Italy: new technologies, training and governance of non-existent risk

(To Giorgio Giacinto)
28/10/19

Today the computer is in many cases "invisible" at least in the sense of a tool necessarily consisting of a more or less bulky central unit that contains the processor, disks, memory, etc., a keyboard, a monitor, and other peripherals.

As predicted in the 1998 Don Norman (The Invisible Computer, The MIT Press, 1998 - v.link), today the computer is present in many forms in our daily life. Smartphones, game consoles, smart TVs, connected cars are just a few examples.

The computer is also a central element in an ever-increasing number of industrial, manufacturing, service and healthcare activities. There is no human activity today that does not depend more or less closely on the computer or a computer network.

The usability of the "invisible" computer, hidden in many objects, has made popular tools until recently oriented to a specialist audience. Think for example of the amateur radio groups that over the years '70 and' 80 created groups accessible only to those who had the skills to install a radio station. Today this possibility is immediately available to anyone with a connected phone and registered on one of the many platforms for creating social networks. However, the ease with which the tools are used and connected to other people has not been accompanied by an in-depth reflection on information security.

Any computer other than storing information about us, also stores information about the people we are in contact with. It is also a powerful calculation resource that, when connected to the network, can be violated to be controlled by a stranger.

The invisibility of the computer (including all the smart tools) and the information it stores and processes makes it more difficult to perceive the dangers and risks involved. Among the many possible examples, I mention the "Mirai" network, built by violating thousands of network-connected devices such as surveillance cameras. The goal of the attackers was not to steal information, but to use the computational power to launch a DDoS (Distributed Denial of Service) attack which in the 2016 made most of the Internet sites for several hours inaccessible by the inhabitants of the east coast of the USA (for an in-depth description v.link).

This means that it is necessary not only to protect the information concerning our personal sphere and the information of the people we are in contact with and that we store in our systems, but to protect the systems themselves to prevent them from becoming real "weapons" in hand of attackers who invisibly take control of it to attack the real goals.

In the physical world we are very attentive to possible visible dangers to personal and other people's safety, so that to use professional work tools, operating machines or to drive a vehicle, it is necessary to attend courses and pass theoretical and practical exams.

At a time when computers are practically invisible but find themselves managing numerous tools that have an effect in the physical world and that, consequently, their interconnection on the network leads to potentially dangerous chain effects, what is done in the real world to mitigate the risk ?

The physical effect can in fact be achieved through chains of connections, starting from a computer not directly connected to a physical device, but which can be achieved through a relationship of trust between connected devices also allowed by the people who manage their use.

Let's focus for a moment on the smartphone, the most widespread connected object today.

Today we are not surprised that any smartphone immediately locates a person's face when we frame to take a picture. Yet up until a decade ago, this was a task that required high computing power and algorithms that were not always error-free. Today with the same smartphone we naturally move from commenting on the photos of our friend, to arranging a bank transfer, to managing contracts of various kinds, interacting with work documents and checking household appliances. The intuitive nature of the interaction unfortunately is not accompanied by the necessary awareness (awareness) of the risks due to malicious people who abuse our trust.

Now, since we were children, they teach us the rudiments of road traffic to make us immediately able to use the roads, understand the rules and signals, so that we can use them safely for ourselves and for others who use the road. When I was a child, an instrument like the elevator was forbidden before the completion of the 12 years and in the building where I lived the buttons were placed high, out of reach of a small child.

Now, it is clear to everyone that the rapid evolution of information technology and communication is a factor of development not only economic but also social, for the greater possibility of interacting, of knowing the world outside of its own search, of being able to seize opportunities .

But to be able to enjoy this opportunity it is necessary to immediately govern the risks and dangers to prevent the introduction and development of instruments so important for the improvement of individual and social well-being (let us think of the positive effects in the health world, both in terms of tools for treatment, both for the possibility of being able to offer treatment in geographically disadvantaged areas) to be arrested by a lack of widespread awareness of potential and risks.

If we look at the national scene, the situation is sadly bleak.

For many years in Italy the investment in education, in terms of positive government actions that assign resources, tasks and objectives, is completely absent.

The teaching of new technologies in elementary, middle and high schools, which should involve all students regardless of their educational background, is left to the voluntary initiative of individual schools and to the passion of individual teachers.

At university level there are specialized courses for the training of professionals, but their number is insufficient to cover the needs of the labor market (v.link).

Almost totally absent, even in the university field, is horizontal training in information technology and their security.
And if we think that there is no professional activity that today does not have to deal with IT ...

This scenario, besides representing a dangerous bell from the alarm for the competitiveness of our nation, which does not adequately form the skills necessary to deal with the rapid technological transformation in the international arena, is particularly critical for security since it becomes difficult to manage a "perimeter" of security when individuals are poorly aware that it is everyone's job to defend that perimeter.

The passion of different professors of schools of every order and grade, as well as the competences present in the academic field, must not be just a starting point for impromptu initiatives.

An in-depth study of the training objectives for each age group and the consequent training of teachers is needed.
One cannot rely on good will and knowledge acquired out of personal curiosity. As with any discipline, improvisation can cause damage.

It's already very late. But if we continue to turn a blind eye, not only will we be increasingly exposed to easily avoidable dangers with good basic training.

While waiting, the whole country loses competitiveness due to its dependence on nations that instead invest in culture and education and those who use this culture and education to exercise dominion over other nations.

In Italy we already have numerous internationally recognized professionals and skills. Resources and strategies must be put in place so as not to waste this heritage and use it as a multiplier factor (v.link).

Photo: Twitter / web