The Italian government has decided to expand the actors included in the national cybersecurity perimeter to include public and private companies will have the obligation to promptly report attacks or incidents detected, as well as to adapt the protection measures of their networks to defined standards if they want to continue operating.
The companies concerned are those that perform essential functions for the maintenance of activities that are fundamental to the state’s interests in key sectors, including telecommunications, health, energy, finance, transport, defence, aerospace, and digital services.
In a note on Tuesday (15 June), the office of the Italian prime minister explained that the companies included in the perimeter “exercise, through networks, information systems and IT services, 223 essential functions of the state, or provide essential services for the maintenance of civil, social or economic strategic activities”.
In the coming months, the companies will have to implement adequate protection measures for the increasingly frequent IT risks and notify the Italian Csirt, the computer security incident response team, of any incidents that may occur.
The move, which comes after the government established the new National Cybersecurity Agency (Acn), is a further step to raise “the level of cyber resilience of the most sensitive actors for national security purposes,” the prime minister’s office has said. (Daniele Lettig | EURACTIV.it)