“As I speak to you, in addition to energy security, I tell you that we have external threats detected on the Ministry’s IT network and as a precaution we had to suspend the operation of all the Ministry’s IT systems”.
So Roberto Cingolani, Minister of Ecological Transition on Radio1. “Safety is the first parameter to keep in mind”, adds Roberto Cingolani, Minister of Ecological Transition to Rai Radio1. “Security is the first parameter to keep in mind”, says Cingolani, justifying the decision to shut down the servers. The minister is a technician, former head of technological innovation at Leonardo SpA, Italy’s flagship precisely in the field of (also) cyber security.
On the radio, when asked if it is a Russian cyber-attack, Cingolani replied: “Impossible to answer at this moment, now there are the structures in charge working, but at this moment security must be the goal of all Italians”.
ItalianTech contacted Cingolani’s spokesperson, who said she was not authorized to provide any other information. Do you know the origin of the attack? “I didn’t say it’s an attack,” she replied. Officially, in Cingolani’s words, “it is an external threat”, which can be a cyber attack or a spying activity.
Likely ransomware
“If they shut down the servers, it stinks of a ransomware attack that they had to isolate because it was encrypting everything ”, explains Fabrizio Baiardi, professor of cyber security at the University of Pisa.
Trenitalia was also recently hit by ransomware, but with limited impact: the sites worked well; isolated only the physical ticketing servers and a few other secondary systems. “Yes, because Trenitalia has a segmented network, they have isolated only the threatened systems. If, on the other hand, you have a flat network, you have to turn everything off to avoid the spread of malware ”, adds Baiardi. But a well-made network should be segmented, as the now historic minimum measures for security in public bodies of the Digital Italy Agency also prescribe. “Yes, a well made network should be like this”, confirms Baiardi.
“It is not possible to give an opinion without knowing exactly what happened, but in principle the networks must be segmented and if they are there is no need to switch off everything in the event of a threat”, agrees Corrado Giustozzi, cyber expert already consultant. of the Agency and one of the authors of the minimum measures.
At 6.30 pm on Wednesday the sites are still offline and the ministry cannot yet communicate a timetable for the resumption of services.