ULTIME NEWS: Gyala riconosciuta Sample Vendor nel documento “Emerging Tech: AI in CPS Security” di Gartner Leggi

Cybersecurity and digital sovereignty

What Italy is doing and how to adapt to avoid risks to our infrastructure

The recent ouster of Kaspersky antivirus software from the United States has reignited the debate over digital sovereignty. The decision, taken by the Biden administration, is motivated by concerns related to national security and the data protection of American citizens. In a tense geopolitical context, entrusting infrastructure security to a Russian supplier is considered too risky.

Reasons for the expulsion of Kaspersky from the USA

The BIS (Bureau of Industry and Security) has determined that Kaspersky poses an excessive or unacceptable risk to national security – source here – explaining in:

  • Jurisdiction, control, or direction of the Russian government: Kaspersky is subject to the jurisdiction of the Russian Government and must comply with requests for information that could lead to exploitation of access to sensitive information on devices using Kaspersky antivirus software.
  • Access sensitive US customer information through administrative privileges: Kaspersky has broad access and administrative privileges over customer information where it is installed. Kaspersky personnel could potentially transfer US customer data to Russia, where it would be accessible to the Russian government, as required by Russian law.
  • Ability or opportunity to install malicious software and do not install critical updates: Kaspersky has the ability to deliver malicious software to US customers’ computers or selectively deny updates, leaving US people and critical infrastructure vulnerable to malware and exploitation.
  • Integration of Kaspersky products by third parties: Kaspersky software is integrated into third-party products and services (…) . Third-party transactions like these create circumstances where the source code of the software is unknown. This increases the likelihood that Kaspersky software could be unintentionally introduced into highly data-containing US devices or networks.

Two crucial elements decisive for the ouster:

  1. Ties to the Russian government: The United States has highlighted alleged links between Kaspersky Lab and the Russian government, raising doubts about the possibility of interference or malicious use of the data collected by the software.
  2. National security risks: The primary concern is the risk that sensitive data could be accessed or manipulated by hostile entities, endangering national security.

Digital Sovereignty in Europe

It seems clear that what is now detected very punctually by a state towards third-party software can be extended to any type of cybersecurity software. Precisely for this reason the European Union has been moving for a long time to try to bring member states back to the use of European technologies.

Here too the benefits are evident:

  1. Data protection: Technological autonomy allows you to have complete control over sensitive data, reducing the risks of unauthorized access by third parties.
  2. Infrastructure security: protect critical infrastructures from potential external threats, ensuring a robust defense against cyber-attacks.
  3. Geopolitical independence: In an era of growing geopolitical tensions, having a solid national technology base helps mitigate risks associated with international relations and global power dynamics.

Investing in digital sovereignty is therefore not only a strategic choice, but a necessity to ensure the security of member states, protecting them with neutral technologies.

The Italian position

We have also been talking about it for a long time in Italy, with the aim of controlling and protecting digital data and infrastructure, without being dependent on foreign entities.

The establishment in 2021 of the ACN – National Cyber Security Agency – with the aim of protecting national interests in the head of cybersecurity – was certainly the first concrete step of our country, towards the concept of digital sovereignty; as well as, at European level, Our country’s active participation in the European project Gaia-X, which aims to create a secure and transparent data infrastructure for Europe, promotes the sharing of data between European companies in a safe environment that complies with EU regulations.

From a digital perspective and not strictly of cyber security, in Italy there are several other examples of initiatives aimed at creating and strengthening the country’s digital sovereignty. Such as the development of national 5G networks, and the significant investments in digital infrastructures, digital skills and technological innovation to strengthen the country’s digital autonomy by 2026 (Digital Italy 2026).

There are also the adoption of open source solutions by various Italian public administrations to reduce their dependence on software owned by foreign suppliers, and in the same way, the National Cloud (Polo Strategico Nazionale – PSN) , an initiative promoted by the Italian government to create a national cloud infrastructure hosting data and applications from public administrations.
Both these open source and PSN initiatives reduce dependency on foreign service providers, while increasing the security of public data.

And so?
The rapid, sudden and changing geopolitical landscape should make us reflect, and should fuel the urgency of finding a cyber landscape that protects European states from cyberwar attacks, espionage and sabotage, while growing and supporting European technologies.

The contribution of Gyala: a product of cyber security 100% Italian

Agger, our fully Made in Italy cyber security solution, thanks to sophisticated military derivation algorithms, allows to monitor and manage any type of H24 cyber-attack, maximizing the resilience of IT/OT infrastructures.

Are you interested in evaluating an all-in-one cyber security solution that makes you totally autonomous and independent from foreign providers of cybersecurity services? Don’t waste time, contact us!