From promises to facts. The National Cybersecurity Agency (Acn) takes shape. A decree signed by Prime Minister Mario Draghi and Economy Minister Daniele Franco published in the Official Gazette gives way to the “move” of a part of the intelligence in the new agency that will have to guarantee the “cyber-resilience” of the country.
The works have already started. In the next few weeks the passage of ninety professionals from Dis, Mise and Agid will be completed, who will form the ranks of the structure led by the director Roberto Baldoni , former deputy director of Dis, and by the deputy director Nunzia Ciardi, formerly head of the Postal Police. The goal, Baldoni explained in a recent interview with Formiche.net, is “to reach 300 people by the end of 2023” and then to reach “around 800 by 2027”.
The agency, to which the founding decree of August (legislative decree 82/2021) assigns a total budget of 529 million euros between 2021 and 2027, will be based, at least for the first year of activity, in Largo Santa Susanna, the historic headquarters del Dis, today moved to Piazza Dante together with Aisi and Aise. It will not be a sudden handover, because the continuity of the information systems must be guaranteed. This is why, according to the decree, the continuation, no later than 31 March 2022, of the provision of the IT services necessary for the first operation of the Agency will be ensured, including those to guarantee the continuity of the service of the CSIRT Italy and the perimeter of national cyber security, ensuring its usability from the headquarters of the Agency “.
Precisely the “cyber perimeter” introduced by the Conte-bis government in the autumn of 2019 will be at the center of Acn’s functions. A computer security control system for all public and private entities that carry out “essential activities for the state”, through a series of “laboratories scattered throughout the country, national assessment and certification centers”. In January, a new round of hiring engineers will start to carry out security checks.
A delicate task: the perimeter must in fact guarantee the resilience of procurement, especially for the ICT systems of the Public Administration, identifying which are the “trusted” and reliable suppliers. And the Italian response to the concerns of the EU and the United States about securing ICT systems from unsafe suppliers, such as, according to the government and American intelligence, some Chinese companies, from Huawei to ZTE.
In recent years, the Italian model, which has received the applause of the European Nis Cooperation Group and the US State Department, has also led the way abroad. A “cyber perimeter” is under construction, for example, also in the United States. With the “Supply Chain Risk Management Act” under discussion in Congress, the Department of Homeland Security led byAlejandro Mayorkas will have to publish a series of prescriptions that software vendors will have to comply with to the letter.
In Italy, the regulatory process which, under Baldoni’s supervision, has given shape to the perimeter and now to the final stages. The circle closes with the fourth and last Dpcm, which defines the requirements for the public-private laboratories that will collaborate with the Agency for the scrutiny of technological equipment.
