THE BREAKDOWN
- The Italian government will soon direct public and private companies to replace Russian cybersecurity software over safety concerns
- Kaspersky, a leading antivirus programme, is widely used in the Italian State’s public administration
- The government deems the public administration’s exposition to the Kremlin a potential vulnerability for Italian users
- The first Italian Cybersecurity Strategy will be published in May
Italy is ready to replace Russian antivirus from the public administration (PA) and its companies. The National Cybersecurity Agency (NCA) is slated to issue a document that explains the process of replacing the Russian software with other products that are deemed safer.
The Agency’s director, Roberto Baldoni, broke the news at a Senate hearing on Tuesday. The document, to be formally adopted, will detail the best choices for “device security products,” especially “endpoint security, such as antivirus and antimalware [programmes], or network protection such as firewalls,” he explained.
This is the latest development in the Kaspersky saga. The Russian antivirus firm, founded by Eugene Kaspersky, became the focus of an international case following the Russian invasion of Ukraine and the West imposing sanctions on Moscow.
The NCA, which was set up a year ago by Mario Draghi’s government to oversee the cyber defence of strategic assets, issued a warning on March 15 about “the security implications of the use of information technology provided by companies linked to the Russian Federation.”
The Agency asked companies and the public sector to “urgently carry out a risk analysis of the information security solutions in use” and “consider implementing appropriate diversification strategies”.
Other European countries have already nudged companies to replace Kaspersky. Reportedly, they fear the risk of undue interference by the Russian government in their companies and the consequent exposure of user data.
The Moscow-based company has always rejected allegations.
In mid-March, along with the NCA, a more explicit warning was issued by the German intelligence agency, the BSI, warning against “the use of the antivirus protection software of the Russian manufacturer Kaspersky.”
As Mr Baldoni explained at the hearing, the keyword is “diversification”. The Agency deems it necessary to diversify the suppliers of IT services to avoid being too exposed to cyber threats incoming from Moscow-linked actors.
“During the Ukraine crisis, the level of risk arising from the use of products and services linked to companies that have relations with the Russian Federation has changed.” Hence the need to “intervene so that PAs may initiate a process of diversification of certain types of products with a high level of pervasiveness in their networks and systems.”
It will not be an immediate process, as over 2700 PA nodes in Italy hold contracts with Kaspersky. The government is determined to do away with these ties: as Franco Gabrielli, the Delegated Authority for Intelligence, explained, “we must free ourselves from dependence on Russian technology.”
Another byproduct of the war in Ukraine was an uptick in cyberattacks against the Italian PA. A week ago, the servers of the Minister for the Ecological Transition – led by Roberto Cingolani – were breached, forcing the institution to halt operation to restore them safely.
In an interview with Adnkronos, Mr Baldoni also announced the upcoming publication of the Italian Cybersecurity Strategy: an 86-point document that will outline a 360-degree roadmap, from cloud computing infrastructures to the 5G network.
