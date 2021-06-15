Rome – The government raises its shield against cyber risk. After the publication in the Official Gazette of the law decree establishing the National Cybersecurity Agency, today Prime Minister Mario Draghi met the Interministerial Committee for the Security of the Republic which has ordered the expansion of the subjects included in the national cyber security perimeter.

These are companies, both public and private, which perform essential functions for the maintenance of activities that are fundamental to the interests of the state: from telecommunications to health, from the energy sector to the financial sector, from transport to defense, from space to digital services. These have the obligation – under penalty of high fines, up to 1.8 million euros – to promptly communicate the attacks suffered or incidents detected, as well as to adapt the protection measures of their networks to defined standards if they want to continue to operate. In recent years there has emerged a certain reluctance on the part of companies to communicate that they have been attacked or have had incidents with data leaks. The companies included in the perimeter, underlines Palazzo Chigi, “exercise, through networks, information systems and IT services, 223 essential functions of the State, or they provide essential services for the maintenance of strategic civil, social or economic activities “.

And therefore they must implement adequate protection measures for the ever-increasing risk in this area. Just think of the worldwide repercussions of the hacker attack that blocked the more than 8,850 kilometers of Colonial Pipeline oil pipelines in the United States on 8 May. It will be the Dis to communicate the inclusion in the perimeter to the interested parties in the coming days. The subjects will have six months to “communicate the networks, information systems and IT services they use respectively for the provision of the essential functions and services of the State included in the perimeter”.

Therefore, the Council presidency underlines, “the level of cyber resilience of the most sensitive actors for the purposes of national security” rises further. From next June 23, the cybernetic national security perimeter will begin to be operational for companies entered on December 22 last. They will therefore be required to apply the required security measures and to notify the Italian Csirt, the Computer security incident response team, any accidents that may occur. The Csirt is now established at the Dis; it will be transferred to the National Agency when the latter is operational. Csirt is responsible for monitoring incidents, intervening and issuing risk alerts. There is a list of security measures and the type of incidents the company is required to report. To allow for an adequate organization of the subjects included in the perimeter to comply with the accident notification procedures, the latter will proceed on an experimental basis until 31 December of this year.