By Luigi Rebuffi, General Secretary and founder of ECSO (European Cyber Security Organization)
For several years, ECSO has been developing the cybersecurity community in Europe.
It is a complex community, actually made up of different communities, both geographically (local, regional, national) and role (suppliers, users, researchers, students, IT security managers, SMEs, etc.). The maturity and needs of these communities depend on several factors. We are gradually learning to know them and find solutions to contribute to their development and therefore contribute to common competence and awareness in order to better protect the digital transformation in Europe.
All of these communities contribute to cyber security (or insecurity). In reality, cybersecurity cannot be delegated: it is everyone’s business.
Among the strategically most important communities are young people and students: they are the citizens and experts of tomorrow.
Due to the lack of experts in the cyber sector, since 2017 we have proposed and then created the Women4Cyber Foundation, to promote the inclusion in the market of the 50% of the population that is often excluded due to prejudice or other reasons.
At the same time we also proposed an initiative dedicated to young people and students: Youth4Cyber. This project aims first of all to provide information on cyber hygiene (how to use without undergoing or suffering digital transformation) from the age of 6 and then bring young people to a job related to the digital sector and cybersecurity.
We recently won a project of the European Commission (in the framework of Erasmus+) coordinated by the CNR, called SuperCyberKids, which will support the development of the Youth4Cyber approach. The name of this project fits perfectly with the objective of this campaign dedicated to “cyberheroes”.
While it is true that each of us needs to be responsible and do their part in order not to weaken the digital ecosystem, young people are in a strategic position because of the strong interaction with IT systems they have.
Young people can be “cyberheroes” when they explain to their parents that it is not appropriate to “click” on all the e-mails they receive, especially those announcing that they have won a million and that to withdraw it they must give their contact details banking. Or when they fix the computer of the uncle who wants to know how it works and how to fix it, like when he was studying the functioning of a car engine to get his license, without realizing that the computer (and videogames have taught us this) requires behaviour at the same time intuitive but responsible. Or when they explain to grandparents that to go on the internet you must first turn on the computer and then avoid the temptations of what then turns out to be a “buy 2 pay 3”.
But young people are also easy victims of the digital world. From child pornography to the use of parents’ credit cards to pay for video games or other services on the web.
And we are only at the beginning, since with the Metaverse, the virtual life will be more and more intense and the dangers bigger and bigger. The story “Ready Player One” (read the book, better than the movie) shows what the heroes (and villains) of the Metaverse could be. Although a bit extreme as a vision, this story can make us understand how an education of the society and especially of young people is necessary as soon as possible.
Parents also play an important role: they need to understand that their children are not geniuses because at three they are already fiddling around with their mobile phones… And for this, there is no need for parents to turn into superheroes (also because there are no more phone booths to change costumes like Superman did): they just need to give their children the right balance between life in the real world and life in the virtual world.
And then educators also come into play: from primary school to university. In our Youth4Cyber initiative, the objectives and phases are different according to age, with a constant progression of technological, social and personal challenges. But the question is: have educators been adequately instructed to transfer adequate education to digital change? This is the problem that in English is referred to as “teach the teacher” (it is noteworthy that the translation “teach the teacher” is not used much / never in Italian: this means that there is no methodology for teaching the Italian teachers how to teach cybersecurity?).
The world of public administration (schools, political decision-makers, etc.) reacts following the times of an economy based on the mechanical industry with the times (or slowness) of “once upon a time”. Telecommunications have accelerated a little bit the process, but we are no longer in the days of the 56kbit modem. The dynamics in our society are practically instantaneous. A strategic decision at a political level on the evolution of cyber education will see its implementation after some time and effective results only after several years. Can we really wait all this time?
If there are no resources and political support, only a few young people, students or researchers will be able to become cyberheroes. Only those with special abilities will step out of context to become super heroes, and maybe Marvel will be interested in making movies with them… But is this really what we want? Why don’t we aim to have a whole population of cyber heroes, who can each contribute according to their abilities to the protection of digital development?
At that point, being a cyberhero would perhaps be trivial, just as today it seems trivial to use technologies developed about one hundred years ago (electricity, internal combustion engine, airplanes, etc.) in an appropriate way. But isn’t this a (positive) sign of technological progress? Of course, you need to know how to control progress, and to do so you need to have developed specific skills. In some European countries, the level of awareness and maturity of the benefits and risks of progress related to digital transformation are much more advanced than in Italy.
Unfortunately, too often we still see, for different reasons, a great skepticism, fear or refusal in using digital systems by citizens. For these citizens, digital is okay when it comes to using the mobile phone to talk or chat with friends, or to use the computer for a streaming (possibly illegal) of a football match (without realizing the risks they can run also for these “simple” uses) or to send hundreds of messages simply to reply “thank you” (very polite, but they do not know that doing so unnecessarily increase the energy load of the servers). And then maybe they refuse to use a simple credit card for fear of not controlling the flow of data transmitted (and therefore of their money).
These citizens have recently discovered digital and often see above all the negative aspects, perhaps stirred up by such attractive but also so false fake news. But these citizens can be helped by our digital-born cyber heroes who are much younger but are more adaptable to new technologies (as long as they have been well educated or well educated).
This is another challenge of digital transformation: we need to transform these citizens from “cyberzeros” into “cyberheroes”.
It will not be an easy job and it will be a relatively long job (but it cannot be too long or society will be overwhelmed by the problems posed by digital and cyber attacks). For this we must work together, with national education at different levels, connecting the experiences and solutions of the more mature countries, convincing the political and economic class that only through a basic education of all students who will then be professionals, experts, users, decision-makers of the future, Europe can play an important role in the future digital society and defend our values and quality of life.
About the author
Luigi Rebuffi is the General Secretary and founder of ECSO (European Cyber Security Organization), as well as the founder and General Secretary of the Women4Cyber Foundation. After his degree in Nuclear Engineering from the Politecnico di Milano, he worked in Germany on the development of high-power microwave systems for the ITER thermonuclear fusion reactor. He continued his career at Thomson CSF / Thales in France, where he was head of the European Affairs section in various sectors: telecommunications, industry and the medical and scientific sectors, becoming in 2003 the Director of European Affairs for the civil activities of the Group. He was the driving force behind the creation of EOS (European Organization for Security), coordinating its foundation in 2007 and acting as its General Manager for ten years. Until 2016 and for six years, he was a consultant for the European Commission on the EU security research program and chairman of the French NRA’s Steering Committee for security research.
In 2016 he was one of the founders of ECSO and signed the cPPP on cybersecurity with the European Commission. In 2019 he created the Women4Cyber Foundation to promote the participation of women in the world of cybersecurity, also becoming its Secretary General and member of the administration. In 2020 he was nominated in the “IFSEC Global Influencers in security – Executives” list.
Also this year GÉANT joins the European Cyber Security Month, with the campaign 'A Community of Cyber Heroes'. Read articles from cyber security experts within our community and download resources from our awareness package on dev.connect.geant.org/csm2022