But there are new tasks in sight for those who have to “stamp” the technology. Roberto Viola, head of the European Commission’s Directorate-General Connect (which deals with networks and technology), explained to Itasec that in September Brussels wants to put pen to paper a scheme of generalized certification of the information security of technological products. “SWithout creating new infrastructures, in the production cycles we foresee a cyber validation, which will add to the existing regulations, for example on toxicity, and will apply to all products“, From the refrigerator connected to the toys, Viola specified, up to”to standalone software. In these weeks we are finalizing the proposal that will see the light after the summer”.
Investing in startups
At the EU level, the new directive on IT security, Nis2, has just been approved by the Permanent Representatives Committee of the Council of the Union and is ready to vote in the European Parliament, which will dramatically expand the number of companies and entities required to comply with precise cybersecurity terms and conditions. Nis2 is also needed to create the foundation for national policy on coordinated disclosure of vulnerabilities (coordinated vulnerability disclosurecvd), one of the 82 implementation measures of the National Cybersecurity Strategy 2022-26, freshly approved. “We are strong supporters of the cvd – Baldoni said -. As soon as the transposition of NIS2 starts, we will understand with the ministries of Justice and the Interior how to implement this type of rule, which is slightly in conflict with our penal code.”.
The strategy also includes a investment plan to develop spinoffs and startups in the cyber sector. “At the end of July I think we will be able to have a plan”, Baldoni anticipated. The strategy includes support for small businesses, tax relief for those who adopt technologies or training programs and investments to increase international patents. Luca Nicoletti, who at Acn directs the area for industrial, technological, research and training programs, there are open channels with the National fund for innovation of Cassa Depositi e Prestiti to grow innovative companies.
A cyber risk indexalong the lines of that European Commission developed by the Community Agency for Information Security (Enisa), to also develop the market for policies against cyber risks. “We deal with resilience, we must manage and introduce a culture of cyber risk management within our country in all its aspects – Baldoni said –. In this we do something different from those who fight against cybercrime. In case of accidents, the Postal Police aims to prosecute those who have made that type of operations, while our task is to understand the technical point of view, to alert those who may suffer consequences, to help the victims to recover.”.
From the PNRR they will come 623 million to develop the agency’s projects. Among these theHypersoc, a center for security operations that is able to automatically collect the signals of events recorded by all connected parties to relate them and have a complete and generalized view of the current situation. “We aim to make it to the end of the year with a prototype”Explained Gianluca Galasso, director of Acn’s Operations / Csirt service. While 30 million, Nicoletti said, go up supercomputing projects.