (Anthonysamy et al., 2017)

The Role of Domestic Production in an Evolving Security Doctrine

It is quite clear that all imported technological products require stringent security measures, authorization, and oversight at every stage, from production to shipment. Consequently, the domestic production of electronic devices is becoming a matter of strategic importance for national security.

The Israeli operation has demonstrated that imported technologies are vulnerable to manipulation within the supply chain. Domestic production is one of the most effective ways to minimize such risks. In complex technologies, having the entire production process under local oversight reduces both cyber and physical security risks. For electronic devices in particular, the domestic development of software management systems, power transmission mechanisms, and sensors can prevent external interference. Furthermore, domestic software solutions facilitate the detection of security vulnerabilities and provide the capability for a preemptive defense against national security threats. However, a manufacturer’s status as a “domestic” producer will not entirely eliminate potential issues. The measures that the manufacturer must implement throughout all stages of research, development, and production must be compliant with the security protocols prescribed by national and international standards.

Securing the Technology Supply Chain: From Production to Shipment

Supply chain security plays a vital role in the protection of modern technologies. In Israel’s operation against Hezbollah, the manipulation of pagers within the supply chain revealed just how vulnerable this process is. Battery cells, electronic devices, and various hardware produced in countries that make no effort to comply with global security standards can be susceptible to external interference. To mitigate these risks, it is essential to implement protective measures throughout all processes, from production to shipment.

To prevent such occurrences, the movement of every component within the supply chain can be securely tracked using advanced cryptography-based monitoring systems. Regular audits can be conducted, incorporating physical security screenings, to ensure that devices are not sabotaged during manufacturing or transit. Furthermore, through an operational infrastructure compliant with established standards and certification processes, all these procedures can be formally maintained and certified in accordance with international standards such as ISO 28000 and ISO 27001.

Can Access Control Technologies Prevent Infiltration Attempts into Data Clouds?

Card-based and biometric access control technologies are indispensable, especially in critical infrastructures, economic, transportation, and logistics organizations, as well as in manufacturing, industrial, and military facilities. As core components for controlling human mobility and managing authorization and oversight, access control systems must be designed to be perpetually vigilant against all forms of virtual and physical sabotage. However, current intelligence and attack tactics make it clear that these technologies require a strict security discipline throughout the entire process, from production to end-user delivery. To counter such threats, all software used in access control technologies must be resilient to cyber-attacks. It is also crucial to test for system vulnerabilities through regular security scans and simulations. Furthermore, to prevent the physical manipulation of devices, compliance with international security standards must be maintained in packaging, shipping, and infrastructure deployment.

Meanwhile, attack and intelligence-gathering efforts are increasingly concentrating on IoT and cloud-based systems. This data becomes vulnerable to fraud, attacks, and sabotage attempts by anonymous identities that are either authorized or have gained unauthorized access. However, protecting these systems behind a security barrier, making them inaccessible to anyone but authorized personnel, is achievable through multi-layered, biometric-based identity authentication technologies. Deficiencies in the authorization processes applied to the storage and processing of big data open the door to risks specified in regulations like KVKK and GDPR. The importance of the following measures in these processes is abundantly clear: securing data with encryption protocols; subjecting individuals involved in data access and processing to multi-layered identity authentication audits; and authorizing all cloud-based software and hardware that hosts big data through multi-layered biometric identity verification.

“The cloud is a new information technology that provides on-demand, single-point access to distributed resources. Features of this technology include the ability for users to operate independently and ubiquitous access to the cloud—anytime, anywhere, and from any device. Additionally, pools of resources are presented to users as a menu of services, enabling them to freely scale their resource allocation up or down, which leads to the widespread adoption of this technology. The use of the cloud in biometric technologies significantly reduces security and privacy concerns and aids in the prompt prevention of undesirable incidents.” (Mahmudova, 2016)

The Required Security Level for Technology Manufacturers: NATO Standards

It is a critical requirement for technology manufacturers to produce in compliance with NATO standards to ensure security in both military and civilian domains. NATO standards cover not only the performance of devices but also supply chain security and software integrity.

The standards also include certification processes that enhance the resilience of systems against external interference. In an era where modern warfare is conducted via electronic devices, measures that comply with global security standards are of vital importance for both individual and national security.

In addition to being a NATO member, Türkiye places great importance on domestic and national production based on high value-added technology, particularly in the defense industry. Technologies developed within this framework are designed and manufactured in accordance with NATO standards. As a result, technologies developed in Türkiye can be used securely worldwide, especially by member countries. One of the most significant reasons underlying this is the nation’s continuously updated national security strategies.

Within the framework of the National Cyber Security Strategy and Action Plan, the necessity of taking measures against increasingly sophisticated attack and intelligence activities has been described as follows:

“The growing complexity of threats, coupled with the increase in cyber threat actors and attack vectors, and the emergence of hybrid threats that include cyber components, reveals that the cyber defense approach developed against these elements must be enhanced simultaneously and proportionally.” (Republic of Türkiye Ministry of Transport and Infrastructure, 2024)

With Facility Security Clearances approved by NATO and the Republic of Türkiye Ministry of National Defence, Ones Technology meets high security standards across all its supply chain processes—from design and R&D to software, production, and shipment. As a result, it provides a secure access control and oversight infrastructure to the critical institutions it serves, both domestically and internationally.

The rise of the Turkish defense industry, along with localization and nationalization initiatives for critical technologies, components, and subsystems in response to embargoes, are also factors that necessitate a high level of security in domestic production. The biometric and card-based security and access control technologies that Ones Technology has domestically developed under its BioAffix brand, in compliance with NATO standards, can be used securely by member countries and worldwide. In addition, the high security standards maintained throughout its supply chain make Ones Technology a preferred choice for international partnerships.

References

Mendoza et al., Risks and security solutions existing in the Internet of things (IoT) in relation to Big Data, 2020 https://www.researchgate.net/publication/346819809_Risks_and_security_solutions_existing_in_the_Internet_of_things_IoT_in_relation_to_Big_Data

Anthonysmy et al., Privacy Requirements: Present & Future, 2017, https://www.researchgate.net/publication/318037140_Privacy_Requirements_Present_Future

Radanliev et al., AI security and cyber risk in IoT systems, 2024, https://www.frontiersin.org/journals/big-data/articles/10.3389/fdata.2024.1402745/full

Mahmudova et al., Big Data Challenges in Biometric Technology, 2016, https://www.researchgate.net/publication/306250585_Big_Data_Challenges_in_Biometric_Technology

Poul Brous et al., The dual effects of the Internet of Things (IoT): A systematic review of the benefits and risks of IoT adoption by organizations, 2020, https://www.sciencedirect.com/science/article/pii/S0268401218309022

T.C. Ulaştırma ve Altyapı Bakanlığı, Ulusal Siber Güvenlik Stratejisi, 2024, https://www.uab.gov.tr/uploads/pages/siber-guvenligin-yol-haritasi-yerli-ve-milli-tekno/ulusal-siber-guvenlik-stratejisi-2024-2028-66e97803f13ea.pdf