Cybersecurity Cybersecuri y inITALY ITA LY · security perimeter, promoting our research and industrial systems, and engaging in cyber-diplomacy while remaining committed to an accessible,

Cybersecurityin ITALY

yyCCCCCCCCCCCyybbbbbbbbbbbbbbeeeerrrrrrrrrssssssssseeeeccccccccccccccccuuuuurrrrrrrrrrriiiiiiiiiiiiCCCCCCCCCCCCyyyyyyyyyyyyyyyybbbbbbbbbbbeeeeeeeeerrrrrrrsssssseeeeeeeccccccurrrrriiiiiiiiiiinnnnnn IIIIITTTTTTTTTTTTTTTTTAAAAAAAAAAAAAAAAAAATATTATTATTATTATTATTATTATTATTAT LLLLLYYYYYYYYYYYYYYYYYYYLYLLYLLYLLYLLYL

New opportunities for business

Cibersecurity_2.qxp_Layout 1 19/09/19 12:33 Pagina I

Ministry of Foreign Affairsand International Cooperation

Cibersecurity_2.qxp_Layout 1 19/09/19 12:33 Pagina II

IndexForeword 2

Cybersecurity: challenges and opportunities 4

Italian cybersecurity architecture 6

Research and Innovation 18

Economic trends 24

New opportunities for business

Cybersecurityin ITALY

Cibersecurity_2.qxp_Layout 1 19/09/19 12:33 Pagina 1

2

Foreword

Digital transformationhas an impact on eachand every piece of oureconomy and of oursociety. It broke downborders onceinsurmountable and it

permanently changed theway we see the world. Itgenerated a new form ofspace –the “cyberspace”–that has became a centralpart of our life as well asa precondition for growth.Cyberspace createsunforeseen opportunitiesbut it also exposes us todisruptive consequences.Nevertheless, we mustface the challenges ofinnovation.Building a nationalcybersecurity structuremeans seizing theopportunities andmitigating the risks


through a more effectivepreparation at strategicand organizational level,and embracingtechnological innovationby implementing solidsecurity principles.Threats’ prevention andresponse are essential,but not enough.Governing bodies,companies, families, andcitizens must all play theirrole in protecting thesystem.I am honored to leadItaly’s intergovernmentalcybersecurity defensesystem. All initiatives,

both at public and privatelevel, are part of a uniqueframework of interventionfor a coordinated andsustainable growth ofcybersecurity standardsnationwide, especially forour strategic assets.We push for a culturalchange that involves oursociety as a whole,making cybersecurity partof our mind-set. We foster synergiesbetween scientific andindustrial champions tobuild a national cyberecosystem aimed atincreasing growth and

promoting ICT innovationfor a more resilientcountry. The outcome is a“cyber made-in-Italy” thatwe promote through ourdiplomatic network andwe are willing to sharewith our trade partners.We cannot imagine theperfect recipe. Incyberspace zero-risk doesnot exist. But we havemany reasons to look atthe future withconfidence.

ITALIAN PRIME MINISTERGiuseppe Conte

ITATAT LIAIAI N PRIME MINISISI TETET REREGiGiG usepepe pppp e CoCoC nte

3


In times of ever-increasingdependence on digitalsolutions in an increasinglyinterconnected world, it hasbecome apparent thatsociety has become morevulnerable. The currenttechnological revolution andits global effects imply theneed in Itayl and elsewhereto tackle commonopportunities and challengesthrough a systemic approachthat must include publicinstitutions, companies,academia and individualcitizens.

A common, generalchallenge when it comes tocybersecurity is creating a

clear legal framework andinstitutional architecture, soas to identify all entitiesresponsible forcybersecurity issues. Italymade tremendous advancesin creating a cybersecurityecosystem and a newcybersecuritygovernance/strategy in thebelief that a transparent andprotected environment cancontribute to creating apositive businessenvironment favorable to thebirth and development ofnew companies and toinvestments in innovation.

This last point, innovation, iskey to the development of a

4

Cybersecurity: challenges and opportunities


5

healthy cyber-economy. Newinvestments play a key rolein activating a cyber-ecosystem, allowingresearch worldwide to betransformed into businessopportunities. In general, aset of organic actions isneeded to strengthenexisting skills, intercept newtalent and create new careerpaths needed to meet thetechnological challengesposed by cybersecurity andto improve the relationshipsbetween academia andprivate companies.

Joint efforts of allcybersecurity players mustaim to build strong andresilient capabilities,particularly in specificsectors of cyberspace.

Priority areas to developcybersecurity know-how areconnected to defence andnational security issues,critical networks providingessential services to endusers and the protection ofnational businesses.

When it comes to ICT,cybersecurity is alsofundamental to theprotection of citizen rights.We live in an era where statesurveillance powers areexpanded, where globalinternet giants collect andrecord data on our behaviour,holding a knowledge of ourmost intimate beliefs andconduct, which can allowothers to manipulate (suchas in the case of the well-known “fake news”

phenomenon) and intimidateus. Cybersecurity is growinglyfocusing also con thefinancial sector, in whichcyber attacks pursue threespecific goals: organiselarge-scale theft of financialdata, temporary impairmentof banking and insuranceservices, and violation of theintegrity of data presentwithin the banking system.Italian companies are end-users of sophisticatedsolutions for cyber-protection, and at the sametime, producers andexporters of advancedtechnologies, which positionItaly among the mostimportant players in theworld cyber market.


6

Italian Cybersecurity Architecture

In 2017 and 2018, Italystreamlined andstrengthened itscybersecurity structure inorder to boost its cybercapabilities.

The Security IntelligenceDepartment (DIS) is at thecenter of the Italiancybersecurity ecosystem’sgovernance, acting as:• Supporting body for thePrime Minister and theInter-MinisterialCommittee for the Securityof the Republic (CISR) oncyber issues

• Chair of the CybersecurityManagement Board (NSC),

an interagency andintergovernmentaloperational body within theDIS tasked with cyber crisisprevention, preparationand management(Fig. 1)

• European Point of Contactunder the Network andInformation Security (NIS)directive (Fig. 2)

The NSC is responsible forpromoting Italy’sparticipation in cyberactivities (such as CyberEurope organized by ENISA,the European Network andInformation Security Agency)and other initiatives aimed at


PRIME MINISTER

NationalDigital Agenda

NationalCybersecurity

Strategy

PUBLIC

ADMINISTRATION

AGENCY FORDIGITAL ITALY

MINISTRY OFECONOMIC

DEVELOPMENT

CISRInter-ministerial

Committee for the Security of the Republic

CSIRTComputer

Security Incident Response Team

CVCNNational Centrefor Evaluation

and Certification(HW e SW)

MINISTRY OFDEFENCE

CIOCJoint Command

for Cyber Operations

MINISTRY OF INTERIOR

CNAIPICNational Anti-crime Computer Centre

for the Protection of Critical

Infrastructure

DISSecurity

Intelligence Department

NSCCybersecurityManagement

Board

AISE/AISIExternal/InternalIntelligence and

Security Agencies

Chaired by DIS Deputy Director General for Cyber,Composed by DIS; AISE; AISI; Ministries of Foreign Affairs, Interior, Defence, Justice, Economy and Finance and Economic Development; Civil Protection Department;Agency for Digital Italy; PM Military Advisor and if needed by any other administration,academia, research institutes and private sector operators stakeholders.

Political level

Public Administration

Technical bodies

Intelligence

trough the Security Intelligence Unit of Defence General Sta�

Fig. 1 - Italian cybersecurity architecture

7



8

ItatatI

Energy

Transport

Banking

Financial market

infrastructure

HealthDrinking water

Digital InfrastructureE-commerce

Search engines

Cloud computing

Ministry of economic

development

Min

istry

of I

nfrastr

uctu

re

and tr

ansp

orta

tion

Min

istr

y of

eco

nom

y an

d �n

ance

Ministry of health*

Ministry of environm

ent

land and sea*

Other MSs

EU-NISCooperation Group

EU-CSIRT

Network

European coopera on mechanism

s

NIS

Compete

nt Auth

ority

Digital Service providers

Operators

of Essen al Ser

vices

* plus regional government

Fig. 2 - European Points of Contact under the Network andInformation Security (NIS) directive


9

increasing nationalcybersecurity. NSC alsocontributed to the creation ofthe National Laboratory forArtificial Intelligence andIntelligent System and theItalian Industry Plan 4.0Funding Program launchedby the Ministry of EconomicDevelopment.

THE ITALIAN STRATEGYThe Italian strategy providesguidelines for collaborationamong both private andpublic stakeholders, as wellas with academia andresearch. These guidelinesaim to:

• Strengthen Italian criticalinfrastructures and otherstrategic players’ defencecapabilities;

• Improve cyber actors’technological, operational,and analytic capabilities;

• Boost public-privatecooperation;

• Foster cybersecurityculture;

• Support internationalcooperation.

THE ROLE OF CYBERDIPLOMACYThe main lines of action ofthe Italian Ministry ofForeign Affairs take intoaccount the complex,interdependent andcontinuously changingnature of the cyber domain.Therefore, while we arededicated to defending ourown communicationnetworks, we also cooperatein safeguarding a nationalsecurity perimeter,promoting our research andindustrial systems, andengaging in cyber-diplomacywhile remaining committedto an accessible, open,

The Joint Command for Cyber Operations (CIOC) was established in 2017 with twomain operational objectives: cyber-defence and cyber network-defence. Cyber-defence is related to the static defence and protection of critical networks, carried outin coordination with the Ministry of Defence, to ensure their integrity. Cyber network-defence is the ability to carry out vulnerability assessments and penetration tests, inorder to provide a quick intervention when needed. The CIOC will also contribute tothe organization and training of the entire Italian Cybersecurity System.

two


10


interoperable and reliablecyberspace. Italy keeps up itsefforts to guarantee thesafety and security ofcyberspace, the promotion ofeconomic and commercialgrowth, the protection ofhuman rights and thepromotion of fundamentalfreedoms in cyberspace.

To reach these main goals,Italy relies on the importanceof international cooperation,and also aims to implement“Confidence BuildingMeasures” among Statesand shape effectivepartnerships in promotingsecurity and stability incyberspace. At the sametime, we underscore therisks, in particular for thoseactivities that could have adestabilizing effect oninternational peace andsecurity, including massivedenial-of-service attacks,critical infrastructuredamage, or other maliciouscyber activities thatcompromise the use and

Cyber Diplomacy

Promotion of the National

Cyber Ecosystem

IT Infrastructure

Defence


11

The European InitiativesIn October 2018, the European Council called for measures to build strong cybersecurity inthe European Union, which should have been able to respond to and to deter cyber-attacks.

The Cybersecurity Act, effective since June 2019, reinforces the current European Networkand Information Security Agency (ENISA) as a solid and permanent EU Agency forCybersecurity, granting the agency a clear mandate and role. A further goal of theCybersecurity Act is to equip Europe, where the level of standardization in cybersecurity is stilltoo low, with a framework of cybersecurity certification for specific ICT processes, products,and services. Such certificates will be valid in all EU countries, making it easier for users togain trust in these technologies, and for companies to carry out their business across borders.

With the Cybersecurity Act, the Directive on Security of Networks and Information Systems(NIS Directive - 2018) and the proposed European Cybersecurity Competence Centre, the EUput forward a strong commitment in cybersecurity based on the need to stay competitivewhile safeguarding common democratic values and the interests of EU citizens.

The EU's strategic aim is indeed to ensure that all the member states develop essentialcyber-capabilities and to promote investments that could make the EU's digital SingleMarket more secure and overcome the fragmentation of the european research.

The Public Private Partnership on Cybersecurity (cPPP), launched in 2016 as the first EU-wide attempt to bring together the industry, the demand side and the research community,was followed by the new Digital Europe programme (2021-2027), which with an overallbudget of 9.2 billion € will boost frontline investments in this sector. To encourage andincrease investment in research and innovation, the next framework programme (HorizonEurope 2021-2027) has an estimated budget of 97.6 billion € to support EU Member Statesin their efforts to make the most of their national research and innovation potential.

Cybersecurity has also been identified as one of the new six strategic value chains by theStrategic Forum for Important Projects of Common European Interest (IPCEI), promoted bythe EU Commission.


12

operation of criticalinfrastructures. Based on this platform, Italyremains committed toplaying a pivotal role inmany international fora, witha view to addressing themajor threats in cyberspace. During the G7 Italianpresidency in 2017, the so-called “Lucca Declaration”was adopted “on ResponsibleStates Behavior inCyberspace” – although anon-binding statement, itremains an importantcommitment to tackle “therisk of escalation andretaliation in cyberspace”. This same approach has

inspired Italy’sChairmanship-in-Office ofthe OSCE: we hosted the2018 OSCE-wide Conferenceon Cyber/ICT Security inRome, aimed at providing aplatform for exchangingviews on digital security andhighlighting the positiveimpact that could arise by afull implementation ofConfidence BuildingMeasures on transparency,predictability andInternational stability. As amember State of both theEU and NATO, Italy supportscloser cooperation topromote security andstability in the cyberspacerealm.



13

NATOFor more than 10 years, NATO has continued toadapt its collective defense posture to addressevolving cyber security threats, implementingcyberspace as a domain of operations. The role of

the Alliance in the cyber realm is first and foremost to defend the networksthat protect the headquarters and all NATO sites, missions and operationsfrom cyber threats, recognizing that such attacks have become more frequent,complex, disruptive and potentially destructive. NATO provides support to its members through: real-time information-sharing;exchange of best practices; maintaining rapidly deployable crisis responseteams; facilitating the development of a common approach to cyber defensethroughout the Alliance; and investing in education, training and exercises.NATO continues to develop its partnership with industry and academia fromall Allies to keep pace with technological advances, including through the NATOIndustry Cyber Partnership, which supports NATO’s efforts to protectnetworks, increase resilience and help Allies develop their cyber capabilities.Italian companies already support NATO efforts in partnership with theOrganization and relevant Agencies; notably, Leonardo Company partnerswith the NATO Communications and Information Agency (NCI) to provide cyberdefense support through the NATO Computer Incident Response Capability(NCIRC). The NATO Cooperative Cyber Defence Centre of Excellence in Tallinncontributes to analysis and evolution of international legal norms pertaining tocyber activities, and the NATO School in Oberammergau and the NATODefense College in Rome conduct cyber-related education and foster strategicthinking on cyber-defence related issues.



14

ItatatI

CYBERSECURITYPROMOTIONThe Italian national strategyfor cybersecurity promotesthe integration and asynergistic approachbetween cyber securitycompanies with differentexpertise with two mainobejctives. First, to developnew means and solutions atthe national level to tacklecyber challenges. Second,create national “champions”to be able to compete at thehighest international level. Inthis context, the Ministry ofForeign Affairs andInternational Cooperations,

together with othercompetent institutions,facilitates the developmentof a cyber supply chain,promoting national andinternational Business toBusiness (BtoB), Business toGovernment (BtoG), andGovernment to Government(GtoG) cooperationagreements, and contributingto exporting Italiancapabilities and strategicknow-how globally. Italian Economic Diplomacyis involved in supportingcybersecurity companies thatare approaching foreignmarkets, thanks to the workof the wide network of


Embassies and Consulatesaround the world. Each year,the Steering Committee forinternational promotion ofItalian companies, co-chairedby the Minister of ForeignAffairs and InternationalCooperation and the Ministerof Economic Development,sets Italy’s priorities forbilateral commercial relationswith other Countries. Thisactivity includes the definitionof target markets and exportsectors, the organization oftraining activities forentrepreneurs, facilitatingfinancial support for exportstrategies, monitoringopportunities in international

markets and organizingdedicated systemic missionsto enter emerging andinnovative markets abroad,including the cyber securitymarket.

The Ministry of ForeignAffairs and InternationalCooperation in cooperationwith the Security Intelligence

Department and the Ministryof Defence, has organizedsystemic missions inWashington, London, andmany other relevant marketsin order to foster theinternational promotion ofnational companiesspecialized in cybersecurityrelated fields, such as fintech,defence, energy and ICT.

15

International Promotion checklist1) Market knowledge2) Economic Diplomacy3) Developing business opportunities4) Consolidation and growth

cklist



16

ItatatI

THE MINISTRY OFDEFENCE AND THEITALIAN OPEN LABEXPERIENCEIn the past few years, theItalian Governmentimplemented specificinitiatives to supportcompanies, in particular Smalland Medium Enterprises(SMEs) and start ups, in theirdigitization and technologicalprogress.In 2019, the Ministry ofDefence launched a programto support companies in thesectors of innovation andcybersecurity. This initiative,called Italian Open Lab,represents a new model ofinteraction between publicinstitutions, privatestakeholders and citizens. Itsgoal is to achieve, through

structured brainstormingsessions, an improvement inthe business environment toenable an increasingcompetitiveness of thissector in Italy and abroad.Italian Open Lab seminarsconcern different subjects,such as network security anddefence of criticalinfrastructures, withparticular attention to thepromotion of Italian strategicknow-how and productioncapacity on cybersecurity.

THE ITALIAN TRADEAGENCY ANDCYBERSECURITYThe Italian Trade Agency(ITA) is the Governmentalagency that supportsbusiness development ofItalian companies abroad


and promotes theattraction of foreigninvestments in Italy.With a motivated andmodern organizationand a widespreadnetwork of overseasoffices, it providesinformation, assistance,consulting, promotion andtraining to Italian small andmedium-sized businesses.Using the most modernmulti-channel promotion andcommunication tools, it actsto assert the excellence ofMade in Italy in the world.ITA’s promotional strategyand activity for thecybersecurity sector havesignificantly increased overthe past few years as a resultof a careful analysis andunderstanding that includesthe needs of the start-up

world. ITA pays continuousattention to the evolution ofthis domain (including Fintechand blockchain) ininternational markets and inspecific sub-sectors; itorganized and participated inevents in the USA and UK andis planning promotionalactions in the most developedcountries when it comes to ITsecurity.Promotional initiativesinclude participation at majorinternational events,invitation of foreign

delegations to Italy atspecialized fairs and forums,and organization ofworkshops, seminars andB2B initiatives in specificmarkets on particular topicsidentified by the ITA’sInnovation Desks in London,Los Angeles, Mumbai,Singapore, Moscow and Paris.ITA regularly involves ItalianUniversities, accelerators andincubators in selecting Italianstart-ups with innovativecybersecurity software andhardware solutions.

17

The Global Start-up ProgramThe Global Start-up Program 2019 is the first specific ItalianTrade Agency (ITA) course to train Italian Start-ups whenapproaching foreign markets.Up to 120 startups are selectedthrough a specific public competition and are trained oninnovative subjects, such as Medtech, ICT, Cybersecurity, CircularEconomy and Automotive. The program continues with a three-month incubation and/or acceleration stage in selected foreignincubators in Japan, China, USA, UK, South Korea and Slovenia.Through this program, Italian start-ups have the opportunity tomeet international counterparts potentially interested in financialor technological collaborations and partnerships.


Research andInnovation

18

The Italian strategy oncybersecurity considersresearch a pillar for areliable cyberspace.Universities, researchcentres, innovative start-upsand other Italian playersinvolved in the developmentof cybersecuritytechnologies interact withpublic institutions andprivate companies to ensurethe development of resilientcapabilities and let Italy takea primary role as anattractive and competitiveplayer in cybersecurity.

Established in 1989 underthe supervision of theMinistry for Education,University and Research,CINI (NationalInteruniversity Consortiumfor Informatics) is aconsortium of Italianuniversities that involves1,300+ professors of bothComputer Science andComputer Engineering from45 public universities. It alsosupports joint researchactivities with universities,institutes of highereducation, researchinstitutions, industries, andpublic administrations.Finally, CINI facilitates accessand participation in R&Dprojects, scientific activities,and technology transfer.


CYBER-ALPHABETIZATION. THE EXPERIENCE OFCYBERCHALLENGE.IT:ETHICAL HACKING FORYOUNG TALENTIn order to grow the cyber-defender community, Italy isinvesting in young talent andstimulating their interest incybersecurity issues. Agamification-orientedapproach is used tocomplement the moretraditional trainingactivities, which simulatereal cyber-security scenariosin which participants arecalled upon to solve cyberchallenges, defendcompromised services orattack opponents.

19

The Cybersecurity National Laboratory is the primarylab in the CINI network. The Lab is composed of 53major Italian universities and research institutionsthat include more than 500 professors andresearchers. The Lab works towards the creation of a cybersecuritytechnical workforce, the selection and training ofcybersecurity talent and other aspects that mayimprove domestic resilience to cyber-attacks. The Labis also actively involved in large research projectstackling different aspects of the cybersecurity domain,such as setting up federated cyber ranges (virtualenvironments used for cyberwarfare training and cybertechnology development); establishing a network ofRegional Centers; and developing tools for evaluatingcyber readiness of firms and public administrations.Together with Confindustria, the Cybersecurity Lab iscurrently designing specific curricula to meet marketneeds and tackle the problem of skill shortage throughinitiatives such as the CyberChallenge. Finally, the Laborganizes ITASEC, the Italian conference oncybersecurity.


20

Research & Innovation

The CINI CybersecurityNational Laboratory set upthe CyberChallenge.IT project,which offers a free trainingcourse and the possibility tobecome a member of theItalian national cyber-defender team, which takespart in internationalcompetitions, such as theEuropean CybersecurityChallenge (ECSC) organizedby ENISA. The first edition ofCyberChallenge.IT wasorganized in 2017 by theSapienza University in Romeand gathered the interest of683 students and youngprofessionals from all overItaly. In 2019 there were3203 registrations, of which42% from high schools.Young people aged between16 and 23 go through an

admission test used to selectcandidates with goodreasoning skills and a strongproblem-solving attitude; noprevious knowledge incybersecurity is assumed.The three-month training isoffered in differentuniversities scattered alongthe peninsula, and providestechnical, scientific andethical preparation oncybersecurity issues,including cryptography,binary exploitation and websecurity.In July of each year, teamsfrom all participatinguniversities compete in anational attack/defencecontest. Performance in thefinal competition is the basefor selecting the members ofthe national team forinternational competitions.


21

The White BookIn 2018, the Cybersecurity National Lab published the White Book on“The Future of Cybersecurity in Italy: Strategic project areas”, whichaims at presenting the main cybersecurity challenges that Italy has toface and outlines a set of focus areas and actions that the Italianresearch community considers essential to implement Italy’s1 and theEU2 regulations on this subject. The White Book’s main suggestion isthat raising the country’s level of security and resilience requiresincreasing the level of security and resilience of each of thecomponents of the overall framework, and in this context it proposes aset of recommendations for the policy-makers in charge of dealing with the challenge ofdigital transformation at the national level. Policies must necessarily be dynamic and mustevolve constantly in parallel to technological, regulatory, social, and geopolitical changes.

1 Presidency of the Council of Ministers,The Italian Cybersecurity Action Plan, 2017 2 European Commission Digital Single Market, The EU directive on Security of Network and Information

Systems, 2016


THE ITALIANINNOVATION NETWORKItaly has equipped itself withan efficient and functionalinnovation ecosystem in orderto create and manage anintegrated research programon the main technologicaldrivers and to developservices and applications forbusinesses, institutions andcitizens.The Italian innovation networkaims at seizing and exploitingthe opportunities offered bydigitization and to ensure thecountry’s medium- and long-term competitiveness.In order to supportinvestments in digitization,the system integrates publicand private subjects’networks, which arefunctional andcomplementary, so as toexperiment and test digitalinnovations for the market:Competence Centers (CC),Digital Innovation Hubs (DIH)and National TechnologicalClusters (TC).

22

Digital Innovation Hub

Technological Cluster

Competence Center


National Technology ClustersTo boost innovation processes and increase Country’sindustrial competitiveness through a more effectiveintegration between national and regional policies onresearch and innovation, Italy has promoted thedevelopment of 12 National Technology Clusters. The clusters are formed by companies, universities,research institutions, technology districts, start-upincubators and other stakeholders in the field ofinnovation.In the framework of the National Smart Strategy,according to EU guidelines, each Cluster is focused ona specific technology field: aerospace, agrifood, greenchemistry, intelligent factory, transport, life sciences,technologies for living environments, technologies forsmart communities, cultural heritage, design, creativityand Made in Italy, sea economy and energy. The aim of each Cluster is to develop "technologyroadmaps" to meet, through specific industrialstrategies, the challenges raised by worldwide socio-economic changes. Clusters represent structuralcollaboration platforms for enterprises and R&Dentities that help enhance research and technologytransfer to the business system.

23

Digital Innovation HubIn line with the European strategy on industrial digitization, theGovernment promotes the Digital Innovation Hub (DIH) network atthe regional level as a gateway for companies to access digitaltransformation. Its purpose is to set up competence centers,technology experts, suppliers, end-users of technological solutionsand investors to support the access of enterprises to the EU market.DIHs are the contact point among companies, research institutionsand both public and private investors at regional level.

Competence CentersThe Competence Centers (CCs)are public-private partnershipcentres, vertically specialized inthe technological fields ofindustry 4.0 to facilitatetechnology transfer to Italiancompanies. The centers offertraining and support activities inthe implementation of innovativeprojects, industrial research andexperimental development of newtechnologically advanced productsand services.Two of these Competence Centersare focused on wide-rangingcybersecurity:Cyber 4.0, the CompetenceCenter of central Italy, isdedicated to data security andfocused on solutions for thestrategic sectors of automotive,space and healthcare.Start 4.0 is the CompetenceCenter for Security andOptimization of StrategicInfrastructures, based in Genoa.This CC focuses on enablingtechnological application ofIndustry 4.0 (IoT, blockchain, bigdata) in the field of security(security, safety and cyber), on theapplication domains ofinfrastructures for transport(including ports), energy andwater and production systems.


Economic trends

24

It is estimated that by2023 there will be over 30billion connected devices,of which around 20 billionwill be related to the IoT.

Source: Ericsson Mobility Report,2017

Global investments inblockchain will reach over9.7 billion euro in 2021

Source: IDC, 2018

The global cybersecuritymarket value is expectedto exceed 172,5 billion

euro by 2021

Source: IMAP, 2018

The EU data market valueis expected to exceed 79,5

billion euros by 2020

Source: The European Data MarketMonitoring Tool

E


25

The global cybersecuritymarket size (security-related

hardware, software, andservices) is expected to growfrom over 137 billion USD ofinvestments in 2015 to morethan 248 billion by 2023

Source: statista, 2019

The cost of cybercrime worldwide is

expected to exceed 6trillion USD annually by2021, up from 3 trillion

USD in 2015

Source: Cybersecurity Ventures,2019

WORLD MEGATRENDSON CYBERSECURITYInnovation is the mostpowerful driver to developthe world economy. Newtechnologies, platforms,automation and networks arethe enablers of the digitaleconomy that, combined with

the potential offered by the"Internet economy" and Dataand Internet of Things (IoT),allow the development ofnew business models thatincrease firms’competitiveness and fostercountries’ growth, improvinggovernment services andinternational cooperation.

The quick and continuousintegration between thevirtual and physical worlds inwhich people, objects anddevices are increasinglyconnected, will bring clearadvantages for business butwill also make them morevulnerable to cyber attacks.


Economic trends

26

Implementing effectivecybersecurity measures isparticularly difficult todaysince cybercriminals arebecoming more experiencedin their attacks. The numberof cybercrimes and targetedattacks are rising rapidly,leading to a considerablegrowth in demand forservices and securitysolutions.

Nevertheless, cybersecuritycan also be an opportunity.There will be 1.5 millioncybersecurity job openingsby 2019, and by 2025 thedemand for cybersecurityprofessionals will increase toapproximately 6 millionglobally.1

1 Bure Valley Group, 2019

Every day 6.4 billion fake emails are sentworldwide. Furthermore, almost 2 billion recordscontaining personal and other sensitive data werecompromised between January 2017 and March2018 (Ernst & Young, 2018-2019)

rds


NATIONAL TALENTSThe Italian cybersecurityindustrial landscape is veryrich and it consists ofcompanies specialized in a fullrange of products andservices. The supply chainsees the coexistence of bigfirms, medium and smallones and start-ups thatprovide pioneering andforward-looking solutions,technologies and services inthe wide domain ofcybersecurity, for both thedefence and civilian sectors.The change of perspective oncybersecurity - no longer onlyconsidered a cost, but also acompetitive factor for

companies - has contributedto enlarging and customizingthe supply of products andservices in this sector. Today itis possible to identify areas ofbusiness where Italy offersstate-of-the-art andinnovative solutions for cyberproblems. In Italy, the marketof solutions for informationsecurity accounted for morethan 1 billion euro in 2018,while spending oncybersecurity increased by13.3%2 in the same year.

The production value of theItalian cybersecurity supplychain was almost 2 billioneuro in 2017, with a growthof 10.6% compared toachievements of the samecompanies in 2015.Lombardy is the leadingregion, with a share of 42.5%of the total (835 million euro),followed by Lazio (307 millioneuro) and Emilia-Romagna(233 million euro).3

Italian companies are, on the

2 Anitec-Assinform, 2018 3 Unioncamere-InfoCamere, 2019

fironesrov

firmso

rov

firmso

rov

27

From 2017 to date, Italian companies producingcybersecurity solutions have increased by over300%, from 700 units to over 2,800 and a four-time growth was also detected in the number ofemployees, which increased from 5,600 to23,300 units (Unioncamere-InfoCamere, 2019).

ducingover


Economic trends

28

one hand, the first to usesophisticated solutions ofcyber protection. On theother hand, they areproducers and exporters ofadvanced technologies thatposition Italy among themost important players inthe world cyber market.Critical sectors like utilities,energy, transport, oil & gas,finance and health, arebecoming progressivelydigitized and our firms aredeveloping expertise toprotect their infrastructuresfrom cyber-attacks,guaranteeing thereby thecontinuity of essentialservices. Our companies arespecialized in solutions to

protect mobile and IoTapplications, based onencryption, blockchain,biometric, and quantumtechnologies. Italy, undoubtedly, has asignificant number of leadingcyber companies with highexpertise in softwaredevelopment, softwareintegration and cyber threatintelligence solutions, thenew predictive paradigmabased on Machine Learningand Artificial Intelligencetechnologies to enforce thecyber resilience of the ICTsystems.The Defence industry sectoris one of the most important


in which Italian companieshave developed in-housetechnologies in the past fewyears to cope with newthreats and cyberwarfarechallenges. To give anexample, one of our maindefence industries hascollaborated since 2012 withthe NATO Communicationand Information Agency(NCIA) to protect NATO’scommunicationinfrastructures from cyberattacks and provide a rapid-response cyber defencecapability to more than70,000 NATO users aroundthe world.

Regarding the

Telecommunicationsindustry, government effortsand company investmentshave helped create astrategic, attractive andsecure business ecosystem.This is particularly importantsince Italy is the fourth-largest market for both ICTand telecommunicationsequipment and services inthe European Union4. Italy isalso one of the largest andmost advanced mobilecommunication markets inEurope.5 Smartphone users inItaly have grown to 41.55million in 2018 (around 2/3 of

the Italian population) andthis number is expected torise to almost 48 million by20246.

In the field of Fintech, asmore and more end-usersresort to online solutions fortheir daily financialtransactions, cybercrimesgrow proportionately.Consequently, a growingnumber of large, medium andsmall companies and startupsfocus on information securityfor the fintech service chain,providing solutions toprevent hacker actions,anticipate possible data

4 ITU, 20195 R&S Mediobanca, 2019 6 Statista, 2019

cthend

coNt

an

cNt

and

29

Social media users in Italy are 34 million people,59% of the whole population, while internetusers are more than 54 million (92% of thepopulation) (Data Report, Digital 2019).

eople,t


Economic trends

30

breaches, intercept attacksand prepare appropriatereactions. Large Italian banksand innovative fintech start-ups offer services focused inparticular on Anti-fraud,Mobile Security, Web

Security, Endpoint Security,Infrastructure Security andCryptography7.The Energy sector is activelyworking to respond to theneed to protect critical Italianinfrastructures from possibleinterferences caused by stateand non-state actors toguarantee the continuity ofelectricity and oil and gasdelivery. Companies havetherefore adopted bestpractices to guide andmanage cybersecurityactivities8, embeddedsecurity measuresthroughout the design and

7 Pwc, 2019 8 www.agendadigitale.eu

!"#

ITALIAN FINTECH TECHNOLOGIES IN THE CYBERSECURITY SECTOR

Artificial Intelligence / Big Data Mobile & UX Blockchain / Crypto Other

Source: Osservatorio Fintech Italia 2019

!"#!"#!!"!"##

25%

6% 56%

13%

Fig. 3 Italian Fintech technology in the cybersecurity sector


development of applications,processes and services, andcreated cyber emergencyreadiness teams, whichintervene in case of cyberincidents9. The Italian Cybersecuritynetwork has developed, inparticular, resilient know-howand strong capabilities to beable to promptly respondwith customized solutions to

the different needs expressedby end-users of everydimension and sector,through a flexible and strongsupply chain. Italian firmsincreasingly perceivecybersecurity as a corebusiness requirement. In fact,in 2018, 88% of Italiancompanies dedicated aspecific budget tocybersecurity (increasingfrom 58% in the previousyear). 9World Economic Forum, 2019

31

Cybersecurity Areas Main technologies provided Application Security Software - Platforms DDoS Protection Security services in Cloud End Point Detection Software End Point Protection Software - security in Cloud IoT Security Managed Security Services con SOC - Security services in Cloud - Platforms Messaging Security Appliances - Software - security services in Cloud Mobile Security Software - Platforms Risk & Compliance Cybersecurity Consulting - Software Security Consulting Cybersecurity Consulting Security Professional Services System Integrator - Software Security Operation Center Managed Security Services with SOC - security services in Cloud - Platforms Threat Intelligence Software - Platforms Transaction Security - Fraud Software Vulnerability Assessment Softw are - Security services in Cloud Web Security Security services in Cloud

Fig. 4 Main Italian cybersecurity solutions


PROGETTAzIONE GRAFICA E IMPAGINAzIONELoretana Alivernini

STAMPA E [email protected]

September 2019 issue.Written by Presidency of the Council of Ministers (Sistema di Informazione per la Sicurezza dellaRepubblica), Ministry of Foreign Affairs and International Cooperation, Italian Trade Agency, Confindustriaand National Interuniversity Consortium for Informatics - CINI.Edited by Andrea Mazzella, Chiara Ratzenberger, Giacomo Mennuni and Giada Castellan, Internationalpromotion of the aerospace, defense and cyber security industries, Directorate General for EconomicPromotion and Innovation, Ministry of Foreign Affairs and International Cooperation.



Ministry of Foreign Affairsand International Cooperation

Cibersecurity_2.qxp_Layout 1 19/09/19 12:33 Pagina IV

Cybersecurity Cybersecuri y inITALY ITA LY · security perimeter, promoting our research and industrial systems, and engaging in cyber-diplomacy while remaining committed to an accessible,

Documents