How to stem cyber attacks on the National Network
Cybersecurity: the human factor is fundamental
The defense strategy against cyber attacks rests on three pillars: digital, application, and organizational security. Without forgetting that they must be integrated with the human factor.
by Luciano Castro for “Italia Oggi Sette”
Cybersecurity: The conflict that is being fought in the IT domain is, in fact, invisible but no less real and dangerous. The alarm of possible attacks against the government, public administration, and Italian companies comes from various quarters: the Csirt (Computer security incident response team), the operational nucleus of the National Cybersecurity Agency, has signaled “maximum alert for Russian cyberattacks in Italy ».
The former chief of police and civil protection, Franco Gabrielli, now undersecretary to the presidency of the Council with responsibility for national security, recently reiterated that in Italy there were already “signs of a crisis before the war began”, but that unfortunately at the moment “we are paying for the structural limitations of an inadequate public server system”. The alarm was also raised by the president of Copasir, Adolfo Urso, who underlined the urgency of “accelerating the construction of the National Cybersecurity Agency, implementing the security perimeter, creating the national cloud for public administration data”.
Everyone agrees not only on the imminent possibility of cyber attacks on the national network but also on the ability of Russian hackers to bring the economic apparatus of a state and its strategic infrastructures to their knees, which at the moment are decidedly unprepared. So how can we defend ourselves?
The IT security of a State is strengthened precisely through three pillars of intervention: infrastructural security; application or digital security; organizational security. By infrastructural security, we mean the security of the servers, of the country’s strategic infrastructures, of the public administration which sees the migration of sensitive data on the cloud platform as one of the most appropriate tools available to institutions to improve the cyber «defensive posture» of the country.
How to do it? Through an ever-increasing operation of the newly established National Cybersecurity Agency, which we know to have in addition to the skills in the field of the national cyber security perimeter, security and integrity of electronic communications, networks, and information systems, also the skills that regulate the levels minimum security, capacity and reliability of digital infrastructures for public administration as well as the characteristics of quality, security, performance and scalability, interoperability, portability of cloud services for public administration.
Furthermore, by acting on the implementation of the national cloud strategy and the regulation for the cloud, which dictate the rules of security, capacity, and reliability of digital infrastructures for public administration, promoting the implementation of the country’s operating system also through the adoption of cloud computing in the public sector. And, again, with the establishment of the National Strategic Pole (PSN). As indicated in the Italy cloud strategy, the Hub will be geographically distributed throughout the country at appropriately identified sites, to ensure adequate levels of operational continuity and fault tolerance. With one goal: to host critical and strategic data and services of central and non-central administrations.
The second pillar of intervention has the ultimate goal of guaranteeing application or digital security concerning processes and people who develop and produce the IT tools necessary to defend our data and our strategic information. In this phase, particular care is required in the action and programming of the tools in order to comply with the quality and safety standards adopted as benchmarks and to monitor that these are applied and maintained over time, through sectoral and transversal controls (from penetration testing to vulnerability assessment).
Because every day new viruses and new types of malware or cyber weapons are born: they are zero-day exploits, which is the method used by hackers to attack systems with a previously unidentified vulnerability to cause damage or steal data from an affected system. And every day there are new ones. From here we inevitably arrive at the third pillar: organizational security. Which passes through training, organization, and a new concept of digital culture capable of insisting on that factor that can make the difference, that can mark the watershed between winning or losing a battle: the human factor.
Constant updates, process management, and vertical and technical training are the foundations of a protected and secure state architecture. Because it becomes decisive to understand that the real threat that a country runs is not defacement (as happened for the Lazio region through very banal ransomware), i.e. the attack of piracy that changes a site, but the possible leakage of sensitive data and information.
The real danger that must be contained is represented by information leakage, not by attacks by petty cyber gangsters.
Csirt has published a series of guidelines and mitigation actions (reduction of the external attack surface; reduction of the internal attack surface; stringent control of access to systems/services; monitoring of logs, network traffic, and activities carried out by administration account; internal organization for the preparation and management of cyber crises; planning of the revision of its IT infrastructures with a view to zero Trust; supporting internal and external info sharing) to counter the scenario of danger caused by the Russian-Ukrainian conflict, but the ambition must be to look to the future and not to the short term.
Our strategic infrastructures, our data, our sensitive information will never be protected and safe until the country reaches a level of cyber resilience adequate to recurring threats until it reaches independence and national strategic autonomy in the cyber field until it will systematize the three pillars, digital, application and organizational security, with the factor that matters most of all. The human factor. Because we are men who build machines, not vice versa.
Do you want to know more about me? Get in touch!
Read the full article on Italia Oggi