The Italian cyberspace is becoming ever more vital, as a growing amount of sensitive data and communications of individuals and companies flows through the internet. The pandemic only accelerated this process.
Accordingly, not only is that data more exposed to espionage, foreign influence and theft, but entire industries, strategic infrastructures and livelihoods are now dependent on the grid. What’s more, that dependence is set to grow together with the evolution of technology.
Thus, the Italian government decided that it’s time to get serious about cybersecurity. Formiche.net anticipated the planned birth of the Italian Cybersecurity Institute (IIC), a governmental foundation with the objective of enhancing Italy’s digital defences.
Set to become reality with the confirmation of the 2021 budget law, the IIC should be overseen by the Department of Information for Security (DIS), a branch of the Italian secret services. Its members would be elected by prime minister Giuseppe Conte in coordination with the ministers’ Committee for the Security of the Republic (CISR) and the Ministry of Education, University and Research (MIUR).
The security of national IT networks, systems and services will be the IIC’s guiding star. Its aim will be that of promoting and sustaining the growth of Italy’s cyber defence prowess through the creation of competence and capabilities, as well as “favouring the country’s digitalisation process,” with an eye on “national and European strategic autonomy,” as written in the law’s draft.
“This is excellent news for the whole compartment. A step forward in the promotion and diffusion of the culture of cybersecurity – and thus national security,” commented Angelo Tofalo, undersecretary of defence of the governing Five Star Movement, with Formiche.net.
The timing is not casual. As it turned out, the country’s outdated cyber defences proved insufficient in securing their data. Trend Micro, a company specialised in fighting cybercrime, ranked Italy at the fifth place in the list of countries most impacted by malware attacks; 2,500 were recorded in the month of September alone.
Mario Caligiuri, president of the Italian Intelligence Society, commented that the IIC’s creation is a clear indication that intelligence services must reorient towards the cybersphere. “The wars we’re fighting, starting from that of Covid-19, are chiefly information wars, inside and outside nations and people.”
Furthermore, and perhaps more seriously, Italy’s next-gen network infrastructures – its 5G network, which is currently being trialled and will be operative starting next year – has already suffered from infiltrations.
The DIS is well aware of the strategic risks posed by these blunted defences . Under the guidance of its vice-president Roberto Baldoni, the department has been overseeing the construction of a national cybersecurity perimeter, a system capable of vetting the tech provided by suppliers, which will be up and running by spring 2021.
Similar vetting approaches are cropping up across several European member states, and the EU Commission’s President Ursula Von der Leyen is striving to reach what she called Europe’s “technological autonomy” –a strategy not unlike that which is being adopted by the US.
However, the IIC does not appear to be a definitive strategy in its current form. As noted by Corrado Giustozzi, cybersecurity expert at the government’s agency for Italy’s digitalisation (AGID), at first sight it seems like a “control booth that will guarantee the impulse of public-private entities, and not an operative structure.”
Both Mr Giustozzi and Mr Caligiuri also warned that the IIC’s supposed mandate is so wide and undefined that it potentially overlaps with existing governmental structures.
Accordingly, the purported foundation of the institution has ruffled some feathers in the governing majority. The Democratic Party took issue with the fact that the IIC will respond directly to the PM and accused him – not for the first time – of trying to act alone.
On Monday, defence minister Lorenzo Guerini and culture minister Dario Franceschini issued an ominous ultimatum to Mr Conte, reportedly asking him to withdraw IIC’s foundation from the budget law’s draft.
Contextually, the Committee bridging Parliament and intelligence services (COPASIR) summoned Gennaro Vecchione, director of DIS.