An 82-point plan to increase Italy’s resistance against the ever-increasing cyber risk and aim for “digital sovereignty”, increasing professionalism and “indigenous” products (software and hardware). It is the National Cybersecurity Strategy 2022-2026 prepared by the National Cybersecurity Agency and presented today by the Delegated Authority for the Security of the Republic, Franco Gabrielli and by the Director of the Agency, Roberto Baldoni.
The new resources allocated
The available resources are impressive: 1.2% of gross annual national investments, net of European funds and the NRP (623 million euros). It is a “change of pace”, Gabrielli defined it, which aims to fill the delays accumulated by the country in this sector and thus respond to challenges destined to grow, as also indicated by the recent attacks that hit institutional sites – from the Senate to the Police – and that the undersecretary nevertheless asked not to emphasize. «It is not necessary – he explained – a hysterical attitude. If every time there is a ‘Ddos’ (Denial of service) attack we think that the country is at the mercy of foreign powers, we do not understand the level of threat ».
Gabrielli: 007 can make counterattacks
For Gabrielli it is important that “each do his own”. And the Strategy makes clear the competences of all those involved, from ministries to the police forces, from Defense to intelligence which, he recalled, “already today, under current legislation, enjoys functional guarantees and can carry out counterattack activities in cyber field “. While the Agency, Baldoni pointed out, “must become the beacon to which everyone will have to interconnect, but the management of the attacks is not delegated to the Agency. We provide the measures, the guidelines, but then everyone has to adopt them internally. In cybersecurity he does not delegate ».
Threat of disinformation online
And for too long, the commitment of both public and private entities in terms of cyber defenses has been low. The result was a structural, infrastructural and also cultural deficit which, Gabrielli and Baldoni agreed, «we can no longer afford». The Strategy with the connected Implementation Plan thus puts on paper the measures that all public administrations must implement; on 31 December the Agency – which also has the power to impose sanctions on non-compliant parties – will assess whether the objectives have been achieved. The document also takes into consideration the threat of online disinformation which aims to “condition / influence the country’s political, economic and social processes” and provides for “the implementation of a national coordination action” to prevent it.
The chapter of strategic autonomy
Finally, there is the chapter of strategic autonomy. Italy “consumes” digital products produced by other countries and this makes it vulnerable, as is the case with energy. A path has therefore been launched – which will not be short – to free oneself from “dangerous” dependencies: the example is that of the Russian Kaspersky antivirus, for example. To this end, a national cybersecurity park and delocalized hubs will be created throughout the Italian territory. It is, the Strategy indicates, “an incubator of skills and technologies, within which young talents and startups can come into contact with large companies and with the various national realities that, for various reasons, operate in the sector”. Supporting the development and production of national software and hardware for use in networks and systems of greater strategic importance.