The book of Pierguido Lezzi by title “Cyber and power”. A former career officer at the Military Academy of Modena, the author has always been involved in the ITC field. He founded Swascan, the first Italian company of cybersecurity. The book takes stock of how the scenario has changed following the war between Russia and Ukraine and on the challenges that await us in the near future, starting with those related to the diffusion of Artificial Intelligence systems.
In the first months of the invasion of Ukraine there were many fears that traditional weapons would be accompanied by cyber attacks capable of paralyzing networks and causing damage, even physical damage, to key infrastructures. For now, however, it seems to have happened only marginally.
True, the worst-case scenarios have not materialized for the moment and the cyberwar has not impacted critical infrastructures. Moscow acts in the wake of what the Chief of Staff of the Russian Armed Forces Valery Vasilievich Gerasimov defines hybrid warfare. According to this doctrine digital firepower must basically support military operations. We have therefore seen, for example, attacks on communication and electrical networks before the movement of Russian troops. Ukraine’s allied countries, including Italy, have been subjected to numerous DDOS attacks (a method of flooding a website with login requests and crashing it, ndr) which however were claimed by pro-Russian collectives. Material damage was almost nil but the purpose of these actions is another, it is to spread a sense of insecurity among the communities affected. Sun Tzu, in his “The Art of War”, he could have reflected on the fact that mastery in battle is not achieved only through direct confrontations, but exploiting the enemy’s hidden weaknesses. Russia, maintaining a facade of non-involvement, uses these attacks as leverage to influence the public opinion of its adversaries. Hybrid warfare is evolving into Cognitive War.
Ransomware attacks are also on the rise, i.e. malicious software that encrypts the victim’s data and makes it usable again only against the payment of ransoms in digital currencies.
Yes, these attacks are doubled in the first three months of 2023 and the targets are often companies with less than 100 employees and turnover below 250 million, in short, those SMEs that make up the spine of the Italian entrepreneurial system. These are more vulnerable subjects both for “cultural” reasons and for personnel training, and for the lower investments in IT security compared to a large company. I would like to say that whenever there is a data breach it is, rightly, talked about privacy protection. But there’s more here. The stolen information often includes patents and corporate strategies which constitute the real competitive advantage of the “Italian company”. This represents a very serious danger to our long-term competitiveness.
Are companies, even small ones, aware of these dangers?
Nowadays, there is no company that does not have the issue of IT security on its agenda. However, the problem of resources to implement effective defense systems remains. I add that the training of citizens, and therefore employees, on ways to protect oneself is still insufficient. Initiatives or campaigns in this sense would be appropriate and useful, on the model of what are, for example, progress advertisements capable of providing a basic literacy on the topic. This is especially true after the Covid-related lockdowns that have brought them closer information technology and online communications segments of the population not accustomed to doing so, I am thinking above all of older people but not only.
In your book, you pay particular attention to the energy and health sectors, why?
In Cyber and Power I point out that these are sectors that are very exposed today. Both with Covid have been forced to make many services available online that weren’t available before and this has increased their number vulnerability. However, in the energy sector, after an initial period of difficulty, the reaction was prompt and effective and the systems were made safe. In healthcare it is more complicated for several reasons, including the high staff turnover which complicates the training activity. A report at the end of 2021 had already highlighted how 80% of Italian healthcare companies were potentially at risk. We must remember that cyber attacks basically occur in three ways. The first is social engineering, i.e. deceptive emails that lead the recipient to perform actions, such as clicking on links or opening attachments which then infect the system. The second is the purchase on the dark web dthe login credentials that have already been stolen and therefore available. In this regard we must note that Italy is the country with the highest number of credentials for sale online. The third is that of technological vulnerability. Most of the time the attacks are not directed towards targeted and predetermined targets but strike where they detect a weak point.
You also dedicate an in-depth study to the role that Artificial Intelligence can and will play in this field, should we be concerned?
Depends. AI can certainly help those who carry out a cyber attack but, in the same way, it can do it with whom you have to defend yourself. From this point of view, the two things are more or less equivalent. However, the greater availability of automatisms made available to the AI user can certainly increase the number of subjects able to carry out an attack, in the sense that they will need less advanced computer skills of those needed today. However, the great theme linked to AI is another and here we enter the sphere of what we define Cognitive War, the ability to influence and manipulate people. There is more and more talk about mind hacking. AI has the ability to generate increasingly refined fake news and the ability to influence minds and public opinion with consequences that are easy to imagine, for example as regards the manipulation of electoral consultations. We must also consider the evolution of AI in its integration with biotechnologies: the fusion of cybernetics and biology. We talk about wetware the integration of biological and artificial systems to extend human capabilities. This aspect opens up ethical issues related to cultural identities. But today the predominant AI systems are from the US and China. The ethical code of these systems is decided by the owner and the Chinese scale of values and principles, for example, is different from ours. If the European Union were to be passively influenced by technologies from other parts of the world, it may lose some or all of its unique cultural identity.