Three hundred experts and 500 million euros: this is the Italian Cybersecurity Agency

A super-team of 300 experts, with a budget of 530 million euros until 2027 to protect Italy from cyber risk. These are the numbers of the National Cybersecurity Agency, created today with a decree signed by Prime Minister Mario Draghi and approved by the Council of Ministers. An expert will be designated to guide: the currently most accredited name is that of Roberto Baldoni, number 2 of the Dis, with delegation to cyber. An epochal turning point in a sector that has become so central that, according to the draft, there is an “extraordinary need and urgency” to “implement measures aimed at making the country safer and more resilient even in the digital domain”. The vulnerability of the networks and information systems of public and private entities, in fact, can “cause the malfunction or the interruption of essential functions of the State with potential serious repercussions on citizens, businesses and public administrations, up to the point of causing prejudice. for national security “. An example of the looming danger is the hacker attack – with a ransom note – that paralyzed one of the largest gas pipelines in the United States last May. Risks that are clearly present to the Government. “We have 93-95% of Public Administration servers not in safe conditions”, is the alarm launched by Vittorio Colao, Minister for Technological Innovation and Digital Transition. And the Undersecretary with responsibility for Intelligence, Franco Gabrielli, acknowledged that the country has a fragility “due to a lack of awareness of the risks, due to a lack of culture on these issues: unfortunately we are very late and we have to walk very quickly” . You have to change ‘car’ to accelerate and the vehicle developed by the government is the Acn. Therefore, the Dis will no longer be the leader of cyber defense. The draft decree – in 19 articles – was illustrated this morning by Gabrielli at Copasir, who made proposals for changes, in particular by strengthening the guarantee role of the Committee itself on the new body. Request acknowledged, given that the statement of the Council of Ministers indicates that the provision “provides for specific control powers by the Committee” The Agency will operate under the responsibility of the Prime Minister and the Delegated Authority for the safety of the Republic (now Gabrielli himself ) and in close connection with intelligence. The general manager will remain in office for 4 years, renewable for another 4. A new body is born, the Interministerial Committee for Cybersecurity (Cic), with advisory, proposal and deliberation functions on the matter. Chaired by the premier, it is made up of ministers of foreign affairs, interior, justice, defense, economics, economic development, ecological transition, university and research, and the delegate minister for technological innovation. The Agency has legal personality under public law and is endowed with regulatory, administrative, patrimonial, organizational, accounting and financial autonomy. It will coordinate the public entities involved in cybersecurity at the national level and will promote joint actions aimed at ensuring cyber resilience for the development of the country’s digitization, production system and public administrations. It also aims to achieve “national and European autonomy with regard to IT products and processes of strategic importance for the protection of national interests in the sector”. In order not to depend on technologies referable to other countries, think of 5G. It will thus be possible to create ‘made in Italy’ instruments and market them by financing the Agency itself. And to develop solid national professionals in this field. Among the operational arms of the Acn there is the Csirt (Computer Security Incident Response Team), now operating at the Dis: it is the team that intervenes in the event of accidents and attacks and will be transferred to the Agency under the name Csirt Italia. The Cybersecurity Unit, on the other hand, works to prevent and prepare for any crisis situations and to activate alert procedures. The Core receives communications on breaches or attempts to breach security from the Csirt. To ‘fill’ the Agency, highly qualified personnel will be needed who can be transferred from other public administrations or be hired externally, even by way of derogation: the salary is equal to that of the employees of the Bank of Italy. Three hundred units is the maximum number of staff allowed – according to the draft – but the number may be redefined with subsequent decrees. The organism’s financial endowment is constantly growing, going from 41 million euros in 2022 to 122 million in 2027. (