La “triade” di Leonardo al Cybertech 2018
Roma 26 settembre
Si chiamano “Artificial Intelligence Decision Support System”, “Threat Intelligence Solutions” e “Cyber Trainer”. Sono le ultime soluzioni sulla sicurezza informatica, presentate da Leonardo in occasione del salone Cybertech 2018 a Roma. Il concetto da cui l’azienda è partita è che non bisogna solo prevenire o proteggere un soggetto dai cyber attacchi, ma anche configurare e gestire i sistemi in modo da garantire il funzionamento dei processi critici in qualsiasi situazione.
Per questo è necessario analizzare gli impatti delle aggressioni cibernetiche: da quali siano i processi essenziali da preservare a che tipo di danno possa causare un attacco. Per risolvere il problema è stato sviluppato un sistema evoluto che effettua un’analisi dinamica dell’impatto, attraverso l’Intelligenza Artificiale (dynamic risk assessment).
Questo crea un modello, che poi verrà impiegato per guidare le risposte più appropriate al momento.
E’ il concetto di “Cyber Resiliency” di Leonardo, applicato alle tre nuove piattaforme. La prima è un sistema che attraverso l’Intelligenza Artificiale raccoglie elementi dai sensori, li confronta con i modelli di analisi d’impatto e guida le reazioni agli attacchi.
La seconda è un sistema di analisi per l’attribuzione degli incidenti informatici. La piattaforma integra i mondi della sicurezza fisica (in particolare le video-analisi) e di quella logica (OSINT).
Il sistema, infatti, raccoglie i dati e li integra per identificare la responsabilità delle aggressioni cibernetiche, comunicando i risultati alle forze di sicurezza.
Queste acquisiscono un vantaggio importante, sia in termini di risparmio di tempo sia di risorse, in quanto vengono indirizzati verso obiettivi precisi.
A tal proposito, il sottosegretario alla Difesa, Angelo Tofalo, ha spiegato che “a livello mondiale è impossibile a oggi identificare in maniera univoca al 100% l’attaccante” e che una percentuale simile si può ottenere solo con l’associazione della humint (human intelligence) alla cyber.
“Sono sempre uomini che attaccano uomini – ha specificato, ricordando comunque che – l’Italia è avanti nel campo dell’attribution. Ho visto la piattaforma di Leonardo ed è sicuramente uno strumento all’avanguardia. Un progetto sul quale sto già lavorando è quello di costituire a una Forza Armata cibernetica per stare al passo con i tempi che dovrà proteggere la rete della difesa e allo stesso tempo essere in grado di colpire. Quando si parla di difesa cyber non si deve parlare di costi, piuttosto di investimenti” ha detto Tofalo.
La terza novità presentara da Leonardo è il Cyber Trainer. La struttura ha una doppia valenza. Sia “range” sia accademia. Da una parte c’è la formazione e l’addestramento degli operatori nella difesa cibernetica. Dal cyber warrior puro al semplice impiegato.
Dall’altra, la diffusione della cultura della sicurezza informatica. Il Poligono virtuale è altamente innovativo, considerato che – a differenza dei suoi competitor internazionali – è in grado di sviluppare scenari di esercitazione nell’arco di poche ore, contro tempi medi di settimane. Garantisce anche una immersività negli scenari, grazie alla realtà aumentata, che facilitano l’apprendimento e le risposte a un’offensiva cyber.
L’AI può infatti essere utilizzata sia come tutor per chi si addestra sia come nemico. Inoltre, è “connectible” con altri suoi simili. Quindi, si possono creare delle maxi arene, all’interno delle quali sono presenti diverse unità specializzate.
Leonardo ha investito diversi milioni di euro nelle tre piattaforme e continuerà a fare altrettanto per il loro ulteriore sviluppo. L’azienda sta anche puntando a incrementare la cooperazione sia in ambito di aziende del settore sia accademico e della società civile in un’ottica di open innovation. Anche perché le cyber minacce sono globali e quindi richiedono approcci coordinati. L’esempio è il fatto che il cyber range sia parzialmente finanziato dalla Regione Abruzzo, attraverso un fondo regionale indicato dalla EDA.
L’intervento di Alessandro Profumo – Chief Executive Officer di Leonardo SpA
Honourable Undersecretary of State for Defence Angelo Tofalo, Mr. Olivier Onidi, distinguished guests and esteemed colleagues,
It is a pleasure to be here today with you on the occasion of Cybertech Europe 2018, a forum of strategic importance for sharing scenarios, challenges and, most importantly, solutions relating to the complex world of cybersecurity. I am proud, as Leonardo’s CEO, that our Company is collaborating once more on this European initiative, which Italy has the honour of hosting.
Today, I would like to share some considerations regarding three aspects of the cyber domain.
- Introduction: global cyber scenario
First of all, we are witnessing a rapid digitalisation across a wide range of domains. And this has a significant impact on our daily lives, personally and professionally, as a large majority of activities are carried out in cyberspace: communication, financial transactions, critical infrastructure management and protection, data processing/storage, cloud computing, among others.
As governments, public utilities, and enterprises are more and more dependent on the internet, wireless technologies, and cloud-based services, cybersecurity takes on an even more central role. Consequently, the global cybersecurity market is experiencing a booming phase, with an estimated growth from ca. 120 billion euros in 2017 to ca. 180 billion euros by 2021.
We see daily headlines with the words: cybercrime, cyber warfare, cyber espionage, cyber terrorism. These terms define the current directed and strategic cyberattacks we are challenged with, where the enemies are not always visible and the conflicts are increasingly borderless. In 2017, at least 1,127 serious cyberattacks took place globally. 2017 also showed that cybercrime is an area where rapid innovation takes place. The year started with large and very evident ransomware attacks (including WannaCry), but closed with the creation of hidden nets of hijacked computers used by criminals to mine cryptocurrencies.
These rapid changes force institutions and companies to constantly adapt to understand new threats. In this context, the role of experts, service providers and industry is crucial for the market. We are facing a rise in penetrated networks, data breaches, ransomware attacks, and cyberattacks on strategic industrial sectors and critical infrastructure, with a direct impact not only on the economic level but also at the national security level.
In this environment, in order to guarantee a secure and resilient cyberspace, traditional cyber defence strategies – based on perimeter defence – do not suffice. We have to be proactive, predicting and responding in real time to cyberattacks by using behavioural analysis and automated response systems. And when possible, we have to anticipate the cybersecurity risks of tomorrow and of the day after, so that we can counter them. This is a time sensitive matter, that will only increase in reach and impact.
- Holistic approach towards the cyber market by all stakeholders
Now, in order to be successful in such a highly-competitive market, several actions must be carried out by all stakeholders.
- Tackle major market challenges
We need to tackle the major market challenges that we are confronted with today. We need to enhance comprehensive threat awareness and facilitate the sharing of sensitive data so that we can keep pace with the increasing industrial effort to meet the growing demand and requirements in the cyber domain.
Private industry, institutions and governments need to come together and form partnerships, so that we can build bridges, pool our resources and define common objectives.
- Create a solid European cyber roadmap
We need to create a solid European cyber roadmap that can generate long-term sustainable strategies, policies, and solutions that put us in the condition to create more secure and resilient technology. European member states and institutions must work alongside technology providers and end users to understand the best way to jointly respond.
It is necessary to define appropriate standards, regulations and practices for the creation of a digital single market in Europe. This is the only way to guarantee a high level of safety. In this context, it is relevant that 2 billion euros – out of the 9.2 billion euros announced last June by the European Commission for the new Digital Europe Programme – are dedicated to cybersecurity.
- Invest
We need to invest in resources and Research and Development, in order to consolidate our respective roles as innovators in the field and allow us to reach new heights.
Investing in the people who dedicate themselves to innovation is crucial for maintaining a competitive advantage through secure, reliable and resilient technology.
In mid-September, the creation of a European Cyber Competence Centre was announced. This will be complemented by a network of national Cyber Competence Centres across the Member States.
This specific initiative will enable both greater networking and community building, and also financial support to collaborative projects between the research and industrial community.
- Build and reinforce partnerships
We need to build and reinforce partnerships with academic institutions, research centres, start-ups and industry, thereby positioning ourselves in an open innovation ecosystem. This allows us to generate ideas, synergies, and investment initiatives between public and private, national and European, and where possible at the global level.
But we can do more. NATO has recognised that cyberspace is indeed a domain of operations, alongside air, land and sea and that cyber defence is part of NATO’s core task of collective defence. And as such, reinforcing that international law applies in cyberspace.
NATO’s response to the cyber domain is thus a solid example of a proactive approach.
The next important milestone should be that investments in cybersecurity be included in the 2 percent of Gross Domestic Product defence spending target for NATO members. It is, in fact, imperative that we accelerate the creation of advanced security assets, skills and technologies to manage emerging cyber threats.
- Leonardo’s cyber capabilities
Leonardo, as a global Aerospace, Defence and Security player, offers a unique role in this scenario. Cyberspace and cybersecurity play a fundamental role for our mission. Cyber protection is, after all, transversal to all domains: land, air, naval, space and, obviously, cyberspace itself.
We are a key industrial partner, collaborating and contributing to all stakeholders (military, civil, and commercial) by developing and delivering cyber and physical security solutions for every possible operating scenario. Currently, we are involved in several significant cyber partnerships and programmes, underlining our long-term commitment in supporting institutions and helping keep our customers safe. For instance:
At the Italian economic and industrial level, we are bringing together national assets and creating important collaborations. This past June, Leonardo announced a partnership with Ansaldo Energia, regarding the cybersecurity of critical infrastructures, with a special focus on Ansaldo Energia’s Lighthouse Plant project. The partnership includes the creation of the “Start 4.0 Competence Centre for the Security and Optimisation of Critical Infrastructures” based in the Liguria Region. Start 4.0 will have the mission of developing new expertise and technological solutions.
At the European level, Leonardo is actively involved with cybersecurity organisations, fostering dialogue and action. We are a founding member of two important entities: the European Organisation for Security and the European Cyber Security Organisation. This engagement allows us to outline the key priorities, identify where our resources and research need to be focused, and establish the strategies needed to move our work ahead.
And, just this month, we opened a Leonardo Academy in Lincoln (in the United Kingdom), where technical specialists will be trained within the Cyber and Electromagnetic Activities domain. On-site, UK and allied international armed forces will learn to master the latest techniques and equipment required for today’s electronics-driven battlespace.
At the international level, we work alongside NATO to provide rapid-response cyber defence capability to more than 70,000 NATO users in 29 countries through the NATO Computer Incident Response Capability – Full Operational Capability, constituting a positive example of cooperation between our Italian and UK teams. This system is designed to evolve as the cyber battlefield changes. As such, Leonardo continues to invest in the new technology and the critical skills required to defend NATO from the growing cyber threat.
- Concluding remarks
In closing, I would like you to keep the following in mind.
Looking beyond the challenges of the cyber domain, it is important to remember that we are in the midst of a fast-paced, technological era that heightens experiences and connects us.
I’m sure that throughout these two days, representatives from European institutions and the industry will discuss the very next steps required to ensure that we have the proper framework to support cyber activities and security. As I look out at this audience, I am optimistic. In this room, I see ideas; I see inspiration; I see our tomorrow.
Francesco BussolettiVedi tutti gli articoli
Nato a Roma nel 1974, lavora all'agenzia di stampa Il Velino. E' inviato di guerra embedded dal 2003, quando partecipò alla missione Antica Babilonia con l'Esercito Italiano in Iraq. Ha coperto sul campo anche i conflitti in Afghanistan (Enduring Freedom e Isaf) e Libano (Unifil), nonché quelli in Corno d'Africa (Eritrea, Etiopia e Somalia) e le principali attività della Nato al fianco delle forze armate di diversi paesi. E' ufficiale della Riserva Selezionata dell'Esercito, specialista Psy-Ops, e tra il 2012 e il 2013 ha prestato servizio a Herat nell'RPSE. Attualmente si occupa in particolare di cybersecurity.