Traduttore automatico - Read this site in another language

lunedì 18 febbraio 2019

Capgemini launches ‘Perform AI'

Capgemini WorldwideA new portfolio of solutions to help organizations fuel innovation and deliver real business outcomes using Artificial Intelligence (by Sam Connatty)

Paris – January 28, 2019 – Capgemini today launched Perform AI, a new portfolio of solutions and services to assist organizations in achieving and sustaining tangible business outcomes by building and operating enterprise-grade artificial intelligence (AI) at scale. The portfolio provides customers with a complete set of solutions to infuse AI in their organizations, delivering operational excellence and business innovation for immersive, highly personalized experiences. Leveraging the full capabilities of the entire Group – from strategy and design through to global implementation and management – Perform AI brings together people, process, data and technology to realize superior, sustainable and trusted business performance.  

recent publication from the Capgemini Research Institute highlighted that a mix of anxiety and ill-informed opinion is obscuring the risks and opportunities of implementing AI. Organizations therefore need a pragmatic approach to move forward. In terms of anticipated demand, IDC forecasts cognitive and AI spend will grow to $52.2 billion in 2021 and achieve a compound annual growth rate (CAGR) of 46.2% over the 2016-2021 forecast period.[1]
Perform AI has been designed to address the real opportunities and the critical challenges which companies confront today, whatever their maturity on data management and AI:
  • Applying AI at scale: Moving beyond proofs-of-concept and isolated deployments to industrialize AI across the enterprise, scaling the business benefits throughout the organization.
  • Empowering people: Proactively managing the impact of AI initiatives on augmented workforces and seeking the best interactions between people and AI.
  • Transforming operations and beyond: Applying AI-based technologies to assist, augment or automate operations, right through to reimagining business processes.
  • Embedding ethics: Applying AI with an ethical and responsible approach; one that is transparent to users and customers, embeds privacy, ensures fairness, and builds trust.
  • Spurring innovation for competitive advantage: Leveraging AI to introduce entirely new business models, ways of working, products, services, and experiences, offering legacy enterprises the opportunity to leapfrog their current market positions to ones previously reserved for digitally native enterprises only.
“Most companies have already started to experiment with AI to help them transform certain functions within their business, but those that adopt it effectively and throughout the enterprise will gain true competitive advantage,” comments Lanny Cohen, Group Chief Innovation Officer at Capgemini. “To realize true real-world impact and ensure sustained success, companies need to move beyond isolated initiatives to infusing AI into everything they do – from simply changing technologies to shifting the entire game. With Perform AI, we are laser-focused on applying AI to achieve mission-critical, high business impact, resulting in tangible performance outcomes for today and in the future.”

Capgemini’s Perform AI portfolio comprises four core components, affording vital flexibility needed for bespoke roadmaps through to rollout of AI at scale across a business:
  1. AI ACTIVATE: Creates the strategic direction and the organization and technology platforms for where and how AI should be applied and adopted in the enterprise for maximum impact.
  2. AI TRANSFORM: Delivers AI-infused performance improvements to optimize existing business processes and to create the springboard for long term growth by introducing the right AI technologies and solutions among the vast and rapidly expanding volume of tools and solutions.
  3. AI REIMAGINE: Draws upon the strategy and innovation capabilities within Capgemini Invent and Capgemini’s network of Applied Innovation Exchangesto help organizations envision new products and services, customer experiences, operating and business models, and revenue streams.
  4. AI ENGINEERING: Provides foundation services to ensure the enterprise’s data estate and governance deliver trusted AI solutions in production and at scale. AI Engineering addresses the operating core of AI – data underpins every stage of the transformation.
To concentrate asset and solution creation as well as expert capability development, Capgemini has created a network of cross-practice AI Centers of Excellence (CoEs). These Perform AI CoEs are now operational in France, Germany and North America, all supported by a hub CoE in India. Geographical coverage of the Perform AI CoEs will be extended throughout 2019.
Markets of primary focus for Perform AI are the Manufacturing and Financial Services sectors, as well as the Customer Experience domain. Capgemini has worked closely with its extensive ecosystem of technology partners, start-ups and academia to build AI solutions that help address these specific industry needs, including a Manufacturing intelligence platform leveraging computer vision for quality defects prevention and machine learning for failure detection; cognitive analytics to address multi-dimensional underwriting risk in the Financial Services sector; or natural language processing, conversational interfaces and computer-vision based emotions recognition to predict and understand consumers needs with unmatched certainty.
With data privacy and security emerging as some of the most important priorities for businesses, it is vital that companies balance their AI innovation with efforts to secure and maintain the trust of their customers, partners, and employees. Capgemini’s Perform AI portfolio focuses on the ability to secure data and AI platforms.
Building on its existing recognition as one of the world’s most ethical companies, Capgemini has integrated ethics into the foundations of its Perform AI portfolio.
We have launched Perform AI to enable organizations to augment operations and potentially reinvent their business at a time when they are expected to regularly meet and exceed customers’ expectations that are higher and more diverse than ever before,” concludes Anne-Laure Thieullent, AI and Analytics Group Offer Leader, Capgemini. “Through the application of AI technologies, our Perform AI solutions will increase the speed of execution and certainty of success for our clients’ AI initiatives, which are sometimes still fragmented and not exploited to their full potential. With Perform AI and the follow up releases of this new portfolio, we are dedicated to becoming the premier AI-infused consulting and technology services company and are excited to take our clients to the next stage of their journey to the Intelligent Enterprise.”
https://www.capgemini.com/news/perform-ai/

domenica 17 febbraio 2019

Airbus under attack! Industrial espionage by way of Supply Chain Attack?


First of all, let’s start with the facts,
January the 30th 2019: Airbus issues a press release announcing that the commercial sector of the company has come under cyber attack. It was a non authorized access to company data. Airbus reassures there won’t be any economic impact on the company operations.
Airbus, let us remember, is an European society with its headquarters in the Netherlands, active in the field of aircraft production and Space and Defense research. One of its activities is the cyber defense both for internal use and for its customers.
The press release continues saying that the attack is under analysis and Airbus's experts have already undertaken a number of necessary actions in order to strengthen the security measures,mitigate the impact of the attack and of course, to identify the source of the attack.
The press release ends with saying that the authorities, included Data Protection sector, have already been informed of the attack and reassuring that Airbus employees have been solicited to take the necessary precautions in order to continue their activities.
After a few days the press is already on the case.
On the 4th of February the newspaper “Challenges” reports that according to statements coming from public sources and other sources close to the company, the “modus operandi” used by the attackers is similar to the one used by a group of Chinese cyber group. It looks like the scope of the attack was to hijack technical documents relating aircraft certifications. The attack scheme is in fact similar to the APT 10 , or even more sophisticated.
It looks like the attack started in December was aimed to affect an Airbus supplier, and then move to the real objective. This theory is based on clues and it will be difficult to prove it.
Let’s notice that the company trend in the stock exchange wasn’t apparently affected by this attack.
Anyways, what happened shows how dangerous can a supply chain attack be, especially if aimed to strike a third party, usually a supplier of the main objective, with little or no cyber defense capabilities.
ALESSANDRO RUGOLO
(english translation by Francesco Rugolo)
Pictures :  https://www.airbus.com/
To know more about the topic:
- https://www.airbus.com/newsroom/press-releases/en/2019/01/airbus-statement-on-cyber-incident.html;
- https://www.challenges.fr/entreprise/transports/cyberattaque-contre-airbus-la-piste-chinoise-avancee_640396;
- https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680;
- https://www.fireeye.com/current-threats/apt-groups.html#apt10;
- https://www.cshub.com/attacks/articles/incident-of-the-week-airbus-reports-employee-data-hack;
- https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html

Turkcell Joins Hands with Huawei to Build a 5G-oriented All-Cloud Core Network

HuaweiHuawei Press release

Feb 15, 2019
[Turkey, Istanbul, February 15, 2019] Recently, Turkey's largest carrier Turkcell announced that it will join hands with Huawei to build a 5G-oriented all-cloud core network. This Project will launch the largest Cloud EPC Network globally, and this will be the first Core Network with key technologies for 5G evolution globally: commercial cloud-based software architecture, control and user plane separation (CUPS), and A/B test. This means global top carriers have made substantial progress in software architecture transformation, network architecture transformation, and the O&M transformation for 5G evolution.
Huawei will provide a mature, reliable cloud solution to Turkcell, which enables Turkcell to achieve the network transformation strategy and a smooth evolution to 5G.
  • Cloud Native software structure
Cloud Native multi-point disaster recovery technology helps build a more elastic network, and ensure a highly reliable running environment for live network services, a network that can withstand multiple points of failure and still run smoothly.
  • CUPS network architecture
Huawei solution uses CUPS architecture to shorten transmission distances, simplify O&M, and deliver the best service experience to subscribers.
  • A/B test
Huawei solution provides an industry-leading A/B test solution to automate O&M and help carriers perform hitless upgrades with minimal resources required.
Huawei has signed more than 490 contracts for all-cloud core networks worldwide, helping carriers build an elastic, robust, agile, and all-cloud core network and smoothly evolve to the 5G network.

Romantic Phishing is on the Rise – How Not to Lose Your Money While Losing Your Heart

Press release


Kaspersky Lab experts have detected a sharp increase in phishing activities from criminals offering users various romantic goods on the eve of St. Valentine’s Day.

The total number of  user attempts to visit fraudulent websites with a romantic theme that were detected and blocked during the first half of February more than doubled compared to the same time in 2018, a reminder that fraudsters are always looking for an excuse to steal users’ data and money.
Phishing is one of the most popular and easiest social engineering techniques to exploit online users. It is a type of fraud where criminals use deception to acquire users’ credentials – from passwords to credit card numbers, bank account details and other financially important information. Phishing emails and websites usually come disguised as legitimate ones that encourage a recipient, for one reason or another, to urgently enter their personal data. They are often fueled by the news agenda, be it major sport event or thematic holidays. St. Valentine’s Day is no exception.
The overall number of user attempts to visit fraudulent websites that were detected and blocked by Kaspersky Lab solutions in the first half of February 2019 – the days leading up to February 14th – dramatically peaked from over two million in 2018 to more than 4.3 million this year. According to statistics, the most affected countries were Brazil (a more than 6.4% share of detections), Portugal (more than 5.8%), and Venezuela (5.5%). They were followed by Greece (5.3%) and Spain (5.1%).
Deeper analysis into the sent emails has shown that fraudsters are particularly exploiting pre-order gift items and performance enhancing drugs as a trap to lure users into sharing their credentials in order to please their loved ones. This again proves the findings of Kaspersky Lab’s own survey, indicating that when it comes to love, users tend to lose their vigilance.
“Our research has shown that there is no difference between phishing activities exploiting major sporting events, fake payment bills, or a more romantic pretext. They all just need to drive users’ emotions, be it excitement, stress, or love. Thus, almost anything can become an attack tool in the cyber fraudsters’ hands. The detected spike reminds us that we should always be cautious when surfing the web even we are just buying flowers for our loved one,” - warns Andrey Kostin, Senior Web-Content Analyst at Kaspersky Lab.
Press Release

venerdì 15 febbraio 2019

D-Wave Releases Hybrid Workflow Platform to Build and Run Quantum Hybrid Applications in Leap Quantum Application Environment

D-Wave press release

Developer preview of D-Wave Hybrid available now for trial and feedback. Provides simple framework for combining classical computing approaches with quantum computing power.
BURNABY, BC – (December 10, 2018) — D-Wave Systems Inc., the leader in quantum computing systems, software, and services, today announced a developer preview of D-Wave Hybrid™, a simple, open-source hybrid workflow platform for building and running quantum-classical hybrid applications. D- Wave Hybrid will become part of the Ocean software development kit within D-Wave’s Leap™ Quantum Application Environment (QAE) and is available today at https://github.com/dwavesystems/dwave-hybrid for trial and developer input. The D-Wave Hybrid framework provides simplified workflow control to developers, allowing them to use both classical and quantum systems in parallel, gain insight into systems performance, optimize code across systems, and develop quantum hybrid applications more easily.
The developer preview of D-Wave Hybrid includes:
  • Hybrid workflow control: enables rapid development of hybrid applications that can run across classical and D-Wave 2000Q™ quantum systems.
  • Modular approach: incorporates logic to simplify distribution of classical and quantum tasks, allowing developers to interrupt and synchronize across the systems and draw maximum computing power out of each system.
  • Problem deconstruction: capable of breaking down large problems that are bigger than the quantum processor unit (QPU) into piece parts that are then recombined for the overall solution.
  • Familiar coding environment: built in Python, so developers who code with parallel resources will find the framework familiar and don’t need to know quantum mechanics to get started.
  • Leap QAE access, education, and community support: as part of the Leap QAE, developers who open source their code also benefit from free, real-time access to the D-Wave 2000QTM system, learning resources, and community and technical forums for easy developer collaboration.
D-Wave Hybrid is designed to accelerate developers’ ability to build and run hybrid algorithms, continuing D-Wave’s work to help customers with their real-world quantum application development. To-date, D-Wave customers have developed 100 early applications for problems spanning airline scheduling, election modeling, quantum chemistry simulation, automotive design, preventative healthcare, logistics, and more. Many have also developed software tools that simplify application development. These existing applications, tools, and community give developers a wealth of examples to learn from and build upon.
“The future is hybrid, so we’re opening up this developer preview to gain feedback and input from the community to ensure it is easy for developers to get started harnessing quantum and classical systems running in parallel to solve real problems,” said Murray Thom, D-Wave VP of software and cloud services. “With Leap, we are making it possible for potentially hundreds of thousands of developers to write and run quantum applications, without having to learn the complex physics that underpins quantum computers. The D-Wave Hybrid developer preview reflects our ongoing investment in helping developers learn quantum systems and build the first quantum killer application.”
About Leap Quantum Application Environment
Leap is the first cloud-based QAE providing real-time access to a live quantum computer. In addition to access, Leap provides open-source development tools, interactive demos and coding examples, educational resources, and knowledge base articles. Designed for developers, researchers, and forward- thinking enterprises, Leap enables collaboration through its online community, helping the community write and run quantum applications and speed the development of real-world applications.
Leap offers both free and paid plans designed for individual developers, commercial enterprises, government, research, and education sectors. To find out more and get started using Leap, visit the D- Wave website at www.dwavesys.com.
D-Wave Hybrid developer preview can be accessed via GitHub at https://github.com/dwavesystems/dwave-hybrid.
About D-Wave Systems Inc.
D-Wave is the leader in the development and delivery of quantum computing systems, software, and services and is the world's only commercial supplier of quantum computers. Our mission is to unlock the power of quantum computing for the world. We believe that quantum computing will enable solutions to the most challenging national defense, scientific, technical, and commercial problems. D-Wave's systems are being used by some of the world's most advanced organizations, including Lockheed Martin, Volkswagen, DENSO, Google, NASA Ames, USRA, USC, Los Alamos National Laboratory and Oak Ridge National Laboratory. With headquarters near Vancouver, Canada, D-Wave's US operations are based in Palo Alto, CA and Hanover, MD. D-Wave has a blue-chip investor base including PSP Investments, Goldman Sachs, Bezos Expeditions, DFJ, In-Q-Tel, BDC Capital, Growthworks, 180 Degree Capital Corp., and Kensington Capital Partners Limited. For more information, visit: www.dwavesys.com.
https://www.dwavesys.com/press-releases/d-wave-releases-hybrid-workflow-platform-build-and-run-quantum-hybrid-applications

D-Wave Launches Leap, the First Real-Time Quantum Application Environment

D-Wave press release
Application developers and researchers get immediate, free access to a D-Wave 2000Q™quantum computer, comprehensive software tools, demos, live code, documentation, and community forums.
BURNABY, BC – (October 4, 2018) — D-Wave Systems Inc., the leader in quantum computing systems and software, today announced the immediate availability of free, real-time access to the D‑Wave Leap™ Quantum Application Environment (QAE). Leap is the first cloud-based QAE providing real-time access to a live quantum computer. In addition to access, Leap provides open-source development tools, interactive demos and coding examples, educational resources, and knowledge base articles. Designed for developers, researchers, and forward-thinking enterprises, Leap enables collaboration through its online community, helping Leap users write and run quantum applications to accelerate the development of real-world applications.
Leap QAE provides:
  • Free access: free, real-time access to a D-Wave 2000Q quantum computer to submit and run applications, receiving solutions in seconds
  • Familiar software: the open-source Ocean software development kit (SDK), available on GitHub and in Leap, has built-in templates for algorithms, as well as the ability to develop new code with the familiar programming language Python
  • Hands-on coding: interactive examples in the form of Jupyter notebooks with live code, equations, visualizations, and narrative text to jumpstart quantum application development
  • Learning resources: comprehensive live demos and educational resources to help developers get up to speed quickly on how to write applications for a quantum computer
  • Community support: community and technical forums to enable easy developer collaboration
Leap builds on D-Wave’s continuing work to drive real-world quantum application development. To‑date, D‑Wave customers have developed 100 early applications for problems spanning airline scheduling, election modeling, quantum chemistry simulation, automotive design, preventative healthcare, logistics, and more. Many have also developed software tools that make it easier to develop new applications. These existing applications and tools, along with access to a growing community, give developers a wealth of examples to learn from and build upon. 
“Our job is to sift through the sands of data to find the gold—information that will help our manufacturing customers increase equipment efficiency and reduce defects. With D‑Wave Leap, we are showing we can solve computationally difficult problems today, while also learning and preparing for new approaches to AI and machine learning that quantum computing will allow,” said Abhi Rampal, CEO of Solid State AI. “We started with quantum computing on D-Wave because we knew we wanted to be where the market was going, and we continue because we want to be a leader in finding commercial applications for the technology. With Leap, D‑Wave is making systems, software, and support available to help developers and innovators commercialize quantum applications.“
“We are developing innovative new materials to solve large-scale industrial problems using our proprietary Materials Discovery Platform. Part of our platform relies on first-principles materials simulations, requiring exceptional amounts of computational processing power. I firmly believe that advancements in quantum computing will accelerate our business growth, by accelerating our platform. By providing access to a live quantum computer, D‑Wave Leap provides a robust environment for developers to learn, code, and teach, furthering the quantum ecosystem,” said Michael Helander CEO, OTI Lumionics. “Today, we are able to use the D‑Wave 2000Q as a powerful optimizer to help calculate the electronic structure of industrially-relevant sized molecules, a first for a quantum computer. As the community grows, shares, and innovates, the possibilities for materials discovery are endless. I expect D‑Wave to continue to innovate with us, enabling the discovery of countless new materials using quantum computing.” 
“Entrepreneurs are recognizing that quantum computing will help them unlock new technologies, solutions, and business. At the Creative Destruction Lab (CDL), we have more than 20 companies as part of our Quantum Machine Learning Incubator Stream, with growing interest from prospective ventures,” said Khalid Kurji, Senior Venture Manager at the CDL. “D‑Wave’s Quantum Application Environment is central to developers helping developers, and will play an important role not just in the growth of ideas we have today, but in the fostering of innovations for tomorrow.”
“Every technology ecosystem begins by giving smart developers access, tools, and training. Leap eliminates the barrier to entry for quantum application development and deployment by providing live developer access and extensive tools and resources,” said Alan Baratz, D‑Wave EVP R&D and chief product officer. “Leap can enable hundreds of thousands of developers to write and run quantum applications, without having to learn the complex physics that underpins quantum computers. Any one of these developers could write the first killer quantum application, solving complex global problems with quantum computing.” 
“The next frontier of quantum computing is quantum application development. While we continue to advance our industry-leading quantum technology, our goal with Leap is to ignite a new generation of developers who will explore, experiment, and ultimately build our quantum application future,” said Vern Brownell, D‑Wave CEO. “Since day one, D‑Wave has been focused on fueling real-world quantum application development. We believe that the Leap Quantum Application Environment is one of the most important steps toward realizing our vision of practical quantum computing to-date.”
Leap offers both free and paid plans designed for individual developers, commercial enterprises, and for government, research, and education sectors. To find out more and get started using Leap, visit the D‑Wave website at www.dwavesys.com.
Leap Developer Feedback:
“Leap is the only Quantum Application Environment that gives developers access to a real quantum computer. Today, you can’t get that from any other provider of quantum hardware at the scale needed to solve real problems,” said Thomas Phillips, CTO of Ridgeback Network Defense. “It's incredibly exciting to be able to have access to something that before now most developers couldn’t access, and see the quantum computer in action. Because the programming is intuitive, the D‑Wave approach allows me to map familiar algorithms for very hard problems directly onto the system, which is nearly impossible to do on other quantum systems. And most importantly, I can now tackle exceptionally difficult cybersecurity problems I’ve only imagined solving before now.”
“As a long-time software developer, I leapt at the chance to be part of the beta program and get access to a real quantum computer for the first time,” said Scott Davis, independent software consultant. “The online demos, Jupyter notebooks, and documentation gave me a jump-start. Soon I was writing Python programs using the Ocean software development kit and running experiments on D-Wave’s quantum computer with more than 2000 qubits.  In just four weeks I was able to implement a basic proof of a concept I had been thinking about for 17 years.”
“QC Ware works with enterprises to build quantum software applications. QC Ware’s customers in aerospace, automotive, and financial services typically gravitate towards D-Wave because of the large problem sizes the D‑Wave 2000Q can support,” said Juan Adame, quantum software engineer, QC Ware. “With Leap, the user experience and new Ocean software tools will help early developers. And for developers who have quantum experience, the Leap Quantum Application Environment expands the lower level embedding functionality for very finely grained control of how their problem gets mapped on specific physical qubits.”

https://www.dwavesys.com/press-releases/d-wave-launches-leap-first-real-time-quantum-application-environment

giovedì 14 febbraio 2019

ENISA : analysis of Research and Development priorities of the Cyber sector


The European Union Agency for Network and Information Security (ENISA) is the European cyber defense center. With its head office in Athens and its branch office in Heraklion in Crete.
ENISA’s tasks are the following:
  • Providing recommendations;
  • Activities aimed at the creation of policies and their execution.
  • Training for the population, societies and Country Members.
  • Other activities.
On their site I found information about European studies, the CERT/ CSIRT and various ongoing researches.
Among the available documents regarding this last category I had the chance to read "Analysis of the European R&D priorities in cyber security" with the subtitle “Strategic priorities in cyber security for a safer Europe" published in December 2018.
I will try to give you a general idea of the topics discussed, their importance and my personal considerations.
First of all, this is a strategic analysis document. The purpose of the document is to identify the cyber-risks that will threaten European society and to identify the studies required in order to contain or eliminate the problems.
The goal is ultimately to “play in advance”.
In order to do so, the author started by interviewing the experts of the cyber sector, proceeded to analyze the obtained data with the help of the ENISA experts and tried to picture the social, technologic and business aspects of the European society of 2025.
Let’s start by analyzing the picture “Europe 2025”.
Europe 2025 foresees that the devices connected to the net will be standard; every field of the society will be fully connected.
The service providers (energy, transport, banks, digital infrastructures and hospitals) and the entirety of the public administration and industry will provide internet services.
In the world there will be around 80 billion connected devices (in the face of a population of 8 billion people).
IoT (Internet of Thing) will evolve into IoE (Internet of Everything) and will influence society.
It will be common to use wearable devices connected and controllable with our voice. The 5G technology will improve the quality of those services. Education and training will be more efficient with the use of new technologies as the augmented reality and “gamification” techniques.
The society’s cautiousness towards the cyber-threats will increase. There will be many initiatives to promote the concretization of systems and services according to the idea of “security by design”.
Unfortunately there will be social tension between a “cyber aware elite” and a “less aware” segment of society.
The governments will expect the citizens to use the online services of every administrative service, which will imply using a digital identity.
High computational and cloud memorization capacities will be available. The Artificial Intelligence (AI) will be used to perform behavioral analysis of the stored data to create services and products better suited to our needs, unfortunately the criminal organizations will start to use the same methods. There are still no explicit regulations concerning the use of the AI.
The internet “giants” will become even bigger and powerful and they will not just analyze and fulfill the needs of their clients but also modify and decide their needs.
The quantum technology will start developing…
I will stop describing the Europe 2025 picture now. If you would like to read more about it you can find the entire article on the ENISA website.
The ENISA document continues by analyzing the scenario I just described and identifies a series of recommendations to reduce the risks we talked about. These recommendationsfocus on few aspects of the cyber-dimension, in particular:
  • Promoting the awareness towards the use of technologies, the limitations and the risks. The development of systems designed to guarantee the security of data and privacy. It is also suggested to encourage the innovations that will help to spread knowledge about the cyber-risks;
  • Spreading the knowledge about security among the experts and the wider academic world; facilitate the teaching of security principles in the computer science schools;
  • Promote an understandable and reliable artificial intelligence;
  • Facilitate the research on the quantum cryptography and quantum distribution of the encryption keys for high security level communications;
  • About the complexity of the risks; it is needed to promote the development of new approaches concerning the risk analysis and impact on complex and interdependent systems. It is also suggested to define new interfaces and interoperability among critical infrastructures, designed to prevent the “domino effect”. About the cybercrime domain its suggested to facilitate the researches in the field of prioritization of security and the development of innovative instruments of situational awareness;
  • At last, about the privacy risks, it is suggested to promote and spread the development and use of technologies that guarantee high privacy standards and the development of special assessment tools.
The document is way more inclusive than what I have written and it analyzes in detail other fields of interest., It is certainly interesting and instructive reading.
I want to spend a moment on some aspects concerning this scenario. When it comes to scenario creation, there is the risk of not considering some aspects that should be studied and this could lead to a partially incorrrect risk analysis.
In our case there are a few different topics that have not been considered in the scenario that require some attention, in particular;
  • The use of crypto currency. Nowadays there are signs that crypto currencies will be used even more, even in the government and banking/insurance sector;
  • The blockchain technology will keep developing and it will take place of other technologies even in the digital identity sector;
  • The techniques of data coding in the DNA are being currently experimented and have achieved good results (link to the article). It’s reasonable to think that those technologies will be developed to allow the coding, the storage and the data transmission, especially in the field of trade and military secret;
  • The development of space activities will reach an advancedlevel in the industrial world and will allow the development of new communication systems. This should also promote the development of new types of weaponry;
  • The development of more complex cyber weapons and their use by countries will lead to an increased use of deterrents. More states will declare to use their military offensive cyber capacities to answer cyber attacks or to defend their national interests. This should lead to “non proliferation treaties”, similarly to what happened in the field of mass destruction weapons.
I just want to make clear that what I wrote here is my personal view of what is missing in the scenario “Europe 2025”.
Now, the establishment of these new factors in the scenario Europe 2025, if considered valid, leads to the logical consequence of reviewing the risk assessments and finding more suited arrangements for prevention or mitigation, but this is beyond the scope of this article.


Alessandro RUGOLO

(English translation by Francesco Rugolo)
To deepen the topic:
- https://www.enisa.europa.eu;

domenica 10 febbraio 2019

Industry: Airbus and JSAT sign cooperation agreement for the third SpaceDataHighway node

@AirbusSpace
Tokyo, 8 February 2019 – Airbus and Japanese telecommunications satellite operator SKY Perfect JSAT have signed a cooperation agreement for the design preparation of the EDRS-D node. This third communication node of the SpaceDataHighway system is to be positioned over the Asia-Pacific region before 2025. EDRS-D will lead to a significant increase in the system’s communication capacity and considerably expand its coverage.
This agreement concerns the co-financing of design and development studies for the satellite payload, as well as of the system as a whole, in addition to the marketing of the SpaceDataHighway service by SKY Perfect JSAT in Japan. With this agreement, the total amount of the investment in the extension of the SpaceDataHighway stands at nearly € 15 million.
The future EDRS-D payload will consist of three next-generation laser communication terminals (LCT) to allow simultaneous communication with several satellites, as well as aircraft and UAVs. These laser terminals will have broader bandwidth, bi-directional and interoperable communication capability with Japanese laser terminals. Thus, enabling a greater range for geo-geo crosslinks with another geostationary SpaceDataHighway satellites at a distance of up to 75,000 km. This will to offer near real-time relaying of data from the other side of the world.
The SpaceDataHighway is the world’s first ‘optical fibre’ network in the sky based on cutting-edge laser technology. It will be a unique system of geostationary satellites permanently fixed over a network of ground stations, with the first – EDRS-A – already in space. Each day, it can relay up to 40 terabytes of data acquired by observation satellites, UAVs and manned aircraft, at a rate of 1.8 Gbit/s.
The relay satellites are designed to lock on to low-orbiting earth observation satellites via laser and collect their data as they travel thousands of kilometres below, scanning land and oceans. The SpaceDataHighway system then immediately sends the collected data down to Earth from its higher position hovering in geostationary orbit, acting as a data relay node. This process allows the observation satellites to continuously downlink the information they are gathering, instead of having to store it until they travel over their own ground station. That way, they can send down more data, more quickly.
Since the end of 2016, the SpaceDataHighway system has, on a daily basis, been transmitting the images of Earth acquired by the Copernicus programme’s four Sentinel observation satellites.  It has increased the amount of data the satellites relay down to Europe by around 50% for Sentinel-1, and reducing the revisit time to map the whole world from 10 days to 5 days for Sentinel-2.
The SpaceDataHighway is a public–private partnership between the European Space Agency (ESA) and Airbus, with the laser terminals developed by Tesat-Spacecom and the DLR German Space Administration. EDRS-A, the first SpaceDataHighway relay satellite launched in January 2016, offers coverage from the American East Coast to India. A second satellite will be launched in mid-2019. It will double the system’s capacity and extend the coverage and redundancy of the system. 
https://www.airbus.com/newsroom/press-releases/en/2019/02/airbus-and-jsat-sign-cooperation-agreement-for-the-third-spacedatahighway-node.html

sabato 9 febbraio 2019

Airbus sotto attacco! Spionaggio industriale per mezzo di Supply Chain Attack?

Cominciamo dai fatti:

30 gennaio 2019: la Airbus rilascia un comunicato stampa con cui annuncia di aver subito un attacco cyber, in particolare l'incidente riguarda la parte commerciale dell'azienda. Si tratta di accesso non autorizzato a dati aziendali. Annuncia inoltre che non vi è alcun impatto sulle operazioni commerciali di Airbus. 
La Airbus, ricordiamolo, è una società europea con base nei Paesi Bassi, attiva nel campo della produzione di aeromobili, dello Spazio e della Difesa e degli elicotteri. Tra le sue attività sia per uso interno che a favore dei suoi clienti vi è anche la cyber defense.
Il comunicato prosegue dicendo che l'incidente è sotto analisi da parte dei propri esperti che hanno intrapreso tutte le azioni necessarie a rinforzare le misure di sicurezza esistenti e a mitigare l'impatto potenziale nonché ad identificare l'origine dell'attacco. La società afferma che le analisi mirano a capire anche se i dati presi di mira riportano ad un possibile obiettivo, in ogni caso si è verificato l'accesso a dei dati personali, principalmente a contatti professionali e ai riferimenti IT di alcuni impiegati della Airbus in Europa. 
Il comunicato stampa del 30 gennaio termina con la frase di rito relativa ai contatti regolari con le autorità del settore, comprese quelle del settore Data Protection e con la rassicurazione che gli impiegati della Airbus sono stati informati affinché prendano tutte le necessarie precauzioni nel prosieguo delle attività.
La stampa si occupa del caso qualche giorno dopo l'annuncio. Il giornale "Challenges" il 4 febbraio riporta che secondo delle dichiarazioni concordanti (provenienti da fonti statali e da fonti prossime alla società) il "modus operandi" utilizzato nell'attacco è simile a quello impiegato da un gruppo cyber che opera dalla Cina. Sembra che l'obiettivo fosse quello di impadronirsi di documenti tecnici relativi alla certificazione degli aeromobili. Lo schema d'attacco impiegato è infatti simile a quello di APT 10, anche se probabilmente più sofisticato. 
Sembra che l'attacco sia iniziato a dicembre e fosse stato diretto verso uno dei fornitori di Airbus, per poi passare al vero obiettivo. 
Naturalmente l'attribuzione è basata su indizi, ben diverso sarà poterlo dimostrare.
Notiamo che l'andamento in borsa della azioni non ha risentito (almeno apparentemente) di quanto accaduto.
In ogni caso quanto accaduto è ancora una volta indice di quanto sia pericoloso un attacco di tipo "supply chain attack", condotto verso una terza parte, di solito una società sub-fornitrice del vero obiettivo, dotata di scarse o nulle difese cyber.

Alessandro RUGOLO

Immagini: https://www.airbus.com/

Per approfondire:
- https://www.airbus.com/newsroom/press-releases/en/2019/01/airbus-statement-on-cyber-incident.html;
- https://www.challenges.fr/entreprise/transports/cyberattaque-contre-airbus-la-piste-chinoise-avancee_640396;
- https://www.mirror.co.uk/travel/news/breaking-airbus-cyber-attack-believed-13955680;
- https://www.fireeye.com/current-threats/apt-groups.html#apt10;
- https://www.cshub.com/attacks/articles/incident-of-the-week-airbus-reports-employee-data-hack;
- https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of-third-party-providers.html

lunedì 28 gennaio 2019

ENISA: analisi delle priorità della Ricerca e Sviluppo del settore Cyber

La European Union Agency for Network and Information Security (ENISA), è il centro europeo di esperti del settore cyber. La sede principale è in Grecia, ad Atene, mentre una filiale si trova a Creta, ad Eraclion.
Il compito della Agenzia europea è quello di:
- fornire raccomandazioni;
- attività a supporto della produzione di policy di settore e della loro esecuzione;
- training a favore di cittadini, società e Stati Membri;
- attività varie.
Nel sito è possibile trovare informazioni su studi europei ma anche sui CERT/CSIRT esistenti o sugli studi di ricerca e sviluppo in corso. Tra i documenti di questa ultima categoria resi disponibili sul sito ho avuto l'occasione di leggere la "Analysis of the European R&D priorities in cybersecurity", sottotitolato "Strategic priorities in cybersecurity for a safer Europe" emesso lo scorso dicembre 2018. Cercherò in poche righe di darvi una idea di che si tratta e di quale sia la sua importanza e farò  alcune considerazioni generali in merito.
Incomincio col dire che si tratta di un documento di analisi strategica. Lo scopo del documento è infatti quello di identificare i rischi cyber cui sarà soggetta la società europea e di identificare le priorità della ricerca che potranno aiutare a ridurli o ad eliminarli. Lo scopo è dunque quello di "giocare d'anticipo". 
Per fare ciò l'autore ha proceduto ad effettuare una serie di interviste con esperti del settore, analizzare i dati raccolti assieme agli esperti dell'ENISA e a cercare di immaginare la società europea del 2025 dal punto di vista sociale, tecnologico e di business.
Iniziamo dunque dalla analisi dello scenario "Europa 2025".
Europa 2025 prevede che i dispositivi connessi ad internet siano oramai la norma, ogni settore della società è dunque altamente connesso. Gli operatori di settore (energia, trasporti, banche, infrastrutture digitali, ospedali) come pure tutte le amministrazioni pubbliche e l'industria forniscono servizi online.
Nel mondo potrebbero esserci circa 80 miliardi di dispositivi connessi (a fronte di una popolazione di circa 8 miliardi di persone). IoT (Internet of Thing) si sta trasformando in IoE (Internet of Everything) che a sua volta influenza la società. E' diventato di uso comune utilizzare dispositivi indossabili connessi e controllabili con l'uso della voce. La tecnologia 5G consente miglioramenti dei servizi di connessione. Educazione ed addestramento sono più efficaci grazie all'impiego delle nuove tecnologie come la realtà aumentata e le tecniche di gamification. 
L'attenzione della società verso le problematiche cyber è aumentata. Sono nate molte iniziative che promuovono la realizzazione di sistemi e servizi secondo il concetto di "security by design".
Esistono purtroppo tensioni sociali tra una "cyber aware elite" e una sub cultura di lavoratori "less aware".  
I governi chiedono ai cittadini di utilizzare i servizi online per tutti i servizi amministrativi, ciò implica l'uso di una identità digitale. Sono ora disponibili capacità computazionali e di memorizzazione in cloud molto elevate. Si impiega l'Intelligenza Artificiale (AI) per l'analisi comportamentale dei dati raccolti e per sviluppare servizi e prodotti più attagliati alle necessità, purtroppo anche le organizzazioni criminali cominciano a farne uso. Ancora non esiste una chiara regolamentazione sull'uso della AI.
I giganti di internet sono diventati ancora più grandi e potenti e non solo analizzano e rispondono alle domande dei clienti ma ne guidano le scelte e i desideri.
La tecnologia quantistica inizia a svilupparsi... 

Mi fermo qui nella descrizione dello scenario, chi vuole può trovarlo per intero sul sito di ENISA.
Il documento dell'ENISA prosegue analizzando lo scenario descritto e poi individuando una serie di raccomandazioni atte a ridurre i rischi identificati. Le raccomandazioni si concentrano su alcuni aspetti della dimensione cyber, in particolare:
- promozione della consapevolezza nei confronti dell'impiego delle tecnologie, delle limitazioni e dei rischi. Lo sviluppo di sistemi disegnati per garantire la sicurezza dei dati e la privacy. Si suggerisce inoltre di incoraggiare le innovazioni nella diffusione della conoscenza relativa ai rischi legati al mondo cyber;  
- incoraggiare il trasferimento di conoscenze tra esperti specializzati in sicurezza e il più ampio mondo accademico; facilitare l'insegnamento dei principi di sicurezza nelle facoltà di "computer science"; 
- promuovere una intelligenza artificiale comprensibile all'uomo e che ne garantisca l'affidabilità;
- facilitare le ricerche in merito alle tecnologie di crittografia quantistica e di distribuzione quantistica delle chiavi di cifratura per comunicazioni ad elevata sicurezza;
- in merito alla complessità del rischio occorre promuovere lo sviluppo di nuovi approcci di analisi del rischio e d'impatto per sistemi complessi e interdipendenti. Inoltre si suggerisce di definire interfacce di interoperabilità tra infrastrutture critiche che siano studiate per prevenire effetti di caduta a cascata.      
- nel settore del cybercrime si suggerisce di facilitare le ricerche nel campo della prioritizzazione della sicurezza e nello sviluppo di strumenti di situational awareness innovativi;
- infine, nel settore della rischi alla privacy, si suggerisce di promuovere e diffondere lo sviluppo e l'impiego di tecnologie che garantiscano alti standard di privacy e lo sviluppo di appositi tools di assessment.
Naturalmente il documento è molto più completo di quanto io ho scritto e analizza nel dettaglio alcuni settori di interesse per cui è sicuramente una lettura interessante ed istruttiva.
Io però voglio soffermarmi su alcuni aspetti relativi allo scenario. Quando si costruiscono gli scenari il rischio è quello di lasciare fuori qualche area che invece dovrebbe essere considerata e ciò potrebbe rendere parzialmente scorretta l'analisi del rischio che viene effettuata.
Nel nostro caso vi sono infatti diverse aree a mio parere non considerate e che richiederebbero un po di attenzione, in particolare:
- l'impiego delle cryptocurrency. Oggigiorno vi sono segnali che indicano che le criptocurrency dovrebbero essere sempre più impiegate, anche nel settore governativo e bancario/assicurativo;
- la tecnologia blockchain continuerà a svilupparsi e sostituirà alcune tecnologie anche nel settore relativo alla identità digitale;
- le tecniche di codifica di dati nel DNA già oggi sono sperimentate ed hanno raggiunto buoni risultati (vedi articolo). E' ragionevole pensare che verranno sviluppate per consentire la codifica, la conservazione e la trasmissione di dati nel tempo e nello spazio, soprattutto nel campo del segreto industriale e militare;
- lo sviluppo delle attività spaziali avrà raggiunto un buon livello nel mondo industriale e avrà portato allo sviluppo di nuovi sistemi di comunicazione. Ciò dovrebbe inoltre dare impulso allo sviluppo di nuovi tipi di armamenti;
- lo sviluppo di cyber armi sempre più complesse e il loro impiego da parte di Stati dovrebbe condurre ad un aumento dell'impiego dell'arma della dissuasione, ovvero sempre più Stati dichiareranno di impiegare le proprie capacità cyber militari offensive in risposta ad attacchi o per salvaguardare gli interessi nazionali. Ciò dovrebbe condurre alla stipula di "trattati di non proliferazione", a similitudine di quanto accaduto nel campo delle armi di distruzione di massa.

Sia chiaro che quanto sopra è la mia visione di quello che manca allo scenario "Europa 2025". 
Ora, l'introduzione di questi nuovi fattori nello scenario Europa 2025, qualora considerati validi, porta come logica conseguenza alla necessità di rivedere l'analisi del rischio e trovare le modalità di prevenzione o attenuazione più adatte, cosa però al di là dello scopo di questo articolo.

Alessandro RUGOLO

Per approfondire:
- https://www.enisa.europa.eu/;
- https://www.enisa.europa.eu/publications/analysis-of-the-european-r-d-priorities-in-cybersecurity

domenica 27 gennaio 2019

L'Unione Europea ci crede: 9 miliardi di euro per il Digitale


Si è svolta a Lille, il 22 e 23 gennaio 2019, l'undicesima edizione del FIC (Forum international de la Cybersécurité), un evento di rilevanza internazionale. 

Per capire la dimensione dell'avvenimento vediamo qualche numero:
- 8600 partecipanti;
- 350 partners;
- 80 paesi rappresentati.
Centinaia le società scese in campo al fianco delle organizzazioni governative francesi e delle istituzioni universitarie e di ricerca. Apprezzabile lo sforzo teso ad affrontare il soggetto da tutti i punti di vista.
Oltre alla consueta possibilità di visitare gli stand degli espositori in cui trovare prodotti, servizi e formazione, il FIC ha visto il coinvolgimento dei ragazzi attraverso lo svolgimento di attività incentrate sulla ricerca di vulnerabilità su ambiente appositamente predisposto ma anche di "caccia al bug" su software e sistemi reali. 
(Marcel)
Interessanti i vari panel che hanno visto confrontarsi personaggi legati tra loro dal comune sentimento di sfida che il cyber space rappresenta per la società: una sfida che non possiamo rifiutare.

Dal punto di vista culturale è stato organizzato un premio per il libro più interessante, mentre tra un panel e l'altro è stato possibile apprezzare i video ironici sulla cyber. Particolarmente gradito dal pubblico quello di Marcel, una simpatica clip sulla "intrusività" dei cacciatori di dati nel mondo moderno.
Efficace la partecipazione del mondo politico francese che si è presentato in forze per illustrare i passi compiuti e sostenere la necessità di andare avanti senza indugio. 

Da notare  l'intervento del Commissario Europeo per l'economia e la società digitale, Mariya Gabriel, che ha brevemente riepilogato gli interventi europei dell'ultimo anno in materia cyber e ha annunciato gli investimenti per il futuro e le proposte di modifica delle istituzioni (tra queste l'ENISA) per poter affrontare meglio le nuove sfide. Il Commissario europeo ha ricordato che oggigiorno in Europa mancano le figure professionali del mondo della cyber security, si stima che vi siano circa 300.000 posizioni vacanti e che diventeranno 500.000 nel 2020. 
Secondo uno studio del governo dei Paesi Bassi l'Europa non spende più di 1,5 miliardi nel settore Cyber, ovvero un decimo rispetto a quanto fanno gli Stati Uniti. Per il bilancio europeo futuro sarà tenuto l'investimento di 2 miliardi sul programma Horizon 2020 ma sarà lanciato un ulteriore programma: "Europa Digitale", dotato di un fondo di 9 miliardi di euro. Al suo interno la parte dedicata alla cyber sarà di 2 miliardi. 
Sembra che finalmente siano state gettate le basi per consentire lo sviluppo di una industria di sicurezza informatica europea, ora la palla passa a tutti coloro che possono e vogliono partecipare alla sfida. E in un periodo in cui i singoli Stati sembrano pressati da tutt'altre priorità, questa è un'occasione da non perdere!

Alessandro RUGOLO

- https://www.usinenouvelle.com/article/au-fic-la-cybersecurite-se-reve-a-l-echelle-europeenne.N642518;
- https://www.forum-fic.com/accueil.htm;
- https://www.youtube.com/watch?v=3LTgSdOpLbI&t=0s&list=PLsaypbHfNQun1ZbfzXj0DsRXVB61i9Vod&index=5;
- https://www.youtube.com/user/WebTVFIC/videos;
- https://ec.europa.eu/commission/priorities/digital-single-market_en;
- https://www.enisa.europa.eu/
- https://ec.europa.eu/programmes/horizon2020/en



domenica 20 gennaio 2019

Onde cerebrali come password? Sembra di si ma...


La debolezza dei sistemi basati su password ha spinto allo sviluppo di studi incentrati sulla biometria.

Tra questi uno in particolare si è concentrato sull'impiego delle onde cerebrali, sembra infatti che queste siano tipiche per ognuno di noi e la loro imitazione resta molto complessa, se non impossibile. 
Sulla base di questo assunto diversi studi hanno portato ad ipotizzare vari metodi di verifica d'accesso ai sistemi basati sul principio delle onde cerebrali.
Nel coro degli studi, occorre però tenere presente anche chi canta una musica differente. E' il caso di alcuni ricercatori (Tommy Chin, Peter Muller, John Chuang) che hanno cercato di verificare l'attendibilità di sistemi di verifica ad onde cerebrali in condizioni non ideali come l'ubriachezza, l'assunzione di droghe o di caffeina o ancora la stanchezza.
Dai primi risultati delle ricerche risulterebbe infatti che l'attendibilità del riconoscimento calerebbe dal 94% a circa il 33% per soggetti che fanno uso di sostanze quali alcool caffeina o droghe. Può darsi che la cosa sia un bene dato che un utente ubriaco potrebbe causare più danni che altro ma non è detto che la cosa vada bene per la caffeina dato che è comunque una sostanza usata per vincere il sonno e poter effettuare dei lavori richiedenti maggiore concentrazione.

Alessandro RUGOLO


Per approfondire:
- https://www.newscientist.com/article/2118434-brainwaves-could-act-as-your-password-but-not-if-youre-drunk/
-

domenica 13 gennaio 2019

CIMON, il primo robot assistente spaziale "Intelligente"

Intelligenza Artificiale e spazio, due discipline scientifiche al limite delle nostre conoscenze alleate per aiutare l'uomo.
Il 15 novembre ultimo scorso, a bordo della International Space Station, l'astronauta tedesco Alexander Gerst è stato protagonista di un esperimento durato novanta minuti, ha infatti parlato con un assistente di bordo molto speciale: CIMON (Crew Interactive Mobile Companion). Il piccolo robot è dotato di intelligenza artificiale ed è il primo della sua "specie" ad aver raggiunto lo spazio.
CIMON è di produzione Airbus ed è stato risvegliato dal Comandante della missione, Gerst, con le parole "Wake up, CIMON". Il robot ha risposto con il classico "What can I do for you?", dando così  inizio all'esperimento. 
CIMON è collegato al Columbus Control Center in Germania e da qui con il Biotechnology Space Support Center a Lucerna per passare attraverso internet all'IBM Cloud a Francoforte. 
CIMON è un primo passo, si tratta infatti di un dimostratore tecnologico di ciò che potrebbe essere un assistente in un viaggio di esplorazione spaziale, queste le dichiarazioni del portaparola Marco Trovatello, dell'European Space Agency's Astronaut Centre di Colonia.
Il piccolo CIMON è capace di muoversi autonomamente nella Stazione Spaziale e di ricevere comandi vocali, semplificando le procedure di lavoro degli astronauti.
Nel corso dell'esperimento (vedi il video) CIMON ha riconosciuto l'astronauta, si è spostato autonomamente all'interno della base e ha dato istruzioni al suo compagno umano.
Ma è possibile che le cose non siano poi cosi semplici come dichiarato inizialmente.
Secondo quanto pubblicato in un articolo di Nicolas Rivero su Quartz, sembra che Gerst e CIMON abbiano avuto uno "scambio di opinioni" riguardo alla musica, infatti mentre CIMON voleva cantare Gerst lo richiamava all'ordine.
Quanto successo solleva naturalmente una serie di obiezioni, la prima di queste riguarda la reale utilità delle "intelligenze artificiali". I tentativi di infondere nei robot una intelligenza tipica della razza umana infatti non è esente da pericoli, il primo dei quali risiede nel fatto che non sappiamo come controllare una intelligenza artificiale esattamente come non saremo mai certi di controllare completamente una intelligenza umana, anzi, forse è ancora più difficile. Tutto sommato conosciamo abbastanza bene i nostri simili ma molto meno le Intelligenze Artificiali...
      
Alessandro RUGOLO

Per approfondire:
- https://www.space.com/42574-ai-robot-cimon-space-station-experiment.html;
- https://www.space.com/41041-artificial-intelligence-cimon-space-exploration.html;
- https://www.nasa.gov/mission_pages/station/main/index.html
- https://qz.com/1482839/the-iss-has-a-robot-on-board-and-hes-being-kind-of-a-dick/
- https://www.businessinsider.com/international-space-station-cimon-robot-funny-glitch-2018-12?IR=T