Fabrizio Baiardi

Fabrizio Baiardi

Fabrizio Baiardi is a Full Professor at Università di Pisa where he has chaired one of the first degree on security of ICT infrastructures. His main research interests are formal approaches to risk assessment and resilience of critical ICT infrastructures. Fabrizio Baiardi has been involved in the risk assessment and management of several systems and of industrial control systems with SCADA components. He has authored several papers on ICT security and currently teaches university courses on security related topics.

Why President Trump is so worried by TikTok

To explain this concern we can recall that current national and European cyber security legislation classifies the networks that distribute electricity, gas and water as critical infrastructure and requires severe security requirements for the ICT/OT networks that supervise and control these infrastructures. The reason is fairly obvious, a successful attack against the control network can have huge impact and also loss of human life is possible. As an example, NIS, Network and Information Security is an European Directive approved in 2016 that requires the adoption of a shared set of security measures for ICT networks and systems. Member States had to transpose the Directive into their national laws by 9 May 2018 and identify operators of essential services by 9 November 2018. The Directive provides legal measures to boost the overall level of cyber security in the EU. In the US the protection of critical infrastructure is assigned to a federal agency, the Critical infrastructure Security Agency, CISA.

No one doubts of the importance of critical infrastructure. The problem is how many infrastructures are critical. As an example, the CISA states that “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof”.
Unluckily in a world where ICT is pervasive the number of infrastructures CISA believes are critical may be wrong. As an example, some weeks ago, Microsoft Corp alerted one of Democratic presidential candidate Joe Biden’s main election campaign advisory firms that it had been targeted by suspected Russian state-backed hackers, according to four people briefed on the matter. The target here is the ICT infrastructure of advisory firm that is not a critical infrastructure according to any definition. However, it is obvious that the goal of the attacker is to influence the election result, something any democracy wants to defend and protect at least as water and power distribution.  
Another important attack is the one only of a couple of months ago against Twitter. Among other the accounts of Joe Biden and of Barack Obama have been hacked and it is rather obvious what could happen if in an election day some of these accounts sends a fake tweet. Again, Twitter ICT infrastructure is not a critical one.

Hence, several ICT infrastructures have to be protected even if NIS or CISA do not classify them as critical, because successful attacks against them may have a huge impact on our society. If software is eating the world, every company is a software company. This does not imply that every company sells software product but that services and products in every field are becoming increasingly driven and powered by software. In other words, cybersecurity should be practiced in enterprises of all types and most infrastructures are becoming critical ones.

Link:
https://www.facebook.com/watch/?v=343601063741098&extid=7EU4Ruqj1SsmmDra

More to explore

Leave a Comment

Your email address will not be published. Required fields are marked *

en_US
it_IT en_US