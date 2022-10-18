Listen to the audio version of the article

The Danish island of Bornholm is located in the Baltic Sea, near the Nord Stream gas pipelines. On 10 October she ran out of electricity. Forty thousand people in the dark. The cause of the outage, probably a leak in the cable connecting the island to Sweden, was not immediately clear. A few weeks earlier, the European Parliament had launched the hypothesis that the attack on the pipeline was part of a wider Russian plan to sabotage Western submarine connections, thus once again raising the urgency of a European plan for the defense of strategic infrastructures . Plan that, in reality and in part, already exists. Last May the Network Information Systems (Nis2) directive was updated.

In short, the European Community has expanded the criteria of the NIS1 directive, which already provided for an improvement in security and its management in the member countries and which had an important focus on critical infrastructures. The update of the NIS has extended the directives relating to security also to medium and large companies that may have to do with the country system or that operate in critical markets. For example, the distinction between essential service providers and digital service providers is eliminated. Result? Small businesses are excluded from the scope of the directive, unless they indicate a key role in the provision of essential services within the Union or operate in particular sectors or types of services, as in the case of the Public Administration, as they are covered. automatically by the directive, regardless of their size.

In Italy, the extension of this directive therefore concerns almost all large production companies. Individual governments, then, have been given freedom on the security procedures that companies dealing with more business or service aspects must adopt. This has created a weak point in the system, however, because cybercriminal attacks have so targeted the supply chain and now involve third parties and suppliers who are not adequately protected. “Thus – explains Gastone Nencini, country manager of Trend Micro Italia – the attack manages to penetrate the infrastructures and then reaches the final target, which can be a production company that follows the Nis2 directive”. To overcome this criticality, the cybersecurity expert suggests, the Italian government should give specific guidelines on cybersecurity and on the use of new technologies even for small businesses. “Central coordination and continuous dialogue between institutions, companies and cybersecurity providers is very important to adequately protect the country system”.

As if to say, if we all talk to each other, and in an orderly way, it is better for everyone.