Regions, municipalities and universities to the challenge of cybersecurity

Only with an overview and a common line of action is it possible to fill skill gaps and improve defenses. Public Administration compared, in a Trend Micro event. Published on 11 April 2022 by Elena Vaciago

Recent events have shown that even in Italian Public Administrations it has become increasingly urgent to address the issue of IT security. What is the approach followed today to spread a cybersecurity culture in the territories? and what support could the National Recovery and Resilience Plan come from the Regions, also in light of the arrival of funds from the NRP? The topic was the subject of heated debate during a round table (entitled “The role of territories in the new cybersecurity challenges”) organized by Trend Micro, with the participation of important institutional representatives. Michele Fioroni, coordinator of the Commission for Technological Innovation and Digitization of the Conference of Regions, spoke about the role of the Regions: "We are a society increasingly driven by data", said Fioroni, "and in Italy digitization has grown, but not accompanied in a way sufficient by a secure system and skills development. Today, facing cyber risk at 360 ° represents one of the priorities for national and local security, and the issue of skills is strategically placed among the actions that must be undertaken ".

The leading role of the Regions In this scenario, in which data is growing in number and importance, Regions should promote common approaches to fill skills and cybersecurity gaps. "As in the days of the fall of the Roman Empire, the last province was the most fragile one, today the last office, the farthest one, is the gateway for the attackers," continued Fioroni. "The Regions propose themselves as a local node of a national security network, they have an important role in defining common guidelines: as the Conference of the Regions, immediately after the attack on the Lazio Region, we have activated an internal task force to share threats, risks , experiences".

And what role can the PNR play in all this? “The investments foreseen in the NRP in favor of local authorities are not huge”, Fioroni specified, “but they go in the direction of strengthening the national perimeter. However, more needs to be done. We need a large structured plan on skills, on the one hand aimed at enhancing and training specific high-level professionals and, on the other, allowing investment in the continuous training of personnel employed in public administrations ``.

Municipalities must team up "Cybersecurity is undoubtedly one of the crucial issues on the political agenda of our country," said Michele Pianetta, vice president of Anci Piemonte. "Suffice it to say that the NRP allocates a quarter of its resources to digitization and innovation. It is a challenge that cannot find us unprepared: I am thinking above all of smaller municipalities and marginal realities. It is now a question of identifying priorities and lines of action ". In small municipalities today there is a problem of skills that is the result of the cut in staff on the one hand, and the need to create critical mass to access specialized services such as cybersecurity on the other. “What must the Public Administrations do?”, Pianetta continued. “On the one hand, entrusting oneself to the private sector, with strong partnerships, and then reasoning for large-area entities, not as a single municipality, but as an aggregation of several entities. It is necessary to think about IT choices for at least 100 thousand inhabitants, cybersecurity must therefore provide for tenders with single client centers which must be at least the Provinces ".

Also according to Guido Castelli, Councilor for Budget and Local Authorities of the Marche Region, “It is essential to define as soon as possible uniform guidelines at national level on cyber security standards that all central and local Public Administrations must respect. It is necessary to allocate resources for the constitution of a team of excellence at a central level in Acn (National Cybersecurity Agency, ed.), To which the Regions can contribute with their own skills, to carry out an assessment of the risk levels of the regional and immediate systems interventions where necessary in collaboration with the Regions themselves ".

The contribution of universities Today, everything happens at a speed never experienced before, even in cybersecurity. The role of universities is fundamental both for the formation of skills and for strengthening an ecosystem based on public-private collaboration in the territories. "Our master goes in the direction of providing skills related to digital transformation and cybersecurity", declared Andrea Ciccarelli, coordinator of the Master in Innovation and Digital Transformation and of the PA, University of Teramo. “The degree itself is no longer enough, you need to continue studying, and this at any level. We need to adapt to what is happening and continually innovate: understand the difference between cost and investment well, and therefore, work in an overall way, with risk management that must be central ".

Gastone Nencini, country manager of Trend Micro Italia

A common line of action "Enhancing public-private collaboration is essential for supporting and accompanying institutions in the development of technological innovation and education in digital tools," said Francesco Di Norcia, CEO of Performedia. "Furthermore, investments in cybersecurity represent a facilitator and a differentiating factor for SMEs, which with maximum IT security will be able to digitally transform themselves, improve customer and employee experiences, guaranteeing their success".

But also maximum security is equivalent to accepting a certain level of risk. However, a correct risk assessment requires an overall vision, which many do not have today. "In the face of Central Public Administrations that increasingly adopt solutions to mitigate the risks of cybersecurity, in their transformation path towards e-government, unfortunately there are numerous critical issues that prevent the creation of a homogeneous network with high safety standards ”, commented Gastone Nencini, country manager of Trend Micro Italia. "This is why a univocal and comprehensive line is essential that also involves territories and local authorities in the implementation of a cybersecurity strategy, taking advantage of the great opportunity given by the NRP".