Italy finally has a National Cybersecurity Agency (ACN), a government body for the protection of national interests in the field of Cyber Security.

Founded in August 2021, the agency is led by Roberto Baldoni, former deputy director of DIS (Department of Information for Security), under the direct responsibility of the Italian Presidency of the Council of Ministers.

Even if arrived late compared to other countries (Germany inaugurated its agency in 1991, Israel in 2002, France in 2006), the Italian agency is already in full swing, ready to manage information, resilience and security of the country in the IT sector, as well as the protection of national security in the cyber space.

The agency will also handle the certification of the ICT equipment through the CVCN (National Assessment and Certification Center).

The priority is the creation of skills capable of defending Italian strategic assets (from hospitals to the Public Administration) from attacks, in order to raise the country’s Cyber resilience.

In this regard, the agency intends to reach 300 people by the end of 2023, but the most ambitious goal is to reach around 800 by 2027.

Therefore, these are demanding projects, which have already been anticipated by past activities, such as the creation of the CSIRT (Computer Incident Response Team), for the reporting and proactive management of incidents.

Furthermore, thanks to the work carried out within the DIS, it was possible to lay the foundations to build the Italian cyber resilience and work on the birth of the Agency by outlining for the first time the “National cyber security perimeter“.

The Perimeter, operational since June 23, includes both public and private subjects who exercise essential functions for the country (through networks, information systems and IT services), or provide essential services for the maintenance of civil, social, economic and strategic activities.

The identified subjects (233 at the moment) have to apply the provided security measures and notify the Italian CSIRT of any incidents that may occur.

The third pillar on which the “cyber perimeter” is based and which will be active from June 2022, is built by technological scrutiny thanks to the system centered on the CVCN.

To raise the security level of the country, it is important to ensure the security, not only of the systems, but also of the devices used within strategic ICT assets.

So, good work Italian National Cybersecurity Agency!