Is there democracy without cyber security?

(To Carlo Mauceli)

"If we want everything to remain as it is, everything must change". Thus spoke Tancredi Falconeri in "Il Gattopardo" addressing his uncle, prince of Salina, skeptical of his nephew's choice to enlist among the Garibaldi. It is easy to understand that Tancredi wanted to indicate to his uncle what was the best strategy to preserve fiefs and privileges even at the end of that revolution. Especially the privileges which were ultimately more useful than economic power itself.

The concept can be extended to power in general and to those who hold it. And it is a strategy that is adopted in many areas. Even through politics, whoever holds the real power, the economic one, it is convenient to encourage even radical changes in form, in the external aspects, in everything that cannot substantially scratch its own power.

"If we want everything to remain as it is, everything must change" is a phrase that, on closer inspection, hides a double meaning, so vivid nowadays. If we want to save ourselves, a change is needed. But the change does not have to take place: it does not come from the outside. Everything must remain as it is if we want everything to change.

I believe that this incipit, perhaps in a somewhat extreme way, can also be applied to cyber threats that are closely linked with the ability of those who suffer them to change.

In our digital world it is true that everything has changed, especially with regard to technology, the sophistication of attacks, cyber weapons but, ultimately, not to change anything. In fact, the attack vectors are repeated, the damage changes in form but not in substance and the arena in which you fight always sees a great disproportion between the number of attackers and that of defenders.

There is a reason why cybercrime is increasingly on the agenda.

It's not just because of society's growing reliance on vulnerable technologies, and it's not just because journalists, politicians, and powerful institutions are increasingly being targeted by cybercriminals. Cybercrime has exploded thanks to the convergence of the most powerful hacker groups in the world.

Since the turn of the new millennium, an exchange of tools and tactics between these criminals operating in the shadows has given rise to the technological threat we see today and cybercrime has become an omnipresent danger.

Of course, as our society has moved online, targets have become the essential services we all rely on: hospitals, power plants, the media, and political trials.

There are three forces driving this new wave of attacks:

  • organized gangs of cybercriminals,
  • "hacktivist" movements and ...
  • hackers linked to nation states.

Organized crime has existed since the dawn of cyber hacking and is now deeply entrenched, as it is obviously safer for its members to rob people and institutions virtually than in person.

Their tactics follow a model based on high volumes and low margins.

If they manage to steal $ 5 from a million people, the victims may not even notice, but the hackers will still have stolen $ 5 million. All of this has generated a sophisticated industry that moves a colossal business today.

Although hacktivist groups started out as online protest movements, their tactics were quickly adopted by cybercriminals and are being exploited by others for more cynical and shady purposes nowadays. Their ability to advertise and gain public support has had disastrous effects on their victims who have seen their corporate reputations ruined and whose companies have in some cases been completely destroyed..

Perhaps most worrying of all is that nation states are increasingly taking advantage of this by adding hacker teams to the arsenal of weapons available to their military and intelligence facilities. These are not illegal operations, done under the table, but highly qualified, professional and well-financed teams. In the past, their work was often hidden and aimed at very specific goals. However, things have changed since then and the last few decades have seen the emergence of these three groups whose influence has become decisive as human beings have become increasingly connected to each other and dependent on technology. Now their respective worlds are starting to merge.

Organized crime has adopted the powerful hacker techniques of nation states.

Hacktivists have come to carry out attacks indistinguishable from those of organized crime.

Nation states have exploited hacktivist tactics of public humiliation, as well as the devastating and often indiscriminate tools of online scammers.

The term "cybercrime" was once associated with credit card fraud and online bank theft.

Today we can say that cybercrime is no longer just about money: in some cases, the social fabric itself is being violated.

Cybersecurity is therefore not just a technical issue but is inevitably part of a broader social and political conversation, so much so that it would be absolutely necessary to develop targeted awareness campaigns and training courses, offered by governments for free.

Given the pervasiveness of digital tools and technologies, it is appropriate to promote cybersecurity awareness initiatives aimed at all age groups. People who may be particularly exposed (such as journalists) should receive additional training and resources.

We need a broader and more politically aware cybersecurity strategy that goes beyond critical infrastructure and technical issues because we must never forget that there is no democracy without cyber security.

Images: frame from the film "Il Gattopardo" from 1963 / CLUSIT