Pierluigi Paganini February 21, 2014

Italy – The Presidency of Council of Ministers has published the “National Strategic Framework for cyberspace security” document.

The Italian Government has published his cyber strategy, the Presidency of Council of Ministers has issued the “National Strategic Framework for cyberspace security”, it is an important document that for the first time reveals the cyber strategy for the next biennium.

The document propose in a first part an overview of the  evolving trends of the cyber threat making reference to the vulnerabilities of the National ICT Infrastructures, in the second chapter it exposes tools and procedures to improve national cyber defence capabilities.

The “National Strategic Framework for cyberspace security document” enumerates the principal threats from cybercrime to cyber espionage and cyber terrorism, from hacktivism to cyber sabotage, concluding with cyber warfare, it highlight to improve the security of every “ICT node” and networks within the cyberspace that is hosting and processing an ever-increasing wealth of data of strategic importance for the development of the State.

Depending on the actors involved and the goals pursued, it is possible to distinguish four kinds of threats: 

• Cybercrime: all malicious activities with a criminal intent carried out in cyberspace, such as swindles or internet fraud, identity theft, stealing of data or of intellectual property;
• Cyber espionage: improper acquisition of confidential or classified data, not necessarily of economic or commercial value;
• Cyber terrorism: ideologically motivated exploitations of systems’ vulnerabilities with the intent of influencing a state or an international organization;
• Cyber warfare: activities and operations carried out in the cyber domain with the purpose of achieving an operational advantage of military significance.

The “National Strategic Framework for cyberspace security” document has been written with the intent to define roles and responsibilities of public and private actors, including those subjects operating outside the national territory.

The second chapter identifies the following six strategic guidelines to enhance the country’s preparedness, resilience and reaction capabilities:

• the enhancement of the technical, operational and analytic expertise of all institutions concerned with cybersecurity;
• the strengthening of the cyber protection of ICT networks and computer systems supporting our critical and strategic infrastructure;
• the facilitation of public-private partnerships;
• the promotion of a Culture of Security and of cyber hygiene; the improvement of our skills to effectively contrast online criminal activities;
• the full support to international cooperation initiatives in the field of cybersecurity.

To achieve the above guideline the Italian Government has identified eleven operational guidelines, the following points are detailed in the second part of the strategy of the “National Strategic Framework for cyberspace security” document:

1. Enhance the expertise of the intelligence community.
2. Identify the Network and Information Security (NIS) Authority that will engage at the European level
3. Develop a widely shared cyber taxonomy and promote a common understanding of cybersecurity terms and concepts.
4. Foster Italy’s participation in international initiatives to enhance cybersecurity.
5. Attaining the full operational capability of the National Computer Emergency Response Team.
6. Legislative and compliance with international obligations.
7. Compliance with standards and security protocols.
8. Support for the industrial and technological development.
9. Strategic communication.
10. Allocation of adequate human, financial, technological and logistic resources to the strategic sectors of the Public Administration
11. Implementation of a national system of information risk management.

The National Strategic Framework for cyberspace security 

I personally consider the National Strategic Framework for cyberspace security document as a first step of a long and tortuous journey, cyber security is a national need and requires the involvement of all of us. The next step is to make reading and understanding of this document accessible to all.

Pierluigi Paganini

(Security Affairs –  National Strategic Framework, Italy)