Cybersecurity infrastructures - 'Ferrari fast and Fiat cheap'

By Adamantios Koumpis September 27, 2022

Cybersecurity infrastructures - ‘Ferrari fast and Fiat cheap’

The title of this blog may seem deliberately provocative but it is actually not meant at all as such. We could also have used some other car brand – so we could have named the blog: ‘Why not buy a Porsche and pay the price of a Volkswagen Polo?’ The original ‘Ferrari fast and Fiat cheap’ idea comes from Alberto Savoia and a presentation he made about ‘How to Succeed by Failing ‘Ferrari Fast’’ which you can listen to as a podcast here.

So here is the context: public organisations are supposed to focus on forward-looking investments that shall contribute to what we use to call ‘digital transformation’.

This implies the introduction of new and improved services for e-government, the latter also incorporating the uptake of EU-wide interoperable services offered by public administrations not only to citizens, but also companies and other public entities.

Against this background, policy-makers want to encourage the use of advanced IT such as artificial intelligence and machine learning. It is therefore on-trend to promote such future-orientated services.

What one may tend to forget is that these services need to be reliable, the infrastructures they build upon need to be trustworthy, and they have to ensure confidence to all involved parties, namely citizens, companies and the other public entities that interact with them. To result this aim, is the need to reinforce enterprise-wide cybersecurity value chains and measures to help public organisations protect themselves from hacking and ransomware, although identity theft may seem like a lesser priority.

An analogy might be that it is like spending money for building fire escapes and buying fire extinguishers for a new building that one is about to buy, or spending money for safety belts and air bags for a car. While these things that are considered as essential for houses and for vehicles, cybersecurity is wrongly regarded as being of a lesser priority and of secondary importance.

Expenditure is sometimes incurred without knowing the extent to which it will be useful. For example, public organisations purchase defibrillators although they hope, that they remain unused, and without knowing if they will serve their purpose or not. It is similarly the case with regard to Public Sector cybersecurity, where the approach we take in CS-AWARE integrates the soft aspects of the design of cybersecurity solutions for the public sector. This approach both makes sense, and an important difference: we tailor the design of the solutions we offer according to the needs and the profile of our customers. This is not a luxury at all, but rather a ‘bare necessity’.

Adamantios Koumpis