Cybersecurity Italy

An Emerging Cyber Power – Italy

When most people think of the Bel Paese (the Beautiful Country), food, wine, art and fashion come to mind. It’s time to add something to that list – cybersecurity. On March 7, the Embassy of Italy hosted a large, home country delegation, and a few American counterparts, for a full-day cyber conference to showcase the country’s great progress in both applying cyber infrastructure and producing cyber technology. The discussion focused on the importance of Italian-U.S. partnership, and indeed other countries worldwide, in solving the menace of cyber threat.

Ambassador Armando Varricchio opened the day with a multi- and bi-lateral call to arms, noting that our countries must build something new together. Trusted cooperation is critical to the goal and the friendly relationship between our countries (and others in the G7) offers a good foundation for that trust. Undersecretary of State and Minister of Defense, Angelo Tofalo, presented the Italian Cybersecurity Framework (that even leverages some U.S. NIST cyber framework principles), and discussed the new National Center of Evaluation and Certification to raise consistency of standards among cyber practitioners.

Panels of experts discussed cyber developments, challenges and opportunities in industry, defense, government and academia. While many compelling points were covered throughout the day, a few things stood out:

  • Italy has purposely made significant strides in incident response in the last 2-3 years, which earned praise from panelist Thomas McDermott, Deputy Assistant Secretary for Cyber Policy at the U.S. Department of Homeland Security.
  • Emanuele Spoto, CEO of Italian tech leader Telsy, framed the cybercrime ‘market’ as making €600B per year, globally. That’s the equivalent of the entire US military budget! In Italy, that market is worth €10B per year. Countering that requires a cyber crime force of equal size.
  • Italy is proud of its more than 800 small ICT companies, who are innovating solutions to cyber threats. There is a well-developed value chain connecting public administration, universities and small companies, which is essential to building the talent pipeline and enabling continued technological development. Yuri Rassega, Chief Information Security Officer of Italian energy giant ENEL, directly stated that large companies can’t deal with cybersecurity on their own and depend on SMEs in their ecosystem. He noted that “cyber is not a matter of competition. It’s a matter of sustainability for all businesses together.”
  • Commander of the Italian Joint Command for Cyber Operations Francesco Vestito, a highly experienced war fighter and military leader, pointed out that cyber threat is different from any other kind of warfare mankind has seen to date. Cyber attackers strike anywhere, without warning, for unknown reasons, using a continually changing array of weapons. Building a new solution against this kind of adversary takes time and much is still unknown. For instance, he noted that no one yet knows how to certify that an Artificial Intelligence (AI) solution is cyber secure – yet AI is being developed and applied at unprecedented speed and breadth.
  • Another notable difference highlighted, is that the majority of cyber defense, for western countries at least, is run by the private sector; in every other security realm, the government is legitimate provider of security. Witheastern countries like China, cyber defense is government run. It’s unclear which approach brings the stronger advantage, but public-private partnership is more critical than ever for the western model.
  • While technical cyber problems may eventually be solved, content will remain a bigger problem. Specifically, how do we protect ourselves from manipulated content, which strikes at the heart of democracy? A psychological digital gap has resulted from the pace and amount of technological change we’ve seen in a short amount of time. Society is suffering some consequences from that.
  • There was considerable discussion about threats to upcoming EU elections, both from manipulated content and from the risk of direct attacks on election infrastructure. Those in Italian Defense have been working for over a year already to make systems more secure and test platforms used for this critical purpose. Again, maintaining democratic norms was emphasized as a high cultural priority.

I was actually struck by the extent of remarks around values, shared human purpose, and preserving way of life – something not frequently discussed in American business settings. I sensed a sincere call to action based on common interest, tradition and the future.

The bottom line – Italy is both a cyber consumer and growing cyber producer, and wants the world to know it. As cooperative international relationships and progressive efforts are required in the fight against cyber threat, Italy’s significant steps forward are a welcome contribution to addressing a global problem. Ben fatto e buona fortuna!