Friday, May 3, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Who writes the National Cybersecurity Strategy?

1 year ago babelfish

Who writes the National Cybersecurity Strategy?

For Michele Pinassi, head of Cybersecurity at the University of Siena, the Operating Manual linked to the National Cybersecurity Strategy could have been written by someone who works at Accenture. Possible?

According to the website of the Acn, or of the National Cybersecurity Authority, the body directly reporting to Palazzo Chigi which protects national interests in cyberspace by guaranteeing the implementation of the national cybersecurity strategy adopted by the Prime Minister, the National Strategy of Cybersecurity is used to plan, coordinate and implement measures aimed at making the country safer and more resilient.

The strategy in question provides for the achievement of 82 measures by 2026. "A path – reads the Authority's iito – under the banner of innovation defined by the National Cybersecurity Agency, which will also take care of checking that the objectives are achieved".

Also available on the Acn website is the Operational Manual for the implementation of measure #82 which contains the definition of metrics and Key Performance Indicators (KPI) to record the implementation process of the measures of the National Strategy. Now, someone has wondered: who draws up such important documents?

That someone in the present case is Michele Pinassi , former councilor in the Municipality of Siena for the 5Stelle and former group leader of Siena5Stelle, who today deals with IT security as Head of Cybersecurity of the University of Siena . He writes about himself in his blog : “I manage the telephone system of the University of Siena, taking care of its operation and migration to VoIP technology. Among other things, I independently created the entire VoIP telephone platform using only free software (OpenSIPS, Asterisk…) and also developing the frontend”.

But let's go back to the question posed by Pinassi: who writes those documents? The cybersecurity expert tried to understand it in the most classic and basic way: he downloaded the material made available from the institutional site and, with two clicks, traced back to the author. At least the presentation would be attributable to this "Nadia Gullo".

Pinassi writes on his LinkedIn profile: “I don't know how many Nadia Gullos there are in Italy and if one of them is an employee of the National Cybersecurity Agency. I wonder because the only Nadia Gullo I've found is a Security Consulting Consultant at Accenture and it would be really funny if ACN had had the important document on the Measure 82 Operating Manual drawn up by external personnel. Probably – he concludes -, they just forgot to check the PDF metadata. Or is it a challenge from some CTF in the ACN area? Maybe…".

We have taken up the questions posed by the former Sienese councilor because they have their own logic and dignity. Obviously it is necessary to clarify several things: the author of a document is not equivalent to an electronic signature, therefore he does not automatically attribute paternity to the same, making him responsible for what is written. This could, for example, be the person who closed the document, finalizing it for publication.

Also, there are homonyms. A simple LinkedIn search that leads to Accenture leaves no time unturned. Finally, it is no mystery that ministerial structures draw on external consultants who work in private companies. In this case, however, every connection should be highlighted by the Authority itself, also to nip in the bud possible conflicts of interest of the interested party or spheres of influence of certain companies in public documents.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/chi-scrive-la-strategia-nazionale-di-cybersicurezza/ on Mon, 06 Mar 2023 09:21:51 +0000.