Sunday, April 28, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Cybersecurity, how Italy can catch up

2 years ago babelfish

Cybersecurity, how Italy can catch up

Who was there and what was said at the "Cybersecurity – Public administration and safe companies" event, organized by the Center for American Studies

In terms of cybersecurity, Italy "conquers" a sad record: our country was the first in Europe for ransomware attacks in March.

“From the ransomware attack on the Lazio Region to the Ddos attacks in the Senate . Moments that made it clear to us how fundamental IT security is for a country that aspires to play a leading role and to digitize its services ".

This is what Nunzia Ciardi, Deputy Director General of the National Cybersecurity Agency (Acn) explained, at the event “Cybersecurity – Public administration and safe companies”, organized by the American Studies Center in collaboration with Open Gate Italia and Edizioni Countries. The Acn is the national cyber security authority that must raise the country's cyber resilience.

“In addition to investing in digitization, we also need to talk about system security. Finally this argument has the dignity it deserves. We insiders discounted a bit of a periphery of thought, outside the forums this sector was not worrying for everyone. Today the topic sadly jumped to the headlines. It is at this moment that the National Cybersecurity Agency (Acn) was born, which is lagging behind other European countries. We arrive and serve a delay, in a situation that is not rosy. In all this, however, there are strong elements of positivity: the speed with which the agency was established, and it is not trivial ”, underlined Ciardi.

Here is everything that emerged from the meeting attended by, among others, Giuseppe Russo, Security Assurance Manager of Amazon Web Services Italy, and Cristiano Alborè, Portfolio Development Director of Telsy (Tim group).

CYBER-CRIMINALS EVEN RAPIDLY

“It is an emblematic phenomenon, a malware that encrypts data making it completely unavailable to the owner. If I am asked for a ransom to decrypt this data, I am tempted to pay. The most obvious defense is to create a backup, so that you have a copy off the network. But crime is evolving rapidly, ransomware has evolved, and attackers no longer demand ransom to decrypt data but not to publish it. There is a risk of enormous reputational damage to the image of the affected company ”, explained the deputy director of the ACN.

Furthermore, Ciardi pointed out, "a ransomware attack is very difficult to detect, a police force arriving at the crime scene is faced with all encrypted data and all operations take place in cryptocurrencies (including ransom) in the dark web where we find servers distributed all over the world. Investigation is complex and many are tempted to pay. Unfortunately, companies are tempted not to report, to pay to silence everything and not to suffer damage to their image. They range from 500 thousand euros to 8 million euros, very high figures that go to foster cybercrime, which is already growing a lot ".

HOW TO DEFEND

“The solution is to defend oneself better, invest in security – highlighted the number two of the National Cybersecurity Agency – We must understand that security is not a cost but an investment. Usually investments are made after an attack, it would be better to do it first to try to reduce the possibility of being attacked by a lot ". "We clear the field of the idea that absolute safety can be achieved, but we must reach an acceptable level where risks and benefits are able to find their balance, a sufficiently good level".

Therefore, Ciardi recalled, "the Acn will have tasks to help companies in the prevention of attacks and remediation, that is, once they are affected, we are alongside the subjects in restoring the operation of their systems (as in the cases of attacks on Railways and Mite) ".

THE TASK OF ACN: STIMULATE TECHNOLOGICAL AUTONOMY

First of all, the deputy director of the ACN reported: "We Europeans are big users of technology but we do not produce our own technology". Therefore “the Acn has the task of stimulating technological autonomy, European in the first instance and Italian in the second. Technological autonomy represents a driving force for the country's economy but because it represents security, otherwise it means serving a deficit in security ".

THE IMPORTANCE OF PUBLIC-PRIVATE PARTNERSHIPS

Furthermore, “precise professionalism is needed: we have a lack that is not only Italian but global. those few Italian skills, however, have gone out ”remarked Nunzia Ciardi. “The Acn is trying to get them back as well as stimulating new professionalism with partnership assets with schools and research bodies and public-private and international collaborations. The network has crumbled every space-time boundary, therefore collaboration must be a fundamental weapon to manage cyber security ".

BUY NATIONAL

The business world is of the same opinion.

"Synergy is fundamental and so is the public-private partnership because institutions have to invest and buy Italian products," said Emanuele Galtieri, CEO of Cy4Gate. "The other countries (Americans, Israelis for example) buy nationally, we have so far favored foreign products", underlined the head of Cy4gate.

And speaking of technological autonomy, according to Galtieri “it is pursued through partnerships. Companies and institutions must work together and overcome the dichotomies, to achieve that sufficient degree of cybersecurity to the point of bringing the country system to cyber tranquility. The paradigm for making a qualitative leap is precisely a public-private partnership ”highlights the CEO of Cy4gate.

COMING NIS 2

Furthermore, Nis 2 will soon be adopted, i.e. the proposal to update the 2016 Nis Directive with which the EU aims to strengthen the cyber security framework at European level. Therefore "we only have 2 years to comply with the directive that requires a high level of IT security", reported Annita Sciacovelli, professor of international law at the University of Bari Aldo Moro and the Unint of Rome and Cybersecurity specialist, Research Visiting Fellow at the Jerusalem Institute for Strategy and Security.

“We can create a hundred agencies, but we have to take effective measures. We can also create the best cybersecurity infrastructure but then we must also carry out an adequate risk management and risk assessment ”, Sciacovelli pointed out.

NOT ONLY PA, A NATIONAL CLOUD ALSO FOR SMEs

The acceleration in digitization is “The PNRR which is important to fill a gap, but the sector is constantly evolving. Criminal organizations always find ways to evolve ”, noted Stefano Mele, Partner of the Gianni & Origoni Law Firm and President of the Cyber ​​Security Commission of the Italian Atlantic Committee.

“And then there is the issue of SMEs in Italy which have an economic value of over 60% of GDP, but do not have a culture of resources and workforce to achieve the objectives of the cyber security perimeter. So it is politics that must find a solution. In fact, we are moving towards the creation of the PSN (national strategic pole for the national cloud) for the PA but it must also be created for SMEs ”, Mele hoped. Therefore, according to Mele "it is up to the state to offer one more solution: a national cloud for SMEs similar to that for PA, optional, with a small incoming payment, with the same levels of cyber security made available for Pa ".

AIMING FOR STRATEGIC AUTONOMY

Finally, "beyond training, it is necessary to make public-private interact and strive for strategic autonomy", recalled Federica Dieni, pentastellata deputy and vice president of Copasir.

“It is necessary to do this at least at the European and NATO level. The Ukrainian decree with articles 28 and 29 affirmed the possibility of bringing the cloud within the golden power legislation, and this is fundamental to preserve the national and EU strategic independence, at the same time it has allowed to differentiate security functions and obliging PAs to diversify. We must understand that we cannot compete for the most advantageous offer for the safety of our public administration with all the associated risks ”concluded Dieni.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/cybersecurity-come-italia-puo-recuperare-il-ritardo/ on Tue, 17 May 2022 06:57:11 +0000.