We need a national security algorithm for the cloud Pa. The auspices of Carta (Leonardo)
What emerged during the event “Cyber security and challenges for Italy. A new ecosystem between public and private? " promoted by Ispi. Carta's intervention (Leonardo)
"We are not year zero" on cybersecurity in our country.
"It doesn't all start with decree 82 of 2021, the one that provides for the establishment of the National Cybersecurity Agency", underlined Franco Gabrielli , undersecretary to the presidency of the Council, delegated authority for the security of the Republic, speaking at the conference in streaming “Cyber security and challenges for Italy. A new ecosystem between public and private? ”, Promoted by Ispi , in collaboration with Leonardo.
“But precisely because there have been delays and overlaps in the path made in recent years, now the first answer to be given is from the point of view of unity and coherence of behavior”, Gabrielli specified.
“The regulatory intervention, by decree, was more than justified” according to Luciano Carta, president of Leonardo. "It was absolutely essential to take action taking into account both the intensification of cyber attacks on the critical infrastructures of our country – from 147 in 2019 to 509 in 2020 – and the necessary rationalization and coordination interventions in the field of cyber security".
Furthermore, "Italy could not be left behind and thanks to the decree establishing the Cybersecurity Agency, our country will have further tools to be on a par with other European countries", pointed out the president of Leonardo.
Despite the step forward represented by the establishment of the cyber agency, there are still some critical issues for Carta such as the transfer of sensitive data to cloud infrastructures. Precisely for this reason, he hopes for the creation of a national encryption algorithm certified by the National Security Authority.
Here is everything that emerged during the debate introduced by the ISPI president, Giampiero Massolo and moderated by Fabio Rugge, Head of the ISPI Cybersecurity Observatory.
THE DRAGHI GOVERNMENT DECREE
The decree-law 14 June 2021 n. 82 "Urgent provisions on Cybersecurity, definition of the national Cybersecurity architecture and establishment of the National Cybersecurity Agency" is to be considered "the result of a process initiated by the European" Nis "directive of 2016, the year in which NATO recognized cyberspace as an operational domain on a par with land, sea and air ”, recalled Luciano Carta. In 2019, with Law 133, our country established the National Cyber Security Perimeter. And today, thanks to the decree approved by the Council of Ministers, the perimeter has been expanded, in parallel with what happened with the strategic perimeters protected by the updated legislation on golden power.
THE GOAL OF THE NATIONAL CYBERSECURITY AGENCY
“We very strongly wanted the nascent Agency, albeit distinct in the modalities and scope of action from the sector, to remain in the area of National Security” explained Franco Gabrielli. "Another ambition that the Agency sets itself is that of contributing to that often evoked 'technological autonomy' which is one of the cornerstones, together with the principle that in my opinion must be declined together with that of security which is that of sovereignty" .
GABRIELLI: "A WORK FORCE DEDICATED TO THIS SECTOR"
"We also want to create in our country, in a delicate strategic sector, a 'work force' dedicated to this specific sector" said the undersecretary.
"And the fact that the government first and, we hope, the parliament then, agreed to remunerate highly qualified people, to imagine a more flexible way of employing the workforce" goes with a view to "creating a system that produces a national 'work force' ".
A STRONG PUBLIC-PRIVATE PARTNERSHIP IS NEEDED
An ambitious but achievable goal according to Gabrielli, who cannot ignore "a truly unified strategy", "a strong partnership between public and private", a "solid relationship with the world of academia", "very high professional profiles qualification and adequately remunerated ".
The Agency "will be able to count on a team of experts capable of achieving important synergies between industry, research, the police forces and the world of intelligence", explains the president of the former Finmeccanica Luciano Carta.
ATTENTION TO THE TRANSIT OF SENSITIVE DATA TO CLOUD INFRASTRUCTURES
But for the president of Leonardo "a very critical element not to be underestimated is represented by the transit of sensitive company data to the cloud or other receiving technological infrastructures". According to the Charter, "the current characteristics of the internet do not guarantee that a digital data, originating in Italy and destined to remain in Italy, does not 'cross over' during transit".
A NATIONAL ENCRYPTION ALGORITHM IS REQUIRED
Precisely for these reasons, according to the president of Leonardo, “it would therefore be important to provide for a data protection mechanism through an exclusively 'national' encryption algorithm certified by the National Security Authority which manages and distributes the necessary protection keys. Even so, it contributes to strengthening the national defense perimeter from possible exfiltration ”, pointed out Carta, former director of the Aise (External Information and Security Agency) .
PAPER: "AN INTERNATIONAL AGREEMENT TO FIGHT CYBER THREATS"
Furthermore, for Carta "prevention is fundamental but it is not enough: we need a proactive as well as a defensive approach."
"The National Cybersecurity Agency will certainly fulfill the fundamental role of limiting the damage of a potential cyber attack, however other countries – such as Great Britain, France and the United States – are focusing on the possibility of taking proactive actions and more defensive, meaning these as advanced forms of defense ". “There are different approaches, including at the legislative level, and I believe that a harmonized regulatory system would be needed to allow states to react promptly and effectively. I am thinking, for example, of streamlined action tools to equip intelligence agencies ”, concluded the president of Leonardo.
SEVERINO: THE PANDEMIC CRISIS HAS INCREASED THE RISKS OF CYBER ATTACKS
Finally, "the pandemic crisis has increased the risks of cyberattacks exponentially" highlighted Paola Severino , vice president and director of the Luiss Master in Cybersecurity, during the conference "Cyber security and challenges for Italy".
“We are dealing with attacks that are often difficult to identify – said Severino – which are not always reported by companies for reputational reasons and which are often not recognizable. There are viruses that to 'infect' our PCs no longer require the opening of an email or a simple click ". In a framework such as this, “the regulatory limits do not allow the struggle to continue on a global level. Prevention loses its effectiveness without adequate sanctions, but international agreements are needed for sanctions: in the absence of such agreements, cyberattacks are destined to increase in quality and, above all, in quantity ”, concluded Severino .
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/serve-un-algoritmo-nazionale-di-sicurezza-per-il-cloud-pa-gli-auspici-di-carta-leonardo/ on Thu, 08 Jul 2021 06:46:41 +0000.