(by Davide Maniscalco, Aidr regional coordinator for Sicily) In an increasingly interactive and heterogeneously interconnected digital ecosystem, cyber attacks with the aim of sabotaging strategic European infrastructures in the transport, public services and industry sectors or destabilizing systems Democrats or, again, industrial and scientific-technological espionage, have undergone an exponential surge.
Cyber attacks on cloud infrastructures have also increased sharply over the past year.
It is becoming increasingly evident that the increase in the surface of the risk is accompanied by an increase in vulnerabilities exposed to large-scale cyber attacks.
The European Cybersecurity Agency, ENISA, also confirms a rather worrying scenario, according to which attacks on European supply chains will quadruple in 2021, compared to last year.
Just to name a few, it is enough to recall the Kaseya ransomware attacks, a colonial pipeline that impacted health and energy infrastructures on a large scale.
For these reasons, President Ursula von der Leyen, in her State of the Union 2021 speech, verbatim stated that “(…) If everything is connected, everything can be hacked. Since resources are scarce, we must join forces. (…) This is why we need a European cyber defense policy, including legislation that sets common standards under a new European cyber resilience law. "
The cyber threat has indeed been on the European agenda for several years and addressing it in a structured and coordinated way, on the level of security and cyber defense, both civil and military, has gradually become a priority also on the geo-strategic level, through the essential development of European leadership on advanced technologies (quantum in primis), safer infrastructures, common standards and requirements and an effective info-sharing system associated with a functional cyber-diplomacy activity for deterrence purposes.
In this perspective, between Digital Europe, Horizon Europe and the European Defense Fund, it is essential that Europe continues to invest resources to increase the overall level of security and resilience of the Union and, as stated by President von der Leyen, become " leader in cyber security, through an authentic European cyber defense policy, aimed at protecting, identifying, defending and deterring ”.
The regulatory ecosystem of the European Regulator, in line with the European cybersecurity strategy and the related Action Plan, has already created an important strategic framework that determines the conditions for the implementation of a European IT security policy that passes through research and development. of advanced technologies on which to progressively affirm European technological sovereignty, public-private partnership and international cooperation.
To this must be added the additional regulatory instrument of the European Cyber Resilience Act which is part of the objectives declared by the VdL President in order to increase European resilience through the creation of common European IT security standards for the products and services of the digital single market together the creation of a common information hub on the security of the fifth European domain.
On a technical and operational level, collective resilience cannot be separated from a structured European synergic action of a preventive and predictive and not only proactive type.
In this direction, the integration of systems and technologies will become increasingly strategic, with specific reference to Artificial Intelligence systems in a cybernetic environment and the development of cross "fertilization" between civil, defense and space industries, through the intensification of activities awareness raising and industrial and scientific partnership in critical technologies.
In this scenario, the establishment of the Cybersecurity Competence Center (CCC) and the network of national coordination centers will help protect the European economy and society from cyber attacks, maintaining and promoting research excellence and strengthening competitiveness. of the EU cybersecurity industry.
Furthermore, the EU space program will continue to develop technological solutions functional to cyber security including through the implementation of an EU space-based global secure communications system that will provide access to high-speed connectivity through a multi-space infrastructure. -orbit.
Therefore, to tend, high-speed connectivity and European communications will be protected by technologically integrated quantum cryptography systems, which will be characterized above all by the level of resilience to large-scale cyber attacks.
In terms of operational and technical proactivity, the establishment of the European network of Security Operation Centers will be determined which, making use of new technological discoveries or systems integration, will interact increasingly synergistically and virtuously with national SOCs and those of the private sector, to efficiently detect and manage cyber attacks as well as to create the conditions for the creation of a shared information space to converge with the information coming from national and, to tend, European military SOCs.
In this perspective, the establishment of the Joint Cyber Unit already presented as part of the Cybersecurity Union Strategy will also be decisive, which, in developing the operational capacity for crisis management and European solidarity, will benefit from the further operational and technical coordination of the Joint Situation Awareness. Center that will be established in the framework of the announced Cyber Resilience Act.