There is a war out there, old friend. A world war. And it is not about who has got the most bullets. It is about who controls the information. What we see and hear, how we work, what we think…it is all about the information. (From the movie Sneakers, 1992)
Cyber security is today a matter which concerns organisations, institutions and companies. It represents a war fought with a simple computer and can target anyone, anywhere, anytime. A war that does not involve the use of bombs, missiles and tanks; a silent war, which leaves neither marks nor fallen warriors, but which is capable of producing the same devastating results as a bombing. Thus, cyber warfare is the old war with new weapons.
In recent years, however, cybercrime has changed radically: at the beginning, independent and anarchist hackers of the 90’s organised themselves into professional groups but they were divided in two categories: those ones who pursued anarchist and political purposes – such as Snowden, Assange or Anonymous – and the other ones who pursued profit intents, such as most cyber-criminals. More recently, the arch-enemy has turned out to be a sovereign state, any terrorist organisation or a single hacker who steals identity, violates privacy and hunts for secrets to be disclosed.
The world at large is becoming increasingly connected and integrated and it inevitably leads to the need of benefitting from a universal access to data and information. The dependence of the modern society on a system of a functional, secure and resistant network entails the institution of a new operational domain, the cybernetic one, which must be preserved and defended. In 2012, the World Economic Forum in Davos already pinpointed cyber-attacks among the top five global threats due to their likelihood of occurrence.
In fact, the impact of cyber-attacks on networks and IT services can be outstandingly destructive and cause unpredictable consequences for the society as a whole. Furthermore, especially in recent years, there has been a transition from cybercrime, which affected private individuals, to attacks affecting and paralyzing the IT structures of entire country systems, as known as critical infrastructures.
Then, as well as the battle for medical research inevitably stumbles on a new virus that requires a cutting edge therapy, also the exponential technological evolution of cyber weapons needs the development of security countermeasures.
In the last annual report to the Parliament, the Italian Department and Security (DIS) has illustrated the most salient aspects of the cyber threat and the measures adopted by Italy to copy with this phenomenon.
In detail, DIS highlighted how the cyber threat still represents a privileged tool in attacking both public and private targets of strategic importance for the country. Moreover, thanks to a constant and massive monitoring on Techniques, Tactics and Procedures (TTP) adopted by cyber-criminals, the Department has detected a progressive enhancement in the quality and complexity of cyber-attacks.
Hence, the primary challenge for DIS continues to be the contrast to cyber offensive operations through a strengthening of its countermeasures for protecting information systems.
The more a cyber-attack is well-identified, the more the countermeasures are effective. For this reason, the Department analyses the cyber threat by two aspects: potential targets and perpetrators.
On the prospective of targets, in 2019, IT systems of central and local public administrations were the most affected, specifically 73 percent. The most noteworthy detail is that the attacks against central public administrations have increased by 10 percent, while those ones affecting local authorities have registered a 16 percent decrease. This privileged interest of cyber criminals against central public administrations finds its meaning in the great quantity of data managed by these bodies.
Looking at the threat from the perspective of hostile actors, the Department pinpoints hacktivists as the principal perpetrators (73 percent), followed up by state-origin groups (12 percent) which have recorded a decrease compared to 2018.
This decrease, however, instead of an effective drop in state-origin attacks, might be the result of a growing availability of malicious systems in the dark web which contribute to obscure the cyber-attackers identity.
DIS has acknowledged that technological development – along with its related challenges – has taken on a relevant geopolitical and geostrategic dimension, thus upholding the need to strengthen the cyber resilience of our country. By virtue of this latter purpose, the Department is strong-willed to manage the risks linked to the implementation of 5G technology, which could act as a backdrop of an abuse from hostile actors.
Furthermore, the most significant development recorded by the national cyber security strategy has been the establishment of the “cyber security perimeter”: it identifies and protects public and private operators which have a key-role in the state market and use networks, information systems and IT services which, if attacked, would cause enormous damage to national security. The perimeter foresees:
notification of attacks, to ensure an immediate reaction from the structures involved;
security measures meant to boost the overall level of cybersecurity in Italy;
technological screening of ICT supplies belonging to specific, crucial categories;
inspection and sanctioning activities by the Presidency of the Council of Ministers and the Economic Development Ministry (MiSE), respectively for public and private subjects.
In 2019, the Italian Computer Security Incident Response Team (CSIRT) has been established within the Department of Intelligence and Security to tackle the cyber threat, according to the European Directive on security of Network and Information Systems (NIS) enacted in 2016 and adopted by Italy in 2018.
CSIRT aims to optimize the effectiveness of the country’s prevention and response to cyber-attacks against public and private targets, through led-in-depth analysis of risks and their management.
In case of a serious and imminent risk for national security connected to the vulnerability of networks, information systems and IT services, the Italian Premier is empowered to order – after deliberation by Inter-ministerial Committee for the Security of the Republic (CISR) – the total or partial deactivation of the devices employed in networks, systems or services involved.
The advent of new technologies and artificial intelligence has certainly contributed to the technological and economic development of single countries and it allows them to keep up with the world’s super powers. However, what could be considered as a quid pluris for a specific country, can result in the increased risk to be targeted by cyber-attacks with the intent of stealing sensitive data and knowledge.
Italy is facing this challenge through growing investments and sharpening its national security-architecture.
However, along with a national commitment in the sector, it is necessary to extend international cooperation in order to further ensure each state the security of own networks and interconnected systems.
After all, no nation is safe until every nation is safe.
Cristina Semeraro, Analyst – Vision & Global Trends. International Institute for Global Analyses