Sunday, May 5, 2024

Vogon Today

Selected News from the Galaxy

StartMag

How will the cybersecurity agency work?

3 years ago babelfish

How will the cybersecurity agency work?

The effectiveness of the new cybersecurity agency will also depend on the ability to coordinate with the Dis (Aisi and Aise) and to involve the research and entrepreneurial excellence of Made in Italy. The intervention of Francesco D'Arrigo, director of the Italian Institute for Strategic Studies

As highlighted by all the intelligence agencies, some autocratic and totalitarian states are taking advantage of the global pandemic crisis to consolidate their power and extend their influence.

In addition to the war on Covid-19 , Western democracies are experiencing a permanent state of war, conducted through intelligence services, diplomacy, economics and finance, vaccines, espionage and the media. A real hydride war that uses disinformation and psychological operations, aimed at the manipulation of public opinion.

Hybrid War (HW) can be defined as a war in which non-state actors work in parallel with state actors to influence perceived reality.

In the attacks carried out in recent years, such as propaganda, disinformation, deception, sabotage and other non-military tactics used to destabilize adversaries, effectiveness has increased thanks to their speed, intensity, continuous technological innovation and global interconnectivity. . The hacker attacks against Colonial Pipeline and the one against the American company SolarWinds Corps , the latest in order of time, demonstrate how it is possible to disrupt the normal lives of millions of citizens through an invisible war, apparently less bloody but with devastating effects.

Furthermore, the progressive reduction of the capacity to protect secrecy due to the advancement of social media and the extension of “intelligent” surveillance increasingly increases the capacity of new technologies to cause sudden shocks and affect international relations.

By intertwining all these elements, we can identify the common factor that characterizes the so-called Big Tech, social media – and the illiberal intent that characterizes some ways of using Artificial Intelligence and data coming from hyper-connected IoT devices (Internet of Things) , from government archives, e-commerce and our online activities.

They compose huge databases of information and user behavior (ie Big Data) that allow states and technology companies to transform "individuals" into "numbers" in order to manipulate their actions, decisions and attitudes through social media, apps, e-commerce websites and telecommunications operators.

Big Tech and social media – with their design optimized for the exclusive purpose of profit – over truth and giving priority to virality over the quality of information – have fostered confusion, disinformation, the spread of terrorist messages and videos. and created obstacles to international governance. We can all see the result of the plague of false news in the dangerously corrosive effects that disinformation through social media can have on the health of a democracy and its ability to function effectively in the current political context of pandemic crisis. We can see this in the anti-science and anti-expert ethos that has infected much of the "debates" about climate change and pandemic responses.

We can also see how disinformation conducted through social media has also contributed to the growing contempt for international cooperation and international organizations more generally, and prevented effective governance of public health, favoring conspiracy theories and no-vax.

It would take too long to analyze in this context all the repercussions on freedom of expression, on the influence exerted by social media during and after the last US presidential elections, but it is now clear that Big Tech, some IT platforms and social media represent a form of uncontrollable power that uses apparently friendly technologies, transforming them into a threatening, non-governable dual use tool based on an undemocratic interaction between information, technology, power and intelligence.

But what is the context in which Italian intelligence operates?

With few tragic areas of exception (the system has not seen the arrival, or has not been able to alert the political decision maker of the pandemic wave, despite all the warning lights flashing red), Italy is reassuming control of the management of the crisis since Covid-19 with the choices made by Prime Minister Draghi, through a completely different political strategy that is not to lock everyone up in generalized lockdowns, but once the experts have been heard evaluate the situation and take responsibility for decisions based on risk assessment and leadership policy.

But Italy is vulnerable and the challenges are ahead of us. Despite the discovery of reliable vaccines, the pandemic is far from over and, as it drags on, the risks will increase as the country moves from the socio-economic crisis response to a new and unknown normal within a radically changed geopolitical scenario. it's dangerous.

While the government moves to implement necessary and no longer postponable reforms envisaged by the PNRR, it will have to be hyper-vigilant in defending itself from any threats to strategic infrastructures and to the social fabric that could undermine citizens' trust and support for the country's democratic institutions.

Any impediment to economic recovery and the defense of strategic sectors and companies will pose immense challenges to the country's prosperity and security and, by extension, to its capacity for democratic governance.

It is in this troubled context that the reflection on the role of the Intelligence Community and of the nascent “Italian Cybersecurity Agency” fits.

Going beyond the conventional notions of cyber security and defense, what role will be outlined for the Intelligence Community in cyberspace? How can the Intelligence Community contribute to the institutionalization of the ability to distinguish truth from fake news and information from disinformation? How can it strengthen the country's public and strategic communication infrastructure? How can it build the ability to protect Italy not only from malicious foreign governments, but also from the increasingly serious threats posed by internet trolls, bots, conspiracy theory sellers, hackers, radicalization, industrial espionage, propaganda, influence, etc. .?

To date, the role of our intelligence agencies in the digital space has been focused on the fight against cyber interference from foreign countries, fraud and cyber threats related to criminal activities.

The task of preventing the undemocratic manipulation of social media and the digital space is today in the hands of Big Tech and social media platforms themselves. But the question is now clear: one cannot absolutely count on the self-regulation of Big Tech alone in the face of the risks that Western democracies and our country have to face.

The challenge for every democratic state will be to overcome the storm by supporting and strengthening its fundamental democratic principles, providing the intelligence community and the new Italian Cybersecurity Center with the appropriate legislative tools and resources to safeguard democracy against these cyber threats.

The new structure that will be established with the governance reform designed by the delegated authority Franco Gabrielli, which envisages the birth of a cyber agency outside the intelligence sector and the return of the cyber "operations" of the 007s, must have the mandate and the skills to protect us also from ourselves, that is a mission that contemplates unorthodox measures not only to counter and react to foreign interference campaigns but that can actively block interference and internal disinformation campaigns that use Big Tech and social media. A controversial issue in Italy, where the measures that could impact on the privacy or freedom of the individual would certainly be accepted by citizens, as they serve the security of the community in a moment of crisis, while they would not be if used for other purposes of "Bureaucratic or fiscal interest".

More prosaically, though, the scope of any intrusive rule is unlikely to exceed what most social media users freely grant to their various platform providers under the terms of their license, service or user agreements.

Surely the innovative project of Undersecretary Gabrielli will not fail to analyze and draw useful information from the best practices of other NATO allies, to orient and understand how to structure this new reality, which will be born outside our intelligence agencies and will contain the " Cybersecurity Coordination Center "that Italy will have to connect to the network of the European Cyber ​​Competence Center in Bucharest.

If we analyze the tasks and functions of agencies such as the National Security Agency (NSA), it is immediately clear that it is responsible for the global monitoring, collection and processing of intelligence and counter-espionage information from electronic signals and has the task of also protect communication networks and information systems, monitor the entire national territory, protect the data and messages that daily involve the institutions (ministries, parliament, embassies) and protect it from attacks of any kind. In the UK this task is carried out by the Government Communications Headquarters (GCHQ) which shares the global collection and surveillance system (Dishfire) with the US NSA and collects and analyzes a huge amount of both raw and structured data from all over the world and processes them. with Prefer analytics software and the secret Tempora surveillance program.

As summarized in the paper Intelligence Hyper Loop by Fabio Vanorio and myself, in an anarchic world like that of Intelligence, in which there are no rules or authorities that guarantee order, only the creation of massive data assets together with the ability and automation in dealing with them will guarantee the state Intelligence Communities to survive as a relevant function of the decision-making process in matters of national security, avoiding giving way to similar adversary or private components.

The effectiveness of the new cybersecurity agency will also depend on the ability to coordinate with the Dis (AISI and AISE) and to involve the research and entrepreneurial excellence of Made in Italy. A system that will have to ensure "anti-fragility" and deterrence and reaction capabilities within the national cyber defense perimeter, to guarantee the protection of strategic infrastructures, essential services (energy, transport, hospitals) and national security, defined by David Omand, as “the citizen's confidence that the risks of everyday life, both man-made threats and impersonal dangers, are adequately addressed so that one can lead a normal life”.

And in this scenario of hybrid war, the very delicate Political Decision – Intelligence relationship becomes vital for the safeguarding of the State, for national security and the well-being of citizens.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/mondo/come-funzionera-lagenzia-italiana-di-cybersecurity/ on Tue, 18 May 2021 07:37:52 +0000.