Every economy of an advanced nation relies on information systems and interconnected networks, thus in
order to ensure the prosperity of a nation, making cyberspace a secure place becomes as crucial as securing
society from the presence of criminal bands. Cyber security means ensuring the safety of this cyberspace from
threats which can take different forms. Stealing secret information from national companies and government
institutions, attacking infrastructure vital for the functioning of the nation or attacking the privacy of the single
citizen can all be seen as extreme examples of a large spectrum of threats. Additionally, perpetrators of
attacks on cyberspace are now professionals working for governments, hacktivist organizations or criminal
bands rather than teenagers looking for some short-term celebrity as it was in the old days. Intelligence operations
are conducted through cyberspace in order to study the weaknesses of a nation and, to complete the
picture, in the military domain cyberspace is now seen as one of the dimensions of the battlefield just like
space, sea, ground and air. Understanding the complexity of the picture of making cyberspace a safe place
turns out to be a problem which is not only technical but rather a social, legal and economic one. Improving
cyber security knowledge, skills and capability of a nation will be essential for supporting an open society and
for protecting its vital infrastructures such as telecommunication networks, power grid networks, industries,
financial infrastructures etc.
This report gives a break down of the Italian standpoint in the context of the protection of national critical
infrastructure and other sensitive sectors from cyber attacks from the legal and technological viewpoints. In
particular Chapter 1 discusses the notion of critical infrastructures and cyber security in the US and the EU. It
goes on to discuss the evolution and the number of cyber attacks sector by sector reported in the world and in
Italy and to provide some numbers related to the cost of cyber crime in Italy. In Chapter 2 the Italian scenario is
introduced in terms of the legislative landscape and of regulatory changes in the last decade. The chapter then
analyzes the current situation of the Computer Emergency Response Teams (CERT) present in Italy. Chapter 3
gives an overview, from both a legislative and operational perspective, of the level of maturity of some developed
countries (namely, France, the UK, Germany and the USA) in protecting their critical infrastructure and
other sensitive economic sectors. From this comparison, it seems Italy lags behind other developed countries
in terms of implementation of cyber security strategy. Italy still lacks a clear operational directive for the creation
of a national CERT which makes difficult, on one hand, assessing the exposure of Italy to cyber attacks
and, on the other hand, quick and coordinated deployment of countermeasures, in particular, when advanced
persistent threats are discovered.
