Here is how the Dpcm scheme in the field of National Cyber Security Perimeter risks creating yet another empty box devoid of credibility and effectiveness. Marco Mayer's intervention
The outline of the Prime Minister's Decree on the Cyber Security National Perimeter (Government Act No. 177) will be examined in the coming days by the Constitutional Affairs and Transport Commissions of the Chamber meeting in joint session.
Will the majority limit themselves to expressing a positive opinion on the draft Decree or will they have the courage to face up to a politically incandescent matter (nationally and internationally) which is cybersecurity and cyberdefence today?
In implementation of a recent law (133 of 2019), the draft decree subject to the upcoming parliamentary examination creates a new body (the inter-ministerial table for National Cyber Security) with the aim of strengthening the weak defense capabilities of our country in the IT and telecommunications sectors with particular attention to critical infrastructures (management of energy resources, defense industry, transport system, financial institutions, etc.).
With the Dpcm the technical CISR (Interministerial Committee for the security of the Republic) established by the 2007 services reform will make use of a new tool: an interministerial table chaired by the deputy director of the Dis in charge of National Cyber Security.
As regards the functions of the new, the provisions of the Decree are extremely general. The framework of the Decree refers to preliminary functions for the definition of the subjects that will be part of the future perimeter of National Security and to any other task that the Interministerial Committee for the Security of the Republic will want to entrust to it.
As you can easily guess with the current definition, the inter-ministerial table could deal with everything or nothing!
As far as we know during the Conte 1 and Conte 2 governments, the CISR (the only collegiate political body on national security that the executive has in Italy) has been used very little despite the important prerogatives that the law entrusts to it.
In fact, the Prime Minister preferred to manage the most delicate – as well as strategic – matters in solitude. Why empty the CISR into a sort of "National Security Council" in which the Ministers of the Interior, Foreign Affairs, Economy, Defense and Economic Development sit?
It would be serious if the political emptying of the CISR (however you want to interpret it) would bring a similar emptying in the technical field.
Marginalizing the new inter-ministerial table for cybernetic national security would in fact mean abandoning the physiological dialectic between political decision-makers and intelligence bodies which fortunately characterizes the functioning of democratic regimes.
How can this risk be avoided? In my opinion, the parliamentary committees should recommend to the President of the Council of Ministers that the final drafting of the decree foresees at least two changes. It is basically a matter of adding to the text (and specifically to article 6) two activities that the "inter-ministerial table" must carry out.
The first task is that it is called upon to examine and assess the risk factors deriving from geographical origin in advance. It is not at all indifferent from where the complex of communications, networks, infrastructures, goods, components and services arrives as defined by this Decree, including the entire supply chain of supplies.
The reports presented by the Prime Minister to Parliament for the years 2018 and 2019 (pursuant to Law 124/2007) have highlighted how the greatest and growing threats in the IT, telecommunications and disinformation campaigns themselves come from specific areas of the planet , such as Russia and Belarus in Europe, Iran, North Korea and China in Asia, Venezuela in Latin America, etc.
The second task, which is also of utmost importance, is that it is up to the inter-ministerial table to monitor whether and to what extent the actors belonging to the perimeter of national cyber security take due account of the directives and technical standards shared by our country in the competent offices. of the EU and NATO.
Without these two additions, the Decree scheme risks creating yet another empty box devoid of credibility and effectiveness.
For some time the Italian government has been trying to demonstrate that it deals with cybersecurity, but the legislative proposals and above all the practice show that so far a real political will has been lacking.
In the coming days, the parliamentary examination of the decree will allow Italian citizens to understand. The Democratic Party, Italia Viva, Leu will have for once the courage not to suffer vetoes from the 5 stars in foreign policy or will they put a good face on a bad game as has just happened for Hong Kong?
he was adviser to the Minister of the Interior on Cybersecurity in 2017/2018. He currently teaches Digital Societies & International Politics at the Luiss Master in Cybersecurity and Global Health & National Security at the Link Campus Master of Intelligence and Security which he directed from January 2015 to June 2020. He was replaced in this role by Professor Umberto Saccone, former Senior Vice President ENI with delegation to Security from 2006 to 2014 and previously manager of SISMI from 1998 to 2005.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/dpcm-cyber-cosa-fara-il-tavolo-interministeriale-per-la-sicurezza-cibernetica/ on Fri, 03 Jul 2020 05:50:52 +0000.