11 Nov Integration that national cyber security needs.
The cyber threat landscape is very broad, complex, and constantly evolving. This is well known by companies such as Kopter Group (most recent acquisition of Leonardo), Enel, Luxottica, and Geox, which in recent months have been the target of attention by those individuals who conduct their offensives by generating a lockdown of whole IT systems. Often after exfiltrating information from corporate IT systems and they attempt extortion by threatening on the one hand the publication of the stolen data and, on the other hand, providing a quick technological solution to the encryption of the taken hostage files.
But this is only part of the story, the visible part, the one at least seemingly driven by economic motives. Then there are the state or state-sponsored adversaries, adversaries who have no motivation to make themselves known and who operate in the broadest secrecy to penetrate the computer systems of companies, institutions, and individual personalities of interest in order to carry out cyber espionage or, in some cases, outright sabotage activities. While, on the one hand, institutions are making important steps with cyber threat information sharing initiatives, on the other hand, the Italian cybersecurity industry is struggling to find its own unified and systemic identity for the creation of a “Made in Italy” brand.
Focusing for a moment on the cybersecurity industry, it is possible to identify mainly three macro categories of realities that operate in our country: those that carry out resale of third-party solutions against agreements with foreign multinationals; those that develop specific solutions based on the needs expressed by the end customer, and financed by it; and those that innovate, develop and test new systems and techniques that the customer will recognize, and that require commitment and strong conviction in the project as well as heavy autonomous financing.
At the present time, but also looking at the last decade, it can be seen that large national entities have paid little attention to new small Italian companies, favouring framework contracts with large, often international, entities. These trends led to the neglection of many small and innovative Italian companies, which are capable very often of being recognized abroad and winning international tenders as opposed to the same multinationals selected to deliver services and solutions in large Italian entities.
Today there is a lot of talk about aggregations in cybersecurity, but we observe only operations generally led by “system integrators” who see in this area development and growth opportunities to respond to market logic and shareholders. Instead, there is much less talk about development hubs, where companies can create products and innovative services. On many fields of application, national ingenuity has shown that it can make an important contribution to cybersecurity. However, it is crucial that the same be put in a position to be able to grow and develop into a “positive network” and not subject to mere market operations.
The Icsa Foundation already has organized already in November 2017 a conference entitled “Cyber security Made in Italy,” where a representation of twenty national SMEs was given a voice to present themselves. Since that appointment, some things have changed; promising SMEs have been acquired by foreign companies, others have formed aggregations with “system integrators.” However, a group of producers of innovative technology remains, which is recognized by the international market, generally in vertical areas, and which move in a very agile way, but with limited scope.
And here it is becoming more and more essential that Leonardo, the national champion on defense and security issues, develops even faster a strategy, able to involve these vertical areas in a systemic way, before out of necessity or fatigue the company ends up selling itself to the highest bidder on the international market, indicating, once again, the loss of further know-how.
Gentili, D.E., (2020), Ecco l’integrazione che serve alla cyber-sicurezza nazionale. L’analisi di Gentil, Formiche.net, https://formiche.net/2020/12/airpress-sicurezza-cyber-gentili/, accessed on 10.11.2022