Cybersecurity, digitalization and industry 4.0

The impact on the international geopolitical framework and, more concretely, on the industrial and manufacturing world: the reflections of Arturo Di Corinto, who has been analyzing cybersecurity issues for years, help define the risks and the need for specific defense strategies to be adopted.

Edited by M. Costanza Candi

In 2021 worldwide cyber attacks increased by 10% compared to 2020, with criminal actions leading to serious consequences to the functioning of systems and with a global geographical distribution.

In first place one has the American continent with 45% of cases, followed by Europe with 21% of events and a +5% compared to 2020. Finally, one has Asia, with 12% of cases and an increase of 2%.

Although the focus of attention is on sensitive sectors such as government and military, IT, healthcare and education with their large service infrastructures, the mobile world is also beginning to be increasingly affected by this trend: this is also relevant for distributed infrastructures based on mobile terminals typical of Industry 4.0 and adopted by manufacturing industries.

In Italy, for example, 50% of attacks are aimed at the Finance and PA sectors, although industry has seen the most significant increase, with a jump from 7% in 2020 to 18% of attacks in 2021.

According to FASTWEB’s Security Operations Center (SOC), more than 42 million security events were detected, a significant +16% over the previous year (Data: Clusit report).

Arturo Di Corinto

Add to this picture the ongoing international political crisis, with its impact on IT security, and the recent news about the attack unleashed against FS by a Russian-Bulgarian hacker group named Hive. A combination that makes it clear that the issue is at the center of the agenda of companies engaged in increasingly complex paths of digitalization, including industry 4.0, data analysis and centralized management of distributed production lines.

In order to get a picture of the situation, which helps to define the risks and the need for specific strategies, ItaliaImballaggio met Arturo Di Corinto, journalist, writer, long-time cybersecurity expert and Professor at La Sapienza University in Rome, where he holds the course Digital Identity, Privacy and Cybersecurity.

The international political situation in light of cyber security issues

«We know that the ongoing armed conflict in Ukraine is also a cyber conflict» Di Corinto begins. «After all, in today’s world, any armed conflict implies the use of communication tools and networks, an “evolved legacy” of the espionage, sabotage and propaganda operations of yesteryear typical of any war. And this one is no exception. At one time, however, disinformation directly affected people in decision-making positions, ministers, heads of state, diplomats, while today fake news and propaganda use the virtual agora of social networks. Centralized structures, therefore, launch perception campaigns to create insecurity and disconcertment, looking at countries where it is believed that public opinion can still condition the work of governments. Talking about cyberwar today is not correct, but we know that cyber tools serve this purpose, with evidence ranging from Cambridge Analytica and the impact it had on the American election campaign, to the pollution of the debate between Trump and Clinton in 2016».

Different tools with one goal: to damage, block, steal data and information

«Today, espionage is carried out with the same technological tools, via the Internet, making use of the so-called advanced persistent threats or APTs, represented by organized groups that infiltrate the adversary’s information systems to unleash attacks with different objectives. The sabotage, of APT matrix or originated by military and secret services, generally has the objective to completely interrupt the adversary’s communications, for example preventing the supply of the troops at the front. But it in fact also means propaganda and espionage exercised through Internet, of which we have seen numerous cases in this period of Russian-Ukrainian conflict».

A war of super specialized groups often close to governments

«There are groups sympathetic to the two warring factions that are facing each other, of which 35 can be traced back to Ukraine and about 15 to Russia. These groups, whose numbers are constantly evolving, have conducted DDOS (Distributed Denial of Services) attacks to temporarily render a resource exposed on the web unusable. By making repeated and frequent requests, in fact, the servers that receive these requests collapse and the contents become inaccessible. In addition to DDOS attacks on Russian ministries and institutions, Telegram and Twitter have reported attacks directed at countries supporting Ukraine, also aimed at illegally exfiltrating and stealing information from Russian companies and administrations. The first to act in this sense has been the GhostSecurity group, self-styled Anonymous, whose proximity to the sphere of American military contractors I have reconstructed with great probability. There has been no lack of attacks to tamper with critical points that rendered computers in Ukraine, Lithuania and Latvia non-functional. Of course, we also have reports of hundreds of indicators of the compromising of networks and information systems attributable to pro-Russian groups, such as Unknown1152ghostwriters, known to be Belarusian activists».

Runet: Russia’s unlikely and highly damaging exit from the Internet

«All these elements made Putin’s strategists think that it was the case to close the Russian network to the outside to limit the attacks, also reducing the access to information from different sources as to the real course of the conflict. But to exclude a country from the Internet, means to intervene on the primary DNS (Domain Name System) of the geographical network and make them untraceable by the world system of identification of domains. The DNS is in fact based on 13 computers, that have been operating throughout the world since the Internet has spread. To detach a geographical territory and inhibit the access to a primary DNS like .ru, the domain that identifies Russia, means creating an interference in communications with effects that are still unknown. The authority for the assignment of domains has in fact replied that it is an inadmissible request. Moreover, Russia, although it has equipped itself to manage its Internal DNS and isolate itself from the global network to protect itself, has not yet actually disconnected itself from the Internet, because it would achieve an unnecessary isolation. Looking at the geopolitical conflict, in fact, everyone is hoping it will end soon. From the Russian point of view, finally, entering Ukraine and occupying it permanently would also require the use of local communication infrastructures, including the Internet: there is therefore no real interest in carrying out this operation even though it has been widely reported in the media. Finally, ICANN (Internet Corporation for Assigned Names and Numbers), the body that deals with domain names, believes that inducing Russia to isolate itself would prevent the country’s citizens from accessing information other than government propaganda».

Di Corinto underlines: «Finally, the theme of the connection to the global net also concerns the industrial world and its digitalization path, exposing it to remarkable risks, especially in case of extreme measures like the one we are commenting. Especially in the West, which has decided extensive restrictive measures on the economic level, no one has any interest, for example, in interrupting relations with countries from which 30% of the world’s wheat, gas and a high percentage of medicines come. The effect would be a delay or even the jamming of production, which would not be in anyone’s interest and would certainly put the system of related industry at risk».

To what extent is the industrial world affected by the conflict?

 

«From the chronicles dedicated to the various attacks, we know that one of the industrial infrastructures that manage the production and supply of crude oil, of which, it should be remembered, the country is the third largest producer in the world, was hit and taken offline for a few days. Curiously, the damage occurred more in Germany than in Russia, demonstrating how prepared they are on this front but also their degree of interdependence. But it is more interesting what happened before, with the Tardigrade virus, which attacked and blocked the production of pharmaceutical facilities that produce vaccines, in Italy also involving the producers of technology for the cold chain, fundamental for the anti Covid technology producers. It has been often attacks on the industrial apparatus, based on phishing strategies, conceived to collect information from the PC of the employees, in order to gain a competitive advantage of an industrial nature, in particular for the production and management of vaccines, that lies at the center of the real competition between States. The WHO has also come under attack via companies that produce drugs, and research and care centers such as the Spallanzani in Rome. All operations with the sole fundamental objective of acquiring strategic information. To date, however, the risk related to industry 4.0 has not yet fully manifested itself, but in a world interconnected by communication networks, designed for the transfer of information, the transport of energy or materials, attacks of this type are bound to increase and the full scenario needs to be looked at in order to define defense strategies».

Sectors most at risk of attacks

«Data collected from open sources says that 1/5 of the attacks in 2021 involved Europe. In Italy, attacks on the manufacturing industry doubled between 2020 and 2021. The most affected sectors are government-military at 15%, up 3% from 2020, 14% IT, 13% healthcare pharmaceutical, 8% education. But these are certainly conservative figures. Serious attacks in 2021 were around 2,000. These are not just scanning one’s systems on the web, otherwise we would be talking about billions of cases, but successful attacks on specific sectors and in specific countries. The most affected in Italy, however, are manufacturing companies. The unexpected fact is that the groups that launch ransomware attacks, i.e. aimed at blocking systems by asking for a ransom, mainly target small firms and professional offices, notaries, architects, engineers. This shows that they are the weakest link in the chain, because there is no widespread training of human staff on these issues, even though employees at all levels are responsible for 95% of successful attacks. Unfortunately not enough is invested in cybersecurity, because Italy has undergone a forced digitization, also because of the pandemic, so the aggressiveness of the attackers and the weakness of the attacked are the main causes at the base of this situation».

How much is technological autonomy worth

ACN, the Italian Authority for cybersecurity, has recently highlighted the risks linked to Kaspersky, the Russian-made antivirus on which the Italian Government has immediately moved with a decree-law, which indicates the obligation for PAs to quickly replace it throughout the country.

The Kaspersky emergency has highlighted the strategic dimension of European and national software production for the productive world at all levels. This is Di Corinto’s opinion on the matter. 

«Kaspersky is an excellent product, developed by great research teams, but with a headquarters in a country that has carried out a military action reminiscent of the fifties of the last century. Unfortunately, it stands on the wrong side of history, although I hope that in a few months the situation will stabilize. The antivirus, on which ACN has issued a communication as to its risks, can be a trojan horse, both for a private PC and for companies. It is like any software on our computer, that updates itself automatically. Italy lost the Second World War and with it also its autonomy with regard to technological innovation, having been thrust by the victorious countries towards manufacturing only. This has not prevented Italy from creating a path of avionic, pharmaceutical and industrial innovation that has had no equal in the world… We only need to think of Adriano Olivetti with the Perottina, the first PC in history, or Enrico Mattei, who wanted to stand up to the Seven Sisters: two examples that refer to the current debate on Italian and European technological autonomy, in particular linked to the theme of dependence on information technology. The Kaspersky affair in particular, and any technology coming from abroad in general, reopens the debate on the importance of developing a national industry on these issues. Europe, with the Cybersecurity Made in Europe Label, is trying to qualify companies that base their development on European standards, with activities carried out on European territory, in compliance with the law such as, for example, the GDPR. Finally, with ECSO (European Cybersecurity Organisation), the European Union is trying to connect IT producers from 27 member countries, in order to push in the direction of a software development that reflects the needs, also of a geopolitical nature, of the European industrial system».