National Cybersecurity Strategy 2022-26: Right or Wrong? by Redazione LineaEDP 27/05/2022 Updated:26/05/2022

The comment of Marco Comastri, CEO of Tinexta Cyber: "The direction is right: the role of highly qualified Italian Champions is primary for the success of public-private partnerships and collective defense models"

Tinexta Cyber (Tinexta Group), the Italian cybersecurity hub that with the companies Corvallis, Yoroi and Swascan offers consultancy and solutions for the management and governance of risks related to digital security, comments – through its CEO Marco Comastri – the National Cybersecurity Strategy 2022-26 just officialized. "The Government document confirms a line of interventions aimed at bridging Italy's gap in the prevention and defense against cyber risk. Not only in Public Administrations of all levels, but also in the private sector and in particular in the world of companies of any size, with the aim of protecting the backbone of the country's economic system. From our perspective as a pole of highly specialized Italian companies, this act – after the allocation of important resources of the PNRR to cybersecurity, the publication of Legislative Decree 21/2022 and the recent Circular of the National Cybersecurity Agency no. 4336 – goes in the right direction, that is, to guarantee the operational continuity of critical services and strategic production chains" declares Marco Comastri, CEO of Tinexta Cyber. The document presented confirms, in fact, the great steps forward of our country in the conception and vision of the national cybersecurity architecture and its strategic centrality as an enabling factor for the development of the economy and industry. Comastri continues: "The digital transformation that has been underway for some time and is getting faster inevitably brings not only incredible benefits but also concrete risks. Recently, agID announced that the threshold of 30 million active digital identities has been exceeded and their owners carry out a number of digital transactions in continuous and drastic increase: millions of accesses, authentications and consultations of sensitive data made by citizens, public officials, private managers, professionals. These are now daily transactions, also due to the pandemic, to be carefully protected because they contain sensitive information and involve critical operational processes. And the risks are now even more relevant, as cyber attacks – for criminal, espionage or subversive purposes – are a powerful weapon in ongoing and potential conflicts." The National Cybersecurity Strategy for the current five-year period reiterates the need for "technological autonomy in the digital field" and a more strategic approach to cybersecurity, looking at the creation of a model of preventive defense against cyber risk – and not simply reactive in case of hostile actions – and a cyber security ecosystem supported by an increasingly strong and extensive public-private collaboration and with a leading role recognized to the manufacturers and suppliers of ICT goods and services. "It is a crucial moment for our country. Much remains to be done, but the road is the right one. The regulatory framework is finally more defined and clear. And the economic resources are there, already as allocated funds and, soon, in the form of probable tax breaks for business investments in safety. In this scenario, the role of Italian Champions is fundamental to develop solutions, services and professional skills able to guarantee the sovereignty that is as much desired as it is indispensable to safeguard national interests in the digital domain. As a Tinexta Cyber hub, we have been moving in the direction outlined by the 2022-26 Strategy for some time". Today hackers attack by organizing themselves in agile and rapid international teams, able to share information that is always updated in their communities, while those who defend themselves, too often do so in isolation, almost always avoiding the sharing of information for fear of reputational repercussions, weakening and consequently slowing down the ability to respond. "We are investing heavily in the evolution of the classic Security Operation Centers and we are working on the creation of Defense Centers based on Domain Threat Intelligence techniques , a proactive approach to cyber defense and a concept of collective defense: a philosophy similar to that of the Government for the desired realization of the Hyper Soc . Our experiences in the field of Development and Public Private Partnership are also in line with the directives of the document. This is demonstrated by the collaboration of our subsidiary Corvallis with Assindustria VenetoCentro aimed at creating specialized skills and spreading a security-oriented culture. This partnership has made it possible to experiment with the creation of an ITS model in the company in the field – for the first time in Italy – of IT security: a non-university tertiary education, provided in the classrooms of Corvallis and responding to the needs of a truly qualified workforce", concludes Comastri. National Cybersecurity Strategy 2022-26 Tinexta Group