(by Francesco Pagano, Director of Aidr and Head of IT services at Ales spa and Scuderie del Quirinale) A fundamental part of the Next Generation EU plan concerns digitization and, in particular, the modernization process at the level of Public Administration and public institutions. In the cultural sector, this perspective certainly represents an opportunity to accelerate (in some cases start) the introduction of computerized systems for better management of heritage, sites and use by citizens. This is excellent news, but it opens up to a series of concerns.
The risk, in fact, is that in the absence of careful planning, the opportunity goes to waste. If the goal is to create a broad and shared system, the definition of strategies for digitization in the cultural sector requires starting from a perspective that places safety as an absolute priority.
From privacy to resilience to cyber attacks
Two elements require particular attention to cyber security in the planning of digital infrastructures. The first is linked to the concept of privacy and protection of citizens' data. One of the areas of application of new technologies in the cultural sector, and above all in the museum sector, is that of use by the public. The management of reservations and accesses necessarily involves the processing of personal data. An extremely delicate activity, which requires the preparation of rigorous standards and procedures that make it possible to ensure the integrity of the data processed.
Not only that: the use of “smart” communication tools, such as augmented reality, involve forms of interaction with the same devices used by visitors to access digital content. In other words, digital systems administrators will find themselves managing an extremely large and changing network on a daily basis, where security management is a top priority. In fact, under such conditions, the effects of a cyber attack can have extremely serious consequences.
Behind the Scenes: Ensuring System Integrity
The precondition for the effective use of digital systems is the creation of a system at national level that allows the aggregation and analysis of available data on a large scale. In other words, the maximum effectiveness of the digitization process is obtained when each subject is transformed into a “node” that allows data to be shared and access to the rest of the network. A concept that may even seem obvious, but which in the current panorama poses a series of problems in terms of cyber security. The map of museum institutes in our country, in fact, is extremely varied and includes, alongside excellences that have invested in resources and skills to guarantee the security of information systems, many (too many) realities that are suffering a heavy delay in this sense.
By relying on the theory that the overall resilience level of a network is equal to that of its weakest point, the problem becomes evident. Before reaching the goal of a shared and extended management of IT systems, it will be necessary to ensure an adequate level of security for all the nodes that are part of the network. This is an objective which in the current state of things appears utopian. A possible approach to the process, therefore, may be that of a phased implementation, which provides for the precise definition of the standards that institutions must satisfy in order to “enter” the system.
The importance of the human factor
The success of this path will be defined, in addition to the resources allocated, by the ways in which the cyber security framework in the cultural sphere will be prepared. If the implementation of adequate technical tools represents the first and most obvious fulfillment to achieve the goal, the real distinction concerns the ability to equip all operators in the sector with those skills that allow an informed use of IT tools and, consequently, compliance with safety procedures. This is a medium to long-term task, which should be prepared as soon as possible. Finally, in doing so, it will be necessary to immediately take into account the forecasts that will emerge in the new version of the European e-Privacy directive, which is being negotiated in recent weeks. In fact, working on a different horizon would expose us to the risk of having to do it all over again.
Better, for once, think about it first.