The first of four decrees that will bring about Italy’s “Digital Perimeter” within a year has been signed by government officials on Wednesday night.
The Perimeter will effectively be Italy’s first line of defence in the digital field, ringfencing all sensitive data from cyberattacks and data theft – the first of its kind in Europe, and one theoretically going beyond the EU’s own data protection targets.
Crucially, the government sets the security threshold for participating companies – tech suppliers and operators. Failure to comply with the security demands will prevent a company from selling and running tech equipment for entities enclosed in the Perimeter.
This first decree extends the Perimeter to the government and public entities critical to its functioning – no less than 150 of them, although the list is secret – and outlines the security thresholds for their suppliers. Defence, energy, telecoms, financial, economic, travel and IT industries are among those entities expected to make the cut.
Stefano Mele, cybersecurity expert and president of the Cybernetic Committee of the Italian Atlantic Council, hailed the announced with enthusiasm, adding that the number of subjects selected to enter the Perimeter will presumably increase in the coming years.
As for the suppliers, the definition of “potentially unsafe companies” has been debated in the past months. All extra-European companies will have to undergo a demanding vetting process, subject to spot checks and source code takeover by Italian authorities.
This means that Chinese companies such as Huawei will have a hard time gaining access to Italy’s next-gen telecoms infrastructure (namely, the 5G network and diffused broadband), given the lower data protection and security standards adopted by Beijing.
How the Digital Perimeter works
If a digital malfunction of any sort occurs, entities enclosed in the Perimeter will have to alert the Computer Security Incident Response Team (CSIRT), which is directly connected to the Italian Department of Information Security (DIS) and Defence authorities.
The ground-breaking news is that this process must happen within six hours, tops, as opposed to the 24 hours post-intrusion required to report an intrusion (and not just a malfunctioning as in the Italian perimeter) by the EU’s Network and Information Security (NIS) directive.
Moreover, if an entity within the Perimeter fails to report the incident it will face fines up to €1.5 million.
Beyond the pre-emptive security measures, the Perimeter will also include physical oversight centres who will constantly monitor the data flowing through it.
The perimeter’s security threshold might directly impact which companies will be allowed in the entire Italian internet infrastructure. Potentially unsafe companies might be simply excluded by the Italian internet infrastructure altogether, given the interconnected nature of the net and the growing amount of sensitive data that entities and persons are storing online.
As 5G technology becomes more ubiquitous in everyday life, creating “smart cities”, and as more personal and sensitive data will flow across it, the security risks will multiply. Malign actors could gain access to anything from personal medical or financial data, to strategical plans and criticalities.
That is why the Italian government (and the EU) are moving fast to create security infrastructures such as the Perimeter before next-gen tech is widely adopted. 5G-enabled phones are now entering the mainstream and antennas are being equipped; the clock is ticking.
The geopolitical significance
The digital security issue has multiple dimensions to it, one of which is chiefly geopolitical. Italy and the EU are currently in between two global superpowers, China and the US, and their commercial and strategic tech race, which is in turn yet another face of the “Cold War” brewing between them.
The US has been pressuring allies to ban Chinese tech altogether under the 5G Clean Networks Initiative sponsored by Secretary of State Mike Pompeo. He reminded the Italian government of the risks posed by Chinese interference during his recent visit to Rome.
Back in August, President Donal Trump even went as far as threatening to cut intelligence sharing with allies, fearing their networks security level. Analysts don’t expect the American stance on China to change even if presidential candidate Joe Biden wins the White House in November. Allies be warned.
Regardless, the EU acknowledged the security risks associated with Chinese companies, who can be manipulated by Beijing should need be according to Chinese law. A growing number of EU member States are leaving Huawei and ZTE out of their tenders for next-gen network building.
Brussels came up with its own 5G Security Toolbox, a series of guidelines to ensure that all member states may develop secure and future-proofed infrastructures.
Internationally, Western countries are seemingly siding with the US in opposition to China on the digital front. The latest Italian security measures are a step in that direction, and Rome’s own reassurance to Washington.