2024, what to expect

After a 2023 that saw our CYBER 4.0 - Cybersecurity Competence Center growing non-stop, with increasing activities and services, enhanced capacities, doubling of the staff, renewed commitment and additional funds from the Ministry of Enterprises and Made in Italy, stronger and stronger focus on #cyber #capacitybuilding for #SMEs and #PublicAdministration, kick off of new projects, strengthening of our outreach, new members in our constituency, further development of our network - at national and international level.. well, I would not ask anything but to continue on this route.

But 2024 seems to come with even bigger opportunities, and equivalently big challenges:

• The regulatory framework in the #cybersecurity domain will evolve through significant discontinuities and the EU digital society in 12 months from now will follow (new) rules. Not only NIS 2 Directive will kick in, but also the Cyber Resilience Act will get approved, the AI Act will be law in EU and provide unprecedented guidance for the rest of the world, and the Cyber Solidarity Act will complete the picture of a #compliance landscape as thorough and detailed as challenging and resource-intensive for those that will have to implement it.
• Especially for those impacted entities with little capacities and less specialized knowledge, a crucial role will be played by national support programs, such as the interventions funded under the #NextGenEU for a secure digital transition, including through the network of the European Digital Innovation Hubs (#EDIH). Cyber 4.0 will play its part to provide advisory and directions to the Italian SMEs, especially through the services offered as implementing partner of the National Recovery and Resilience Plan (#PNRR).
• The war and the relevant geopolitical tensions will keep being used as additional element from #cybercrime actors to undermine operations not only of essential operators, but also (and most prevalently) of small and medium businesses and local Public Administration, which in 2023 have already been the main targets of the majority of malicious campaigns. Statistics still say that more than 80% of the attacks against such targets are using #socialengineering as initial vector and entry point: putting the accent on the need to implement appropriate cybersecurity #training and #awareness plans could sound repetitive, but what has been done in this context is still too, too little. Even despite the incentives that are available for Italian organizations of all sizes through our Center.
• Particularly problematic will be the adoption of AI tools to facilitate, enable or support the commission of cybercrimes. We will see a double-digit increase of the use of deepfake technology in misinformation campaigns, especially concerning in the 40+ countries that will have political elections in 2024, as well as of AI-powered phishing attacks and automated social engineering. Distinguishing synthetic contents from human-generated ones will be the real challenge and it is easy to foresee that this will be a growing area of research. But the field where we will have the most worrying evolutions will be that of AI-supported malware and #ransomware development: the threshold of technical knowledge to start a criminal business will get lower and lower, while challenges faced by law enforcement agencies will grow immensely, with ever changing malwares, and more and more complex attribution.
• As to #cybercrime regulatory framework, the negotiations of the new UN Treaty will get to an end in January and we will see whether consensus will be reached on a very controversial and still highly unstable draft. Doubts remain on the feasibility and applicability of an instrument that should represent the point of convergence of too different conceptions about fundamental principles for data governance in the cyberspace and cross-border exchange in the criminal justice domain.
• But 2024 will also be the year when the Second Additional Protocol to the Budapest Convention will get increasing traction and hopefully get enacted after reaching the threshold number of countries that ratify it. This will be an important testbed for the applicability of the new international cooperation tools that it provides and for the human rights based approach to investigation and prosecution of cybercrime that it promotes.
• In this scenario, international #capacitybuilding initiatives will increase their reach, not focusing any longer only on developing countries, but becoming global instruments for the successful implementation of the new regulatory frameworks, and expanding the target of their actions to include also policy makers and cyber diplomats. Cyber 4.0 will intensify partnerships with the international initiatives in the field, such as with the programs developed by the Cybercrime Programme Office of the Council of Europe and with the EU CyberNet project.
• At national level, while furthering the shift towards the use of #cloud-based resources by both Public Administration and private entities, attention will be kept on cybersecurity of essential operators and other organizations within the national cybersecurity perimeter, especially for what pertains #supplychain security, where we can expect specific interventions from the national authorities, in line with the application of EU Directives (NIS 2 in particular).
• A stream of action will be focusing on fostering the capacity of the Italian #industry to produce national cyber security solutions and services, in pursue of that strategic technological autonomy that is so important in this area of work. Initiatives to promote and sustain #startups and #innovation in this sector will increase and a prominent role will be played by the European Cybersecurity Competence Centre (ECCC), which will get into full operational regime just in the beginning of 2024, and by the Agenzia per la Cybersicurezza Nazionale.
• Dedicated initiatives will also be developed in sectors that look more in need of strengthening their current #cybersecurity #posture. Our lens is on #aerospace, #automotive, #manufacturing and #healthcare, where we would expect specific cybersecurity requirements to be included in sectoral regulatory interventions, starting from the long awaited Italian law on Outer Space, to be issued in the first months of 2024.

What to say, definitely a year of exciting updates ahead.

A year in which, in face of an ever evolving landscape of threats, the global community - and Italy as one of the major players - will respond with increased capacities, strengthened competencies, more effective cooperation and a number of concrete operational initiatives.

A year that we look forward to diving into and contributing to, taking our shots.