Cyber protection is realised starting from products and systems that are secure by design

The real world is increasingly permeated by the digital one. The growing process of integration between these two dimensions is creating a “continuum” that is making our living and working spaces increasingly interconnected. The data that flows within this vast system is a strategic asset ensuring the proper functioning of infrastructures, services, and industrial processes. Its protection calls for an integrated approach between physical and logical security, the creation of secure digital ecosystems by design, and joint action at the European level. All this while keeping a careful eye on training, in order to boost skills, disseminate a culture of security, and build state-of-the-art capabilities.

We live in a world in which the digital dimension is increasingly integrated with the real one. Cyberspace is not simply the Internet and the data circulating on the web, but also includes physical structures such as cables, satellites, and hardware. The so-called “fifth dimension” is an ecosystem within which people, software and services interact by network-connected technologies, devices, and digital infrastructures.

“Convergence” is now a systemic reality in which, thanks to the constant digitisation of physical systems, everything is connected as if it were a single, large organism. This involves not only traditional critical infrastructures - such as banks, hospitals, distribution networks, and the IT systems of governments and institutions - but also our everyday living and working spaces - smart homes, smart buildings, and smart cities - which are becoming ever larger and more ramified “digital containers” of sensitive data and information.

And while on the one hand digital evolution is making computing, services, and industrial processes more efficient, on the other it is also increasing the areas - physical and logical - that are potentially exposed to cyberattacks.

Cyberspace takes on a central importance in security matters, making cyber threats a systemic challenge as they are increasingly pervasive, organised, and multi-domain.

This qualitative leap has involved not only technological progress, but cybercrime has also in turn become “industrialised” by the involvement of well-structured, profit-oriented organisations. The result is the creation of a fully-fledged “cybercrime ecosystem” built upon a network of hackers, financiers, recruiters, and ready-made solution providers. The concept of “crime-as-a-service”, according to Europol, has a consolidated online presence and a high level of specialisation, offering services from monitoring to attack and concealment, often using the dark web to advertise and sell these operations.

Anatomy of a cyberattack

What defences exist against cybercrime?

Given the multifaceted and complex nature of a cyberthreat, the priorities for acting are changing. While in the past technological innovation and cyberthreats only impacted individual applications or tools, today this is no longer so. Security must be built with a holistic view of the systems’ entire architecture.

For this reason, it is no longer possible to think of cybersecurity in a fragmented way. What is required, instead, is an all-round preventative approach, since it is impossible to aim any countermeasures at a single attack vector: in more than 95% of incidents, in fact, it is impossible to ascertain how the malicious actors first gained access to the organisation being targeted.

To be truly effective, moreover, cyber defence can no longer be limited as in the past to simply reacting, i.e., responding to a hacker attack with the weapons available at that moment. Today, it is first necessary to predict and prevent, by monitoring systems, intercepting data, and correlating and interpreting this data.

Secure digitisation means protecting data along the whole chain - physical, digital and cloud - to extract the maximum value and potential from it, and ensure the operational continuity of any system, which must be secure by design from its inception.

HPC davinci-1 – Leonardo (Genoa)

Leonardo’s know-how and integrated technological capabilities

The Global SOC is the engine around which Leonardo’s security activities revolve, operating with the help of an HPC - High Performance Computer and advanced big data analysis systems using an architecture that is distributed between a main facility in Italy (Chieti) and other operational centres in Italy, Europe and the Middle East. The Global SOC ensures resilient cybersecurity coverage, monitoring and managing the vulnerabilities of the information systems of organisations and critical IT/OT infrastructures 24/7, handling each year approximately 21,600 incidents worldwide.

Cybersecurity is ensured at every stage: threat analysis, constant monitoring of the infrastructure being protected, detection of and response to attacks, and management of the crisis until it is resolved and the system is restored to its original state.

In the fight against cybercrime, a structured capability for analysis and intelligence plays a key role in providing immediately usable information resources to prevent threats, detect attacks before they spread to the IT/OT infrastructure, and implement rapid action to defend against and contain attacks.

Each year the threat intelligence capability provided by the SOC enables the analysis of more than 5 million Indicators of Compromise (digital traces of cyber incidents), as well as huge amounts of data from social media (SOCMINT) and open sources (OSINT) such as websites, news media, databases, public reports, photographic images, and satellite data. This is supplemented by data from the monitoring of endpoints, such as servers and workstations, that represent entry points for attacks.

The result is a profiling of threats, potential victims, and the most feared malicious actors that is then summarised in over 8,500 annual reports and shared within the community of intelligence analysts.

The Leonardo Global SOC, operational 24 hours a day and 365 days a year

These intelligence and big data analysis capacities, integrated with AI, satellite technologies, secure communication systems and sensors widely distributed on the ground and in Space, enable the all-round management of security in its physical and logical components, a need that is felt even more urgently the more that threats become pervasive, organised, and multi-domain. This is the approach underlying X-2030, a secure-by-design system for the protection of territory and communities, with the ability to provide security personnel with real-time situational awareness - essential for the coordination of on-the-ground operations.


X-2030: technology for new security scenarios 

Training, a weapon that makes all the difference

According to the World Economic Forum (Global Cybersecurity Outlook 2023), only 46% of cyber managers at companies believe that their organisation has the necessary skills and people to deal with an attack. It is therefore essential - for the purpose of European cyber resilience - to possess the skills needed to tackle threats in the physical sphere and in cyberspace. According to a report by ISC2 - International Information System Security Certification Consortium, in 2022 the skills gap in cybersecurity amounted to over 3.4 million job positions worldwide.  According to the European Commission, in 2022 the shortfall in cybersecurity professionals was between 260,000 and 500,000.

Leonardo Cyber & Security Academy

For this reason, Leonardo’s initiatives to promote security-related skills and attitudes involve, at different levels, people of all ages and professions.  First, through the Cyber & Security Academy, a high-level training hub aimed at companies, institutions, public administrations, defence agencies and members of the public. The technological heart of the Academy is the proprietary Cyber Range platform, which, designed according to the principles of gamification (i.e., the use of mechanisms similar to those used in gaming, such as assigned goals and the ability to win prizes), enables attack and defence exercises to be performed in a simulated environment using a digital twin of the real-life system that is under attack.

The Cyber Range platform is also used to support CCDCOE (the NATO Cooperative Cyber Defence Centre of Excellence) in training officers from countries of the Atlantic Alliance in cyber awareness and defence. In the first year after its inauguration, the Cyber & Security Academy gave Security Awareness courses to more than 17,000 participants and organised over 140 training events.

Platforms for virtualisation and immersive training based on digital twins and collaboration

Furthermore, there are numerous projects aimed at schools, ad hoc initiatives in collaboration with Italian and international universities, and projects to promote gender equality in the digital and cybersecurity sector.

Coding/Tutorial, Cyber & Security Academy

Cyber risk, a constantly growing threat

The extent of the cyber threat is such that each year new records are broken for cyberattacks, which increase in terms of quantity, type, and severity.

The Italian Postal Police has revealed that, in Italy alone, the growth in attacks on critical IT infrastructures, both public and private, between 2021 and 2022 was +138%, while in just under ten years (from 2012 to 2021) the number of cybercrimes reported to the legal authorities doubled, rising by +155.2% against a trend in overall crime of -25.4%.

Again in 2022, the Censis-Isfa Report revealed that the probability of members of the public directly experiencing cyber risks is increasing: during that year, 76.9% of Italians encountered at least one cyberthreat and 20.6% witnessed at least one cyberattack in the workplace.

According to the latest Annual Report on Information Policy for Security, issued by the Italian Prime Minister’s office, the sectors most targeted for attack are in Italy’s private sector (up 32% compared to 2021), particularly in IT services, transport, and banking.

And not only is the number of attacks growing. So too is their level of sophistication and their relative capacity for impact, as highlighted by ENISA (European Union Agency for Cybersecurity) in its Threat landscape 2022. Ransomware, with over ten terabytes of data stolen every month, is - according to ENISA - one of the main cyberthreats in the EU, followed by malware, social engineering, data theft, DDoS (Distributed Denial of Service) attacks, misinformation, and attacks on the supply chain: attack techniques that are often used in combination.

A common cyber shield

Europe’s institutions, which regulate the world's largest single market of over 500 million people, have long been raising their level of attention towards the issue of cybersecurity. Thierry Breton, the European Commissioner for the Internal Market, has on many occasions stressed the need for a “common cyber shield”, seen as crucial to guaranteeing Europe's digital sovereignty.

The security of data and digital infrastructures is a high priority in the agendas of the EU and its Member States. For this reason, the EU, as part of its Digital Europe Programme, has committed 1.6 billion euro for the 2021-2027 period towards the cyber protection of public administrations, businesses and individuals.

Cybersecurity is one of the priorities of NextGenerationEU and plays a key role in the Strategic Compass, an initiative guiding the action plan to strengthen European defence and security policy between now and 2030.

The European Commission has also proposed new rules to establish common cybersecurity measures within EU institutions and bodies. These are aimed at strengthening their responsiveness and resilience in the face of the rise in malicious cyber activities at the global level. Two new European directives are of particular importance: NIS2, which classifies the potential victims of attacks into key sectors, and CER, which aims to improve the resilience of critical infrastructure against physical threats, recognising their need for an all-round level of protection that goes beyond the cyber perimeter. There is also the Cyber Resilience Act, with which the Commission intends to ensure greater prominence and uniformity to the cyber protection of products with a digital content within the EU.


Leonardo and Europe

In a context in which the imperative is to work together, Leonardo is partnering in an array of initiatives to define the priorities for cybersecurity technology and to outline methods of governance in implementing the future network of cyber competence centres at the European level.

The company is a member of the European Cyber Security Organisation (ECSO), a strategic alliance of key interest for the security of EU countries and citizens, and public and private companies operating within its borders.

For the European Space Agency (ESA), Leonardo - under the technical responsibility of the ESA Security Office - is designing and developing the Agency's new Cyber-Security Operations Centre (C-SOC). This is a key piece of infrastructure for Europe that will be operating from 2024 to protect Europe's space assets and related ground segment (control and operations centres) from cyber threats, also protecting its Earth-to-Earth and Earth-to-Space connections and those between orbiting infrastructure.

On behalf of eu-LISA, the European agency that provides IT infrastructure for the management of borders, migration and internal security, Leonardo is executing the security governance and control strategy, the cybersecurity organisation, and the process of continuous asset monitoring. Since 2019, Leonardo has also been supporting eu-LISA in implementing security measures for a new secure-by-design cyber platform designed to protect the Schengen area’s external borders and increase European citizens’ security.

Also currently under way are respectively a collaboration with the European Parliament and a partnership in EuroQCI (Quantum Communication Infrastructure) to develop the future European quantum communication network. EuroQCI has the aim of protecting Europe's cryptographic systems and critical infrastructure from cyberthreats, covering government institutions, air traffic control centres, healthcare facilities, banks, and electricity grids.

Lastly, Leonardo is committed to promoting dialogue among stakeholders in the cybersecurity field, co-organising ad hoc initiatives such as Cybertech Europe, a forum centred on discussing the sector’s current and principal topics of interest.