Cybersecurity Expert, Chief Information Security Officer (CISO),
Certified Information Systems Auditor (CISA)

John Giordani

Certified Information Systems Auditor

Cybersecurity Expert

Cybersecurity, ongoing work for global security rules

In a context in which a real cyber-arms race is in place, there is a clear need for a global framework for the use of cybernetics. There are several proposals sketched in the past, the one shared by the G7 cyber group is concrete Cybersecurity. There is a lot of talking, too many people abusing terminologies, and many fail to go beyond the business opportunity this matter promises to offer in the coming years. On one hand, we have avid technology companies, on the other hand, we have little awareness of the cyber threat.

Just browse a newspaper to understand something important is happening, the number of computer attacks is inexorably increased as well as their level of complexity.

It is the collective paying the price, blind to a slow hemorrhage that is consuming just when it is believed that technological evolution can take us anywhere.

Computer security has become a matter of survival, yet almost all taxpayers ignore the existence of significant spending on the protection of national critical infrastructures from cyber-attacks. When we buy a car, we care about the color and the options, but we would never think we were interested in a defense system that could avoid computer accidents. Whenever we use a device connected to the network, we must be aware of being in the middle of a battlefield where a plethora of actors competes daily.

Computer criminals, government-hackers, activists, and cyber terrorists instantly threaten our digital experience.

Our devices, whether they are smart TVs or critical infrastructure control systems, are connected to the same network used by governments to conduct espionage, sabotage, and psychological warfare operations.

Cyberspace was recognized by NATO in July as the fifth war domain, in short, the Alliance recognizes the possibility of a military response to a cybernetic attack against one of the states that compose it.

Cyberspace is the battlefield, the theater of multiple conflicts that we often ignore, and fighting governments that use the computer tool to compromise the systems of opposing states.

Such conflicts are instantaneous by definition, asymmetric and often conducted in periods where there is no ongoing conflict between the contenders. The use of cybernetic weapons is convenient for many reasons, they are as effective as conventional weapons, certainly cheaper, and above all their use is not easy to attribute to a specific actor.

The use of a cybernetic weapon allows circumventing sanctions by the international community. All this implies that almost all governments are intending to increase their cyber capabilities, in terms of defense, and more or less explicitly of the offense. During the recent US Presidential elections, the Washington Government repeatedly accused the Russian of interfering with the White House candidates' campaigns.

While everyone was concerned about imagine the possible impact on the final outcome of the Presidential Elections, few have understood what is, in my opinion, a historical passage, or the use of the cyber threat as a deterrent.

For the first time in history, a member of a government, specifically the US vice-president, threatened a foreign government, the Russian one, to intervene with a cyber attack.

To date deterrence was only that of the conventional arms, the famous nuclear warheads were the specter of military action to guarantee destruction of the enemy, but today it threatens a cyber attack with the intent of deterring the opponent from its action.

In a context in which a real cyber-arms race is in place, there is a clear need for a global framework for the use of cybernetics. Hence the need to share a set of rules of behavior in the cyberspace between the nations.

There are several proposals sketched in the past, shared by the cyber group G7, however, it is easy to understand how rules can be transposed by governments that have a profoundly different approach to cyber issues.

The more advanced governments fear the application of a set of rules as they would significantly limit their operational capabilities and reduce the technological gap that is now being observed between different nations.

Obviously wealthier nations are investing in the development of cyber, defensive and offensive capabilities for some time, these countries now have a substantial advantage over others.

The many spying campaigns that have come to light in recent years provide it with unmistakable evidence. Often the opponent compromises opponents' systems for long periods, sometimes years, without being identified.

As we read, and we aim to discover, it is the tip of the iceberg of intense government activity in the cyberspace and that led to the genesis of the term "militarization of cyberspace."

What solution can prospect?

Waiting for a diplomatic resolution in view of a set of rules of shared behavior between nations, it is necessary to improve cybersecurity in the country by investing in targeted research, awareness, and training plans that favor a necessary change culture, especially in young people. Believe me, it's a question of survival.

John Giordani

Cybersecurity Expert, Chief Information Security Officer (CISO), and Certified Information Systems Auditor (CISA) ​