Event report

2021 Project of the Italian CDEs THE CONFERENCE ON THE FUTURE OF EUROPE A new impetus for European democracy CDE Italian Society for the International Organisation (SIOI) Rome Piazza San Marco, 51. 00186 Rome e-mail: relazioniesterne@sioi.org TITLE and DATA: THE EUROPEAN CYBERSECURITY STRATEGY: Towards A NEW DEFENCE MODEL 16 December 2021 3.30 p.m. Online event on Zoom platform Title of the initiative: THE EUROPEAN CYBERSECURITY STRATEGY: Towards a NEW DEFENCE MODEL CDE coordinator of the initiative: CDE Italian Society for the International Organisation (SIOI) Rome Location of the initiative: Online event on Zoom Data platform of the initiative: 16 December 2021 at 3.30 p.m. The event was addressed to young university students, to participants in the Masters of SIOI, to members of the MSOI — Student Movement for the International Organisation and, to the general public, with the aim of deepening the European strategy for Cybersecurity and the new defence model. The meeting was an important opportunity for communication, knowledge and discussion on Cybersecurity as an essential component of the digital transition, the European Recovery Plan and the Security Union Strategy. The initiative was characterised by the high interactivity of the participants who asked questions about the new European strategy, the need for increased international cooperation and improvement of the infrastructure needed within the Member States. The event confirmed the importance of the CoFE Platform both to the participants and to the general public, especially in relation to the inclusion of proposals and ideas, the consultation of documents and participation in the events held in the sectoral theme of interest. The channels used to communicate and disseminate the initiative were: Institutional sites, Social networks (Facebook, Twitter, Instagram, Linkedin), Libraries, Archives, Cultural and Research Institutions, Newsletters, Specialised Professional Magazines, Mailing lists of the various institutions involved, National website of the Network of European Documentation Centres, Mailing list of SIOI. The following intervened: Marco BRACCIOLI, Vp Defense & Cybersecurity — Digitalplatforms SPA and Co-Director CyberSec Initiatives Fondazione ICSA Luisa FRANCHINA, President of the Italian Association of Critical Infrastructure Experts and Professor of SIOI Pierguido Iezzi, CEO and Co-Founder of Swascan — Tinexta Group Stefano MELE, Partner at Gianni&Origoni, Head of the Cybersecurity Law Department and co-responsible of the Privacy Department He introduced and moderated: Vittorio Calaprice, Political Analyst and Institutional Relations, Representation in Italy of the European Commission List of the main questions asked by the participants in the debate Recently in an online magazine of the sector had been put forward a proposal that the most advanced states in cybersecurity level should share the “0-day” vulnerabilities discovered in order to limit their impacts. I wanted to ask the experts present today whether they consider this proposal feasible or whether it can only be applied to “close” states from a geopolitical point of view. With regard to the interaction between AI and the stability of political systems, in particular democratic systems, so-called “deep fakes” and the increasingly refined models of “deep learning” such as GPT or Wu Dao, offer an attacker the opportunity to produce textual and audiovisual material whose authenticity is increasingly difficult to verify. Do such instruments pose a risk to political stability? If yes, is there a defensive strategy in this regard? There is a lack of internal cyber security training in small and medium-sized enterprises. What is the situation at present? What technical and operational preparation is needed in the field of cyber security? I ask for a comment on the large consulting companies, which play an important role in cyber security, especially in underdeveloped countries. In what terms is it possible to help SMEs (e.g. defiscalisations in cyber security investments)? Below are the comments of some of the speakers Training on cyber security Ing. Franchina It is necessary to intensify training in companies, but also in schools. It is necessary to train professionalism, not only managerial but also operational. Take as an example cars: very few in possession of the licence know how to solve any problems of operation of the machine; that’s why you turn to the mechanic, who is an operational professionalism. It would also need an equivalent in cyber security. To date, we are only trying to train the staff of SMEs, who have no training in this field, in a discontinuous and ineffective way. Pierguido Iezzi Today the focus on training and awareness raising to companies is high; there are very positive examples coming from France, where the National Security Agency has organised a very successful cyber campus and, from Tinexta Group, which launched a specific academy. We must continue in this direction. On the part of the government, companies that invest in security could be facilitated by tax reductions. Marco Braccioli A particularly good example of effective training is NATO’s STEM programmes, which are used to develop the basic preparation on which a specialty of any kind is grafted. 0-days and infosharing Luisa Franchina This theme has been spoken for more than 20 years and the USA, have been pioneers. It should be stressed, however, that we can and should share on threats and countermeasures, but not on the vulnerabilities of companies. This is being organised in Europe. Of course there is a certain reticence that should be overcome. Stefano Mele As far as infosharing is concerned, there are no allies in the world of intelligence, not even among “friend” countries; at most, there can be temporary common goals. It is very difficult for a nation to actually share 0-day information with another country. It is true that the US often does so (in certain situations and with friendly states), in general sharing seems difficult. The situation changes, however, when it comes to combating crime: Europol is a beautiful point of synthesis among European law enforcement agencies, there is an excellent level of sharing. Pierguido Iezzi There are already 0-day regulations. If a company finds a new vulnerability, then a 0-day, there is a practice to follow: you report to the vendor who then, if the vulnerability is confirmed, makes it public and explains how you can cope with it. The problem is not so much the sharing itself, but the purpose with which you want to use the 0-day: sometimes, for various reasons, this practice is not followed. The real challenge of tomorrow will be the ability to find 0-days within the various products. Cyber crime will always exist, but it will change the way. It is already possible to note that in Italy small gangs that are less organised and able than large ones are born, but they are equally capable of causing damage. Conflicts in cyber security Marco Braccioli It is true that the most heated conflict is between the USA and China, but we must also look at Europe, where cyber threats come from Russia, Iran, Africa. To use a metaphor, in cyber security there is not the big fish that eats the small one, but the quickest fish that kills the slowest one. And so many quick fish can kill the big fish as well. The key factor is speed. Stefano Mele Most enterprises in Europe are small, medium-sized or even micro-enterprises. Many of these companies then support the activities of the big ones. It often happens that large activities of information subtraction pass through small and medium-sized enterprises that support large companies. SMEs are a Trojan horse in this sense. As far as consulting firms are concerned, in theory, they have an obligation of confidentiality and cannot share information. Other comments from the participants (via chat) Ciro Candelmo Concordo with the need for training of the company staff. At the same time, it is also necessary to raise awareness of Top Management. Francesco Chiappetta Concordo in particular with the comment of Dr. Marco Braccioli — whom I thank — in quoting the newly constituted “Command Operations on the Network” of Defense as a major national element on the topic of cyber security. In this regard, for any further information, I would like to point out the hearing, to the Defence Commission, of the Commander of the Command of Operations in Network (Cor-Defensa), team admiral, Ruggiero Di Biase, on the aspects related to defence policies in the cybernetic domain: https://webtv.camera.it/evento/19646#https://www.youtube.com/watch?v=at9B3sSGqtc which took place on 14 December 2021. Number of participants connected on the Zoom platform: 180 Number of contacts on social channels: over 7000 Summary 180 participants at the meeting Zoom Social Contacts (people reached with the two posts related to the event): Facebook: 490 + 473 = 963 Instagram: 1697 + 1306 = 3003 Linkedin: (1436 + 1211) + (1031 + 1947) = 5625 Twitter: 870 + 1481 = 2351 Total post 1: 5704 Total post 2: 7108 MSOI National Coordination, MSOI ROMA, MSOI MILANO, MSOI TORINO, MSOI GORIZIA, SIOI sections of Milan and Turin, Roman CDEs. The CDE SIOI has also developed a strong synergy between its sectors (Training, External Relations, Study Office) to promote the event, explaining it in detail to the Coursers, conveying the communication campaign through the channels SIOI and MSOI and disseminating it to its contacts among young scholars and researchers interested in the topics proposed. The initiative has achieved considerable success both in terms of the public who followed the event and the contacts on the social channels that have been very numerous, as evidence of the interest strongly stimulated by the proposed theme.   Below are the links to the main publications concerning the event: http://europa.formez.it/content/evento-online-strategia-europea-cyber-security-16122021 https://www.assemblea.emr.it/europedirect/agenda/appuntamenti-2021/dicembre/la-strategia-europea-per-la-cyber-security-verso-un-nuovo-modello-di-difesa https://www.giornalediplomatico.it/sioi-webinar-la-strategia-europea-per-la-cyber-security-verso-un-nuovo-modello-di-dife.htm https://www.giornalediplomatico.it/sioi-webinar-la-strategia-europea-per-la-cyber-security-verso-un-nuovo-modello-di-dife.htm