Pietro de Leo
The hacker attack over the course of weeks has weakened the IT vulnerability within the Ministry of Environmental Transformation. The other one that hit Fatebenefratelli in Milan. What is Italy at risk and how vulnerable is it? Il Tempo talks about it with Remo Marini, Head of IT, Risk Operations and Security at Assicurazioni Generali. It starts from a contextual note, which is that in terms of preventing cyber attacks, “Italy is lagging behind”.
What are the main problems?
«In our country, as in all sectors, even in the cyber sphere, there is a problem of “fragmentation”, that is, different paths are chosen based on the types of reality. It must be said that the creation of the Cyber Security Agency is a good thing, but we are still behind. The public sector is a very public sector, for example, and it is struggling to expedite the issue. In the private sector, we must distinguish.”
By what logic?
“Big companies are investing in cyber security. On the other hand, small businesses do not have a budget and expose themselves to huge risks. Then there is the issue of infrastructure and human capital. It is difficult to find the necessary skills in our country, especially given the scarcity of availability of graduates in STEM (Science, Technology, Engineering and Mathematics) disciplines, while also affecting cybersecurity companies that cannot keep up with the demand. If we then add that the most capable often goes far…».
With these terms, are we exposed to a significant obstruction of services?
“Danger is everywhere. It is stronger in the healthcare world, and it was only recently that it was understood how important it is to invest in cybersecurity in the hospital sector. Also in the PA, the necessary adjustments were not made. In general, Italy is starting now, and fortunately we recognized the need. Certainly there was an enabling factor derived from the partial privatization of some critical infrastructure, I’m thinking of Enel for example… This means that investments have been made that have made it possible to resist the cyber attacks that have taken place.”
There are always two countries that fall into the alarm scenarios. Russia and China .. How weak are we?
“There is practically no match in front of them. These are countries with a technological level in these issues, especially China, much more advanced than our country, where many investments have been made. Or Russia, where the investments were more directed towards the government, as well as from the criminal associations that are in These areas. Being immune to their attacks is impossible. We should think, instead, of “resilience”: in the event of an attack, the ability to restore services as quickly as possible and ensure the continuity of one’s business. In this regard, there is a very useful tool Namely, risk transfer, that is, insurance against cyber attacks. In America, policies have been in place to cover the potential damage caused by cyber attacks for years. In Europe, especially in Italy, the problem is still very felt. But we know how it goes here, to realize the importance of a problem You have to go through it first.”
Back around Russia and China, we have two snapshots. The first is the Russian antivirus Kaspersky, which has recently been discontinued in the Palestinian Authority, and the second is Chinese-made video surveillance cameras used in many public offices and from which arose more than one concern. Are these tools really dangerous?
“In the event of a ‘technological war’ there is no limit to what we can do and we Westerners are very vulnerable to Chinese technology. However, antivirus software and cameras are examples that appeal to a less experienced audience.”
Does this mean that the risks are likely to be many?
“When you write a program or firmware, you can put a ‘backdoor’ everywhere and be able to perform countless actions.”
We explain to the least habitual.
“In the case of the so-called smart appliances, even the toaster or the washing machine can be controlled remotely. So in the event of a conflict any system can be exploited.”
How can this be handled?
“At least for everything related to prohibited or critical areas, a super-tested technology with a certain amount of Italian expertise must be adopted.”