Cyber quarrel between the Lazio Region, Engineering and Leonardo on security?
The safety of the Lazio Region at the center of the news
The trojan used to enslave the LazioCrea system, a malware called cryptolocker ransomware, allegedly passed through the company that deals with the security of the entire regional portal with the database of millions of clients, Engineering, writes Il Giornale : "But the investigators do not speak about this ”.
THE SAFETY OF LAZIO IN THE HANDS OF THE LEONARDO GROUP
The "levels" of security "we had were high. The security partner of the Region has been the Leonardo group for over two years. We are facing an act of a criminal and terrorist nature ", Alessio D'Amato, councilor for health of the Lazio Region told Gr1 yesterday ( the Lazio Crea company also uses Fastweb as a supplier; here the facts and the position of the company of the Swisscom group ).
LEONARDO'S PRECISATION
With regard to the agreement with the Lazio Region, Leonardo, when asked about it, clarified that he had never had the operational management of the monitoring and cyber protection services of Lazio Crea but that he had only provided governance services for the design of a Security operation ventre (Soc) and specifically to define processes and procedures as well as support regarding the legislation on the protection of personal data. Leonardo also explains that, at the request of Lazio Crea, it was involved, through the Cyber Crisis management team, in post-cyber attack recovery operations.
D'AMATO'S NOTE ON LEONARDO
“The contract between Lazio Crea and Leonardo is clear and needs no comments, I simply reported the subject of the agreement that has existed for over two years for three project phases, including vulnerability assessment and IT security procedures. Transparency in these cases is a must ”, Alessio D'Amato, the councilor for Health and Social and Health Integration of the Lazio Region, wrote in a note.
THE NOTE OF THE LAZIO REGION
"In 2018, the Lazio Region – reads a note from the body chaired by Nicola Zingaretti – joined a Consip agreement (renewed over the years) with an ATI led by the Leonardo group. The agreement has as its object exclusively governance services in the design of a Security Operation Center to define processes and procedures and also offering support in the context of what pertains to the legislation on the protection of personal data (GDPR) ". "Leonardo's Next Generation Soc – continues the note – was hired by Lazio Crea from the very first stages of the hacker attack through the Cyber Crisis Management Team (CCMT), made up of specialized figures, to identify the ways of compromise, eradicating the threat and following the recovery of the systems "The data and information – concludes the note – concerning the approximately 7 million vaccinations carried out so far in Lazio are safe".
HOW MUCH DID THE LAZIO REGION DISASTER RECOVERY PLAN COST?
How much did the "Disaster Recovery Plan" cost, which clearly did not work in the Lazio Region?
At least 3.4 million euros of your pockets.Three and a half million euros paid for the disaster we have just seen.
Makes you think, don't you think? pic.twitter.com/ISWzIgPWd5
– Matteo GP Flora (@lastknight) August 5, 2021
THE NOTE OF ENGINEERING
"With regard to what has just been published online on Repubblica.it, in relation to an alleged turn in the investigation into the cyber attack on the Lazio Region that would attribute its origin to an Engineering employee, the company – reads a note – reiterates with force what has already been stated. Engineering has not received any notification from the investigators regarding possible links between the event blocked in the bud that affected the Group and the attack on the Lazio Region. If the investigators had different evidences and had not notified and verified them with the Company, this would be very serious because the lack of collaboration between all the subjects involved could potentially facilitate the spread of the attack. Therefore, again, regarding the continuous inaccurate reconstructions circulating, Engineering clarifies that: 72 hours after the first communications to customers and the press, the in-depth and continuous analyzes carried out so far confirm and reinforce what has already been stated with respect to the absence of evidence that correlate the attack attempt blocked in the bud by Engineering and the one suffered by the Lazio Region. Obviously, if the ongoing checks highlight something different, Engineering would be the first to notify the competent authorities. Engineering, contrary to what is reported by some press, does not provide infrastructure or security services to the Lazio Region, which relies on other operators for this ".
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/cyber-diverbio-fra-regione-lazio-engineering-e-leonardo-sulla-sicurezza/ on Thu, 05 Aug 2021 10:38:18 +0000.