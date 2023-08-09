The cyber resilience of Italy cannot ignore a collective effort between the National Cybersecurity Agency (Acn) and public administrations . From this premise arises the directive 6 July 2023 of the President of the Council of Ministers now published in the Official Gazette. The document provides directions for strengthen the management of cybersecurity threats and incidents in the public administrationwith a enhanced role forAcn and its operating arm, the Csirt Italy (Computer security incident response team).

The directive (“coordination and organization guidelines aimed at promoting the adequate and coordinated management of cyber threats, incidents and crisis situations of a cyber nature”) calls on the administrations to operate guaranteeing that the Acnin carrying out its institutional activities and, in particular, the operators of Csirt Italia, even in the case of on-site intervention following an accident, have the full support of the impacted subjectseven if they make use of in-house companies or in any case under public control.

Cybersecurity agency, role strengthened

The intensification and the growing sophistication of cyber threats in the current geo-political context urgently imposes the achievement of a high level of cybersecurity, the implementation of effective measures to manage the related risks, as well as the need for immediate and as complete situational awareness, the decree states. This is aimed not only at achieving a higher protection and response capacity in the face of cybernetic emergencies, but also at having an analytical framework of the threat functional to the exercise of political direction.

Analysis of the PNRR 2 Decree: all the news on public employment

In that context, “the National Cybersecurity Agency is entrusted by law with the task of developing national capabilities for prevention, monitoring, detection, analysis and responseto prevent and manage computer security incidents and cyber attacks, specifically attributed to the operational component of the Agency (Csirt Italia), whose staff, moreover, is expressly recognized, in the performance of the related functions, as a public official. In the exercise of this task, and for an immediate and effective result for the purposes of risk containment and damage mitigation, the Agency can appeal, in implementation of the art. 5, paragraph 5, of the founding decree (decree-law n. 82 of 2021), to the collaboration of other state bodies and other administrations“.

Cybersecurity, coordination with the Public Administrations

The role of the Acn and the cooperation of the Public Administrations is also defined as essential for the purpose of acquiring complete and exhaustive situational knowledge aimed at allowing “any useful threat analysis and assessment operation, functional to the prevention and management of cybersecurity incidents”.

“Consequently, for as long as necessary for the full exercise of their powers”, reads the decree, the operators of the Csirt must have “access to premises, information systems and computer networks pertaining to the impacted administrations, compatibly with the limits and constraints deriving from the prerogatives of the judicial authority”.

From the application area they remain excluded “the state bodies responsible for the prevention, detection and repression of crimes, the protection of public order and security and the defense and military security of the state, as well as the information bodies for the security referred to in articles 4, 6 and 7 of the law 3 August 2007, n. 124”.

The decree is part of the broader national cybersecurity strategy adopted by decree of the President of the Council of Ministers on 17 May 2022.

@ALL RIGHTS RESERVED

Share this: Twitter

Facebook

