Your business, our energy

Products and solutions for business and customers Italy and abroad


Working and growing together

The platform dedicated to Eni's current and future suppliers


Step change in Big Data security

In the complex world of cyberspace, it is becoming increasingly difficult to protect the enormous database of which we are all part.

by Evita Comes
25 September 2019
4 min read
by Evita Comes
25 September 2019
4 min read

Ethics and regulations for combating cyberattacks

At the last World Economic Forum in Davos, Angela Merkel argued that Big Data would define the future of democracy, political participation and economic prosperity. All the data we produce, taken together, are of inestimable value, hence the battle between governments and web giants over who owns them. Data are so valuable because they are our identity, because they provide sensitive information, for example on our health and finances. At the cutting edge of cybercrime are things like digital identity theft and manipulating posts on social media. Cyberattacks like these, which are two of the most frequent, eventually led the European Union to make some significant previsions, most importantly the General Data Protection Regulation (GDPR), in force in all 28 member states since 25 May 2018. Its main aim is to let individuals take back control of their personal data. The GDPR obliges companies to clearly inform their users on how their information will be used and always ask their consent for it. At the same time, it obliges users to report potential or actual violations of data within 72 hours. Finally, the GDPR authorises companies to transfer data out of the EU only if the transfer can be monitored and the data protected. The EU has not been alone in feeling the need to set out precise rules on data personal protection. Other countries, in Asia and the Americas, are doing a range of things to change regulations. That said, the protection currently offered by law does not seem enough. Considering the possible impact of new technology on people's lives, we need to consider further rules and principles. Ethics play a particularly important role. The link between technology and ethics is becoming increasingly interesting. Commercial businesses need to change the message they put across. They must concentrate on the customer rather than the product, communicating not only their corporate identity but their values.

The European Commission has written a few guide lines on web ethics, with the means for putting them in action, like check lists, technical procedures and ethics by design. They also restate aspects of the GDPR, like responsibility, transparency, security, data governance and impact assessment. Essentially they are a wider application of the GDPR, adding an ethical perspective.

Other strategies

Internationally, the main recent solutions to cyberattacks have come from the last G7, where there was a step change in the argument compared to the previous years. The overall goal of the deterrence strategies is not only strengthening bans and defence in the G7 countries and their allies, but also creating an international atmosphere that discourages cybercrime. The official G7 document therefore sets out two lines of action, the first of which we might call traditional, namely protection from intrusions. The second is more modern in form and problematic in substance, and addresses the need to fight manipulation of information within countries, mainly through social networks. But is it possible to develop and efficient framework of deterrence in cyberspace? Yes. But how? In brief, deterrence should concentrate on making attackers' work more costly. There are multiple ways of doing this, from firewalls to anti-virus systems.

The problem would appear to be sorted, but things get more complicated when we look at where attacks take place, namely cyberspace. Here it is highly difficult to identify the source of attacks. It can be complicated and time-consuming and is never totally infallible.

Thanks to their intangibility and difficulty of attribution, cyberattacks are a particularly attractive weapon in low-intensity and cold wars. So, it is clear that further regulation and wide-ranging, sensible policies on cyberattacks is key if we want to legitimately identify where attacks come from, develop technical capacities to do so with confidence and have responses to them, currently limited by the G7 to intangible things like economic and commercial sanctions. The road to complete security in Big Data is still being paved. Many stones have been laid but the goal of total protection is still far away. What is still a variable is the constant battle between the opposing forces vying for power in this field.

Cybersecurity Act

A new EU regulation on Big Data protection has come into effect recently. It is called the Cybersecurity Act and lays out the specific, key role of the European Union Agency for Cybersecurity (ENISA). Set up in 2004, ENISA has concrete responsibilities when it comes to cyberattacks, above all certifying services, process and products for protection. The new regulation focuses on certifications that have until now enjoyed only national importance. It unifies processes and dictates the guide lines on homogeneous certifications recognised by the EU.