A little by chance, a little because my curiosity always leads me to the search for new experiences, a few days ago I noticed that a seminar with an interesting title was held at Sapienza, at the Department of Computer Science directed by Professor Mancini: " From Muddle to Model: Modeling and Simulation in Cyber ", that is, from disorder to modeling: modeling and simulation in a Cyber environment.
The speaker is certainly interesting: Alexander Kott.
So I decide to enroll in the seminar, open to everyone, and luck is that there are still places available.
The 3 April, in the early afternoon, I go to the university to attend the seminar.
Superlative speaker and very interesting seminar, a missed opportunity for those who did not participate, in fact among students, professors and onlookers we would have been in fifteen!
But let's start from the beginning: who is Alexander Kott?
The speaker, PhD Alexander Kott, is Chief Scientist at the US Army Research Laboratory in Adelphi.
Author, among other things of an interesting text on cyber: "Cyber Defense and Situational Awareness", published in 2015 and which I hope to be able to read soon. His research fields are mainly Artificial intelligence and Cyber.
The US Army laboratories, located in various states including the USA, the United Kingdom, Japan and Chile, employ around 3000 scientists in the most diverse fields of basic research, dealing with topics that will become military capabilities in twenty to thirty years, making use of for the research of collaborators and scholars from all over the world.
During his speech, interesting topics were touched and they deserve careful consideration.
In the first place it was highlighted that Cyber is becoming a science.
The science of cyber security can be described as the study and optimization of relations between Policy (P), attacker (A) and defender (D), to use the words of the Relator, consider:
Policy P: a set of assertions about what event should and should not happen. To simplify, focus on incidents I: events that should not happen;
Defender D: a model / description of defender's defensive tools and techniques Td, and operational assets, networks and systems Nd;
Attacker A: a model / description of attacker's tools and techniques Ta,
therefore (I, Td, Nd, Ta) = 0.
To try to be clear, leaving aside the formulas that are only and exclusively illustrative, cyber security is in relation with the organizations in the field, with their internal rules, with external constraints (regulatory, technological, economic, etc ... ), with the preparation of the personnel (attacker and defender that it is), with the decision makers and their preparation in the subject, with the tools used for the attack and for the defense, with the networks (computer and not - see the concept of critical infrastructures and the existing relationships between them and the cyber space).
Everything I have said can be represented through more or less complex mathematical models.
The use of these models allows, through simulations (or emulations!) To perform tests and make forecasts.
Of course the step from cyber to "cognitive science" is short and in order for these studies to have their application it is necessary to deepen human behavior in the face of the risk deriving from a cyber attack. Each person is different from his / her neighbor and this means that the behavior (the behavioral response) in front of an event is potentially different each time.
But I don't want to go into details that are too complex to deal with for a popular article so I stop here.
However, it is necessary to understand that anyone who wants to somehow count for something in the specific sector of Cybersecurity he will have to organize himself to study and teach this new discipline.
Discipline not exclusively confined to the computer world but which, also thanks to its ability to permeate all sectors of the information society, aspires to its well-defined identity in the academic world.
In the training field, the speaker pointed out how the US Army recently recognized the importance of training officers (and not just technicians!) To recognize a Cyber attack.
This is not trivial and is perhaps the first step in the massive dissemination of knowledge in the sector.
This is understandable and logical in that although it is useful for technicians to be able to recognize a cyber attack, it is certainly more useful for non-technical weapons officers to be able to recognize an attack of this kind and can, from a position of command, make the correct decisions in this regard.
During the seminar the importance, if not the centrality, of man in recognizing cyber activities carried out by the enemy emerged once again.
There are studies and software that try to identify potentially dangerous behavior, but it seems that nothing is better than people, analysts, capable, prepared and "open minded". It is no coincidence that industry analysts are rare and very well paid.
