Interview to Mr Andrea Pirotti, Executive Director of ENISA
Inserito da Redazione il Gio, 2005-01-06 16:18
Dicembre 2004 | English | ENISA | Security
0412-gb-pirotti
On 6th October, Andrea Pirotti was
questioned, evaluated and then confirmed by the European Parliament as
Executive Director of Enisa, the European Network and Information
Security Agency. He is currently the only Italian Director out of the
sixteen European agencies
Thank you, Mr Pirotti for allowing us to interview you. First of all, could you tell us what Enisa is?
Enisa is a centre of excellence assembling European experts in the field of network and information security, which will provide information and advice to the European Commission, the Parliament and various European Member States in the field of network and information security. The agency will serve, indirectly, as an intervention force, being, in the main, an information centre for spreading culture and information security, and will exert tutoring and monitoring functions; Enisa will also be responsible for spreading the culture of "network protection", in particular, in the weakest and most sensitive areas, for example small and medium sized enterprises or citizens. The objective of the agency is also to help the Member States who are less organised in the field of information security to reach an appropriate level, since weak links in the information chain can be risky.
It is important to know that both public and private administrations can address Enisa.
What is the role of the Executive Director of the agency?
The agency is, for charter, an independent body. The Executive Director of Enisa corresponds, in the Italian language of enterprise, to the General Executive Manager. He is to respond before the European Parliament and the European Commission on the smooth administrative and operational management of the agency. At the beginning of each financial exercise, the Director presents the Work Programme for the following year and the budget for the administrative and operational management of the agency.
You have worked in the Armed Forces, then in a big multinational firm and eventually in the Central Public Administration; you are today the Director of a European agency. What is the ideal link between these experiences? Are there many differences, like values, behaviours and objectives to you between these domains?
I believe that there is a link between all my working experiences: in the Armed Forces I have learned to manage men, in Marconi I have learned to work for objectives, in Public Administration I have learned what being a civil servant and working for the citizens mean. All these together have led me to Enisa, where I will have to put all these abilities together. There are certainly important differences between private and public sector: from this point of view, Enisa is a hybrid as it is a public body with strong private sector features.
How was the selection process in order to become Executive Director of Enisa?
In April 2004, the vacancy notice was published on the European Official Journal. 125 candidates coming from all the Member States of the Union had applied for the post; the Commission carried out five selections, and eventually reached a final list of four candidates, myself included, which was presented before the Management Board of Enisa on 14th September 2004. The Management Board voted in plenary session, after having examined and evaluated the final four candidates through a system of subsequent ballots, with the exclusion of the candidate having the smallest number of votes. In order to be elected, a majority of the two-thirds who had the right to vote was necessary, i.e. 19 votes out of 28. I was elected with 23 out of 28
On 6th October, I successfully presented myself to the hearing before the European Parliament, which confirmed my nomination as Executive Director of Enisa.
Why have YOU been selected?
I believe that the choice was the result of different factors. I have lived in various foreign countries. I have always dealt with information security: in the first place, by tackling equipment for coding information and electronic war in the Armed Forces; then, by working for 27 years in Marconi Communications with operational assignments in Spain, Hong Kong, India, China, Malaysia and South America; and finally by being adviser to the Italian government for the Nis (Network and information security).
Let’s speak about information security: Italy seems to lag behind on this topic in spite of the efforts made and also in terms of legislation, during the last years. What is your opinion?
It is true to a certain extent, Italy has not been in the forefront in the field of information security; but it is making steps forward and I am, therefore, confident about its development.
The Italian PA has equipped itself, during the past months, with an organisation for security (National Technical Committee) and of a reference framework (Proposals of the Cnipa): will Enisa do the same?
Yes, it will. Enisa is a sort of international technical committee and will promote awareness, i.e., it will spread knowledge of ICT protection and security in all the social spheres.
Following the dramatic events of 11th September 2001, information security has become a national and international priority. You have been member of the national Observatory for Networks security and Protection of Communications. What is this about? What is the status of national information critical infrastructures?
The observatory is chaired by the Ministry of the Communications, represented by the excellent Director General Luisa Franchina, and is composed of representatives of the Ministries of Justice, Internal Affairs, Defence, Production Activities and by the President of the Council of Ministers.
In March 2004, the Observatory organised a meeting in Rome with Governments world-wide on the topic of critical infrastructures: the event lasted two days, of which one day was solely dedicated to the governmental representatives and the other open also to the experiences of industry and the exchange of opinions with the sector of security producers. Italy has opened the debate "telling and telling itself" the blackout experience on 28th September 2003.
What would you suggest to a young person if he/she wanted to take up a career in “security management”? What kind of studies (education)?
A degree in information technology and a lot of technical experience.
Is it important to tackle international experiences?
Yes, it is very important, because we Italians are provincial and, usually, we do not adapt well in environments which are different from our own. A long experience abroad is highly useful in order to be appreciated and accepted by international colleagues. However, beware: those who want to have experiences abroad, must do it seriously, that is, by always living and working in multicultural environments, in order to understand the uses and traditions of European and worldwide peoples; otherwise an experience which could have been very worthwhile is in fact not worthwhile at all.
What are you reading these days?
"A Jesuit in China" by Giulio Andreotti, which is fascinating. It puts me back to the times of my activity in Far East. I have the privilege of knowing President Andreotti, someone whom I admire.
Do you have any book to suggest to our readers who deal with ICT Security?
The encyclopedia of Security by Mitch Tulloch, http://www.mtit.com/mitch/default.htm, published in Italy from Mondatori: a simple and clear text.
What do you do in the private life?
In this period.....I am my work!!!!
Which are your other hobbies and interests?
My family, without whom I would not have been able to achieve the objectives in my life.
Thanks for the interview and good job!
Thanks to you.
ENISA: http://www.enisa.eu.int
CNIPA: http://www.cnipa.gov.it
Minister for Innovation and technologies: http://www.innovazione.gov.it/eng/index.shtml
The encyclopedia of Security by Mitch Tulloch: http://www.mtit.com/mitch/default.htm
Giulio Andreotti’s web pages: http://www.senato.it/leg/13/BGT/Schede/Attsen/00000074.htm
ENISA aims at ensuring particularly high levels of network and information security within the Community. The Agency will contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the internal market.
The Agency assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation.
ENISA will ultimately serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.
What's new
3-4/11/04 - RSA Conference (Barcelona) - Speech by Mr Francisco García Morán, Acting Director General, Directorate General « Informatics » European Commission: "Network & Systems Security Policy: The European Commission's Perspective"
http://www.enisa.eu.int/doc/ppt/moran_speech.ppt
27-28/10/04 - Amsterdam - Speech by Mr Fabio Colasanti, Director General Information Society – European Commission: "eEurope and Security a Policy View"
http://www.enisa.eu.int/doc/word/colasanti_speech_final.doc
17/09/2004 - European Network and Information Security Agency up and running
http://www.enisa.eu.int/doc/pdf/press_release.pdf
25/03/2004 - Erkki Liikanen speech on "European Network Security"
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEECH/04/148|0|RAPID&lg=EN&display=
The Dutch EU Presidency has opened an online discussion forum (http://enisa.ejure.org) about the new European Network Information Security Agency (ENISA).
Fields of activity:
Thank you, Mr Pirotti for allowing us to interview you. First of all, could you tell us what Enisa is?
Enisa is a centre of excellence assembling European experts in the field of network and information security, which will provide information and advice to the European Commission, the Parliament and various European Member States in the field of network and information security. The agency will serve, indirectly, as an intervention force, being, in the main, an information centre for spreading culture and information security, and will exert tutoring and monitoring functions; Enisa will also be responsible for spreading the culture of "network protection", in particular, in the weakest and most sensitive areas, for example small and medium sized enterprises or citizens. The objective of the agency is also to help the Member States who are less organised in the field of information security to reach an appropriate level, since weak links in the information chain can be risky.
It is important to know that both public and private administrations can address Enisa.
What is the role of the Executive Director of the agency?
The agency is, for charter, an independent body. The Executive Director of Enisa corresponds, in the Italian language of enterprise, to the General Executive Manager. He is to respond before the European Parliament and the European Commission on the smooth administrative and operational management of the agency. At the beginning of each financial exercise, the Director presents the Work Programme for the following year and the budget for the administrative and operational management of the agency.
You have worked in the Armed Forces, then in a big multinational firm and eventually in the Central Public Administration; you are today the Director of a European agency. What is the ideal link between these experiences? Are there many differences, like values, behaviours and objectives to you between these domains?
I believe that there is a link between all my working experiences: in the Armed Forces I have learned to manage men, in Marconi I have learned to work for objectives, in Public Administration I have learned what being a civil servant and working for the citizens mean. All these together have led me to Enisa, where I will have to put all these abilities together. There are certainly important differences between private and public sector: from this point of view, Enisa is a hybrid as it is a public body with strong private sector features.
How was the selection process in order to become Executive Director of Enisa?
In April 2004, the vacancy notice was published on the European Official Journal. 125 candidates coming from all the Member States of the Union had applied for the post; the Commission carried out five selections, and eventually reached a final list of four candidates, myself included, which was presented before the Management Board of Enisa on 14th September 2004. The Management Board voted in plenary session, after having examined and evaluated the final four candidates through a system of subsequent ballots, with the exclusion of the candidate having the smallest number of votes. In order to be elected, a majority of the two-thirds who had the right to vote was necessary, i.e. 19 votes out of 28. I was elected with 23 out of 28
On 6th October, I successfully presented myself to the hearing before the European Parliament, which confirmed my nomination as Executive Director of Enisa.
Why have YOU been selected?
I believe that the choice was the result of different factors. I have lived in various foreign countries. I have always dealt with information security: in the first place, by tackling equipment for coding information and electronic war in the Armed Forces; then, by working for 27 years in Marconi Communications with operational assignments in Spain, Hong Kong, India, China, Malaysia and South America; and finally by being adviser to the Italian government for the Nis (Network and information security).
Let’s speak about information security: Italy seems to lag behind on this topic in spite of the efforts made and also in terms of legislation, during the last years. What is your opinion?
It is true to a certain extent, Italy has not been in the forefront in the field of information security; but it is making steps forward and I am, therefore, confident about its development.
The Italian PA has equipped itself, during the past months, with an organisation for security (National Technical Committee) and of a reference framework (Proposals of the Cnipa): will Enisa do the same?
Yes, it will. Enisa is a sort of international technical committee and will promote awareness, i.e., it will spread knowledge of ICT protection and security in all the social spheres.
Following the dramatic events of 11th September 2001, information security has become a national and international priority. You have been member of the national Observatory for Networks security and Protection of Communications. What is this about? What is the status of national information critical infrastructures?
The observatory is chaired by the Ministry of the Communications, represented by the excellent Director General Luisa Franchina, and is composed of representatives of the Ministries of Justice, Internal Affairs, Defence, Production Activities and by the President of the Council of Ministers.
In March 2004, the Observatory organised a meeting in Rome with Governments world-wide on the topic of critical infrastructures: the event lasted two days, of which one day was solely dedicated to the governmental representatives and the other open also to the experiences of industry and the exchange of opinions with the sector of security producers. Italy has opened the debate "telling and telling itself" the blackout experience on 28th September 2003.
What would you suggest to a young person if he/she wanted to take up a career in “security management”? What kind of studies (education)?
A degree in information technology and a lot of technical experience.
Is it important to tackle international experiences?
Yes, it is very important, because we Italians are provincial and, usually, we do not adapt well in environments which are different from our own. A long experience abroad is highly useful in order to be appreciated and accepted by international colleagues. However, beware: those who want to have experiences abroad, must do it seriously, that is, by always living and working in multicultural environments, in order to understand the uses and traditions of European and worldwide peoples; otherwise an experience which could have been very worthwhile is in fact not worthwhile at all.
What are you reading these days?
"A Jesuit in China" by Giulio Andreotti, which is fascinating. It puts me back to the times of my activity in Far East. I have the privilege of knowing President Andreotti, someone whom I admire.
Do you have any book to suggest to our readers who deal with ICT Security?
The encyclopedia of Security by Mitch Tulloch, http://www.mtit.com/mitch/default.htm, published in Italy from Mondatori: a simple and clear text.
What do you do in the private life?
In this period.....I am my work!!!!
Which are your other hobbies and interests?
My family, without whom I would not have been able to achieve the objectives in my life.
Thanks for the interview and good job!
Thanks to you.
Links
ENISA: http://www.enisa.eu.int
CNIPA: http://www.cnipa.gov.it
Minister for Innovation and technologies: http://www.innovazione.gov.it/eng/index.shtml
The encyclopedia of Security by Mitch Tulloch: http://www.mtit.com/mitch/default.htm
Giulio Andreotti’s web pages: http://www.senato.it/leg/13/BGT/Schede/Attsen/00000074.htm
BIO
Andrea Pirotti, 56 years old, began his professional career in the Armed Forces in the field of telecommunications security; he has since worked for over 20 years in Marconi until he took up his duties as Vice President; he has also been adviser for the Ministry of Communications for Network and Information Security. He can be contacted via his website: http://www.pirotti.com/ENISA Overview
From: http://www.enisa.eu.int/ENISA aims at ensuring particularly high levels of network and information security within the Community. The Agency will contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the internal market.
The Agency assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation.
ENISA will ultimately serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information security.
What's new
3-4/11/04 - RSA Conference (Barcelona) - Speech by Mr Francisco García Morán, Acting Director General, Directorate General « Informatics » European Commission: "Network & Systems Security Policy: The European Commission's Perspective"
http://www.enisa.eu.int/doc/ppt/moran_speech.ppt
27-28/10/04 - Amsterdam - Speech by Mr Fabio Colasanti, Director General Information Society – European Commission: "eEurope and Security a Policy View"
http://www.enisa.eu.int/doc/word/colasanti_speech_final.doc
17/09/2004 - European Network and Information Security Agency up and running
http://www.enisa.eu.int/doc/pdf/press_release.pdf
25/03/2004 - Erkki Liikanen speech on "European Network Security"
http://europa.eu.int/rapid/start/cgi/guesten.ksh?p_action.gettxt=gt&doc=SPEECH/04/148|0|RAPID&lg=EN&display=
The Dutch EU Presidency has opened an online discussion forum (http://enisa.ejure.org) about the new European Network Information Security Agency (ENISA).
CNIPA
CNIPA is an Italian public structure coordinated by the Minister for Innovation and Technology.Fields of activity:
- draft the legislation on technological or technology related fields on the behalf of the Minister;
- elaborate technical regulations and guide-lines for the PA;
- convey to the PA the annual directive of the Government on ICT and to monitor the implementation;
- evaluate the large technological projects of the PA;
- experiment new technologies and analyse their impact on the organization.
» email this story | printer friendly version | 2868 reads
