Author: Marc-André Ryter
Editor’s note: On the 9th and 10 th of May 2019, the
2nd «Cybersecurity-Mediterranean» congress was held
in Florence, organised by the Swiss Webacademy with
Thales Italia, and with the support of the Global Cyber
Security (GCSEC) Foundation as well as the IATA and the
Geneva State Police. The event was attended by VIP’s
from the public and private sectors and placed under the
patronage of the Region of Tuscany, the Municipality of
Florence, Confindustria Toscana, Federmanager Toscana
and Cispel Toscana.
The tailor-made program has allowed the success of
the event to flourish with 165 participants, from Small
and Medium Enterprises to Business Managers, all
organized within the beautiful frame of the the Murate
IdeaPark, in the heart of Florence.
The first day was dedicated to the training of managers, with a master class
on security proposed by Pascal Buchner (CIO, IATA) and a series of demos
and courses delivered by AIIC (Italian Critical Infrastructures Association),
the GCSEC Foundation, One Step Beyond and Active Change Management.
Throughout the afternoon of the first day, a cross-sector «top secured» areas
round table was held between 20 specialists who had as a common key to
their activities, the complexity of security of their job, all belonging to different
sectors where a failure can have catastrophic consequences: transports,
logistics, critical infrastructures, law enforcement, army a.s.o.
On the second day, we entered the heart of the event with the institutional
greeting of the Mayor of Florence and the Counselor of the Tuscany Region
in charge of Information Systems, Privacy and Security. Subsequently, 15
speakers from 8 different countries were able to cover the newest security
risks and threats on a 360° point of view. The topics discussed were those
related to possible present and future scenarios as well as the technical,
human and educational countermeasures that should be implemented in
this delicate period of technological evolution driven by the 5G, the last
phase of completion of the «fourth industrial revolution» and the «4.0 era».
Here follows, an exclusive summary of the most interesting topics as well
as the lessons learned from the debates, written by Col. Marc-André Ryter, a
document kindly provided by the General Staff of the Swiss Army
With a university diploma in Security Policies, after
graduating in Political Sciences, Col. Marc-André Ryter
is a collaborator of the General Staff of the Swiss Army,
for all topics concerning the military doctrine and, since
2018, Head of the Department of Military Constructions.
He folows and studies all the technological evolutions
which may prove relevant for the armed forces and
for different operation fields, with a particular aim to
adapt the military doctrine.
The human factor
The human factor is the element that is becoming increasingly important
in cybersecurity: Training, including awareness-raising, must be developed.
It is the basis for improving safety. Investment in training is at least as
important as the technical investment.
User profiling and activity tracking (scanning) using artificial intelligence
will become more important and the safest way to detect problems in a
timely manner. At present, for example, “Darktrace” is able to establish a
reliable profile within 10 days.
“Darktrace Enterprise uses a Machine Learning component and
proprietary AI algorithms to passively analyze raw traffic to form an
understanding of what is “normal” for each user, device and subnetwork
in the organization. Without assuming in advance which activities are
malicious or not, Darktrace Enterprise independently learns to detect
discrepancies; the system then immediately alerts the organization
of emerging threats, from subtle, discreet and slow internal attacks to
automated viruses such as ransomware.”
(source: Darktrace website, www.darktrace.com/fr)
The dissemination of, or too easy an access to, passwords or information
related to network security remains the main problem at the moment.
This is why people and their activities are often considered to be the most
vulnerable aspect of infrastructure.
The user must take all possible measures to protect their data, and keep
it private, and be sure that they are protected by those who store such data
The increase in risks for humans is related to the fact that they interact
more with their environment (organization of life) via the Internet. This leaves
traces and generates data that create new vulnerabilities (malicious use).
When the pressure at work is too high, people tend to sacrifice safety for
Cybersecurity in the field of logistics and transport
The exchange of information throughout the supply
chain is essential. There is a high need for connectivity
between the actors to improve efficiency. But the
interaction between actors and objects also increases
the surface of vulnerability (humans, robots, vehicles,
Any undesired change in calibration (sabotage) can
cause serious damage. The human-generated weakness
is mainly in the area of conduct and decision-making.
There is too little interest in cybersecurity in the world of
logistics. Cyber risks are not sufficiently integrated. They
are seen as a technical problem, which is strictly in the
domain of technical managers.
The promotion of security in the regions can be
achieved through the systematic integration of
cybersecurity into training, including specific logistics
subsidiaries. Specific sequences must be developed in
cooperation with the relevant stakeholders (campus
Logistics must also be integrated into the issue of
critical infrastructure protection (ports, airports in
particular) and cooperation must be developed. In
critical infrastructures, all actors related to logistics and
transport can be grouped into a community of interest.
There are, at least at the beginning, problems related to
the lack of standards for digitisation. The integration of all
actors is a major challenge, since there is no “security by
design” for most actors and in the interactions between
them. The perception of the value of cybersecurity needs
to be improved.
Ports represent privileged infrastructures for the
use of new technologies such as 5G. In large critical
infrastructures, secure processes must be introduced
from the design stage. This is the basis for a secure
data exchange. A certification for the security of data
exchange should be developed, which is still lacking. This
could include different levels of security. Governance
is therefore needed to create a framework for these
developments. We can think here of “Cybersecurity best
practices”. The more information that is circulated and
shared, the more it must be protected.
The field of logistics processes a very high amount of
data. Cybersecurity is an additional and underestimated
issue for others. There may be terrorist interests in stealing
data, for example to know the passengers on a flight, a
cruise, or to know the contents of planes, ships or road
transport. The environment in which a system is located
is itself critical. The nature of this environment will change
the nature of the risk. In any system, the level of safety of
all actors can only be improved by raising the level of
each actor individually. A flaw in one person’s home puts
everyone at risk. So we need a common framework, and
that is the most difficult thing. Often, actors and systems
have their own specificities (constraints). In critical
infrastructures it is also possible to identify the normal
behaviours of critical users and to identify deviations.
The use of multi-dimensional platforms is also a possible
tool. They are part of innovative solutions that make it
possible to instantly identify attacks by recognizing their
major characteristics (patterns). They identify exchanges
with machines that are not part of the system, and
therefore attempts to intrude or extract data.
Standards in supply chains are at the heart of the
concerns. The major problem is the absolute need for
the different actors to communicate with each other.
Fragmentation is also a possible security solution, as
it makes it more difficult to attack the entire system or
Knowing the partners and how they work contributes
to safety. Secrecy is also a necessity for cybersecurity:
who needs to know what information, who has access
to what information?
It is always difficult to attract investors in the field of
cybersecurity. Should security financing be integrated
into products (hardware and software) or separately as
an additional service? However, the price of the product
plays a role, and the consumer will have to agree to pay
a higher price for safe products. But as long as there
are exchanges with cheap and therefore unsecured
products, the system will be at risk. One solution would
be to require “security by design”.
Cybersecurity in the field of critical infrastructure
Regulatory efforts under the NICE programme provide
the impetus for the development of cybersecurity.
“The Cybersecurity Framework or Framework
for Improving Critical Infrastructure Cybersecurity
(currently version 1.1) is a voluntary framework
consisting of standards, guidelines, and best
practices to manage cybersecurity-related risk
[the how and what of cybersecurity]. The NICE (National Initiative for
Cybersecurity Education) Cybersecurity Workforce Framework (see
question above) describes and categorizes roles and functions [the who
(source: Website National Institution of
Standards and Technology (NIST),
U.S. Department of Commerce,
This is necessary because water and electricity infrastructure is particularly
vulnerable. The possibilities of digitisation in this field are numerous and
necessary, but create new challenges with the appearance of new entry
points into systems (vulnerabilities).
Smart Metering” technology (communicating meters) is very sensitive.
The products for specific protection that are currently available on the
market more or less meet the need and still need to be adapted. The human
being and his activities constitute the most important vulnerability due to
the many manipulations required.
Cybersecurity in health, including home care, will become an increasingly
important issue as the population ages. There will be more services delivered
via the Internet. Since we are at the beginning of this process, it is important
to ensure that security is integrated from the design stage of the tools. Data
security and privacy are particularly relevant in this area.
One of the problems is also that the top management of critical
infrastructures is not very aware of cybersecurity issues. However, in this
area, it is essential to be able to work in a connected way and exchange
information in order to accomplish tasks. Service distributors also collect
a lot of data on citizens and therefore have the same constraints as public
administrations. Interactions on the Internet between citizens and their
suppliers, as well as with the authorities, are increasing. All these companies
have to do more with fewer resources. There is often a risk here of sacrificing
safety for efficiency. On the other hand, it should not be forgotten that the
possibilities of the Internet can generate needs.
Security requirements may be in conflict with transparency requirements.
They are often 2 sides of the same coin. What is exposed, visible and
transmitted must not contain protected data.
It is necessary to find answers to the following two questions, which for
the time being remain outstanding:
What is the degree of improvement needed by critical infrastructure
stakeholders to enable them to cooperate in compliance with NICE
guidelines, knowing that there is already support software in place?
What is the necessary degree of sharing of solutions between actors in
order to create a secure cyber environment?
For a State, the main aim is to avoid cyber-speaking (theft of strategic
information), cybercrime (motivated by financial gain) and cyberterrorism
(propaganda, fake news, blackmail, data theft for the preparation of attacks).
The best way to prevent them is to start awareness-raising and training from
the university level.
The development of cyber defence centres, campuses and other training
opportunities is a good way to develop effective cyber defence capabilities.
Exchanges in cyber defence centres make it possible to realize the need
to share information. Regional and national police forces are developing
cooperation tools. International information sharing is the way forward.
agencies will face the
same risks and will
have to ask themselves
the same fundamental
questions about their
what extent are we
threatened in cyberspace, what are our interests and how can we defend
them, what options do we have and how can we ensure the resilience of
systems? These questions arise because of the inevitable development of
the use of cyberspace. This will take place anyway because of the potential
for improving the quality and speed of decision-making, information control
and the management of huge amounts of data. However, the possibilities
will allow such improvements that they will be integrated, despite the risks.
For the armed forces in particular, it will be a question of taking all possible
measures to limit risks, and therefore of constantly managing risks. They
will find themselves in a tension field between opportunities and risks and
Cybersecurity and the changing threat
As there are more and more connected objects, there are more and
more possible targets to protect. A worrying issue is that the problems of
2G, 3G and 4G are not solved and will be transferred to 5G. The threat is
thus becoming more and more complex. You have to get used to VUCA
environments (Volatility, Uncertainty, Complexity, Ambiguity). 5G will bring
about a global evolution, and not only because the Chinese currently have
the lead. It will be a problem for law enforcement for
two main reasons: it is much more powerful and it can
overwhelm other uses. The problem will be to be able to
trust the system. If this is not the case, we will start from
a position of zero confidence, i.e. a position where we
expect to be attacked at any time.
Some additional thoughts
It is important to establish network security by setting
up permanent monitoring and analysis. Resilience is
achieved through continuous monitoring of activities.
We can apply the model of the organization of the life of
an ant farm, with 4 levels:
Specific ant activities
identification of abnormal activities
The proper functioning of future smart-cities is based
on a very large amount of data that will have to be
collected and processed, but also protected. The best
way to ensure security and organize data into separate
modules is to use a multidimensional system. An
automatic or semi-automatic system of audit, evaluation,
review and measurement must be put in place.