Picture of Fabrizio Baiardi

Fabrizio Baiardi

Fabrizio Baiardi is a Full Professor at UniversitĂ  di Pisa where he has chaired one of the first degree on security of ICT infrastructures. His main research interests are formal approaches to risk assessment and resilience of critical ICT infrastructures. Fabrizio Baiardi has been involved in the risk assessment and management of several systems and of industrial control systems with SCADA components. He has authored several papers on ICT security and currently teaches university courses on security related topics.

Money, cyber robustness and hacking (aka Money makes the cyber go around)

Nowadays, one of the most popular and dangerous idea in the security world is that once you have learned to think like an hacker you will also be able to build robust system. This is the idea lying at the foundations of those capture the flag exercise where someone teach some poor students to crash a system. In this way the students will also learn, in some esoteric and mysterious way, how to build an unhackable system.
There are bad news for the supporters of this idea because the elite cia unit to develop hacking tools failed to secure its own system and this resulted in a massive leak of these tools. Furthermore, according to The Washington Post –

“Without the WikiLeaks disclosure, the CIA might never have known the tools had been stolen, according to the report. “Had the data been stolen for the benefit of a state adversary and not published, we might still be unaware of the loss,” the task force concluded.”

This interesting counterexample remind us that a command team that can destroy a bridge is not the best team to build one. For some mysterious reason, this trivial, widely accepted engineering principle should not hold for cyber security. To solve this mystery we should consider that we know how to build a robust system, we have tool to measure this robustness but these approaches are more expensive and less romantic than asking for some expert 🙂 opinion from hackers or penetrator testers. 
If something goes wrong, we will claim that “any system can be attacked”.


Link 

https://www.washingtonpost.com

More to explore

La startup Haruspex sbarca in Silicon Valley

L’azienda di cybersecurity spezzino-pisana è stata selezionata dal prestigioso programma “Global Startup Program” dell’Italian Trade Agency, a San Francisco. Per il momento il programma sarà svolto in virtuale dato il persistere delle limitazioni agli ingressi sul suolo statunitense.

Leave a Comment

Your email address will not be published. Required fields are marked *

en_US