Vous êtes sur la page 1sur 48

Presidency of the Council of Ministers

NATIONAL STRATEGIC FRAMEWORK


FOR CYBERSPACE SECURITY

December 2013
Presidency of the Council of Ministers

NATIONAL STRATEGIC FRAMEWORK


FOR CYBERSPACE SECURITY

December 2013
INDEX

Foreword.................................................................................................. 5

Executive Summary................................................................................... 9

Chapter 1 The Nature and the Evolving Trends of the Cyber Threat
and of the Vulnerabilities of the National ICT Infrastructures........................ 11

Chapter 2 Tools and Procedures to Strengthen National Cyber


Defence Capability .................................................................................. 19

Annex 1 Public Stakeholders Roles and Mandates................................. 27

Annex 2 Glossary of cybersecurity.......................................................... 40

3
FOREWORD

The advent of the Internet marks our time. Cyberspace has increasingly become the domain
through which the citizens fundamental liberties of information, expression and association are
fulfilled, the transparency of public policies is pursued and the efficiency of public administrations is
stimulated, growth and innovation are attained. In this global virtual arena, billions of connections
are set everyday across geographical borders, knowledge is shared, and the world as we know it is
redesigned at an unprecedented speed.
The security and the prosperity of any Country increasingly depend on the protection of the ICT
networks that host this ever growing wealth of knowledge and connections, and it is therefore more
and more compelling to ensure in cyberspace the respect of the rights and duties already preserved
in the civil society, in the economic fabric of the society, and in the International Community.
The digital arena is not a space outside of the law, and it is our duty to guarantee that also in
this domain the democratic principles and values in which we believe are uphold and the norms
preserving individual liberties, equality and freedom are safeguarded. Likewise, it is only in an
environment of trust and mutual respect that it will be possible to fully reap the opportunities of
growth offered by digital platforms, and to secure the development of an open, safe and reliable
cyberspace for the benefit of our financial system, our companies and our consumers.
The ever-increasing reliance of modern societies on cyberspace implies that the harm occurring
in case of a disruption of the ICT infrastructure or in the event of attacks carried out throughout
the ICT networks could be dreadful at the least. Threats can stem from any point of the world
wide web, and they often hit the weakest links, such as the most vulnerable individuals and the
least protected computer systems and ICT networks. Appalling crimes are carried out through
the world wide web, such as the exchange of child pornography, and online thefts and frauds can
severely damage individual wealth and valuables, hampering the necessary level of trust within
the digital community. Cybercrime is a plague that can cause the bankruptcy of firms and the
theft of their intellectual property, crippling the wealth of an entire nation. We assist with growing
concern to an increasingly insidious threat that exploits ICT vulnerabilities to stealthily steal the
results of our research and development efforts in the field of new technologies and products. For
a country like Italy, which places innovation at the cornerstone of its growth and competitiveness,

5
National strategic framework for cyberspace security

the potential harm is incalculable. Given the growing degree of sophistication of cyber attacks
and the ever-increasing dependency of our infrastructures on ICT networks, our very national
stability and security are at risk. It is therefore essential to ensure the finest possible protection of
our critical ICT assets from attacks that can potentially have devastating effects, as it would be the
case in the event of cyber attacks impeding or subverting the correct functioning of the national
transport system, or of energy grids, or even of our military Command and Control centers. It is
therefore necessary to develop and uphold an innovative defence posture, one that is able to engage
the private sector and leverage its skills in the protection of the critical ICT that the latter owns and
operates, and that factors the cyber dimension of future conflicts in its strategic doctrine and in the
capability planning process.
Networks interdependence, the intrinsic asymmetry of the cyber threat, and the pervasiveness
of cyberspace in all aspects of everyday life are all features that call for a holistic approach and
the synergic efforts of all involved stakeholders if we are to ensure an adequate level of security
in cyberspace. The ultimate objectives must be to strengthen our collective ability to preempt an
attack, to detect it while it happens, to react to it, to mitigate its effects, to attribute its origin, and
to rapidly restore the original functionality, while at the same time retaining the lessons learned
from the case.
At the international level, Italy is fully engaged in multilateral institutions, first of all within
the EU and NATO, as well as with all our bilateral partners, to promote the endorsement and
respect of a set of rules of behavior in the digital arena that is consistent with our values, and to
facilitate the emergence of a shared approach to cyberspace governance, so that the International
Community as a whole can effectively cope with the challenges laying ahead. At the domestic level,
it is of outmost importance the promotion of a well-coordinated and multi-dimensional approach
in order to provide for the convergence of all Public Administrations efforts toward the achievement
of objectives that are mutually reinforcing with those of the private sector and the academia.
In the current financial and economic tightening, we cannot allow for any duplication of
efforts and we must therefore seek any possible synergy, keeping in mind that the budget allocation
that will be necessary constitute not only a net saving if compared with the possible damage cyber

6
Foreword

attacks can entail, but also an extraordinary opportunity of cultural, social and economic growth.
In line with what is set forth in the Prime Ministers Decree of the 24th January 2013, the
present National Cybersecurity Strategic Framework highlights the nature and the evolving trends
of the cyber threat as well as of the vulnerabilities to the national ICT networks, it outlines roles
and tasks of public and private stakeholders involved in cybersecurity, and identifies tools and
procedures to enhance the countrys preparedness to confront head-on the new challenges posed by
cyberspace. The attached National Plan identifies a limited set of priorities, and provides specific
objectives and guidelines in order to give concrete implementation to the Strategic Framework.
With these two documents Italy sets out a strategy around which to coordinate all efforts, so
that we can face with confidence the security threats and challenges stemming from cyberspace,
and pursue our national interest where the wealth of nations will more and more prosper.

7
EXECUTIVE SUMMARY

Following the adoption of the Prime life from simple online payments to
Ministers Decree Containing Strategic the management of strategic and critical
Guidelines for the National Cyber national infrastructures implies that also
Protection and ICT Security of the the cyber threat is becoming more and
24th January 2013, the Cybersecurity more pervasive and subtle, and yet it is still
Working Group was established on the widely unnoticed and underestimated. In
3rd of April 2013 under the auspices of the first chapter, The Nature and the
the Committee for the Security of the Evolving Trends of the Cyber Threat and
Republic, chaired by the Department of the Vulnerabilities of the National ICT
for Intelligence and Security (DIS), and Infrastructures, the major cyber threats
developed this National Cybersecurity and their actors will be acknowledged
Strategic Framework. from cybercrime to cyber espionage and
The Cybersecurity Working Group cyber terrorism, from hacktivism to cyber
saw the active participation of all the sabotage, concluding with cyber warfare
Administrations already represented in and a brief taxonomy of the cyber
the Committee for the Security of the organizational, procedural and technical
Republic (Ministries of Foreign Affairs, vulnerabilities will be proposed.
Interior, Defence, Justice, Economy Cyberspace is a man-made domain
and Finance, Economic Development), essentially composed of ICT nodes and
and included the Agency in charge for networks, hosting and processing an
the Italian Digital Agenda as well as ever-increasing wealth of data of strategic
the Cybersecurity Unit within the Prime importance for States, firms, and citizens
Ministers Office. alike, and for all political, social and
The point of departure of this National economic decision-makers. The second
Cybersecurity Strategic Framework is chapter, Tools and Procedures to
an assessment of todays cyber threat. Strengthen the National Cyber Defence
The growing importance of services Capabilities, identifies six strategic
provided through cyberspace in everyday guidelines around which to converge,

9
National strategic framework for cyberspace security

with a holistic, coherent and synergic and computer systems supporting our
approach, all national efforts, so as to critical and strategic infrastructure; the
enhance the countrys preparedness, facilitation of public-private partnerships;
resilience and reaction capabilities. These the promotion of a Culture of Security
guidelines include: the enhancement of and of cyber hygiene; the improvement
the technical, operational and analytic of our skills to effectively contrast online
expertise of all institutions concerned criminal activities; the full support to
with cybersecurity; the strengthening international cooperation initiatives in
of the cyber protection of ICT networks the field of cybersecurity.

10
CHAPTER 1
THE NATURE AND THE EVOLVING TRENDS
OF THE CYBER THREAT AND OF THE
VULNERABILITIES OF THE NATIONAL ICT
INFRASTRUCTURES

Introduction solutions, even in the most advanced


countries, is not an easy task, and it requires
a broad involvement of the private sector.
Definition
The private sector, in fact, has a key role to
With the term cyberspace we refer to the
play in coming up with possible solutions
complex of all interconnected ICT hardware
to cope with the new challenges and threats
and software infrastructure, to all data stored
stemming from the cyberspace which for
in and transferred through the networks and
the most part it owns and operates. The
all connected users, as well as to all logical
private sector therefore has the interest and
connections however established among
the duty to agree with the public sector on
them. It therefore encompasses the Internet
mutual expectations and responsibilities
and all communication cables, networks
in ensuring the protection of cyberspace.
and connections that support information
Cyberspace has become a domain of
and data processing, including all mobile
strategic importance for the economic,
Internet devices.
social and cultural development of nations,
and it is hence critical to balance the right
A complex challenge mix of pubic and private engagement in its
The very same nature of cyberspace governance and management, taking into
and the related transformation of account at the same time the requirements
contemporary societies brought about by of national security and public order as well
the digital ecosystem are accountable for as the fulfillment of all the individual and
the emergence of unprecedented cultural, economic liberties involved.
social and political issues, which require a Balancing these often diverging
set of coherent, effective and in many cases objectives is a complex endeavor, if one
original solutions. As the International considers for instance how monitoring
Community is still very much divided with the technical functionality of networks is
regard to the principles and values that essential to allow the fulfillment of the
apply to the cyber domain, seeking these right to privacy and the integrity of ones

11
National strategic framework for cyberspace security

communication appliances, or also exercised in and throughout cyberspace,


how it can be difficult to find the right or against cyberspace and its fundamental
balance between the right to privacy and elements. The threat is carried out by means
the fight against criminal activities such of cyber attacks, by which we mean more
as child pornography, drugs smuggling, or less automated actions of individuals
hate incitement or terrorism planning - and organizations, both governmental
crimes that not only hurt individual and and non-governmental, aiming at
social liberties, but also undermine the disrupting, damaging or impeding the
very existence of an open, democratic regular functioning of computer systems,
and free Internet. ICT networks or supervisory control
and data acquisition systems and data
processing, or at compromising the
Objectives
authenticity, the integrity, the availability
The present National Cybersecurity
or the confidentiality of data residing in
Strategic Framework and the related
those systems or transiting through the
National Plan, both foreseen by the
networks.
Prime Ministers Decree Containing
The most sophisticated cyber attacks
Strategic Guidelines for the National
can be carried out through so called cyber-
Cyber Protection and ICT Security of
weapons, that is a malicious software (i.e.
the 24th January 2013, aim at enhancing
malware) designed to damage or alter
the national preparedness to respond to
an IT system with the aim of causing its
present and future challenges affecting
malfunction, or even physical damage.
cyberspace, and are devoted to directing
all national efforts toward common
and agreed solutions, knowing that An insidious threat
cybersecurity is a process rather than an A fundamental characteristic of the
end to itself, that technical innovations cyber threat is its asymmetric nature. The
will always introduce new vulnerabilities attacker:
in the strategic and operational horizon, May strike from anywhere in the
and that the intrinsic nature of the cyber world, as long as he is connected to
threats makes our defence, at least for the Internet;
the time being, mostly although not Exploits one single vulnerability to hack
exclusivelyreactive. into very sophisticated and otherwise
well protected computer systems;
Attacks instantaneously, allowing
The cyber threat and its actors no time to mount an appropriate
reaction;
Definition Can hardly be traced or even detected,
We define the cyber threat as the making it extremely complex for the
complex of malicious conducts that can be defender to put in place a response.

12
The Nature and the Evolving Trends of the Cyber Threat and of the Vulnerabilities of the National ICT Infrastructures

The intrinsic nature of the cyber computing, makes cyber attack potentially
threat, therefore, limits the scope of very lucrative while being relatively risk-free
deterrence, favors the attack over defence, for the attacker. It is therefore no surprise
and requires that all major stakeholders, that the economic impact of cybercrime is
both public and private, implement a quite worrisome. This is especially true for
continuous process of analysis so as to be countries like Italy, for which the theft of
able to update their security standards and the original scientific, technological and
procedures to the evolving operational companies know-how is a direct damage
and technical circumstances. to their existing comparative advantage,
undermining their competitiveness in the
global markets.
Classification of the threat
Computer crime is a growing concern
Depending on the actors involved
also because its illicit profits are often
and the goals pursued, it is possible to
re-invested in the search of new systems
distinguish four kinds of threats:
vulnerabilities and in the development of
Cybercrime: all malicious activities
more sophisticated, efficient and easy-
with a criminal intent carried out
to-use offensive capabilities, making
in cyberspace, such as swindles or
cybercrime a threat of primary importance
internet fraud, identity theft, stealing
for the stability, the prosperity and the
of data or of intellectual property;
security of the country.
Cyber espionage: improper acquisition
of confidential or classified data, not
necessarily of economic or commercial The computer crime market
value; The computer crime market represents
Cyber terrorism: ideologically therefore a very palatable and profitable
motivated exploitations of systems sector for autonomous hackers and for
vulnerabilities with the intent of criminal organizations alike. They both
influencing a state or an international bolster a black market in which it is
organization; possible to trade illegal contents (such as
Cyber warfare: activities and drugs, child pornography or copyrighted
operations carried out in the cyber material) and to sell ready-to-use toolkits
domain with the purpose of achieving for conducting all kind of attacks and
an operational advantage of military exploitations to the computer systems
significance. of choice, either independently or
with the technical support of criminal
organizations. This, in turn, multiplies
The economic impact of cybercrime
the opportunities for felonies against
The ever-increasing volume of
assets (such as swindles, blackmail,
companies data and personal assets
extortions, thefts, etc.), misappropriation
information stored in cyberspace, recently
of confidential information and identity
encouraged by the growing resort to cloud

13
National strategic framework for cyberspace security

data (with the aim, for example, to The role of the State
demand ransoms or commit other kinds Even though the digital arena is a
of violations), recycling of illicit capitals, reality that transcends, from many points
gambling and illegal bets. By the same of view, national borders, states are
token, it is more and more evident the certainly among the main stakeholders
involvement of criminal organizations of cyberspace, because they have the
in cyber espionage activities, often on ultimate responsibility for the protection
behalf of legitimate companies, with the of ICT infrastructures on their own
objective of stealing industrial patent, territory, even if they are owned and
company strategies, market researches, operated mostly by the private sector.
analysis and description of productive States have the human and financial
processes, etc. resources as well as the capability to
organize and manage, overtime, complex

14
The Nature and the Evolving Trends of the Cyber Threat and of the Vulnerabilities of the National ICT Infrastructures

organizations. As such, they are in a Espionage, sabotage, warfare and supply


unique position to mount a robust cyber chain cyber threat
operational capability. The defence of cyber networks
Protecting the military command requires the development of an effective
and control networks and ensuring and uninterrupted capability of
their full operational capability and monitoring and analyzing all ongoing
their resilience has always been a top malicious activities. States are striving
priority for any State. The advent to ensure themselves with this expertise,
of cyberspace, and its key role in either directly or through proxies, and
ensuring the functioning of virtually considering in many cases also the
every national sensitive infrastructure, potential advantages of developing
industrial process and public services, aggressive tools. It is a well-know fact that
has extended the mandate of the State some States already possess the capability
to the protection of all ICT critical to penetrate public and private networks
networks. In fact, the most sophisticated of other States, and use this capability
cyber attacks may not only impair for espionage and in order to map ICT
and paralyze the States most vital systems that could be potential targets in
communication nodes and the provision case of future attacks. In such a situation,
of essential public services, but may also is also highly plausible that certain States
have potentially destructive effects if may consider mobilizing their national
directed against critical infrastructures industry to install through the ICT supply
such as, for instance, the aviation traffic chain components that could allow for
management control system or dams future stealthy cyber exploitation of the
and energy installations supervisory end-user computer systems and ICT
control and management systems, infrastructure.
resulting in great physical damages
and the eventual loss of human life.
Hacktivism
The strategic advantage implicit in the
Some cyber attacks are ideologically
possibility of inflicting a great loss to
motivated and have primarily a
the enemys critical infrastructures by
demonstrative intent, like damaging
striking at great distance makes it very
the image of the target and/or causing
likely that future military confrontation
a temporary malfunctioning of the
will entail the full use of cyberspace. It
attacked ICT systems. Examples of this
is therefore no surprise that nowadays
type of cyber attack are the Distributed
virtually every nation considers it
Denial of Service (DDoS) attacks, that,
relevant in its force planning to foresee
through coordinated attacks originating
the requirements of a cyber defence
from a number of unaware and remotely
capability that is adequate to protect
controlled computer (botnets), cause the
national critical ICT infrastructures.
intentional overload of servers that host

15
National strategic framework for cyberspace security

specific services. Another example is the used to perpetrate activities that would
so-called Web Defacement, that alters be illegal in other conventional domains.
the data of a chosen Internet website with
the specific goal to cause disinformation,
Terrorism
defamation or simply mockery. In other
It is possible that in the next future
cases, hacktivists make use of malware
terrorist groups or individual lone
quite similar to the ones used by hackers
wolves might make use of cyber offence
and computer criminals to surreptitiously
capabilities to hit military and civil
seize data that are owned by the
targets. These cyber weapons might either
government, or that belong to companies
be ready available to terrorists through
or individuals, in order to publically
criminals operating within the computer
expose them, or just to demonstrate the
crime market, or might be developed
computer skills that they have.
independently by the terrorists through a
process of reverse engineering of already
The use of the Internet for illegal activities existing cyber weapons. Fortunately, this
The digital arena is an extraordinary is for the time being only a hypothetical
means to establish connections at the threat, but it is essential to make sure that
global level. There is unfortunately potentially destructive cyber tools remain
also the risk that this communication out of the reach of dangerous users.
platform and the high level of anonymity
it allows are used by some to spread racial
Unexpected event, incident
hate, exchange illegal material (such as,
The full account of threats that stem
for example, child pornography) or plan
from cyberspace is virtually impossible
crimes, civil unrest or terrorist attacks.
because this domain is characterized by
Even if we cannot call these phenomena
continuous technological innovations;
cyber attacks in the literal sense of
therefore unexpected developments might
the word, inasmuch as cyberspace in
confront us with new technological and
this case is only used as a means of
governance challenges demanding a
communication, there is no doubt
collective and systemic effort. Cyberspace
that the inherent lack of attribution
is a man-made domain, and as such it is
allowed by cyberspace makes the threat
potentially flawed. It is therefore necessary
particularly insidious. We cannot
to develop the necessary skills to anticipate
hesitate to clearly assert that the same
and prevent rare and unexpected events,
norms and rules of behavior that already
focusing on the resilience and the business
exist in the civil society fully apply to
continuity of the services that are essential
the cyber domain. The challenge before
for the security and the stability of the
us is therefore to preserve the greatest
country.
possible degree of freedom of expression
while making sure that the Internet is not

16
The Nature and the Evolving Trends of the Cyber Threat and of the Vulnerabilities of the National ICT Infrastructures

Cyber vulnerabilities to ensure continuity of the service and to


minimize the impact of natural events on
Cyber attacks undermine users trust physical infrastructure.
in ICT technologies and impair business Technical vulnerabilities are instead
continuity by exploiting organizational, due to the vulnerabilities of hardware and
procedural and technical vulnerabilities software, and to faults in communication
often in various combinations. protocols. The latter are particularly
Organizational and procedural worrisome when they affect the Domain
vulnerabilities depend both on the Name System (DNS), because they
deficient implementation of protection impact both ends of the systems, that is
against malware such as inappropriate to say the final electronic communication
network design, update of anti-viruses and users as well as the supervisory control
anti-spam software and on the lack of and data acquisition systems of critical
appropriate physical protection intended infrastructures connected to the Internet.

17
National strategic framework for cyberspace security

Such vulnerabilities can cause service granted access to the installations


unavailability, or they can compromise warehouse;
the integrity of the information stored Exclusive use of certified products
and provided by the DNS. In both cases, in order to exclude from the supply
the exploitation of such vulnerabilities has chain foreign retailers considered
extremely serious consequences, possibly at risk; use of up-to-date antivirus
resulting in a grave malfunctioning software; encryption of data and
of fundamental control nodes of the digital signature; identification and
infrastructure. authentication of connected users;
In order to prevent these vulnerabilities monitoring and logging of instances;
from being exploited, we must first of all updating of the access privileges of
set up a risk assessment, mitigation and every user (logical measures);
management plan, which must take into Norms and procedures instructing
account physical, logic and procedural all phases and aspects of the security
cybersecurity measures, and raise processes; definition of roles, tasks
awareness among the personnel through and responsibilities within the
training and education. risk assessment, mitigation and
In principle, key requirements of the management plan; adoption of
cyber security policy should extend to: specific measures that complete
Control of the access to physical and reinforce the technological
installations: in order to minimize the preparedness; recurring controls on
risk of damage, tampering or theft the consistency and reliability of the
of hardware assets, only traceable ICT assets (procedural measures).
and authorized personnel should be

CYBER SECURITY

USER TRAINING, AWARENESS


AND EMPOWERMENT

PHYSICAL
LOGICAL MEASURES
PROCEDURAL

ANALYSIS
T
RISK
MANAGEMEN
MITIGATION

18
CHAPTER 2
TOOLS AND PROCEDURES TO STRENGTHEN
NATIONAL CYBER DEFENCE CAPABILITY

Strategic guidelines

In order to allow the country to fully a joint effort and a coordinated approach
benefit from the social and economic of all key stakeholders of the national
advantages made possible by a safe cybersecurity architecture identified by
cyberspace, and keeping in mind the the Prime Ministers Decree of the 24th
overarching goal of enhancing the nations January 2013, under the coordination
cyber preparedness, resilience and reaction and guidance of the Committee for the
capabilities, this National Cybersecurity Security of the Republic.
Strategic Framework sets out the strategic These guidelines include:
guidelines that must be pursued through

19
National strategic framework for cyberspace security

The enhancement of the The promotion of the Culture


technical, operational and of Security among citizens and
analytic capabilities of all institutions, also leveraging the
institutions concerned with expertise of the academia, so as to
cybersecurity, so as to leverage raise awareness of the cyber threats
the national capability to analyze, among users;
prevent, mitigate and effectively react
to the multi-dimensional cyber threat;

The strengthening of our The reinforcement of our


capabilities to protect critical capability to effectively contrast
infrastructure and strategic online criminal activities, in
assets from cyber attacks, with the compliance with national and
aim also to ensure their business international norms;
continuity and the full compliance
with international requirements,
security standards and protocols

The facilitation of all public- The full support to international


private partnerships designed to cooperation in the field of
actively promote the protection cybersecurity, with a special
of the national intellectual property attention to initiatives underway in
and technological innovation; the International Organizations of
which Italy is a member and with its
Allies.

In accordance with these six strategic guidelines, eleven operational guidelines have
been identified.

20
Tools and Procedures to Strengthen National Cyber Defence Capability

Operational Guidelines

Enhance the expertise of the public interest, and to restore their


intelligence community, the Armed original functionality.
Forces, the Police and of the Civil Increase monitoring and
Protection Department to effectively analytical capabilities in order to be
prevent, identify, react to, manage, able to foresee the potential risks
mitigate and neutralize malicious that technological innovation can
activities targeting national ICT bring about.
networks in order to curb the Develop the capabilities of the
negative impact that these activities Armed Forces to plan and conduct
may have on the systems that computer network operations.
support the provision of services of

Identify the Network and the objective of enhancing


Information Security (NIS) Authority ICT cybersecurity prevails
that will engage at the European on any market competition
level, both with individual member consideration;
states and with the EU Commission, Periodic national exercises
to share information and counter involving, along with public
risks and incidents affecting ICT sector stakeholders, relevant
networks and systems. private sector operators;
Improve public-private Compulsory reporting to
partnerships in order to ensure a competent authorities of
continuous, secure and trustworthy computer incidents occurring
flow of information which would in strategic sectors;
allow the private sector to share The definition of information
information on the attacks and sharing procedures and
incidents occurring in its networks, templates.
and to receive in turn risks and
vulnerabilities assessment to Foresee a regular exchange
strengthen its preparedness. of best practices and lessons
The public-private partnership learned between private and public
will be facilitated by the following stakeholders, with a view also to
specific provisions: facilitate reciprocal understanding
and to foster joint training of
The creation of joint
personnel.
working groups, in which

21
National strategic framework for cyberspace security

Develop a widely shared cyber Enhance and continuously


taxonomy and promote a common evaluate education and on-the-
understanding of cybersecurity job training programs, with a view
terms and concepts in order to to validating existing cybersecurity
enhance interoperability and ease of management and procedures.
communication at the national and Aggregate as much as possible
international level. the training and education efforts
Promote the use of questionnaires around already existing Public
to evaluate the level of situational Administrations learning centers
awareness among stakeholders so (such as the ones of the Armed
as to identify those in need of further Forces), so as to avoid phenomena
training and education efforts. such as the unaware insiders,
Sponsor training and education and to mitigate vulnerabilities
campaign, as well as courses associated with new organizational
designed to raise situational models such as the bring your own
awareness among public and device (BYOD).
private sectors personnel, as well Introduce cybersecurity curricula
as among the general population, in schools of all levels, in order to
in order to spread the knowledge of promote cyber hygiene and the
the threats and the risks stemming Culture of Security.
from cyberspace, and to promote With the support of the academia,
cyber hygiene and a responsible use finalize measures to improve and
of information and communication disseminate security standards and
technologies. requirements for ICT systems and
networks.

Foster Italys participation conduct and rules of behavior


in international initiatives to that clearly identify what is
enhance cybersecurity, both by legitimate under international
joining endeavors underway in law;
the International Organizations At the European level, reinforcing
of which Italy is a member and by the protection of critical and
strengthening ties with friendly and strategic ICT communications
allied nations. Participate actively supporting the single market;
in all relevant international forums achieving a common cyber
and working groups aimed at: resilience capability; curbing
At the global level, defining a cybercrime; developing a
set of international norms of cyberdefence policy and the

22
Tools and Procedures to Strengthen National Cyber Defence Capability

related operational capabilities, strategic interests of both NATO


in line with the goals and means and Italy;
of the Common Security and At the bilateral level, engage
Defence Policy; stimulating with countries of strategic
a solid technological and importance, as well as
industrial base for ICT and with potential recipients of
computer products, in line with multilateral projects of technical
the principles set out in the EU assistance and capacity-building
cybersecurity strategy and with initiatives.
the commitments made in the Participation in cybersecurity
European Council and OSCE; exercises organized by ENISA and
At the Trans-Atlantic level, NATO, with the aim of testing and
ensuring the efficiency and the improving national preparedness,
interoperability of assets devoted also in dealing with cybersecurity
to common defence, and events requiring international
supporting the full integration cooperation.
of the cyber domain in NATO Italys participation in the global
defence planning process and debate about cybersecurity cannot
in the military doctrine, so as ignore the interests of the national
to ensure the deployment of a ICT and cybersecurity industrial
robust capability against cyber base.
attacks targeting the vital and

Attaining the full operational The national CERT (CERT-N),


capability of the National Computer has the task to identify a shared
Emergency Response Team (CERT, communication framework with
as already identified by Article other CERTs as well as to designate
no. 16 of Legislative Decree no. roles, responsibilities and points-
259/2003, and set within the of-contact at the national level to
purview of the Ministry of Economic effectively ensure crisis management
Development), in order to enhance capabilities and the consistency of a
the national capability to survey national cybersecurity community.
and react to potential threats and The national CERT works
actual attacks on the ICT domestic as a cooperative public-private
infrastructure through the creation partnership supporting citizens and
of a secure and trustworthy firms through situational awareness
exchange of information. and prevention campaigns, and

23
National strategic framework for cyberspace security

acting as the coordination point in Emergency Response Team (CERT-


the response to large-scale cyber PA), which represents the evolution
events. of the CERT developed with the
Activation of all appropriate Public System of Connectivity (SPC)
cooperation mechanisms at the established by the Presidential
national and international level, Decree of the 1st April 2008. The
making the national CERT the main CERT-PA is the designated first
interface of other public and private point of contact for all Public
CERTs operating both domestically Administrations, which will report
and outside national borders, to the national CERT in accordance
including the European CERT. with specific unitary models and
Development of a communication procedures. The CERT-PA works in
platform to facilitate, both at the coordination with the other Public
technical and at the functional Administrations CERTs at the
level, communications among all European level through exchanges of
CERTs, so as to ensure timely and information and agreed procedures.
effective interaction between all The CERT of the Armed Forces
stakeholders involved in preventing follows the technical, functional
and countering malicious cyber and procedural developments
activity. and guidelines of the NATO
Development and attainment of Computer Incident Response
the full operational capability of the Capability (NCIRC), and it will
Public Administrations Computer be fully integrated in the military
operational planning.

Ensure effectiveness of cyber proposals that adapt to the rapid


security countermeasures by means progress of information technology.
of organisational and regulatory

Establishment of security the national territory. These


standards and requirements for standards and procedures should
products and systems implementing always guarantee international
security protocols. Introduction of interoperability, especially with
processes to certify the compliance NATO and UE countries.
to these security standards and, Establishment and adoption of
where appropriate, implementation technical norms to guarantee the
of new procedures for the security of information (integrity,
procurement of ICT products on

24
The Nature and the Evolving Trends of the Cyber Threat and of the Vulnerabilities of the National ICT Infrastructures

availability and privacy) by Improvement of the support


introducing of a methodology for to ICT users, also through the
ensuring the secure design of ICT introduction of suitable market
products and systems. incentive aimed at promoting the
security of available products.

Cooperation with the industrial swift process of procurement,


sector for the adoption of security evaluation, verification and
protocols aimed at protecting ICT certification of ICT products, which
networks and products, as well as has to keep the pace with the rapid
innovative technologies. Planning innovations that characterizes the
of public services of assistance and sector.
support, in particular to small and Envisaging incentives to
medium enterprises. stimulate the national ICT industrial
Definition and identification competitiveness: focusing the
of best practices and procedures activities of R&D and of the national
to mitigate supply chain risks and Centers of Excellence on sectors that
creation of audit mechanisms to are deemed strategic for the Armed
verify the reliability of ICT products Forces or have a potential operative
and vendors. impact, such as the development of
Development, within the Public resilient and secure ICT products
Administration, of a flexible and and software.

Since the cyberspace is at the same of prevention and response


time the means and the object of to cyber attacks. An effective
strategic communication, ensuring institutional communication of
consistency between strategic national dissuasion and deterrence
communication and the activities capabilities in cyberspace may
carried out in the cyber domain work as a disincentive to potential
may strengthen the effectiveness adversaries and criminals.
of the countrys instruments

Allocation of adequate human, the achievement of the short and


financial, technological and logistic medium term strategic objectives
resources to the strategic sectors envisaged in this National
of the Public Administration that Cybersecurity Strategic Framework.
are the most directly involved in

25
National strategic framework for cyberspace security

Implementation of a national Identify potential risks;


integrated system of information Elaborate risk management
risk management which is able to: policies and procedures.
Establish an effective national
structure for preventing and
managing risk;

The central Role of the Public-Private Partnership (PPP)

As envisaged in the Prime Ministers to cyber security;


Decree Containing Strategic Guidelines Collaborate to the management
for the National Cyber Protection and of a cyber crisis by restoring the
ICT Security of the 24th January 2013, functionality of the networks and
public and private operators providing systems they operate.
public networks of communications or The public-private partnerships
electronic communication services to the therefore an essential component
public, operating national and European for ensuring the success of any cyber
critical infrastructures depending on ITC security strategy. In modern economic
systems are among the main stakeholders and institutional systems the majority
of the national architecture to guarantee of essential public services and national
cyber protection and national IT security. strategic infrastructures are managed by
According to the aforementioned the private sector. The cooperation with
Prime Ministers Decree, such subjects are these actors has been ensured through
obliged to: ad hoc agreements with the aim to
Communicate to the Cybersecurity substantiate even further the cooperation
Unit every significant security and in this context. In light of further progress,
integrity violation of their own to be pursued through an incremental
computer systems; process, the synergies with the private
Adopt all the best practices and sector should be extended so as to
measures necessary to pursue cyber include all entities that, independently
security; of their size, are of strategic value for the
Share information with the agencies scientific, technological, industrial and
for intelligence and security and allow economic progress of the country.
access to databases that are relevant

26
ANNEX 1
PUBLIC STAKEHOLDERS ROLES AND
MANDATES

The Prime Ministers Decree of at Working Level (the so called Technical


the 24th January 2013 outlined the CISR) is in charge of the verification of
institutional architecture devoted to cyber the timely and correct implementation of
protection and ICT security, one in which the National Plan for cybersecurity, which
the various stakeholders involved, both complements the National Cybersecurity
from the private and the public sectors, Strategic Framework.
act in an integrated and consistent way so Supporting the political level is the
as to mitigate cyberspace vulnerabilities, national intelligence community, that
identify threats, prevent risks and enhance gathers intelligence, produces all-source
the national capability to counter crisis analysis, evaluations and forecasts
situations. about the cyber threat, contributes
At the top of such architecture is to the promotion of cybersecurity
the Prime Minister, who adopts the awareness and education, and provides
present National Cybersecurity Strategic relevant information and alerts to the
Framework and the National Plan, and Cybersecurity Unit and to other public
who ensures its practical implementation and private stakeholders.
through the adoption of specific The Cybersecurity Unit is established
directives. The Prime Minister is supported within the Prime Minister Military
in this endeavor by the Committee for the Advisors Office with the mandate of
Security of the Republic (CISR), which coordinating the various institutions
may propose the adoption of legislative that compose the national cybersecurity
initiatives, approves the guidelines to architecture, preventing and preparing
foster public-private partnerships, the for situations of crisis, and for early
policies for enhancing info-sharing warning. Notwithstanding the primary
arrangements and the endorsement responsibility of each Administration for
of best practices, and approves other the ownership, custody, protection and
measures to strengthen cybersecurity. The data processing of their database and
Committee for the Security of the Republic digital archives, the Cybersecurity Unit:

27
National strategic framework for cyberspace security

Promotes, with the full participation -concerning significant cyber incidents


of the relevant public and private regarding security violation or loss of
stakeholders, contingency planning integrity. Private operators cooperate
activities and the preparation of crisis actively in crisis management and
management operations in response to contribute to the restoration of
crises affecting cyberspace; elaborates the functionality of systems and of
inter-ministerial coordinating networks they operate;
procedures to manage crisis; Promotes and coordinates the
Ensures a 24/7 Alert and Response Cell; execution of inter-ministerial drills and
Evaluates and promotes procedures Italys participation in international
for ensuring info-sharing and early exercises;
warning alerts for crisis management; Is the national point-of-contact in
Receives notice - including from cyber crisis situations involving the
private operators providing public United Nations, the EU, NATO as well
ICT networks or publicly accessible as other International Organizations
computer communication services, and countries.
or that manage relevant national In order to activate the response and
and European critical infrastructures restoring procedures, the Cybersecurity

28
Public Stakeholders Roles and Mandates

Unit receives warnings of cybersecurity national cyber crisis, and activates the
incident and disseminates the relative Inter-ministerial Situation and Planning
alarms. In the event of an incident of a Unit in its Inter-ministerial Cyber Crisis
magnitude, intensity or nature such that Unit composition. This ensures that all
it is considered of national security rele- stakeholders response and stabilization
vance, or it cannot be dealt with by the in- activities are coordinated, and ensures
dividual concerned Administrations and the full support of the national Computer
it therefore requires a coordinated inter- Emergency Response Team (CERT) set
ministerial response, the Cybersecurity within the purview of the Ministry of
Unit declares the so-called situation of Economic Development.

29
National strategic framework for cyberspace security

ROLES AND TASKS OF THE DIFFERENT


PUBLIC ENTITIES

THE AGENCY FOR DIGITAL ITALY

In charge of attaining the goals set out in the Italian Digital Agenda through the
monitoring of the ICT development plans of Public Administrations and the promotion
of annual reviews, in line with the European Digital Agenda Program.

Is in charge of planning and coordinating national territory and fully integrated


all strategic initiatives aimed at providing at an European level. In particular,
access to Public Administrations online this activity focuses on database
services to citizens and firms in the most of national interest such as those
effective way; identified as critical by Art. 2-bis of the
Decree Law no. 179/2012 as amended
Identifies objectives, technical
by the conversion law no. 221/2012;
regulations, and guidelines regarding
IT security and taxonomy, as well as Operates the CERT-SPC (Computer
procedures and standards (including Emergency Response Team of the Public
open standards), so as to guarantee System of Connectivity), managing
full interoperability and cooperation its transformation in the CERT-PA
among the Public Administration (Computer Emergency Response Team
computer systems and between these of the Public Administration), that
and the EUs (Decree Law no. 83/2012, ensures the cybersecurity and inter-
Art. 20 (3) (b); connection of Public Administrations
information systems, coordinating
Ensures the technical quality and the
all different players involved in
security of the Public Administrations
security management (ICT-ULS,
computer systems and ICT
SOC, CERTs), in respect of their
connections, so as to safeguard the
respective competences. The CERT-
integrity, availability and privacy of its
PA cooperates with the national CERT
databases, of digital archives, and of
and with the Armed Forces CERT for
the services provided to citizens, in a
the achievement of national security
way that is consistent throughout the
objectives;

30
Public Stakeholders Roles and Mandates

Is the national hub in charge for Looks after the promotion and
fostering Italys participation in diffusion of computer literacy
European and national programs campaigns through innovative
devoted to the development of the IT educational technologies for citizens
society; and civil servants, concluding to that
end appropriate agreements with the
Follows the digitalization of
Higher Educational Institute for Public
administrative documents, oversees
Administration (Scuola Superiore della
the quality of IT-related services and
Pubblica Amministrazione) and the
the spending efficiency in IT Public
Centre for Services, Assistance, Studies
procurement, contributes to the
and Training for the Modernization of
diffusion and use of ICTs to foster
the Public Administration (Formez-
innovation and economic growth,
PA).
also promoting the diffusion of new
generations networks.

31
National strategic framework for cyberspace security

PRESIDENCY OF THE COUNCIL OF MINISTERS


DIS, AISE, AISI

Intelligence collection finalized to strengthening national cyberspace protection


and IT security.

The Department for Intelligence and reports originated by the two


and Security (DIS) and the two Agencies, the Police, the Armed
intelligence Agencies carry out their Forces, all Public Administrations
activities in the field of cybersecurity and public and private research
by making use of the tools, means Institutes, all-sources intelligence,
and procedures set forward by Law and data gathered from Public
no. 124/2007, as amended as by Law Administrations and public utilities
no. 133/2012. To that end, following service providers;
the Prime Ministers directives for the
In full compliance with the
strengthening of intelligence collection
Prime Ministers Decree of the
activities for the protection of physical
24th January 2013, it provides
and intangible ICT critical national
for the transmission of relevant
infrastructure, and taking into account
information and alerts regarding
the general guidelines and objectives
cybersecurity issues to the
put forward by the Committee for the
Cybersecurity Unit, to Public
Security of the Republic (CISR), the
Administrations and to other
General Director of DIS coordinates
subjects, including in the private
all intelligence collection activities to
sector, interested in the acquisition
bolster national cyberspace protection
of such security information;
and ICT security.
On the basis of what is foreseen
The Department for Intelligence and
in the Prime Ministers Decree
Security, through its various offices:
of the 22nd July 2011, defines
Ensures the support to the Director the cybersecurity requirements
Generals coordinating role; that need to be adopted for the
protection of ICT systems and
Provides analysis, assessment
infrastructures that store and
and previsions regarding the
process classified or secreted
cyber threat, taking into account
information, issuing the required
relevant information, analyses
technical homologations and

32
Public Stakeholders Roles and Mandates

evaluating eventual security services providers allow DIS and the


violations or breaches of classified two Agencies to access their digital
information following accidental databases and archives in line with
or intentional events; the procedures defined in the Prime
Ministers Decree no. 4/2009;
Together with the two Agencies, acting
in their respective competences, and Encourages every initiative aimed
in line with the guidelines defined by at promoting and spreading the
the Prime Minister and the specific knowledge and the awareness of the
research objectives set out by the cyber threats and the measures to
General Director of DIS, carries out mitigate them, also following the
the information gathering activity and recommendations of the Scientific
its elaboration for the national cyber Committee;
protection and the ICT security.
Composes the national security
Together with the two Agencies, it document highlighting the activities
interacts with Public Administrations for the defense of the critical, physical
and public services providers, as well and intangible infrastructures, the
as with Universities and research national cyberspace protection and IT
institutes, instructing to that end security, that is annexed to the Annual
appropriate agreements. The Public Report to the Parliament on national
Administrations and the public security strategy and policies.

33
National strategic framework for cyberspace security

MINISTRY OF FOREIGN AFFAIRS

The Ministry of Foreign Affairs is responsible for representing the Italian national
position within uppermost multilateral and international political forums.

Ensures a coherent promotion Cooperates for the swift introduction


and safeguard of Italian national at the domestic level of international
interests in cybersecurity issues in all obligations undertaken by Italy and of
international forums and at all levels; the guidelines emerging in the subject
Coordinates Italian participation matter in all international forums (i.e.
and efforts in the various multilateral soft law, CSBM);
forums of discussion on cybersecurity Coordinates and ensure the services
issues, also encompassing the and the activities - also with respect to
contribution of the private sector and the education and awareness raising
of the academia; of its employees - for enhancing
Negotiates, involving other national the protection, the resiliency and
relevant authorities, all international the efficiency of ICT systems of the
agreements and arrangements on the Ministry and the diplomatic and
subject matter, verifying their coherence consular ICT network;
and their suitability with respect to the Participates in the security communities
wider national strategic guidelines for of the Public Connectivity System
the projection of national interest in (CERT-SPC, now CERT-PA) through
its various international formulations the Ministry of External Affairs CERT
(security policies, human rights and (the so called Local Security Unit),
fundamental liberties protection, already officially accredited to the
countering of transnational threats, CERT-SPC.
safeguard and development of the
financial, economic and commercial
exchanges, etc.);

34
Public Stakeholders Roles and Mandates

MINISTRY OF INTERIOR
National Public Security Authority

Law enforcement and public order, public rescue and civil protection, contrast
to threats that involve or stem from cyberspace and that affect the population, the
institutions, the firms or business continuity of the Government.

Ensures, through the Public Security the exclusive or prominent means to


Department, the prevention and the execute those crimes has been the
contrast of cybercrime; distorted use of the computer systems
or of the ICT tools;
Guarantees, through the Postal and
Communication Police, the integrity Contributes to the prevention and
and the correct functioning of the ICT hindering of terrorist activities and
network, here included the protection of support to terrorism executed by
of critical ICT infrastructures means of computer systems and ICT
(through the National Anti-crime networks;
Computer Centre for the Protection
Ensures preventive and hindering
of Critical Infrastructure - CNAIPIC),
activities against the wider range of
the prevention and the contrast of
cybercrimes;
computer attacks to strategic assets of
the country, the security and reliability Preempts cybercrime by promoting
of telecommunication services, the awareness-raising campaigns to
hindering of online child pornography inform citizens about cybersecurity
and of crimes affecting means of threats.
payment and copyright whenever

35
National strategic framework for cyberspace security

MINISTRY OF DEFENCE

Defence of the State, peace-enforcing and peace-keeping operations, support in


safeguarding the freedom of national institutions.

Defines and coordinates the Supports the prevention and the


military policies and strategies, the contrast of terrorist activities and of
cyber governance and the military support to terrorism executed by means
capabilities in the cyber domain; of computer systems and ICT networks
against the Armed Forceson the national
Plans, executes and sustains
territory and in-theatre, as foreseen in
Computer Network Operations
Law no. 124/2007 and subsequent
(CNO) in the cyber domain in order
amendments;
to prevent, localize, defend (actively
and in-depth), oppose and neutralize Ensures all those services and
all threats and/or hostile actions activities necessary to guarantee the
in the cyber domain targeting ICT protection, resilience and efficiency
networks, computer systems and of military assets and installations,
services on the national territory and contributes to reaction and
or in-theatre. In this context, the stabilization activities carried out
Ministry of Defence negotiates in case of crisis situations affecting
memoranda of understanding and cyberspace, working as the link
international agreements concerning between the CERT of the Ministry
the norms and rules of engagement of Defence, the National CERT and
governing the subject matter, NATOs Computer Incident Response
and coordinates its cyberdefence Capability (NCIRC);
activities with NATO, the UE and the
Contributes to the prevention and
Defence Forces of allied and friendly
contrast of cyber attacks targeting
countries;
ICT systems of national strategic
Contributes to the intelligence relevance;
gathering in support of in-theatre
Ensures the training and education
cyber operations of the Armed Forces,
of its personnel and makes available
as foreseen in Law no. 124/2007 and
its own training centers to other
subsequent amendments;
Administrations.

36
Public Stakeholders Roles and Mandates

MINISTRY OF ECONOMY AND FINANCE

Protects national savings in their wider sense (the regulation of financial markets
to state-participated companies), manages the verification and collection of taxes
through the Central Tax Records.

MEF, as a whole and through its accredited among the CERT-SPC -


Departments, the Fiscal Agencies that takes care of the coordination
and the Italian Finance Police, is of the activities of prevention and
responsible for various National management of incidents within the
Critical Computer Infrastructures and SPC;
is provided with a complex security
Within the MEF, there are several
organization;
divisions in charge of guaranteeing the
Actively participates in the security security of cyber networks and systems
communities of the Public Connectivity through the prevention and repression
System (SPC), by means of the so called of financial and economic fraud
Local Security Units - ULS MEF/ carried out through IT networks and
Sogei and ULS DF/Sogei, officially the Internet (Italian Financial Police).

37
National strategic framework for cyberspace security

MINISTRY OF ECONOMIC DEVELOPMENT


Communication Department

Promotes, develops and regulates electronic communications.

It is the national Authority in charge Communications and Information


of the regulations in matters of Technologies (Istituto Superiore
security and integrity of electronic delle Comunicazioni e delle
communication system as set in Tecnologie dellInformazione-
Art. 16 bis of Legislative Decree no. ISCOM).
259/2003 and cooperates with other ISCOM is:
national and international bodies in Is the Certification Authority of IT
this subject; Security (OCSI);
As set in the above mentioned law, the Participates in the activities
Ministry of Economic Development: promoted by ENISA for
the protection of critical IT
Identifies technical and
infrastructures;
organization measures for the
Participates in the works of several
security and integrity of the
international and European bodies
networks and verifies that the
involved in the issue of Internet
networks operators and the
Governance;
suppliers of ITC services comply
Is in the charge of the surveillance
with them;
of country-code top-level domains
Collects from the networks
in the context of the Italian Registry
operators and the suppliers of
of ccTLD .it;
ITC services notifications of severe
Is involved in the European
cyber incidents and forward them
program safer Internet;
to the EU Commission and ENISA;
Carries out research activities
Operates the national CERT
in cooperation with research
(CERT-N);
centers and Universities in
Represents Italy at ENISA - through
various fields regarding electronic
the Director of the Institute for

38
Public Stakeholders Roles and Mandates

communications so as to the Head of the Telecommunication


highlight concrete actions for the Department is in charge of the Culture
implementation of the objectives of Security education, the reporting of
pursued by the European Digital the set of compulsory services that the
Agenda. Internet Service Providers (ISPs) must
The Permanent Observatory for make available to the Law Enforcement
Security and Protection of Networks Authorities; the promotion to the
and Communications chaired by Internet access, etc.

39
ANNEX 2
GLOSSARY OF CYBERSECURITY

AGCOM The Communications CERT Computer Emergency Response


Regulatory Authority Team
The two main tasks assigned to this Organization with the tasks of
independent Authority by Law no. preventing cyber incidents and
249/1997 are to ensure equitable coordinating response to cyber events.
conditions for fair market competition Several CERTs also carry out training
and to protect fundamental rights of and information functions for ICT
all citizens. users.
APT Advanced Persistent Threat CERT-PA Computer Emergency Response
A threat entailing a targeted attack, Team Public Administration
aimed at installing a number of Evolution of the CERT-SPC (see
malwares in the networks of the target next paragraph) with a competence
in order to establish links necessary extended to Public Administrations
for remotely exfiltrating relevant ICT and computer systems and to
information from the networks of the all its services, in addition to the
targeted entity. interconnecting networks. It has the
task of supporting and coordinating
BYOD Bring Your Own Device
the Public Administration in preventing
A policy allowing company employees
to, responding to, and recovering from
to bring their own mobile devices
cyber incidents.
(laptops, smart phones, tablets, etc.)
to their workplace and using them in CERT-SPC Computer Emergency
Response Team System of Public
order to have access to information
Connectivity
and corporate applications, i.e.
The structure responsible, at the national
emails.
level, for preventing, monitoring,
ccTLD Country Code Top Level Domain ensuring information sharing and
The last part of the Internet domain analysis of the security incidents within
name used by a State. It consists of the Public Administration SPC. It
two letters: .it for Italy. has also the mandate of ensuring the

40
Glossary of cybersecurity

implementation of a coherent and non-authorized activities carried out


uniform methodology for managing against computer networks and IT
ICT incidents. The CERT-SPC is systems.
primary point of contact for all Local CNE Computer Network Exploitation
Units of Security (ULS) established for Operations carried out in cyberspace
each network domain connected with in order to extract information from
the SPC. targeted ICT networks or computer
CNA Computer Network Attack systems. They are intelligence gathering
Activities that are conducted in and activities, or actions preparing the
through the cyberspace in order execution of a cyber attack.
to manipulate, obstruct, deny, CNO Computer Network Operation
downgrade or destroy information This term generally encompasses
stored in the ICT networks or in Computer Network Attack (CNA),
the computer systems, or the ICT Computer Network Defence (CND)
networks or in the computer systems and Computer Network Exploitation
themselves. (CNE).
CNAIPIC National Anti-crime Computer CPS Cyber Physical System
Centre for the Protection of Critical
Infrastructure ICT networks and computer
The CNAIPIC, established by Law no. systems supporting, managing and
155/2005 and with a Decree of the supervising physical assets such as civil
Minister of the Interior of 9th February infrastructures, aerospace, transports,
2008, is set within the Service of Postal health care, energy and production
Police and Communications, which is processes.
responsible for the security and the CSBM Confidence and Security Building
integrity of IT communications of Measures
the Ministry of the Interior, National Measures aimed at preventing or
Authority of Public Security. The resolving hostilities among States,
Centre, as provided for by law, is and at avoiding their worsening by
responsible for ensuring prevention developing mutual confidence. Such
and repression of cyber crimes against measures can have formal or informal,
critical infrastructures or ICT assets bilateral or multilateral, military or
of national relevance, even through political nature.
partnership agreements with the DoS Denial of Service
structures concerned. Attack aimed at making a
CND Computer Network Defence computerized system or resource
Actions taken by using computer unavailable to legitimate users by
networks for protecting, monitoring, saturating and overloading servers
analyzing, detecting, and hindering network connections.

41
National strategic framework for cyberspace security

DDoS Distributed Denial of Service societal functions. The damage to a


A DoS attack launched by several critical infrastructure, its destruction
compromised and infected systems or disruption may have a significant
(Botnets). negative impact for the security of the
DF Digital Forensics EU and the well-being of its citizens
A discipline also called computer (Art. 2 lit. b) (Directive 2008/114/
forensics that deals with identifying, CE).
storing, analyzing, and reporting ICE European Critical Infrastructures
computer finds, in order to present Critical structure within the EU
valid digital evidence that can member States whose damage or
be submitted in civil or criminal destruction can have a significant
proceedings. impact on at least two member states.
DNS Domain Name System The relevance of such an impact is
A classification system of domain assessed comprehensively, that is to
consisting of a distributed database say in terms of the impacts on other
converting automatically a website sectors, including the impact on other
address into a Internet Protocol sectors related to other infrastructures
numerical code (IP address), which (Art. 2 lit. e) (Directive 2008/114/CE).
identifies the server web hosting the Social Engineering
site. Art of manipulating the psyche of
ENISA European Network and people in order to force them to
Information Security Agency carry out specific actions or disclose
An Agency of the European Union confidential information, such as the
established to foster ICT security login credentials to computerized
through technical counseling systems.
to national authorities and EU IoE Internet of Everything
institutions, to facilitate the sharing A network where people, objects,
of best practices as well as the data and processes are connected
emergence of a community of ICT to one another through the Internet,
security practitioners, and to promote and where information is transformed
the Culture of Security. into actions in real time, thus creating
Exploit new and as today unforeseen business
A code using a bug or a vulnerability opportunities.
of a computerized system. IoT Internet of Things
IC Critical Infrastructures A buzz word referred to the extension
Critical infrastructure is an asset of the Internet to the world of objects,
or system within the EU which is which become remotely accessible
essential for the maintenance of vital through the Internet and are therefore

42
Glossary of cybersecurity

able to communicate information to access a false website. The phisher


about themselves connecting to other uses the data it gets to acquire goods,
objects and users. The objective is to transfer money or only as a bridge
ensure that the Internet traces a map for further attacks.
of the real world, giving an electronic Reverse engineering
identity to things and places in the An analysis designed to understand the
physical environment. The potential functioning of hardware and software
applications of the IoT are multiple: products in order to reengineer
from the industrial applications them, for example, to enhance their
(productive processes), to logistics functions or in order to use them for
and info mobility, up to the energetic different and further aims with respect
efficiency, remote assistance and to the original ones.
environment protection.
SCADA Supervisory Control and Data
ISP Internet Service Provider Acquisition
A company that provides commercial Systems employed in the monitoring
internet access and other services and control of plants and equipment in
through a telephone line such as sectors such as traffic control (air, rail,
Dialup and ISDN or broadband automobile), the control of systems
connections like optical fibers or DSL. of fluid stransportation (aqueducts,
Malware pipelines, etc.), of the distribution
Contraction of Malicious software. of the electrical energy, managing
A program injected in a computer production lines that realize industrial
system, generally surreptitiously, with processes and remote environmental
the intention of compromising privacy, detection surveys.
integrity or the availability of data, of SOC Security Operations Center
the applications or of the operative A center that provides services aimed
systems of the target. To this general at the security of computer systems
category belong, for example: viruses, in firms (internal SOC) or external
worm, trojans, backdoor, spyware, clients. A SOC can also supply
dialer, hijacker, rootkit, scareware, incident response services: in this case
rabbit, keylogger, logic bombs, etc. it acts as a Computer Security Incident
Phishing Response Team(CSIRT), even if this
A cyber attack having, generally, as function often depends on a separate
objective the wheedling of sensitive entity within the firm.
information (user-id, password, credit TCP/IP Transmission Control Protocol/
card numbers, PIN) by sending false Internet Protocol
emails to a large number of addresses. A set of standard protocol developed
The emails are designed to convince in the second half of the' 70s by the
the receivers to open an attachment or Defence Advanced Research Project

43
National strategic framework for cyberspace security

Agency (DARPA), with the aim of consisting of a firewall, an antivirus


allowing communication among software, and systems to filter spam
different types of computers and and its contents.
computer networks. TCP/IP is, still Web defacement
today, used by the Internet. An attack carried out against a
UTM Unified Threat Management website and consisting in modifying
An integrated security product the contents of the homepage or of
to protect from multiple threats, other pages of the website.

44