The cyber security of Italy and, therefore, of its strategic structures will be entrusted to a team of IT experts from the secret services. About thirty computer 007 will be included in the newborn #Csirt (computer security incident response team), a body already present in many countries. The Csirt, writes the Sole 24Ore, is located at the Dis, the information and security department, in the Piazza Dante headquarters, directed by the prefect Gennaro Vecchione. Yesterday in the Official Journal was published the Dpcm which sanctions the institution.
The Csirt must be able to identify in time any type of cyber attack on public and private infrastructures and if national security is at risk, it must be of interest to the Nsc, the cyber security nucleus at Dis.
The Nsc is a structure that assists the activity of the Prime Minister and the CISR, the interministerial committee for the security of the Republic where the ministers of Interior, Justice, Foreign Affairs, Economy, Economic Development, Defense sit.
The Csirt, as the Sole 24Ore writes, is a fundamental technical arm for the coordination against cyber attacks assumed by the Dis with the recent governmental bill on the cyber national security perimeter. The text, approved by the Chamber and then by the Senate with some modifications, now returns to Montecitorio for final approval.
The national Csirt will be connected with those of other states in addition to the emergence administration teams and national companies. This structure also includes both the functions of the Ministry of Economic Development as a national Cert (computer emergency response team) and those of the Agid-agency for digital Italy, as Cert Pa (public administration). But in addition to receiving incident notifications the Csirt in case of attack must inform the Nis authorities (network and information security). Their list is long: they are Economic Development for the energy sectors, digital infrastructures and digital service providers; Infrastructure and transport for the transport sector; Economics and finance for banking and financial market infrastructures, in collaboration with the Bank of Italy and Consob; the Ministries of Health and the Environment. For some sectors, the Regions and Autonomous Provinces of Trento and Bolzano are also competent authorities. The legislative decree n. 65 of the 2018 in implementation of the so-called European directive Nis ("common high level of security of networks and information systems in the Union") already defines a series of tasks of the national Csirt, the Dpcm continues implementation.
Even if the zero risk in the face of the threat in the cyber dimension is impossible to achieve, getting as close as possible to a country is an imperative imperative.