ENISA and Cybersecurity "skill shortage"

(To Alessandro Rugolo)

According to what has been reported in the Western media, digital society is going through a period of strong growth and at the same time a crisis regarding the security aspect, but it is not a new malware but the "skill shortage".

According to the recent ENISA report, the "Foresight Cybersecurity Threats for 2030", immediately after the attacks on Supply Chain la threat number two to the society of 2030 is in fact posed by skill shortage.

Let's take a look together at the top ten:

1) Supply Chain Compromise of Software Dependencies
2) Skill Shortage
3) Human Error and Exploited Legacy Systems Within Cyber-Physical Ecosystems
4) Exploitation of Unpatched and Out-of-date Systems within the Overwhelmed Cross-sector Tech Ecosystem
5) Rise of Digital Surveillance Authoritarianism / Loss of Privacy
6) Cross-border ICT Service Providers as a Single Point of Failure
7) Advanced Disinformation / Influence Operations (IO) Campaigns
8) Rise of Advanced Hybrid Threats
9) Abuse of AI
10) Physical Impact of Natural/Environmental Disruptions on Critical Digital Infrastructure

The situation is not rosy and what is reported in the report confirms it skill shortage it's just another cry of pain that can be heard at every conference. The problem is: What is being done to resolve it?

There are many contributing factors and it is not possible to address them in a few lines. The fact is that there are countries where it is more widely felt and others where it seems not to be understood yet. Italy is probably among the latter. There must be a reason why many Italians work abroad for software multinationals. We should carefully investigate the reasons and try to bring back those who are outside, it is certainly not the solution to the problem but it would represent a step forward for our nation.

Reading the list leads me to some of my considerations:

- it skill shortage is a threat that until now was underestimated. In my opinion it certainly deserves one of the first places in the ranking. It will not be easy to catch up as systems become increasingly complex and developers are pressured by market needs. Schools fail to keep up with the times and are often too theoretical and impractical.

- AI and the risks associated with it is in ninth place. If we think about recent developments and the spread of tools that make use of AI, I can only NOT agree. In my opinion, AI abuse will be the number one threat in 2030!

- I would put points 5 and 7 together and again in my opinion they should take position number two, given that nowadays there are practically no activities in which there is no form of surveillance. As for misinformation, I leave everyone with their own considerations.

- immediately afterwards I would instead insert theincrease in bad programming and the ever-increasing inattention to security on the part of software vendors. The frenetic search for novelty at the expense of product stability leads above all to always new ones bugs with consequent impact on safety.

I'll stop here, recommending you read the ENISA study, a well-done and certainly interesting document, although I don't agree with some aspects.

To learn more:

- https://www.enisa.europa.eu/news/skills-shortage-and-unpatched-systems-s...

- https://www.weforum.org/agenda/2024/04/cybersecurity-industry-talent-sho...