Cyberspace touches nearly every part of our daily lives. It’s the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. Another significant aspect of the computer/network worldwide diffusion is the rise of an interdependent world made of layers and layers of electronic services relying on one another in a delicate and complex environment that needs many efforts in order to be adequately protected from multifaceted threats, vulnerabilities, natural disaster and increased risk (eg. human factor, social engineering, sabotage, terrorism, cyber criminals).
In order to better influence the safeguarding and security of all the core computer/network driven services, researchers and professionals around the globe started spreading an important messages for the electronic masses of what they called the “culture of computer and network security”. This topic, related to the studies of risks, threat and vulnerabilities affecting the state of play of computer/network based systems, due to the evolution of the terminology and the raising of the cybernetic-society, soon changed its name in: “cybersecurity”.
Various Governments are adopting a National Cyber Security Strategy to ensure secure operation of communications networks for the State, business and citizens. The EU has also started to put together a comprehensive approach to cyber security. As US Nation’s cybersecurity strategy clearly pointed out, cybersecurity strategies should address basically two main aspects: (1) improve resilience to cyber incidents and (2) reduce the cyber threat.
Improving our cyber resilience includes: hardening our digital infrastructure to be more resistant to penetration and disruption; improving our ability to defend against sophisticated and agile cyber threats; and recovering quickly from cyber incidents—whether caused by malicious activity, accident, or natural disaster. Where possible, we must also reduce cyber threats. We seek to reduce threats by working with allies on international norms of acceptable behavior in cyberspace, strengthening law enforcement capabilities against cybercrime, and deterring potential adversaries from taking advantage of our remaining vulnerabilities.
Recently in the US a big debate arouse for the Cyber Intelligence Sharing and Protection Act (Cispa), which would encourage companies and the federal government to share information collected on the internet to prevent electronic attacks from cybercriminals, foreign governments and terrorists.
One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. Tech and Law Center intends to explore through research and active debate the following topics related to cybersecurity:
- policy, strategy, and operational environment of cyberspace;
- hardware-software design, security and failures;
- information infrastructure protection (activities related to the “hardening” of the infrastructure against threats, vulnerabilities, physical/logical attacks - eg. penetration testing, social engineering, etc.);
- information infrastructure resilience (known as the ability to “bounce back” after an event that interrupts the standard lifecycle of a service - eg. denial of service);
- public-private cybersecurity partnerships;
- rules for information sharing in a trusted and secure environment;
- operator security plans (duties, commitments, responsibilities, laws and best practices governing the cyberspace);
- cybersecurity feedbacks (sources of information related to the cyberspace - eg. CERTs, ethical hackers, black hats, etc.).