In January 2020, the Cisco Cybersecurity Co-Innovation Center. After just over a year, it seemed useful to understand how things are going. We then interviewed the director, Fabio Florio, who told us about his experiences in Cisco (including the digitalization of Expo Milano) and the activities carried out in the first year of the co-innovation center.
The Milan Co-Innovation Center is Cisco's latest investment in Italy. The Center has been open for a year now so it is time to learn some lessons. Can you tell us what you do, in which sectors do you operate?
The Co-Innovation Center is part of a larger investment program of the multinational Cisco in the world. We are part of a network of research centers, each dealing with specific topics, in our case the sectors identified are cybersecurity and data-privacy, areas in which in our opinion it is necessary to put together the skills, also to find the levers right to fight this war, because that's what it is.
Our task is to foster innovation in Italy through investments also aimed at training.
In order to carry out our work we need skills in different fields, which is why we say “co-innovation” and not “innovation”. Co-innovating means creating new solutions, together.
In the field of research and innovation, Cisco is at the forefront of the world. What are the initiatives in Italy? What are the partnerships with universities and research centers? Is the collaboration limited, can it improve or has it reached a good level?
We firmly believe in the importance of networking, so our initiatives are not only aimed at making Cisco's products known but also involve other actors, first of all our customers, our partners, start-ups, universities and schools more generally. For example, we work a lot with CINI (National Interuniversity Consortium for Informatics), which is also very active in cybersecurity.
The strongest skills are in the field of training and our goal is to bring young people closer to digital technologies, which is also why we have chosen the Museum of Science and Technology in Milan as our headquarters.
We often hear that digital technologies, including both software and hardware, have vulnerabilities and it is true, but we must not forget that the main vulnerability, the weak link in the security chain, is still man.
Poor system knowledge, the tendency to ignore security procedures for simplicity and sometimes bad faith are the real problem.
There is still a lot to do in this area. What needs to be done is certainly to encourage the growth of culture in the field of cyber security. Among the most important issues is that of "threat intelligence", in fact in Cisco we have a team of engineers and analysts who are involved in research and analysis of risks related to the cyber world, Talos.
On average, data from around 20 billion attacks is collected around the world every day, data collected by our systems and by our customers' systems who decide to share it to help us improve Internet security. Our team works daily to analyze this data.
Cisco is a multinational based primarily on networking. Is this still the case?
In reality, things are changing. Of course, networking is always important, about 80-85% of network equipment in the world is Cisco, but other sectors have joined forces: cyber security and collaboration platforms, video communication and telephony, data centers and virtualization solutions. . These are also accompanied by the IoT.
Now, more and more, our network systems are integrated with security systems. Our approach is based on architectures. You can no longer work on security afterwards, but you need to think about security when you create the architecture.
Being attacked is predictable now, sooner or later everyone gets attacked. It is important to be able to defend oneself but also to intercept an attack, remedy and react. Not many people have understood this, and this is a problem.
To return to training, what is your type of audience?
We leverage the Cisco Networking Academy on training, create content that we then distribute through our network of educational partners (the Academies).
Mainly we address young people from the fourth grade upwards, because we are able to contribute by giving them skills that help them find work, but we also work with institutions, non-profit organizations, training bodies.
There are general courses and also specific courses on Cisco technologies. Usually those who take specialist certifications within a few months can find work as there is a great demand in the Italian panorama even for those who have not graduated.
We have strengthened this commitment as part of the Digitaliani program and now we have an average of 50.000 students a year, 8.000 who are certified, and 345 Academies.
We also make these courses available for “re-skilling”, in the corporate and public administration sphere, which aims to retrain personnel in new sectors and in the field of digitization.
We also work in different contexts. For example, since 2001 we have brought a Networking Academy to the Bollate prison. In this way we try to help those who have had problems and maybe, thanks to new motivations and new skills, can find a job. In Italy there are already ten male and three female prisons that are part of the program.
All internal business processes are changing and it is not easy to find people with the right skills to redesign processes for the digital world.
What I see in Italy is that it is slowly improving but the ability to understand how digitization can help change jobs is still lacking.
What does it tell us about the world of Public Administration?
I see an environment that travels at different gears. If we speak at the local PA level, there are prepared municipalities, but they are few. Normally we find it hard to create something because they are very busy with daily management.
At a regional level, things are better in general, also because there are often "in-house" companies that deal precisely with digitization.
At ministerial level it is still different in that the resources available are greater.
One of the problems we face on a daily basis is to make it clear that in order to digitize internal processes must be studied and often modified in order to profitably use the potential of new technologies.
We try to make it clear that, beyond technology, we need to ask ourselves some questions:
- what are the organizational aspects that need to be taken into consideration?
- what are the skills that company personnel must have to manage the new digital process compared to an analogue process?
One of the important aspects if you want to change is that you need to be courageous and that you need to be willing to change things.
Vulnerabilities are often also hardware, not just software. How important is hardware in security?
You have touched on an important point as not only the software must be secure but the hardware as well. We think that the solution lies in the development called “secure by design”. In every product that we develop we have two figures who participate in the project from the beginning, the security engineer and the privacy engineer.
One of the current problems on which in Europe (and also in Italy) is debated is that of the national supremacy of some strategic sectors and also of data. What do you think?
In my opinion it is important but I don't know how feasible it is. I believe it is more important to know that the service provider is reliable and capable of providing the service you need. There must be clear rules that must be managed transparently.
New projects for the future?
I think it is very important now to focus on the funds that will come to the Recovery Fund. Around these funds (about 57% of the total) many projects will have to be developed to spend the resources that will arrive and spend them well, on projects that will help us to really change our society.
The pandemic has led us to an almost totally virtual world, the future will probably be hybrid and it will be important to have well-made projects.
In this area we are engaged in both the collaboration and security sectors.
What do you think of the concept of "gamification" in the context of cyber? What are you doing in this sector?
We also use the principle for Cisco's internal training development. It is a bit of the future and is certainly useful as it helps to complete paths and keep interest alive. It is not easy but you probably need to combine gaming with the classic course, to raise your motivation and stimulate you to move forward.
We have another social responsibility initiative that we call “A school of the internet”. In practice, we Cisco employees go around schools and explain to students and parents the new technologies and the risks they face. In this area, for example, we have used these methodologies to stimulate the audience and I think it is an excellent method to involve people.
Thanks for the update and we hope to see you again soon, maybe in Milan.
To learn more: