This week Italy finally aligned itself with other major Western countries in setting up a National Cybersecurity Agency (NCA), intended to reinforce the country’s strategic infrastructures against cyber offences and minding their overall solidity. Its ultimate function will be that of separating Italy’s cyberdefence and cyber-resiliency operations, removing the latters from the intelligence department’s scope.
The NCA was announced in April, and on Tuesday the Senate greenlit the project. On Thursday the government announced that Roberto Baldoni, seasoned cybersecurity expert and former deputy director of the Department for Information Security (DIS), a crucial part of Italy’s intelligence infrastructure.
This new entity will answer directly to the Council of Ministers (currently headed by Prime Minister Mario Draghi) and to the parliamentary intelligence watchdog, COPASIR, which is traditionally an opposition-controlled counterbalance. The secret services will retain control of cyber intelligence operations, as is the case in France and Germany.
Last weekend’s hacking of the Rome area health system – as of yet, the “most serious incident” of its kind on Italian soil – was a stark reminder of the dire need to secure Italy’s critical infrastructures. Vittorio Colao, Minister for Technological Innovation and Digital Transition, has often said that roughly 95% of the nation’s public administration servers are not secured.
Hence, in sync with the PM’s pedal-to-the-metal approach, the NCA will become operational in September. The body’s personnel will initially amount to 300 experts – with 60 hailing from DIS, while the rest will be hand-picked from other Italian institutions – and several hired professionals, but by 2027 800 people will be working for it.
The Agency’s main duty will be that of overseeing the defence of said strategic servers and their future cloud-based iterations, as well as public-private initiatives. According to the newly approved legislation, the NCA will also be responsible for the construction and operation of so-called “cyber-parks”, i.e. innovation-driven campuses meant to foster the training and recruitment of personnel apt to work in advanced cybersecurity sectors and produce technical feasibility studies.
The NCA will also house the Italian node of the European Cybersecurity Competence Centers network, which will be in charge of the Union’s common funds for digitalisation and cybersecurity. Brussels’ Network and Information Systems Cooperation Group (NIS) already signalled its approval of the NCA, and so did the US’ State Department.