Cyber ​​Security / From the US “Standard” law that can also be useful in Italy

Cyber ​​Security / From the US “Standard” law that can also be useful in Italy

The US House of Representatives passed the Best Cybercrime Metrics Act (S.2629) on March 29, which if signed into law by President Joe Biden would change the way cybercrime is monitored, measured and categorized. The bill, introduced by Senator Brian Schatz (Democrat from Hawaii), was approved by the House of Representatives with 377 votes in favor and 48 against. In July 2021 it was approved, again in a bipartisan fashion, by the Senate.

The law will encourage law enforcement agencies to report cybercrime in their jurisdictions to the FBI, which will be required to systematically and comprehensively calculate metrics for cybercrime and related categories, such as those already done for other types of property crime. In order to develop these tools, the National Academy of Sciences (NAS) has been given a mandate to develop a custom classification and classification system.

The legislation was partly inspired by some attacks, particularly the SolarWinds attacks (a typical attack on Suppliers), which led to the settlement of hundreds of federal agencies and commercial companies, as well as the vital infrastructure of the Colonial pipeline, last May, causing great inconvenience and economic damage due to the almost week-long gas outage, as long as the Atlantic coast. For these circumstances, they were finally added Current cyber attacks In the aftermath of the conflict between Ukraine and the Russian Federation, Italy was also not spared (for example, the attacks on the Italian railway network and the Ministry of Environmental Transformation).

See also  PayTech: US dominates, but climbs Nexi rankings

The law is important, in many ways, regardless of its actual entry into force, because it can be a commodity Standard For the still-fragile national digital ecosystem that, last August, experienced its first strategic swelling with the birth of the National Agency for Cyber ​​Security (ACN), which is, in fact, the first institutional building block.

The first aspect of interest here relates to the metrics that law enforcement and security forces currently use to identify, categorize, and aggregate statistics on cybercrime. This can be considered, at first glance, a probably superficial aspect compared to many others concerning the phenomenon, but if we think more carefully, we can easily see that this is not the case.

The lack of a specific classification of cybercrime reflects several shortcomings. First, there is a disparity in data reporting between these and other types of crime data. Currently, cybercrime has become the most common criminal activity in the United States as it has also occurred in Italy. However, the vast majority of them are not properly reported or monitored, and in many cases, electronic incidents are not measured at all. By some estimates, the FBI does not collect all cybercrime incidents in the Internet Crime Complaint Center (IC3) database. At the same time, the Department of Justice (DoJ) and Census Bureau can also improve the knowledge needs of the entire system by including cybercrime questions in several annual surveys.

Better understanding of size and scope cafe attack So it is the main aspect that the new US legislation aims to achieve. In particular, a comprehensive analysis of the data will allow policy makers to adopt a more holistic approach in dealing with such crimes, increase public awareness, increase human resources and train them more solidly, but above all, a greater influx of financial funds. Resources (perhaps the aspect that the various lobbyists who championed the cause are interested in). Ultimately, the Better Internet Crime Metrics Act would significantly improve the ways the federal government, through its agencies, tracks, measures, analyzes and prosecutes cybercrime.

See also  Cluster bombs, why does the United States supply Kiev with them? NATO and the West Divided (But Russia is Already Using It)

The second, finally, and no less important aspect, far from this, concerns the use of a general classification system through the use of ontology and ad hoc classifications in the field of computer crime. Allowing a study to be conducted in a NAS means recognizing that to solve the problem it is necessary to turn to the scientific community that has the knowledge, resources and scientific technological tools to try to develop such a system. Moreover, NAS itself, in the recent past, published “Modernizing Crime Statistics” reports: 1) “Defining and Classifying Crime”, in 2016; 2) “New Systems to Measure Crime”, in 2018. The starting point for such a definition and classification update begins with “What is cybercrime?”. And as you can well imagine, this question doesn’t lead to easy loopholes and simplifications.

To tell the truth, this aspect of definition and classification is not only related to cybercrime, but includes the general area of ​​cybersecurity as the development of systematic thinking of global categories of the same, in terms of ontologies and classifications, has not yet led to an unambiguous definition among insiders. However, this is an important aspect because it is crucial that one asks oneself, and determines at a later stage, “What is a cyber incident?” what is data breach? “

As can easily be inferred from the two above-mentioned topics, which have so far been briefly identified, they only have the clear purpose of highlighting the strategic aspect of taxonomies and ontologies that resonate, later, also in the field of threat sharing (Share information) and in all major aspects of cybersecurity.

See also  The Wine Meridian International Tour has concluded in the US

An in-depth study of these aspects could be very useful in Italy and could be undertaken by the National Agency for Cyber ​​Security. While it is true that the ACN, at the present stage, is not only involved in the institutional path of an “emerging situation” but, more than that, in dealing, with a view to flexibility, with a wide range of attacks, by malevolent state actors, for general management For critical infrastructures, it is also not true that dealing with these issues, in agreement with universities and research bodies, can be considered merely incidental and largely secondary in nature.

– – – –

We need your input to continue providing you with independent, high-quality information.

support us Donate now by clicking here

© Reproduction reserved

Leave a Reply

Your email address will not be published. Required fields are marked *