Cybersecurity: a global ecosystem

“Steps identified by the EU on cybersecurity are needed, but only time will tell if they are sufficient. Today the ‘bad-world’ cooperation is intense: if the ‘good-world’ do not cooperate both national and international for sure they will lose.” Giorgio Mosca says.

Mr Mosca, how much a National Cert can facilitate companies?

Today the most important need is to create awareness, disseminate information in a way that does not cause confusion among non-experts. Everybody, if they want to compete, must use the e-commerce or interact electronically. The block of the infrastructure can be a huge financial loss: to avoid it, the best solution is to circulate the information.

A centralized well-organized structure that will deal with would be a major help.

A method to impose companies to exchange information is to adopt penalties. What do you think?

Impose such type of rules would entail a maturity that not all countries have yet.

Our proposal is to ensure that large companies, particularly defense and security, support and propose the need to share information in all the industrial and administration world.

We need an ecosystem that highlights business risks and at the same time propose solutions. To carry out this plan it is important to involve everybody, both at industrial and cultural level.

How much is the company spending on information security? A National Cert can reduce it?

The cost varies depending on the sector and the level of computerization of the company. However, small businesses spend in IT, and on IT security, in percentage more than large firms and, paradoxically, are less protected. In a large company IT spending varies from 2.5 to 3.5% while in medium sized companies the average is 5-6% and for the SME cost increases.

A national Cert has the task of directing and supporting the private sector also in risk management, in order to better invest and get guaranteed results.

What is the ideal level of cooperation between governments and private?

The backbone of a nation are its critical infrastructure, all interlinked. The first mandatory level of collaboration between the government and operators is needed in this area of critical infrastructures.

Then I see to come the industry and business, who must work together and next to the Government.

In some countries, like Italy, the national Cert is delayed. Can we take a positive advantage of this delay?

The need of facilities should be in line with the current times, it is essential to be equipped with modern solutions.

In Italy there are already some Cert that have good performances and are at the level of those of other nations; as far as a National Cert concerns, we just need to decide where it should be allocated and with what type of privileges, as required by the EU.

The specialist in cybersecurity will be one of the jobs of the future. Is there a training program?

Not yet, but there are already some initiatives and many companies and experts of a good standard.

The great merit of these initiatives is to help create awareness, fundamental both for those who specialize in this area and for those who will need basic knowledge to apply to their business.

http://www.corrierecomunicazioni.it/it-world/18832_mosca-cybersecurity-serve-un-ecosistema-a-servizio-di-tutti.htm