Training, a weapon that makes all the difference
According to the World Economic Forum (Global Cybersecurity Outlook 2023), only 46% of cyber managers at companies believe that their organisation has the necessary skills and people to deal with an attack. It is therefore essential - for the purpose of European cyber resilience - to possess the skills needed to tackle threats in the physical sphere and in cyberspace. According to a report by ISC2 - International Information System Security Certification Consortium, in 2022 the skills gap in cybersecurity amounted to over 3.4 million job positions worldwide. According to the European Commission, in 2022 the shortfall in cybersecurity professionals was between 260,000 and 500,000.
Leonardo Cyber & Security Academy
For this reason, Leonardo’s initiatives to promote security-related skills and attitudes involve, at different levels, people of all ages and professions. First, through the Cyber & Security Academy, a high-level training hub aimed at companies, institutions, public administrations, defence agencies and members of the public. The technological heart of the Academy is the proprietary Cyber Range platform, which, designed according to the principles of gamification (i.e., the use of mechanisms similar to those used in gaming, such as assigned goals and the ability to win prizes), enables attack and defence exercises to be performed in a simulated environment using a digital twin of the real-life system that is under attack.
The Cyber Range platform is also used to support CCDCOE (the NATO Cooperative Cyber Defence Centre of Excellence) in training officers from countries of the Atlantic Alliance in cyber awareness and defence. In the first year after its inauguration, the Cyber & Security Academy gave Security Awareness courses to more than 17,000 participants and organised over 140 training events.
Platforms for virtualisation and immersive training based on digital twins and collaboration
Furthermore, there are numerous projects aimed at schools, ad hoc initiatives in collaboration with Italian and international universities, and projects to promote gender equality in the digital and cybersecurity sector.
Coding/Tutorial, Cyber & Security Academy
Cyber risk, a constantly growing threat
The extent of the cyber threat is such that each year new records are broken for cyberattacks, which increase in terms of quantity, type, and severity.
The Italian Postal Police has revealed that, in Italy alone, the growth in attacks on critical IT infrastructures, both public and private, between 2021 and 2022 was +138%, while in just under ten years (from 2012 to 2021) the number of cybercrimes reported to the legal authorities doubled, rising by +155.2% against a trend in overall crime of -25.4%.
Again in 2022, the Censis-Isfa Report revealed that the probability of members of the public directly experiencing cyber risks is increasing: during that year, 76.9% of Italians encountered at least one cyberthreat and 20.6% witnessed at least one cyberattack in the workplace.
According to the latest Annual Report on Information Policy for Security, issued by the Italian Prime Minister’s office, the sectors most targeted for attack are in Italy’s private sector (up 32% compared to 2021), particularly in IT services, transport, and banking.
And not only is the number of attacks growing. So too is their level of sophistication and their relative capacity for impact, as highlighted by ENISA (European Union Agency for Cybersecurity) in its Threat landscape 2022. Ransomware, with over ten terabytes of data stolen every month, is - according to ENISA - one of the main cyberthreats in the EU, followed by malware, social engineering, data theft, DDoS (Distributed Denial of Service) attacks, misinformation, and attacks on the supply chain: attack techniques that are often used in combination.
A common cyber shield
Europe’s institutions, which regulate the world's largest single market of over 500 million people, have long been raising their level of attention towards the issue of cybersecurity. Thierry Breton, the European Commissioner for the Internal Market, has on many occasions stressed the need for a “common cyber shield”, seen as crucial to guaranteeing Europe's digital sovereignty.
The security of data and digital infrastructures is a high priority in the agendas of the EU and its Member States. For this reason, the EU, as part of its Digital Europe Programme, has committed 1.6 billion euro for the 2021-2027 period towards the cyber protection of public administrations, businesses and individuals.
Cybersecurity is one of the priorities of NextGenerationEU and plays a key role in the Strategic Compass, an initiative guiding the action plan to strengthen European defence and security policy between now and 2030.
The European Commission has also proposed new rules to establish common cybersecurity measures within EU institutions and bodies. These are aimed at strengthening their responsiveness and resilience in the face of the rise in malicious cyber activities at the global level. Two new European directives are of particular importance: NIS2, which classifies the potential victims of attacks into key sectors, and CER, which aims to improve the resilience of critical infrastructure against physical threats, recognising their need for an all-round level of protection that goes beyond the cyber perimeter. There is also the Cyber Resilience Act, with which the Commission intends to ensure greater prominence and uniformity to the cyber protection of products with a digital content within the EU.
Leonardo and Europe
In a context in which the imperative is to work together, Leonardo is partnering in an array of initiatives to define the priorities for cybersecurity technology and to outline methods of governance in implementing the future network of cyber competence centres at the European level.
The company is a member of the European Cyber Security Organisation (ECSO), a strategic alliance of key interest for the security of EU countries and citizens, and public and private companies operating within its borders.
For the European Space Agency (ESA), Leonardo - under the technical responsibility of the ESA Security Office - is designing and developing the Agency's new Cyber-Security Operations Centre (C-SOC). This is a key piece of infrastructure for Europe that will be operating from 2024 to protect Europe's space assets and related ground segment (control and operations centres) from cyber threats, also protecting its Earth-to-Earth and Earth-to-Space connections and those between orbiting infrastructure.
On behalf of eu-LISA, the European agency that provides IT infrastructure for the management of borders, migration and internal security, Leonardo is executing the security governance and control strategy, the cybersecurity organisation, and the process of continuous asset monitoring. Since 2019, Leonardo has also been supporting eu-LISA in implementing security measures for a new secure-by-design cyber platform designed to protect the Schengen area’s external borders and increase European citizens’ security.
Also currently under way are respectively a collaboration with the European Parliament and a partnership in EuroQCI (Quantum Communication Infrastructure) to develop the future European quantum communication network. EuroQCI has the aim of protecting Europe's cryptographic systems and critical infrastructure from cyberthreats, covering government institutions, air traffic control centres, healthcare facilities, banks, and electricity grids.
Lastly, Leonardo is committed to promoting dialogue among stakeholders in the cybersecurity field, co-organising ad hoc initiatives such as Cybertech Europe, a forum centred on discussing the sector’s current and principal topics of interest.