60% of a sample of CISOs, CIOs, professors and university researchers believe that States should invest in cybersecurity by favoring national actors; 57% think that to guarantee sustainability it is necessary that companies that provide systems and solutions for cybersecurity are independent from interference by foreign states.
As far as healthcare is concerned, patient safety in full respect of privacy is a focal point for 62% of the interviewees; the security of an information system must not in any way conflict with the privacy of the users of the system itself.
These are the data that emerged from the report 'Cyber Security and Digital Sustainability', developed by the Foundation for Digital Sustainability with the unconditional contribution of Gyala and presented to the Chamber of Deputies.
The research has identified three priority technological areas that impact more than half of the sustainable development goals defined by the United Nations: technological integration, privacy and digital sovereignty.
'We live in an era in which digital permeates every aspect of our lives and every interaction - commented Stefano Epifani, President of the Foundation for Digital Sustainability - This reality exponentially increases the attack surface of systems and makes cybersecurity an essential component of any digitalization strategy. At the same time, sustainability, understood as the ability to meet current needs without precluding future generations from the same opportunities, emerges as a global objective, an imperative for all actors in society'.
The report explores the intersections between digital security and sustainability, establishing clear priorities, with the aim of proposing a framework that leads towards a cybersecurity that is both sustainable and a driver of sustainability, outlining the convergence between cybersecurity and sustainability, which should not be interpreted as distinct entities, but complementary, both oriented towards the development of a better society.
The document was drafted following an analysis conducted through focus groups comprising a heterogeneous representation of experts, including CISOs, CIOs, university professors and researchers.
The Activity has produced a list of priorities that reflects a holistic and multidisciplinary vision, essential to address contemporary challenges in terms of cybersecurity and sustainability.
'We believe that sustainability can find in technology an enabling and implementing element, and we believe that technologies that deal with cyber are a driving force for the development of the country as well as being one of the elements of protection of our productive force, collaborating in the protection of institutions and individual companies and stimulating the circuit of the economy, well-being and growth - commented Nicola Mugnato, Founder of Gyala - The elements that this research has given us confirm that the approach that Gyala has in its DNA of looking at digital sovereignty, technological integration and privacy connected to sustainability as competitive elements is correct and can represent a key element in the evolutionary process, supported for several years by the Country System, which sees these new approaches as accelerators of growth in the public and private sectors'.
'Cybersecurity has become a central theme in the country - said the Honorable Pino Bicchielli - In the Defense Commission we have set up a committee for cybersecurity: it is a fundamental competence in our society. Everything we deal with today in civil or military terms also includes a part dedicated to cybersecurity. A theme on which to also rotate other activities.
From the research we understand how important the convergence between IT Security and Sustainability is, which cannot be distinct entities. Then there is the issue of technological sovereignty. We must start thinking that in a world like the current one, technological sovereignty has become fundamental.
THE THREE PRIORITY AREAS – IT/OT technological integration: With the development of IoT (Internet of Things) technologies, it is increasingly important to ensure integration between the digital components of IT and the physical components of OT.
The survey highlighted how, with respect to IT/OT integration, the greatest impacts are perceived in relation to the area of Environmental Sustainability. In second place is Economic Sustainability and in third place is Social Sustainability.
The interviewees therefore believe that IT/OT integration is essential to support processes related to environmental protection and safeguarding, also in relation to the maintenance of critical infrastructures and their economic value. The report highlights how the adoption of design criteria oriented towards 'Security by Design' is extremely important: 66% of the sample believes that it is essential to guarantee sustainability.
Similarly, 61% of respondents consider supply chain security to be essential for sustainability. More than half of respondents (57%) believe that OT infrastructures must be able to be managed with the same flexibility as IT infrastructures, in order to ensure the security and resilience of the infrastructures themselves. Finally, 51% of CIOs believe that managing resilient infrastructures requires a very high level of integration between IT and OT.
The security of systems that integrate the digital components of IT and the physical components of OT requires an integrated vision of the cybersecurity systems themselves. A priority emerges that cuts across the various sectoral sustainability objectives (medicine, electricity, water) and concerns the security of IT systems that interface with OT systems (SDG9).
The sector of greatest relevance for IT/OT integration is the medical sector (SDG3), in which the security of equipment and data has a high level of risk related to the health of patients, whose lives depend on the control of medical devices implanted or used in hospital facilities or in remote medicine.
The energy sector (SDG7) emerges with similar importance, with the management of smart grid networks, which are fundamental in the management of renewable sources, in their various components: generators, processors, sensors, smart meters. This is followed by the management of the integrated flow of water (SDG6) and the management of electricity production plants (SDG7).
PRIVACY – Cybersecurity, in a context of sustainability, must be pursued while respecting users’ privacy and at the same time represents an important tool for sustainability. For those interviewed, privacy primarily impacts social sustainability, followed by economic and environmental sustainability.
The correlation between privacy and security in terms of sustainability affects all the topics of the survey transversally. The most important sustainability goal is SDG3 (good health and well-being of people: the protection of patient data from external and internal attacks is recognized as the most important. The other areas have a lesser importance, but still significant and are: management of monitoring and control systems of user behavior (SDG7 Affordable and clean energy); management of system security while respecting workers' privacy (SDG8 Decent work and economic growth); protection of student data from external attacks (SDG4 Quality education); protection of student data from platform managers (SDG4).
Managing patient safety while fully respecting privacy is a key issue for 62% of respondents and for 51% of respondents the security of an information system must not in any way conflict with the privacy of the users of the system itself.
DIGITAL SOVEREIGNTY – The way in which a State regulates and exercises the governance of technology and services used in various ways within the national perimeter (digital sovereignty) sees cybersecurity as a highly critical element and, at the same time, represents a central theme in terms of sustainability. Interviewees highlight the centrality of digital sovereignty in security to guarantee economic sustainability, as well as for the dimension of social sustainability. Environmental sustainability, compared to digital sovereignty, is perceived as the least relevant dimension.
The most relevant element for digital sovereignty is clearly: the guarantee that the data covered by industrial secrecy of a company and those of the country's critical infrastructures cannot be acquired by foreign States (SDG8). The other areas that concern data relating to infrastructures follow with: the guarantee that the data of energy infrastructures cannot be acquired by foreign States (SDG7); the guarantee that the data of water infrastructures cannot be acquired by foreign States (SDG6); the guarantee that patient data (SDG3) cannot be acquired by foreign States.
Article published on March 6, 2024 - 12pm
Video Chronicles
