National Cybersecurity Agency equips Italy to tackle modern threats

Newswire International 2 weeks ago
bc

Rome: Italy’s establishment of its “Agenzia per la Cybersicurezza Nazionale” (ACN – National Cybersecurity Agency) is a key step in adapting to the institutional requirement of the digital age. As cyber threats increasingly cause risks to national security, as well as economic and democratic mechanisms, the ACN is set to become more and more important. Funded only recently, during 2021, it has swiftly become the central node of Italy’s government cybersecurity architecture. Its broad range of tasks includes developing and enacting strategy, coordinating private-public issues, responding to threats and verifying technical standards.

The ACN is not only Italy’s central node for cyber policy, but it is also increasingly involved in the international landscape. As it includes a variety of sectors under it, its ambitions seem to be broader than other European counterparts. Furthermore, its efforts to engage and partner in internationally coordinated groups show determination to establish itself as a central actor. Nonetheless, concerns exist regarding its transparency and its internal governance, which still require improvement.

The “Agenzia per la Cybersicurezza Nazionale” (ACN – National Cybersecurity Agency) is Italy’s core institution dedicated to protecting national interests in the cyber domain. It is a recent institution, established on 14 June 2021 through Decree-Law No. 82. Its operations began on 1 September 2021. The goal of ACN is to address the increasing cyber threats that Italy (like most other countries) is facing, attempting to create and consolidate a unified cybersecurity framework.

The ACN’s mandate spans various critical functions. The ACN’s core task is to execute the national cybersecurity strategy decided by the Italian government. It strives to ensure coherence across the various sectors of public administration to pursue and achieve a unified policy. Another key responsibility is that of regulating cloud services. This implies defining the criteria to choose qualified infrastructure and providers that will be used by Italian public institutions. The ACN also works as a cyber incident prevention and response coordinator. They do so through the Cyber Security Incident Response Team (CSIRT) – monitoring, detecting, mitigating, and providing support against cyber threats. Furthermore, the ACN conducts evaluations of IT products and services under the National Evaluation and Certification Centre. This organ checks the compliance of IT services and products with the set standards.

The ACN is structured to favour operational clarity and coordination. It is led by its Director General, Bruno Frattasi. Deputy Director Nunzia Ciardi is his second. The agency is divided into “Services and Divisions” to tackle the various domains of cybersecurity governance effectively.

The Certification and Supervision division is responsible for overseeing IT products and services. It makes sure the latter comply with national regulations. The National Evaluation and Certification Centre finds room inside this division, inspecting and auditing technical standards. It is also important to mention the Operations division. They handle prevention, monitoring, analysis, and threat/incident detection. Within this section, CSIRT plays a crucial role as a national cyber incident manager. As a third core division, we must address the Strategies and Cooperation section of ACN. They serve the crucial role of developing the national strategy. Yet, their role is not limited to that, as they work to foster cooperation with international entities, a task crucial to developing cybersecurity resilience.

The core strategic initiative of the ACN is likely the “National Cybersecurity Strategy 2022-2026.” This Strategy was drafted by the ACN in collaboration with the Prime Minister’s office. It is a long and complex document (we suggest reading it fully, if interested) laying out more than 80 concrete actions that aim to boost Italy’s cyber security and resilience. It is crucial to mention the strengthening of public-private agreements, and the aligning with broad EU frameworks.

The National Cybersecurity Strategy 2022-2026 must be acknowledged as, so far, a success story. The development of such a comprehensive plan, detailing proactively the necessary strategies to address a dynamic and complex landscape such as that of cyber threats should not be underestimated.

Furthermore, the ACN played a crucial role in establishing the G7 Cybersecurity Working Group. Hosting its second meeting in Rome, the ACN participated in the creation of this important platform. Now, cybersecurity agencies from G7 countries and the EU will be able to better engage in technical and policy collaboration, boosting their mutual gains. Through this initiative, the international nature of cyber challenges, and the ACN’s interest in global partnerships become evident.

Finally, we should mention ACN’s activity in certifying cloud services for public administration use. Namely, they engaged with the CyberArl Identity Security Platform, of which two different components achieved the highest certification, proving they are apt to be employed. This showcases the ACN’s commitment to analysing services and companies, suggesting the best for national interests.

Despite the mentioned achievements, ACN received a fair share of criticism. The main issues surround external consultancy contracts that were badly managed. Prominent Italian newspaper Domani has investigated the ACN in-depth, exploring how they awarded over a million euros worth of consultancy contracts to a company related to one of its own top advisors. There were issues that arose from this, such as doubts regarding transparency, as potential conflicts of interest might arise when the agency procures contractors among its own rank instead of through transparent processes.

Others also highlighted the lack of clarity in the criteria for contract awarding, arguably not as objective and rational as they should be. This discussion sparks doubts about the integrity of this agency, perhaps governed by a group boosting its own businesses rather than focusing on the real cybersecurity value of its projects.

Evidently, the National Cybersecurity Agency is pivotal in Italy’s role on the international cybersecurity stage. Significantly, the ACN is attempting to gain leadership within the G7 Cybersecurity Working Group. As of March 2024 (during Italy’s G7 presidency) the agency proposed a permanent structured group to harmonize and coordinate cyber policy and threat responses. This proposal worked out positively, as other member countries approved of the idea and showed commitment to achieving the proposed goals.

Apart from the G7, the ACN is also important in the EU. They closely collaborate with European Cybersecurity Competence Centre (ECCC) and other national agencies around the continent. Furthermore, they engage in bilateral collaboration with organizations, companies, and academia. For instance, they signed in 2023 a Memorandum of Understanding with Bocconi University. This shows determination to collaborate in joint research with academic institutions to fortify cyber defenses.

The ACN is an interesting case as an institution for cyber defence. Its features show the agency to be both a necessary evolution of cybersecurity governance, as well as an ongoing experiment. Its emergence in recent times shows two things: there is an urgency to build up cyber defences and resilience as threats continue escalating; and it is possible to establish solid foundations in such a brief time, sufficient to push for integration with other international entities of similar nature.

We are talking about more than a simply reactive body. The ACN actually actively positions itself to shape Italy’s cyber future. That being said, one should be careful with praises, as the management of resources has been criticized, and structural integrity has not yet been achieved. One can identify in ACN a technically proficient body and model for national cyber agencies that has initiated strong international efforts, but also one that has controversial internal management.

You may have missed

fy

No new canals without mutual consensus of provinces: PM

Newswire International 1 hour ago
ft

Pakistan calls for resolving trade issues through dialogue, diplomacy — not pressure

Newswire International 1 hour ago
gg

Amid tariff pressures, Chinese exporters adapt and expand

Newswire International 1 hour ago
f

No legal justification for Indian unilateral suspension of Indus Waters Treaty: Atta Tarar

Newswire International 1 hour ago
u

Xi calls for advancing global climate governance

Newswire International 1 hour ago