The government is about to approve the decree that bans all Russian IT security products and services – not just Kaspersky, therefore – from all Italian public administrations. Such as municipalities, regions, ministries, health authorities and schools. The decree had been announced by the government in recent days precisely for the Kaspersky case; today a draft has leaked, which ItalianTech could read.
Doubts about Kaspersky
Alarm from the Cybersecurity Agency: “Beware of Russian software”
by Arturo Di Corinto
The decree against Russian software and cyber security products
All Italian public bodies are therefore obliged to “diversify” if they have IT security technological products and services. In short, they must replace them with others. In particular, the contracting authorities of the PA are asked to provide for the purchase of alternatives. The decree recalls what was indicated during the week by the National Cyber Security Agency, which advised, even private individuals, not only companies with Russian technology, to carry out an urgent “risk analysis” and to diversify. The decree specifies, taking from what is indicated by the Agency, the categories of products and services to be replaced.
- device security (endpoint security), including antivirus, antimalware and Endpoint detection and Response (in abbreviation, Edr);
- Web application firewall (Waf);
- e-mail protection;
- protection of cloud services;
- Managed security service.
Why replace Russian technology
The decree explains this ban with pragmatic reasons, according to which the war could jeopardize the quality, updates of these software and products and thus exposing administrations to a danger.
Of the same opinion, the Agency: “It is not excluded that the effects of the conflict could compromise its reliability and effectiveness, as it could affect the ability of supplier companies linked to the Russian Federation to ensure adequate support for their products and services “. The Agency stated that however for now there is no evidence of this reduced quality.
In short, the government renounces to evoke a risk for the security of the country, of sabotage or Russian espionage perpetrated through these software. Yet Undersecretary Franco Gabrielli had evoked this risk: that protection software could become a “weapon” against us. More explicit is a question from four parliamentarians (first signatory Niccolò Romano, Mixed Group, former M5S): there is a “possible risk for the cybersecurity of our systems, as if the FSB or the Russian military wanted to steal data or perpetrate destructive actions of cyber sabotage to the detriment of public bodies and deprives those falling within the ‘cyber perimeter’, where they had the power of legal or institutional coercion against Kaspersky Lab, they could convey, by inserting it in updates, the potential code with malicious purposes “.
Kaspersky and Russian software, witch hunt or real threat?
by Pierluigi Paganini
A question of technological sovereignty
For the Government, the motivation of technological sovereignty, ie the need to be autonomous and independent in fundamental technologies, is enough to justify the ban. Italy cannot afford to rely on technologies which – apart from the risk of espionage – could become unreliable or suddenly be blocked at the behest of an enemy country. A bit like Russia is now blocking ships with grain bound for Europe, in short.
It is no coincidence that the same decree strengthens the golden power, exercised so far to prevent Chinese companies from expanding in Italy in critical sectors such as 5G, on the basis of what is also happening in other countries (the United States in the lead).
Roberto Baldoni, director of the cyber agency, explained it this way: you need to have control over key technologies such as those of information security, even going so far as to be able to develop them ourselves; be as independent as possible, to grow in innovation and digital skills, prerequisites for economic development.
In short, digital sovereignty to be a developed country in the future. Which is the same vision underlying Europe’s digital strategy.