Di Esther Solomon, caporedattrice della versione inglese di Haaretz (quotidiano israeliano)

Esther Solomon, Editor-in-chief, Haaretz English

This week, Israelis woke up to war again, but this time not to the Hamas surprise attack of October 7 but to a conscious decision by their government to restart fighting, against the will of the popular majority, which consistently favors an end to the war and the return of all the hostages. This same week, the Netanyahu government intensified its battles on two other fronts as well: its war on Israeli democracy, and its war on Diaspora Jews.

Prime Minister Netanyahu is baldly exhibiting his 'vision' for the character of his own regime and the principles that govern the Israeli state's behavior at home and abroad. It is a vision that is genuinely revolutionary, in that it rips up and shreds into confetti most of the fundamental values and social contracts that bind the state to its citizens, and the state to the Jewish people outside its borders.

With the Trump administration's backing, but to the consternation of most of the rest of the international community, IDF airstrikes are now raining down on Gaza again. Netanyahu's ministers are using bloodcurdling language, directed at the whole population of Gaza, and not only Hamas.

The declared premise for breaking the cease-fire – that extreme military pressure will force Hamas into capitulation, and will lead to hostages being released alive – is false and illogical. Sixteen months of war has shown that only negotiations bring back significant numbers of hostages alive, that airstrikes kill them, and Hamas, which has repopulated its ranks, has no pangs of conscience to fight to the last Gazan. As Einav Zangauker, warrior mother of hostage Matan, said: "Netanyahu has opened the gates of hell not on Hamas, but on our loved ones."

The real reason for resuming war is to satiate the annexationist warlust of the far right, and win the prime minister more time in power. And both of those reasons factor into the resurgence-on-steroids of the government's judicial coup, now honed to take out the Shin Bet head and the Attorney General, the key remaining gatekeepers of democracy and the rule of law.

There's an urgency to Netanyahu's call to rid himself of these troublesome officials, and it's called Qatargate: the rolling scandal of close aides to Netanyahu allegedly being paid by Doha for positive PR during the war, in which the Shin Bet is a lead investigative agency. In true Trumpist style, and with a nod to his fellow White House populists, Netanyahu took to social media to accuse the "leftist deep state" of conspiring to weaponize the justice system to bring down the right-wing government.

This week there were also dramatic developments in the third front: How the government understands its relationship with Diaspora Jews. Amichai Chikli, the minister in charge of Diaspora relations and Israel's antisemitism czar, is organizing a "combating antisemitism" conference stuffed with representatives of European far-right parties whose antisemitic, neo-Nazi, illiberal record is either a fact of their founding and/or an everyday feature of their activists' rhetoric.

It was an ambush for the high-profile representatives of U.S. and European Jewish communities also invited to attend: To show solidarity with Israel at the cost of their own values and safety. One by one, they have cancelled, from the U.K.'s Chief Rabbi to the head of the ADL: Even Israel's President refused to host the far-right politicians. These are rare, brave moves that may well be a milestone in the breakdown of Israel-Diaspora relations, a sign of how infuriated Diaspora Jews are and how arrogant, cynical and fanatic the Israeli government.

Netanyahu's wars have terrible human costs, but they are also designed to reshape language and the space for dissent. To jumpstart the cease-fire, make war. To save the hostages, bomb them. To save democracy, institute autocracy. To confront antisemitism, welcome antisemites.

Despite their deep fatigue, most Israelis aren't buying it. Forty thousand turned out to protest in Tel Aviv on Tuesday; thousands more in Jerusalem the next day. But Netanyahu has formidable weapons at his disposal, and there is no cease-fire pending for the wars outside and inside Israel's borders.

The Cheap Yellow Display may not be the fastest of ESP32 boards with its older model chip and 4 MB of memory, but its low price and useful array of on-board peripherals has made it something of a hit in our community. Getting the most out of the hardware still presents some pitfalls though, as [Mark Stevens] found out when using one for an environmental data logger. The problem was that display, touch sensor, and SD card had different SPI busses, of which the software would only recognise two. His solution involves a simple hardware mod, which may benefit many others doing similar work.

It’s simple enough, put the LCD and SD card on the same bus, retaining their individual chip select lines. There’s a track to be cut and a bit of wiring to be done, but nothing that should tax most readers too much. We’re pleased to see more work being done with this board, as it remains a promising platform, and any further advancements for it are a good thing. If you’re interested in giving it a go, then we’ve got some inspiration for you.

hackaday.com/2025/03/20/three-…

If you spend a lot of time at the command line, you probably have either a very basic prompt or a complex, information-dense prompt. If you are in the former camp, or you just want to improve your shell prompt, have a look at Starship. It works on the most common shells on most operating systems, so you can use it everywhere you go, within reason. It has the advantage of being fast and you can also customize it all that you want.

What Does It Look Like?

It is hard to explain exactly what the Starship prompt looks like. First, you can customize it almost infinitely, so there’s that. Second, it adapts depending on where you are. So, for example, in a git-controlled directory, you get info about the git status unless you’ve turned that off. If you are in an ssh session, you’ll see different info than if you are logged in locally.

However, here’s a little animation from their site that will give you an idea of what you might expect:

hackaday.com/wp-content/upload…

Installation

The web site says you need a Nerd Font in your terminal. I didn’t remember doing that on purpose, but apparently I had one already.

Next, you just have to install using one of the methods they provide, which depends on your operating system. For Linux, you can run the installer:

curl -sS starship.rs/install.sh | sh

Sure, you should download it first and look to make sure it won’t reformat your hard drive or something, but it was fine when we did it.

Finally, you have to run an init command. How you do that depends on your shell and they have plenty of examples. There’s even a way to use it with cmd.exe on Windows!

Customization

The default isn’t bad but, of course, you are going to want to change things. Oddly, the system doesn’t create a default configuration file. It just behaves a certain way if it doesn’t find one. You must make your own ~/.config/starship.toml file. You can change where the file lives using an environment variable, if you prefer, but you still have to create it.

The TOML file format has sections like an INI file. Just be aware that any global options have to come before any section (that is, there’s no [global] tag). If you put things towards the bottom of the file, they won’t seem to work and it is because they have become part of the last tag.

There are a number of modules and each module reads data from a different section. For example, on my desktop I have no need for battery status so:

[battery]disabled = true

Strings

In the TOML file you can use single or double quotes. You can also triple a quote to make a string break lines (but the line breaks are not part of the string). The single quotes are treated as a literal, while double quotes require escape characters for special things.

You can use variables in strings like $version or $git_branch. You can also place part of a string in brackets and then formating for the string in parenthesis immediately following. For example:
'[off](fg:red bold)'

Finally, you can have a variable print only if it exists:
'(#$id)'

If $id is empty, this does nothing. Otherwise, it will print the # and the value.

Globals and Modules

You can find all the configuration options — and there are many — in the Starship documentation. Of primary interest is the global format variable. This sets each module that is available. However, you can also use $all to get all the otherwise unspecified modules. By default, the format variable starts with $username $hostname. Suppose you wanted it to be different. You could write:
format='$hostname ! $username $all'

You’ll find many modules that show the programming language used for this directory, version numbers, and cloud information. You can shut things off, change formatting, or rearrange. Some user-submitted customizations are available, too. Can’t find a module to do what you want? No problem.

Super Custom

I wanted to show the status of my watercooler, so I created a custom section in the TOML file:

[custom.temp]
command = 'temp-status|grep temp|cut -d " " -f 7'
when = true
format='$output°'

The command output winds up in, obviously, $output. In this case, I always want the module to output and the format entry prints the output with a degree symbol after it. Easy!

Of Course, There are Always Others

There are other prompt helpers out there, especially if you use zsh (e.g., Oh My Zsh). However, if you aren’t on zsh, your options are more limited. Oh My Posh is another cross-shell entry into the field. Of course, you don’t absolutely need any of these. They work because shells give you variables like PS1 and PROMPT_COMMAND, so you can always roll your own to be as simple or complex as you like. People have been doing their own for a very long time.

If you want to do your own for bash, you can get some help online. Or, you could add help to bash, too.

hackaday.com/2025/03/20/linux-…

Una nuova vulnerabilità critica scuote il mondo della cybersecurity: questa volta tocca a Veeam Backup & Replication, con la CVE-2025-23120, una falla che consente l’esecuzione remota di codice (RCE) da parte di utenti di dominio autenticati. Il punteggio CVSS v3.1 di 9.9 non lascia spazio a dubbi: il rischio è elevatissimo!

La vulnerabilità

Questa vulnerabilità colpisce le versioni 12, 12.1, 12.2 e 12.3 di Veeam Backup & Replication (come riportato nel report) e riguarda in particolare i server di backup collegati al dominio. Un dettaglio che va contro le Best Practice di Sicurezza & Compliance, ma che, purtroppo, si riscontra ancora in molte infrastrutture IT.

In pratica, un utente autenticato nel dominio può sfruttare questa falla per eseguire codice arbitrario da remoto, aprendo le porte a scenari devastanti: furto di dati, attacchi ransomware, compromissione dell’intera infrastruttura IT. Il rischio è ancor più elevato se il controllo sugli account di dominio non è adeguato.

Un’arma nelle mani dei cybercriminali

Le TTP (Tactics, Techniques, and Procedures) adottate da gruppi APT e cybercriminali dimostrano quanto vulnerabilità di questo tipo siano ambite per attacchi mirati. Minacce avanzate come ransomware-as-a-service (RaaS) potrebbero sfruttare CVE-2025-23120 per distribuire payload malevoli sui sistemi vulnerabili. Inoltre, attori sponsorizzati da stati nazionali potrebbero utilizzarla per movimento laterale e persistenza, ottenendo il controllo di intere infrastrutture senza essere rilevati immediatamente.

A lanciare l’allerta è stato Piotr Bazydlo di watchTowr, dimostrando ancora una volta quanto sia fondamentale il coinvolgimento della community nella scoperta e segnalazione di falle critiche.

Le organizzazioni devono correre ai ripari immediatamente: ora che la vulnerabilità è stata divulgata, gli attacchi ai sistemi non aggiornati sono solo questione di tempo.

Aggiornare subito!

Veeam ha già rilasciato la patch risolutiva nella versione 12.3.1 (build 12.3.1.1139). Se la vostra infrastruttura utilizza una delle versioni vulnerabili, l’aggiornamento non è un’opzione.

Oltre all’update, le aziende devono rivedere la configurazione dei loro backup server, evitando di integrarli nel dominio e adottando strategie di sicurezza più rigorose per limitare gli accessi.

Conclusione

Ogni volta che una vulnerabilità critica viene resa pubblica, il tempo per mettersi al sicuro è limitato. Gli attaccanti non perdono un secondo nel tentare di sfruttare falle come la CVE-2025-23120 per penetrare nelle infrastrutture aziendali.

Chi gestisce ambienti IT deve agire subito: aggiornare, rivedere le configurazioni di sicurezza e limitare al massimo i permessi di dominio. Perché nel mondo della cybersecurity, chi arriva tardi paga il prezzo più alto.

L'articolo Vulnerabilità critica da 9.9 di Score in Veeam Backup & Replication che consente RCE proviene da il blog della sicurezza informatica.

Dedicato a chi dice che gli scioperi non servono.

[...] prevede l'immediata erogazione di una tantum di 500 euro e un incremento economico medio mensile a regime tra i 220 e i 240 euro

agi.it/economia/news/2025-03-2…

THIS IS A BONUS EDITION OF DIGITAL POLITICS. I'm Mark Scott, and I don't usually speak about my day job in this newsletter. But today, that changes.

One of my goals this year is to help open up social media platforms to greater outside transparency. To do that, I'm working on ways to jumpstart data access to these platforms, or efforts to allow independent researchers to delve into the public data that these firms collect on all of us.

It's not an easy task — especially because any form of such data access must protect people's privacy, at all cost, and uphold the highest levels of security.

But, for me, it's a fundamental step in filling the democratic deficit associated with how social media may (or may not) affect our everyday lives.

Below gives you a glimpse about what I've been up to in recent months. It's a cross-post from Tech Policy Press.

Let's get started.

What happens online doesn't just stay online

IT'S HARD TO REMEMBER A WORLD WITHOUT SOCIAL MEDIA. From the United States to Brazil, people now spend hours on TikTok, Instagram, and YouTube each day, and these platforms have become embedded in everything from how we talk to friends and family to how we elect our national leaders.

But one thing is clear: despite researchers’ efforts to decipher social media’s impact, if any, on countries’ democratic institutions, no one still has a clear understanding of how these global platforms work. What’s worse — we have less awareness about what happens on these platforms in 2025 than we did five years ago.

This is a problem.

It’s a problem for those who believe these tech companies censor people’s voices online. It’s a problem for those who believe these firms do not do enough to police their platforms for harmful content. And it’s a problem for democratic countries whose political systems are fracturing under increased polarization — some of which is amplified via social media.

In 2025, there is a fundamental disconnect between what happens on social media and what academics, independent researchers and regulators understand about these platforms.

That has led to a democratic deficit. No one can quantify the effect, if any, of these platforms’ impact on public discourse. It has also led to a policymaking void. Lawmakers worldwide don’t know what steps are needed via potential new legislation, voluntary standards or the doubling down on existing efforts to reduce online harm on social media while upholding individuals’ right to free speech.

In short, we just don’t know enough about social media’s impact on society.

Thanks for reading Digital Politics. If you've been forwarded this newsletter (and like what you've read), please sign up here. For those already subscribed, reach out on digitalpolitics@protonmail.com

Without quantifiable evidence of harm (or lack of it) — driven by independent outside access to platform data, or the ability for people to research the inner workings of these social media giants — there is no way to make effective online safety legislation, uphold people’s freedom of expression, and hold companies to account when, inevitably, things go wrong.

And yet, there is a way forward. One that relies on the protection of people’s privacy and free speech. One that limits government access to people’s social media posts. And one that gives outside researchers the ability to kick the tires on how these platforms operate by granting them access to public data in ways that improves society’s understanding of these social media giants.

What are we going to do about it?

To meet this need, Columbia World Projects at Columbia University and the Hertie School’s Centre for Digital Governance have been running workshops with one aim in mind: How to build on emerging online safety regimes worldwide — some of which allow, or will soon allow, for such mandatory data access from the platforms to outside groups — to fill this democratic deficit.

With support from the Knight Foundation, that has involved bringing together groups of academic and civil society researchers, data infrastructure providers and national regulators for regular meetings to hash out what public and private funding is required to turn such data access from theory into reality.

The initial work has focused on the European Union’s Digital Services Act, which includes specific mandatory requirements for outsiders to delve into platform data.

But as other countries bring online similar data access regimes, the hope is to provide a route for others to follow that will build greater capacity for researchers to conduct this much-needed work; support regulators in navigating the inherent difficulties in opening up such platforms’ public data to outsiders; and ensure that people’s social media data is protected and secured, at all cost, from harm and surveillance.

As with all research, much relies on funding. Just because a country’s online safety laws dictate that outsiders can access social media data does not mean that researchers can just flick on a switch and get to work.

At every turn, there’s a need for greater public and private backing.

As part of the ongoing workshops, the discussions have focused on four areas where we believe targeted funding support from a variety of public and private donors can make the most impact. Taken together, it represents an essential investment in our wider understanding of social media that will ensure companies uphold their stated commitments to make their platforms accountable and transparent to outside scrutiny.

Four ways to make social media giants more accountable

The first component is the underlying infrastructure needed to carry out this work. Currently, accessing social media data is confined to the few, not the many. Researchers either need existing relationships with platforms or access to large funding pots to pay for cloud storage, technical analysis tools and other data access techniques that remain off limits to almost everyone.

Currently, there is a cottage industry of data providers — some commercial, others nonprofit — that provide the baseline infrastructure, in terms of access to platforms, analytics tooling and user-friendly research interfaces. Yet to meet researchers’ needs, as well as the growing regulatory push to open up social media giants to greater scrutiny, more needs to be done to make such infrastructure readily accessible, particularly to experts in Global Majority countries.

That includes scaling existing data infrastructure, making analytical tools more universally available to researchers, and using a variety of techniques — from using Application Programming Interfaces, or APIs, that plug directly into platform data to allowing researchers to scrape social media sites in the public interest to promoting “data donations” directly from users themselves — to meet different research needs.

The second focus has been on the relationships between researchers and regulators. As more countries pursue online safety legislation, there is a growing gap between in-house regulatory capacity and outsider expertise that needs to be closed for these regimes to operate effectively. Yet currently, few, if any, formal structures exist for researchers and regulators to share best practices — all while maintaining a safe distance via so-called “Chinese Walls” between government oversight and researcher independence.

What is needed are more formal information-sharing opportunities between regulators and researchers so that online safety regimes are based on quantifiable evidence — often derived from outside data access to social media platforms. That may include regular paid-for secondments for researchers to embed inside regulators to share their knowledge; the development of routine capacity building and information sharing to understand the evolving research landscape; and a shift away from informal networks between some researchers and regulators into a more transparent system that is open to all.

Sign up for Digital Politics

Thanks for getting this far. Enjoyed what you've read? Why not receive weekly updates on how the worlds of technology and politics are colliding like never before. The first two weeks of any paid subscription are free.

Subscribe
Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

For that to work, a third element is needed in terms of greater capacity building — in the form of technical assistance, data protection and security training and researcher community engagement. Currently, outside experts have varying levels of technical understanding, policy expertise and knowledge of privacy standards that hamstring greater accountability and transparency for platforms. If people’s public social media data is not secured and protected against harm, for instance, then companies will rightly restrict access to safeguard their users from Cambridge Analytica-style leakages of information.

What is needed is the expansion of existing research networks so that data access best practices can be shared with as many groups as possible. Technical support to maintain the highest data protection standards — in the form of regular training of researchers and the development of world-leading privacy protocols for all to use — similarly will provide greater legal certainty for social media users. The regular convening of researchers so that people can learn from each other about the most effective, and secure, way to conduct such research will also democratize current data access that has often been limited to a small number of experts.

The fourth component of the workshops is the most important: how to maintain independence between outside researchers and regulators in charge of the growing number of online safety regimes worldwide. It is important for both sides to work effectively with each other. But neither researchers nor regulators should become beholden — or perceived to be beholden — to each other. Independence for regulators to conduct their oversight and for researchers to criticize these agencies is a fundamental part of how democracies function.

That will require forms of public-private funding to support ongoing data access work to create strict safeguards between researchers and regulators. That’s a tricky balance between supporting close ties between officials and outsiders, while similarly ensuring that neither side feels subordinate to the other. To meet that balance, a mixture of hands-off public support and non-government funding will be critical.

Such structures already exist in other industries, most notably in the medical research field. They represent a clear opportunity to learn from others as outside researchers and regulators push for greater accountability and transparency for social media companies.

digitalpolitics.co/newsletter0…

There’s a classic grade school science experiment that involves extracting juice from red cabbage leaves and using it as a pH indicator. It relies on anthocyanins, pigmented compounds that give the cabbage its vibrant color but can change depending on the acidity of the environment they’re in, from pink in acidic conditions to green at higher pH. And anthocyanins are exactly what power this unusual kinetic art piece.

Even before it goes into action, [Nathalie Gebert]’s Anthofluid is pretty cool to look at. The “canvas” of the piece is a thin chamber formed by plexiglass sheets, one of which is perforated by an array of electrodes. A quartet of peristaltic pumps fills the chamber with a solution of red cabbage juice from a large reservoir, itself a mesmerizing process as the purple fluid meanders between the walls of the chamber and snakes around and between the electrodes. Once the chamber is full, an X-Y gantry behind the rear wall moves to a random set of electrodes, deploying a pair of conductors to complete the circuit. When a current is applied, tendrils of green and red appear, not by a pH change but rather by the oxidation and reduction reactions occurring at the positive and negative electrodes. The colors gently waft up through the pale purple solution before fading away into nothingness. Check out the video below for the very cool results.

We find Anthofluid terribly creative, especially in the use of such an unusual medium as red cabbage juice. We also appreciate the collision of chemistry, electricity, and mechatronics to make a piece of art that’s so kinetic but also so relaxing at the same time. It’s the same feeling that [Nathalie]’s previous art piece gave us as it created images on screens of moving thread.

youtube.com/embed/sC4Rg1wRP68?…

hackaday.com/2025/03/20/chemis…

Back in 2023, we first brought you word of the PiEEG: a low-cost Raspberry Pi based device designed for detecting and analyzing electroencephalogram (EEG) and other biosignals for the purposes of experimenting with brain-computer interfaces. Developed by [Ildar Rakhmatulin], the hardware has gone through several revisions since then, with this latest incarnation promising to be the most versatile and complete take on the concept yet.

At the core of the project is the PiEEG board itself, which attaches to the Raspberry Pi and allows the single-board computer (SBC) to interface with the necessary electrodes. For safety, the PiEEG and Pi need to remain electrically isolated, so they would have to be powered by a battery. This is no problem while capturing data, as the Pi has enough power to process the incoming signals using the included Python tools, but could be an issue if you wanted to connect the PiEEG system to another computer, say.

For the new PiEEG Kit, the hardware is now enclosed in its own ABS carrying case, which includes an LCD right in the lid. While you’ve still got to provide your own power (such as a USB battery bank), having the on-board display removes the need to connect the Pi to some other system to visualize the data. There’s also a new PCB that allows the connection of additional environmental sensors, breakouts for I2C, SPI, and GPIO, three buttons for user interaction, and an interface for connecting the electrodes that indicates where they should be placed on the body right on the silkscreen.

The crowdsourcing campaign for the PiEEG Kit is set to begin shortly, and the earlier PiEEG-16 hardware is available for purchase currently if you don’t need the fancy new features. Given the fact that the original PiEEG was funded beyond 500% during its campaign in 2023, we imagine there’s going to be plenty of interest in the latest-and-greatest version of this fascinating project.

youtube.com/embed/vVgMHCaZgIQ?…

hackaday.com/2025/03/20/pieeg-…

Spieghiamo meglio cosa fa l’Agenzia per la cybersicurezza nazionale

Alcuni pensano che la cybersicurezza sia un fatto di hacker, nerd, ingegneri del software e basta, ma non è così.

L’elemento tecnico e ingegneristico nella cybersecurity è cruciale, ma la cybersecurity è tecnologia, normazione, regolazione, rapporti istituzionali, cooperazione internazionale, industria, geopolitica e diplomazia.

La cybersecurity è tecnologia perché le tecniche di attacco e difesa di reti, sistemi e computer evolvono costantemente. Spesso, la stessa tecnologia, prendiamo l’IA, può essere usata per creare attacchi più devastanti, ma può essere usata per difese più efficaci. In ogni processo di sviluppo tecnologico sono coinvolti matematici, ingegneri, tecnici, giuristi, imprenditori, venditori, formatori, legislatori eccetera.

La cybersecurity è una questione normativa perché, al pari di ogni risultato dell’interazione umana con l’ambiente, naturale o artificiale, va sottomessa a regole, anche quando questo appare difficile, oneroso e impegnativo in termine di tempo e di risorse. Basti pensare allo sforzo normativo europeo e internazionale in tema di certificazione e qualificazione, la risposta al crimine informatico, le linee guida per lo sviluppo sicuro dell’Intelligenza artificiale.

La cybersecurity è fondata sulle relazioni internazionali. Ovvio, perché quando parliamo di cyber parliamo di una superficie digitale da proteggere che non conosce virtualmente confini. Gli effetti di un attacco o di una risposta a un attacco possono andare oltre il target ed esondare dalla zona geografica in cui inizialmente si manifestano. Quindi per fermarli o mitigarli occorre la cooperazione di diverse realtà politiche, istituzionali ed economiche garantendo la resilienza dell’ecosistema cibernetico impattato.

La cybersecurity è geopolitica perché la tecnologia che ne è alla base non può fare a meno di materie prime, componentistica e competenze distribuite ai quattro angoli del pianeta. La competizione per l’accesso ai chip di nuova generazione, lo sviluppo di HPC e Quantum Computing hanno innescato una competizione tra gli Stati. Il motivo? I nuovi computer quantistici, una volta disponibili, saranno in grado di rompere i sistemi crittografici alla base della sicurezza stessa delle tecnologie di comunicazione. Solo per fare un esempio.

La cybersecurity è ricerca, industria e innovazione di processi, prodotti e servizi. Senza l’industria che costruisce tecnologie sicure in un mercato competitivo, senza i vendor, i system integrator, non c’è tecnologia usabile, non ci sono prodotti di consumo a prezzi ragionevoli, non c’è pubblicità, non si arriva all’utente finale. Viceversa, se l’industria non si protegge, se non protegge dati, server, proprietà intellettuale e brevetti, viene meno la sua capacità di competere in un mercato globale.

La cybersecurity è formazione all’uso critico delle tecnologie, perché non può esserci un uso consapevole dei dispositivi tecnologici se non se ne comprendono rischi e opportunità.

Un vecchio modo di pensare ritiene che siano solo gli hacker, etici oppure no, che si occupano di cybersecurity. “Ah, ma c’è il Red Team che, attaccando, testa le difese!”. Oppure: “il nostro blue team si occupa di proteggere i sistemi, facciamo le esercitazioni”. Da soli non bastano più. In real case scenario siamo andati oltre perfino al purple team. Oggi il contrasto agli incidenti e alle minacce informatiche lo fanno i “golden team”, squadre dove ci sono giuristi, specialisti della privacy, linguisti, diplomatici, tecnologici, psicologi, sociologici e hacker.

Dovrebbe essere ovvio, se si pensa che “i dilettanti hackerano i sistemi, i professionisti hackerano le persone” come diceva Bruce Schneier.

Le agenzie nazionali di cybersecurity sono nate quasi spesso in seguito a scelte monocratiche, cioè non per iniziativa parlamentare ma governativa, tuttavia queste agenzie, come ad esempio quella italiana, l’Agenzia per la cybersicurezza nazionale, ha compiti e funzioni attribuitigli dal Parlamento.

E tuttavia, un’agenzia governativa come ACN fa molte cose ma non fa tutto.

CHE COSA FA L’AGENZIA PER LA CYBERSICUREZZA NAZIONALE

ACN non fa contrasto al cybercrime, che è compito della Polizia di Stato con le sue articolazioni specializzate, e lo fanno le altre forze di polizia; ACN non fa intelligence, della raccolta di informazioni si occupano AISE e AISI, coordinati dal DIS; ACN non si occupa della protezione di asset militari, che è compito della Difesa.

L’ACN si occupa di resilienza e protezione cibernetica, in particolare delle infrastrutture critiche nazionali. Protegge i soggetti sotto il Perimetro nazionale di sicurezza cibernetica secondo le modalità previste dalla legge e poi i soggetti NIS, le Telco, e i soggetti costituzionali o di rilevanza costituzionale.

• ACN svolge attività operativa di Protezione e risposta agli incidenti e alle crisi cibernetiche. Negli ultimi due anni, ha fatto letteralmente ripartire decine di strutture sanitarie bloccate da ransomware permettendo a radiologia, oncologia, Cup e pronto soccorso di continuare a funzionare​.
  
• ACN svolge un’intensa attività di Policy e Regulation. Ad esempio, ACN ha redatto il Regolamento Cloud per mettere al sicuro i dati ordinari, critici e strategici del nostro paese, avviato i laboratori di prova e scritto le linee guida sulla crittografia e per la gestione sicura delle password.
  
• ACN si occupa di sviluppo tecnologico, ad esempio, finanziando le startup del Cyber Innovation Network per favorire lo sviluppo di progetti e prodotti industriali nei campi della robotica, IA, Quantum computing, crittografia, data science, data mining, cybersecurity. Oppure attraendo finanziamenti europei come nel caso dell’AI Factory. Tutto questo nella cornice dell’autonomia strategia nazionale.
  
• ACN si occupa di formazione e ricerca, ad esempio, attraverso l’Agenda di Ricerca e Innovazione, finanziando le borse di studio di dottorato, sottoscrivendo accordi con ANVUR, Mur e Ministero dell’Istruzione e del merito. Tutto questo per favorire l’inserimento nei programmi scolastici e universitari dello studio delle materie Stem e collegate alla cybersicurezza, le relazioni tra i ricercatori, lo sviluppo di una base di competenze e professionalità di carattere nazionale. È noto inoltre il contributo che ACN ha dato dalle sue origini alle iniziative del Laboratorio Nazionale di cybersecurity del CINI per “allevare” i migliori talenti italiani del settore attraverso iniziative come la Cyberchallenge.
  
• ACN si occupa di finanziare la progettazione e realizzazione di una Pubblica Amministrazione sempre più pronta a reagire alla minaccia cibernetica e ha erogato fondi PNRR per innalzare la postura delle PA come Autorità portuali, società in house regionali e agenzie di protezione ambientale (€100 mln), ma ha anche scritto le linee guida e finanziato la realizzazione di CSIRT regionali.
  
• ACN ha realizzato con Confindustria e Generali il Cyber Index PMI strumento di autovalutazione del rischio cibernetico per le PMI e con il mondo delle imprese ha sviluppato un RoadShow territoriale di 8 tappe per parlare di anticipazione del rischio cibernetico da parte delle PMI.
  
• L’Italia, attraverso l’ACN, ha promosso il G7 cybersecurity Working Group durante la presidenza italiana del G7. Sulla piattaforma proposta dall’Italia sono convenuti gli altri sei grandi, l’Ue e l’Enisa che hanno individuato importanti convergenze su tre temi: la protezione internazionale delle infrastrutture critiche, la lotta senza quartiere al Ransomware, la necessità di guidare lo sviluppo sicuro dell’Intelligenza Artificiale. In questa azione di proiezione internazionale ACN coopera con i 61 paesi che partecipano alla Counter Ransomware Initiative, e i 21 paesi che hanno aderito con ACN alla dichiarazione di Bletchley park sullo sviluppo sicuro dell’Intelligenza Artificiale.

Il lavoro dell’ACN, svolto da personale altamente qualificato (il 75% è laureato e il 25% ha un master o un dottorato), è fatto anche dai bravissimi tecnici diplomati (tecnici del software, tecnici dell’hardware, penetration tester, tecnici di laboratorio), assunti tramite concorso, nel 2024 (65 unità), mentre stanno prendendo servizio i vincitori di un altro concorso pubblico per 45 giuristi specializzati in cybersecurity, visto l’incremento delle attività di Policy & Regulation che la legge richiede all’Agenzia, dopo l’entrata a regime della NIS2.
Nel 2025 ci saranno nuovi concorsi.

No, la cybersecurity non è solo un fatto di nerd.

(arturo di corinto)

dicorinto.it/agenzia-per-la-cy…

L’Associazione Stampa Romana esprime solidarietà a Marco Carta, giornalista di Repubblica che si è occupato degli intrecci tra tifo ed estrema destra, ieri attaccato con uno striscione esposto nei pressi dello Stadio Olimpico. Ancora una volta un cronista che approfondisce il tema dei rapporti pericolosi del mondo ultras, con organizzazioni estremistiche o con la criminalità è oggetto di una grave e inaccettabile intimidazione.

La Segreteria ASR

dicorinto.it/associazionismo/s…

La realizzazione e la messa in onda dei programmi di informazione e approfondimento dei più noti e apprezzati della Rai – format ormai iconici come Report, Chi l’ha visto, Agorà, Presa Diretta, Mi manda Raitre… solo per citarne alcuni – è garantita ogni giorno da centinaia di giornalisti professionisti che lavorano senza il contratto giornalistico. Inquadrati nelle redazioni in condizioni di precarietà formale o di fatto: per la gran parte con contratti da partita iva, oppure assunti come programmisti. Lavorando gomito a gomito con colleghi che svolgono le stesse identiche mansioni ma sono invece assunti con il regolare contratto giornalistico FNSI-Usigrai.
Centinaia di lavoratori della prima azienda culturale – pubblica – di questo Paese che da anni attendono il completamento di un percorso di regolarizzazione cominciato nel 2019 con la cosiddetta ‘Fase 1’: un accordo tra Rai e sindacati che portò all’assunzione di oltre 200 colleghi e che prevedeva per iscritto una – appunto – ‘Fase 2’ rimasta totalmente inapplicata.
Sono passati sei anni da quell’accordo, due anni dall’unico incontro per il ‘tavolo Fase 2’, un anno da una affollata e lunga assemblea che ha chiesto all’azienda la riapertura del tavolo e 4 mesi da un partecipatissimo presidio pubblico in viale Mazzini cui hanno preso parte anche i maggiori leader delle organizzazioni sindacali aziendali e delle confederazioni nazionali.
Per questo, assieme a Stamparomana, l’assemblea dei giornalisti della ‘Fase 2’ torna a riunirsi e invita per un confronto l’azienda, il cda, la commissione di vigilanza e i sindacati.
È ora di cambiare. È ora di riconoscere dignità e sicurezza a chi fa informazione nel servizio pubblico: per la dignità del lavoro, per una informazione libera, per combattere il precariato.

Assemblea giovedì 20 marzo – ore 16 – sede di STAMPAROMANA piazza della Torretta 36 – Roma

L’Assemblea dei giornalisti RAI “Fase 2”

dicorinto.it/associazionismo/g…