In the wake of the recent surge of cyber attacks on western critical national infrastructure, Italy has decided to step up its defenses by establishing a national cyber strategy and body to formally oversee cybersecurity and set new regulations.
On 10-Jun-21, it was reported that Italy has created a national cyber security agency following warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian “interference”. The new agency was approved in a Cabinet meeting late on Thursday (June 10). It will need to “protect national interests and the resilience of services and essential functions of the State from cyber threats”, a government statement said. Speaking in Brussels on May 25, following a European Union summit, Mr Draghi said urgent action was needed. “We need to strengthen ourselves a lot, especially in terms of cyber security, all of us, at national level and at EU level… because the level of (Russian) interference both with spies and with manipulation of the Web has become truly alarming,” he said.
Commendably, on 15-Jun-21, the Italian government rapidly introduced new cyber regulations to bolster defenses of critical national infrastructure services. The government decided to expand the actors included in the national cybersecurity perimeter to include public and private companies. Those in scope will have the obligation to promptly report attacks or incidents detected, as well as to adapt the protection measures of their networks to defined standards if they want to continue operating. The companies concerned are those that perform essential functions for the maintenance of activities that are fundamental to the state’s interests in key sectors, including telecommunications, health, energy, finance, transport, defence, aerospace, and digital services. In a note on Tuesday (15 June), the office of the Italian prime minister explained that the companies included in the perimeter “exercise, through networks, information systems and IT services, 223 essential functions of the state, or provide essential services for the maintenance of civil, social or economic strategic activities”.
In the coming months, the companies will have to implement adequate protection measures for the increasingly frequent IT risks and notify the Italian Csirt, the computer security incident response team, of any incidents that may occur.
