A few days ago, the Council of Ministers approved a Decree Law which institutes the Agency for National Cybersecurity (ACN). This is powerful news, both from the point of view of defending public and private information infrastructures, and from the cultural and governance perspective. Italy has thus complied with the recent EU 'Regulation on cybersecurity', identifying in a very short time the 'national centre of competence' required of the Member States.
What characteristics will the Agency for National Cybersecurity have?
The need to create this new structure stems from the vulnerability of networks, information systems, computer services and electronic communications of public and private entities that can be exploited in order to cause the malfunctioning or interruption, total or partial, of essential State functions and services needed for the maintenance of civil, social or economic activities that are fundamental to the interests of the State.
The government thus wants to redefine the Italian architecture of cybersecurity by establishing a special agency to - says the press release - "adapt it to technological evolution, the context of threat from cyberspace, as well as the European regulatory framework, and to have to connect, also to protect the legal unity of the system, the provisions on the security of networks, information systems, computer services and electronic communications.
The ACN will be a body with 'legal personality under public law'; its director - chosen by the Prime Minister by decree, in agreement with the new 'Interministerial Committee for Cyber Security' (CICS) - will be Roberto Baldoni, until now deputy director of the Italian Department of Defence, with responsibility for cybersecurity, while Prime Minister Mario Draghi will act as 'high supervisor' of the national cyber security strategy.
Three hundred super-experts will kick off the activities. Then another 500 hyper-specialised professionals will join the forces, forming an army of 800 cybercrime warriors.
The Agency will have the function of defending the country's critical information infrastructures and coordinating the Recovery Fund's resources dedicated to cybersecurity. It is worth remembering that the PNRR speaks little of cybersecurity, to which it has allocated resources considered insufficient by the CISOs and DPOs of the Public Administration (62 million euros, out of a total endowment of 9.75 billion to innovate the PA). We are therefore happy to see that the government has allocated €530 million until 2027 for the creation of the Agency.
The cybersecurity nucleus, set up at the ACN, a sort of front line that provides support to the Prime Minister in the event of a crisis, is composed of the Prime Minister's military advisor, a representative of the Dis, AISE, AISI, and each of the ministries represented in the interministerial committee for the security of the republic (CISR), as well as a representative of the Ministry of Universities, the minister delegated for technological innovation and digital transition, and a representative of the civil protection department of Palazzo Chigi.
The President of the Council of Ministers, having consulted the CICS, issues the directives for cybersecurity and issues any necessary provisions for the organisation and functioning of the National Cybersecurity Agency.
The state of cybersecurity in Italy
According to data from the Observatory on Cyber Security of the Politecnico di Milano, in Italy in 2020, cyber-attacks increased for 40% of companies. As a result of the crisis, 19% of companies have decreased their investments in cybersecurity, compared to 2% in 2019. In general, this did not stop the total investment, which amounted to €1.37 billion, up 4% on 2019.
The situation seems to be even more critical in the public administration, after the minister for digitalisation, Vittorio Colao, stated that as much as 95% of the digital infrastructure of the public administration lacks the minimum cybersecurity requirements, and is therefore easy prey for hackers and cyber criminals.
This is why the new agency, which will have a funding of 41 million in 2022, and then grow to become 122 million from 2027, is the first step needed to tackle the cybersecurity of a country that has long been accused - and not wrongly - of paying little attention to digital innovation and transformation of its economic and administrative structure.
Cybersecurity, a challenge for SMEs and start-ups
For years, Italian start-ups and SMEs have been the protagonists of a real digital revolution. Investing in the cybersecurity sector is therefore essential to complete this transition.
In recent years, the European Commission has launched several research projects in the field of cybersecurity for SMEs, and with the Recovery Fund it has committed to providing funding in 2021 to stimulate digitisation in the EU countries most affected by the pandemic.
SMEs will also be affected by the so-called Industry 4.0, which will increasingly introduce innovative artificial intelligence systems in the coming years.
Cyber criminals will undoubtedly take advantage of these innovations, and companies will have to be prepared. This is why it is essential, especially for smaller companies (micro-enterprises, start-ups and SMEs), to invest in the cybersecurity market and especially in training their staff in order to bridge any digital gaps.
#cybersecurity #SMEs #startups