Saturday, May 4, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Because the Draghi government has strengthened the Golden Power

2 years ago babelfish

Because the Draghi government has strengthened the Golden Power

The analysis by Marco Mayer, professor at the Luiss Master in Cybersecurity, former advisor to the Minister of the Interior for Cybersecurity (2017-2018)

It's never too late! I am very happy that after ten years (see the intervention of the undersigned and other colleagues in 2013) Italy has finally equipped itself with an indispensable tool to face digital challenges by giving the Government special powers of a substantial and preventive nature.

With the new discipline and organization of the Golden Power, Italy will finally be able to face the threats and risks of a geopolitical nature often reported by the Intelligence, but on which politics had never taken organic decisions and specific directives.

Last year Startmag did well to dedicate a lot of space to the Alpi Aviation drone case because it is a school case to indicate the phenomenon of acquisition of Italian assets through opaque intermediaries.

The new Decree is a very positive example of coordination between political decision makers and information bodies. It implements, in fact, with unusual speed what is stated in the report of the services to the Parliament both in industrial and dual use matters:

“The protection of the country system also includes strengthening the operation of Golden Power in the health, cloud computing, microelectronics, sensors, civil aerospace, chemical and steel sectors. Cyberspace can open up extraordinary possibilities for progress or expose to dangers, even potentially damaging for the stability of the country system, whose safety cannot therefore be separated from the necessary overview of the complex implications of digital transformation ".

In the field of telecommunications, the most problematic aspect of the previous legislation concerned acquisitions, the issue of technological supplies and sub-supplies of telephone operators. The predominantly formal or abstract nature of ex post prescriptions did not provide for the monitoring of their application and consequently prevented a substantive verification of foreign supply chains from being carried out.

Precisely in these days of war a dramatic aspect could emerge that more than any other testifies to the extreme relevance of the matter. A large Chinese company DJI Co. Ltd has been supplying commercial drones to the Russian Federation for years, but as far as we know (I am unable to verify) these carriers are said to be used to encourage Russia's military invasion of Ukraine.

True or false (as emerges from this article by The Verge in a tweet a few days ago the Deputy Prime Minister of Ukraine Mykhailo Fedorov appealed to the Chinese company DJI Technology to try to prevent the military use of drones. news on Friday (from the Caixin Global Must-Read newsletter , obviously to be verified) that the company would have replied that it was unable to deactivate their operation, but declared itself available for further comparison. The exchange of letters is found in the following link .

I cited the case because beyond its truthfulness it indicates how important it is to implement a very careful policy for all the risky aspects relating to the dual.

Returning to the events at home , the cyber attack last Wednesday on the State Railways is certainly very worrying even in the hypothesis of its exclusively criminal nature for ransom.

Railways, motorways, ports and airports and more generally air, sea and land traffic (as well as aqueducts and hospitals) pertain to the double political dimension of public safety and national security.

On the facts it is necessary to respect the secret of the investigation relating to the PG investigations in progress, coordinated with the well-known professionalism of the Postal Police.

In general, it would not be bad for public and private organizations to indicate on their sites (obviously if they do not do everything internally) the external suppliers and sub-suppliers that operate in the field of cyber security, security, antivirus, video surveillance, etc.

Otherwise, as has happened so far – for example in the serious case of the cyber attack on the health service of the Lazio Region – it is difficult for companies and public institutions to treasure the lessons learned.

In my opinion, there is still too much opacity in the field of information security and telecommunications. Instead, transparency should be given to this important segment of the market to ensure that (beyond the strictly technical profiles) reputation and trust become the key factors for the decisions of decision makers.

In Italy – after the laudable example of Expo Milano – the Anti-Corruption Authority seems, but perhaps I'm wrong, to have lost a certain bite in the digital sector.

To protect consumers' rights, telco and digital companies should also indicate to the public the nationalities of those who own or control the company based on the shares held.

This is highly appreciated by citizens in the clothing or wine sector and it is not clear why when you choose a cell phone, telephone or IT service provider you do not need to know the ownership of origin.

For example, few know that Nokia smartphones for three years (2014/15/16) were American, that the Wind3 operator since 2018 is 100% Chinese, that Fastweb has been Swiss since 2013, etc.

The dissemination of this information to the public is also useful for raising awareness of the global risks inherent in digital technologies.

In more aware and informed environments (in Italy and abroad) it is certainly less difficult to identify the organizations and people capable of carrying out cyber intrusions and attacks.

It is true that they can launch them from anywhere in the world, but it is equally true that the people and organizations able to do so are a limited number.

The dissemination of the culture of security envisaged by law 124/2007 (in particular in a transversal and multi-domain field such as the Cyber ​​dimension) should therefore revive starting from high schools and universities.

Raising awareness among citizens is also fundamental because attributing an attack is not only a technological problem, but – to use a traditional investigative language – it is also a problem of territorial control.

To give a concrete example, the convergence and organizational integration between Digos, the anti-money laundering unit of the GdF, the Ros of the CC and the Postal Police represents one of the most important challenges for guaranteeing security in the digital societies in which we live.

Of course, this hybrid law enforcement action works well if it makes use of efficient international cooperation with Europol, the FBI and other police forces.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/perche-il-governo-draghi-ha-rafforzato-il-golden-power/ on Sun, 27 Mar 2022 06:06:01 +0000.