Getting real about cybersecurity. Italy will devote 1.2% of gross national investment a year to cybersecurity, according to the brand-new cybersecurity strategy presented on Wednesday by Roberto Baldoni, Director of the National Cybersecurity Agency (NCA), and Undersecretary of State Franco Gabrielli.
- “Italy wants to pursue strategic autonomy and digital sovereignty through a cybersecurity ecosystem based on public-private partnership,” reads the foreword by Prime Minister Mario Draghi.
Emergency response + planning go hand in hand in the strategy. As the NCA warned, Italy is under a constant wave of Russian-backed cyberattacks linked to Vladimir Putin’s war in Ukraine. But cyber threats range from security flaws in public tenders to online disinformation.
The document identifies three main cyber threats and areas of operation:
- Criminal activity, i.e. “cyberattacks launched by cybercriminals, hacktivists or coordinated state campaigns that exploit software errors, misconfigurations, weaknesses in protocols and/or humans to steal data or damage the systems.”
- For instance, the DDoS attacks through which the Russian Killnet and Legion collectives are targeting Italian institutions.
- Digital resilience of the public administration (PA), i.e. the tech employed by the State and its appendages. That tech is “developed and produced by large corporate entities,” which are “sometimes controlled or [influenced]” by the governments overseeing them. raising the spectre of “interference in the supply chain, both in terms of the availability of components and their reliability.”
- The passage implicitly refers to Huawei and ZTE, the Chinese companies accused by the US and other allied countries of spying on behalf of Beijing’s authorities. Both are active in the Italian 5G network, over which the government extended its special powers.
- Online disinformation. As the strategy puts it, spreading “fake news, deepfakes and disinformation campaigns that confuse and destabilise citizens” by immersing them in “an extremely dynamic and horizontal information space” that “polarises opinions by changing the way we perceive reality.”
- That’s another ongoing emergency in the wake of the war. The government hopes to counter fake news with “synergistic preventive and law enforcement actions” to “thwart attempts to undermine the system of values on which our country is based.”
The implementation plan begins by mobilising the money to facilitate cyber innovation and security through measures such as:
- tax breaks for companies;
- creating a national tax-advantaged area to build a National Cybersecurity Park (more below) and a number of hubs across Italy;
- qualifying the NCA as the cyber “coordination centre” and connecting it to the European Centre in Romania, which will allow the NCA to channel European resources from Horizon Europe and Digital Europe (which have a combined budget of over €100 billion);
- allocating €623 million from the National Recovery and Resilience Plan to innovation and cybersecurity.
Public-private collaboration is set to become the strategy’s fundamental pillar through a dedicated investment plan. The NCA, which the Draghi government birthed in 2021, seeks to involve private companies both to coordinate national cyber defence and facilitate investments.
- Private parties will participate in developing “protection capabilities for national infrastructure,” such as a national domain name system (DNS) to protect web browsing within the PA, or a Product Security Incident Response Team (PSIRT), a vulnerability monitoring centre that would aid companies in preventing cyber intrusions.
The National Cybersecurity Park is where much of the magic will happen. It’s meant to be a structure where industry, academia and the public can work together on key tech – such as quantum computing, cryptography, robotics and artificial intelligence.
- The strategy calls it an “incubator of capabilities and technologies, within which young talents and startups can connect with large companies and different national entities operating in the sector.”
- Italy is taking direct inspiration from France’s own Cyber Park, which collaborates directly with the French national cybersec agency, ANNSI.
- The Ministries for Digital Transition, Finance, Economic Development and Defence, along with Regions, several universities and private individuals, plus the NCA, will work on building the Park.
- This is perhaps the real novelty: eighty-one clear-cut objectives with their “responsible actors” and “stakeholders” attached to ensure accountability.