2. Cyberspace
“… a consensual hallucination
experienced daily by billions of
legitimate operators, in every nation,
by children being taught
mathematical concepts... A graphic
representation of data abstracted
from the banks of every computer in
the human system. Unthinkable
complexity. Lines of light ranged in
the non-space of the mind, clusters
and constellations of data. Like city
lights, receding” (Gibson, 1966)
4. Strategic Model for the Italian Public
Sector
“security comprises activities for the
regulation and governing of cybersecurity
in the PA for assessment testing and
CERT-PA as an operative tool by which to
support the adoption of correct security
levels at the Public Administration. All
other aspects are also identified as come
together to make the IT systems secure
and reliable, as well as guidance and
correlated instruments for compliance in
respect of privacy” (2019 - 2021 Three-
Year Plan)
5. Areas covered by Standardisation
Security feature provision — Sector/technology specific security features
Security assurance — Common Criteria initiative (ISO 15408)
Security threat sharing — CSIRTs (Computer Security Incident Response
Teams) STIX/TAXII, CyBox, MISPs (Malware information Sharing Platform)
Organisational management for secure operations — ISO/IEC 27001
6. Strategic Focus Areas
Infrastructures and Centres — Secure
the national internet network and data
centres of the PA
Enabling actions — Protection of critical
national applications, national threat
repository, system-wide risk
management
Enabling Technologies — Encryption,
blockchain, biometric, and quantum
technologies
Technologies to Protect — Industry 4.0,
IoT, industrial control systems, and
robots
Horizontal Actions —Training,
awareness and certification projects
7. EU Strategy
Cybersecurity requirements for Operators of Essential Services (OES –
essentially critical infrastructure companies) and digital service providers (DSPs)
Certification framework for digital products, services, and processes
The EU Cybersecurity Act made the European Network and Information
Security Agency (ENISA) a permanent government agency and significantly
expanded its role and responsibilities with respect to cybersecurity
Cybersecurity as a “high priority” field: the proposed cybersecurity budget for
2021-27 include €2 billion to fund “safeguarding the EU's digital economy,
society and democracies through polling expertise, boosting EU's cybersecurity
industry, financing state-of-the-art cybersecurity equipment and infrastructure”
8. ENISA Guidelines
Technical Guidelines for the implementation of minimum security
measures for Digital Service Providers
Mapping of OES [Operators of Essential Services] Security Requirements to
Specific Sectors
Good practices on interdependencies between OES and DSPs
Guidelines on assessing DSPs and OES compliance to the NISD security
requirements
9. NIS Cooperation Group Guidelines
Reference document on the identification of Operators of Essential Services
Reference document on security measures for Operators of Essential Services
Reference document on Incident Notification for Operators of Essential
Services
Compendium on cyber security of election technology
Guidelines on notification of Operators of Essential Services incidents
Guidelines on notification of Digital Service Providers incidents
Cybersecurity Incident Taxonomy
Guidelines for the Member States on voluntary information exchange on cross-
border dependencies
Risk assessment of 5G networks
10. DevSecOps
Security as Code
Automation
Everyone is responsible
Security added to all business processes (no silos)
Consumable Security Services (API)
Open Contribution & Collaboration
Nation-wide DevSecOps