Nobody saves himself alone. The watchword is cooperation. This is the ultimate meaning of the national cybersecurity strategy 2022-2026 presented today at Palazzo Chigi by undersecretary Franco Gabrielli and professor Baldoni, director of the ACN (National Cybersecurity Agency).
Cybertech Europe, the world of cyber defense collects ideas
by Arturo Di Corinto
06 Maggio 2022
In fact, the strategy has precisely the collaboration between state institutions, businesses, public administration and the University as its main focus. The strategy, including a 27-page glossary, and the 82 measures necessary for its implementation finally make public, in black and white, what will be Italy’s cyber posture in the coming years, respecting everyone’s skills, but urging the whole of society to do its part.
On the other hand, the pandemic of ransomware attacks against companies in the last two years, the daily phishing campaigns against the public administration, the DDoS attacks on banks and ministries these days, and the long-standing foreign cyber espionage, amply justify the need. of a strategy and, for once, with certain funding within a clear regulatory framework.
Smishing alert: SMS is the new, old weapon in the hands of cybercriminals
by Emanuele Capone
11 Maggio 2022
As Prime Minister Mario Draghi writes in the introduction to the presentation document: “The Italian strategy for cybersecurity combines security and development, in compliance with the values of our Constitution. It is in line with the provisions of the European Union strategy for cybersecurity of December 2020, the Strategic Compass for EU security and defense of March 2022 and the recent strategic guidelines of NATO. To do this, it will be crucial to allocate adequate funds on a continuous basis ”.
And this in the awareness that cyber threats “are aimed at obtaining illicit profits (cyber-crime), generating information advantage for the purposes of geopolitical competition (cyber-espionage), spreading divisive and polarizing narratives in adherence to specific ideologies or political motivations, no organization, even if technologically equipped and procedurally prepared, can aspire to completely eliminate the threats that emanate from cyber space ”. Therefore in order to counter these threats there are five pillars of the strategy:
- Ensuring a cyber resilient digital transition of the public
- Administration (PA) and the productive fabric
- National and European strategic autonomy in the digital sector
- Anticipating the evolution of the cyber threat
- Cyber crisis management
- Counteracting online disinformation in the broader context of the so-called hybrid threat
Orange alert in Italy. The Cyber Agency lists 70 vulnerabilities to be fixed
by Arturo Di Corinto
13 Maggio 2022
The measures of the strategy
Strengthen, promote, prepare, strengthen, foresee, implement are the most common terms in the 82 measures to be applied to the country system by the ACN in collaboration with the competent institutions.
So if in the Measure # 1 it is planned to “Strengthen the national technological scrutiny system to support the security of the supply chain and the adoption of European cybersecurity certification schemes, also through the accreditation of public / private assessment laboratories; in Measure # 10 the publication of guidelines on cybersecurity for Public Administrations is expected, with reference to the transition to the cloud for a continuous and automated management of cyber risk, according to a “zero trust” approach. There Size # 16 on the other hand, it expresses the importance of facilitating the secure migration of Public Administration services and data to the cloud, in line with the Cloud Italy strategy; Measure # 22 promotes the use of cryptography in an unclassified context; Measure # 32 proposes the creation of an infrastructure of High Performance Computing dedicated to national cybersecurity, as well as the development of simulation tools, based on Artificial Intelligence and machine learning, to support the phases of prevention, discovery, response and prediction of the impacts of systemic cyber attacks.
War is not that far off, and cybercrime could benefit from it
by Pierluigi Paganini
24 Maggio 2022
And then again, in Measure # 33 there is the increase of the response and recovery capacities following cyber crises by implementing a network of sectoral CERTs integrated with CSIRT Italy, as well as a national crisis management plan.
And “cybersecurity national park“That hosts the infrastructures necessary for carrying out research and development activities in the field of cybersecurity and digital technologies, equipped with a” widespread “structure, with branches distributed throughout the national territory, is what the Size # 49 which goes in tandem with the next one is aimed at promoting the internationalization of Italian companies that offer cybersecurity products and services
All this under the banner of a renewed importance attributed to the research and development sectors of new technologies, also through financing, public and private investments with particular
reference to startups and innovative SMEs in the Size # 54 and the provision of incentives for the development of startups operating in the cybersecurity sector and public-private partnerships with female-run cybersecurity companies in Measure # 64
The objective is therefore clear: “plan, coordinate and implement measures aimed at making the country safe and resilient even in the digital domain, while ensuring citizens’ trust in the possibility of exploiting its relative competitive advantages, in full protection of rights and fundamental freedoms; it implies the recognition that “cybersecurity has become an issue of strategic importance, and must be at the basis of the country’s digital transformation process, also with a view to achieving strategic national autonomy in the sector; and with a recommendation: “cybersecurity must not be perceived as a cost, but as an investment and an enabling factor for the development of the national economy and industry, in order to increase the competitiveness of the country-system at a global level” ; which is why “the securing of infrastructures, systems and information from a technical point of view must be accompanied by cultural progress at every level of society, towards a” security-oriented “approach, an indispensable element for protecting our value system and democratic”.
The Agency will not do everything by itself. These aims pursued through the recent reform of the national cyber architecturecome from afar, from the Monti decree of 2013, to the Gentiloni decree of 2017, up to the adoption of European directives such as the Nis, the Gdpr and the creation of the national cyber security perimeter with the Conte1 and 2 governments and then with the establishment of the National Cybersecurity Agency (ACN), which with Draghi in charge has set the goal of rationalizing and simplifying the fragmented system of competences existing at national level.
The Agency, as the National Cybersecurity Authority, will have various tasks in addition to preparing the national cybersecurity strategy but presents itself as an additional pillar to complete the existing ones for the prevention and repression of computer crimes (under the responsibility of the Forces of police), defense and military security of the State in cyber space (pertaining to the Ministry of Defense) and information research and processing (within the competence of the Security Information Bodies).
The funds of the strategy
The financial allocation to implement the first interventions is a fundamental element for the implementation of the strategy. The PNRR specifically allocates 623 million to the strengthening of Italian cybersecurity, with over half, over 300 million only for the Public Administration. But, as stated in the document, specific funds may also be made available from year to year from financial laws, to support specific projects of interest. To this end “a percentage share of gross national investments on an annual basis will be reserved”. These financial levers may also consist of tax relief for companies or the introduction of national areas with subsidized taxation for the establishment, for example, of a “national cybersecurity park” and related “hubs” located throughout the country.
Furthermore, there will also be the funding that the Agency will be called upon to manage as a European National Coordination Center (NCC) according to the rules establishing the European Competence Center for cybersecurity in the industrial, technological and research fields, together with the network of national coordination centers, which will in particular channel funding from the Horizon Europe and Digital Europe programs.