From the 12 to the 15 February, for the third consecutive year, the Italian research community in Cybersecurity gathered in the National Cybersecurity Laboratory of CINI (National Inter-university Consortium for Informatics) organizes the ITASEC conference. Designed in the 2016 as a meeting and exchange meeting between researchers, already in the first edition of 2017 has become a national event that brings together academic research, public administration and civil society, companies. The number of people who participated in the first edition of the 2017 in Venice and the second edition in Milan in the 2018 exceeded all expectations, reflecting the need to meet and discuss issues of vital importance for society, the economy and consequence of defending national interests.
Academic research in cybersecurity has always been closely linked to the identification of effective prevention and defense tools against present and future threats and in the various nations plays a fundamental role in national defense thanks to the independent development of methodologies and technologies and the careful study of more effective ways of using and integrating tools and technologies developed outside the national context.
This is why the edition of the 2019 also includes a program full of events that alternate in the four days of the conference according to three different directions: scientific research, technical in-depth analysis, and the institutional profile of safety governance.
There are numerous presences of all the actors involved: academic research, numerous companies in the IT sector and the public administration.
The conference program is divided into several strands. The main line, of a multidisciplinary nature, is dedicated to the science and technology of information security. This is accompanied by workshops and tutorials dedicated to the economic, political and legal aspects of cybersecurity. An ad hoc seminar will instead be dedicated to the new European Directive for data protection, the GDPR, with particular attention to its impact on the Public Administration.
The wish is that it is not just a moment in which the Italian cybersecurity community gathers to discuss technologies and strategies, but that it is a stimulus for a decisive change of national course in addressing the issue of cybersecurity as one of the fundamental nodes for the development of the country.
Unfortunately, despite the progress made over the years both at the level of companies, public administration and training, Italy still remains terribly behind compared to other European countries in terms of use of advanced information systems, access to the network, and availability of highly qualified personnel. Public investments to provide Italy with a secure and state-of-the-art technological infrastructure are far less than what is needed both to recover competitiveness with their partners and to protect the country from increasingly frequent attacks. industrial espionage, both of service interruption. These are not new issues, but critical issues highlighted over the years by the vast Italian scientific, professional and business community that have received little attention so far from successive governments in recent years. The actions carried out so far have not been able to meet the challenges linked to the evolution of information communication technologies.
The rich program of the conference aims to be an opportunity to show the skills possessed by the Italian system that allow us to accept the challenge and guarantee the achievement of international results if supported in a significant way by the enhancement of the many excellences and significant funding, such as it happens in all the other technologically advanced countries. To renounce these investments means quickly condemning ourselves to technological retreat and subjection to other countries able to control a sector as strategic as digital communication infrastructures with their investments.
The country has an extreme need to change the image that DESI represented last year and places Italy in fourth last place in the 5 areas surveyed by the European Commission:
Il Clusit, found in a report on website security that over 500 local government sites were using content management software (CMS) that had been out of support for over 5 years;
Istat confirms that less than 50% of PAs have a Disaster / Recovery plan and less than 20% use secure encryption techniques for their data.
What, furthermore, stops the birth of a 4.0 PA?
Lastly, in the 2017 survey on the informatization of local administrations drawn up by the Bank of Italy, some of those that can be considered as the real reasons for the correct, conscious and safe use of IT technologies in the Public Administration have been photographed. :
- Scarcity of allocated resources with percentages ranging from 65% to 88%;
- Shortage of personnel with adequate preparation percentages from 40% to 56%.
What is perplexing is that, despite the conditions in which the PA currently finds itself, they are aware of everyone, with the inexorable advance of the demands of an increasingly digital and globalized society where everything will increasingly revolve around "data", "Big data", their management, protection, custody, exchange, albeit in the presence of rules that would allow them to take the right path, unfortunately there is a lack of "right attention" on some points of fundamental interconnection (the finding of specialist figures in the cyber security, data protection, risk management ...) that could seriously start a real process of creating a PA 4.0.
Continuing with the current scenario, on the contrary, we risk seeing the efforts of those (few) institutional actors who are putting the maximum effort possible to face the challenges for a digital PA, but that in spite of everything could find themselves in "uncomfortable positions" "Faced with the stringent obligations imposed by the EU regulations on IT security, security networks and critical infrastructures, data protection, unfortunately, did not have anchors of salvation to cling to.
