Governance

NIS 2 Directive and the National Cyber Security Strategy

The National Cybersecurity Strategy 2022-2026 aims to protect critical infrastructures and strengthen the country's digital resilience, with a focus on strategic sectors and promoting technological autonomy. A dedicated fund has been established to finance projects that will contribute to achieving these goals.

The country's digital protection

20 December 2024

Table of contents

  • The goals of the National Cyber Security sStrategy for the country’s digital protection
  • Governance and cooperation for national and European cyber security
  • Resources, management of cyber crises, and national resilience
  • Advanced measures for cyber security management and the protection of digital infrastructures
  • The role of the Prime Minister and the Agency for National Cyber Security
  • Promotion of awareness, skills, and combating online disinformation
  • A secure and resilient digital future

In this article, we delve into the concept of the National Cyber Security Strategy as outlined in Article 9 of Legislative Decree No. 138 of September 4, 2024, which implements the European NIS 2 Directive

The goals of the National Cyber Security Strategy for the country’s digital protection

The 2022-2026 National Cyber security Strategy is a cornerstone for Italy’s cyber resilience and digital protection. The objectives of the national cyber security strategy include:

  • Ensuring a high level of security for critical infrastructures, protecting strategic sectors such as energy, transportation, and healthcare. 
  • Strengthening the resilience of public administrations against cyber threats
  • Promoting national and European strategic autonomy in the digital sector by encouraging advanced technologies and innovative solutions. 

To achieve these objectives, the Council of Ministers, under the guidance of the Prime Minister, has established a fund for implementing the National Cyber Security Strategy, aimed at financing projects and initiatives for millions of euros

Governance and cooperation for national and European cyber security

A central aspect of the strategy is the creation of a governance framework to enable integrated and coordinated management of activities. This governance: 

  • Involves the National Coordination Center, responsible for sharing information and best practices. 
  • Encourages cooperation between national and European authorities to address hybrid threats
  • Integrates the public and private sectors, enhancing the nation’s resilience

Through a detailed implementation plan, measures are ensured to be effective and consistent with the evolving cyber threat landscape. 

Resources, management of cyber crises, and national resilience

Managing cyber crises is one of the strategy’s top priorities. To cope with cyber crises:

  • A systemic approach is adopted to ensure the operational continuity of critical infrastructures. 
  • Measures are introduced to improve response capabilities and facilitate rapid recovery from potential attacks. 
  • The Emergency Management Fund supports timely and coordinated interventions. 

These tools are designed to enhance the nation’s resilience, minimizing damage from cyberattacks and other threats. 

National cyber security strategy

Advanced measures for cyber security management and the protection of digital infrastructures

The strategy includes advanced measures for cyber security management, such as: 

  • Strengthening security along the supply chain of ICT products and services. 
  • Introducing cyber security requirements in public procurement and promoting open-source technologies. 
  • Improving capabilities to identify and respond to the evolving cyber threat landscape. 

These initiatives, funded by the management fund, aim to protect critical infrastructures and promote the country’s cyber resilience

The role of the Prime Minister and the Agency for National Cyber Security

The Prime Minister and the Council of Ministers play a central role in defining and supervising the strategy. Specifically: 

  • The Prime Minister leads the implementation of the plan and ensures the coherence of national policies. 
  • The National Cyber Security Agency collaborates with the National Coordination Center to promote the resilience of public administrations and counter hybrid threats

This synergy among institutions enables greater national and European strategic autonomy in the digital sector. 

Promotion of awareness, skills, and combating online disinformation

An essential element of the 2022-2026 National Cyber Security Strategy is raising awareness among citizens and businesses. Initiatives include: 

  • Training programs to strengthen digital skills. 
  • Guidelines on best practices for cyber hygiene to prevent risky behaviors. 
  • Targeted actions to counter online disinformation, considered one of the main cyber threats to social stability. 

These interventions are designed to build a shared culture of cyber security, essential for the nation’s resilience

A secure and resilient digital future

The 2022-2026 National Cyber Security Strategy, supported by the Cyber Crisis Management Fund, provides a concrete response to the challenges of the digital landscape.

The goals of the National Cyber Security Strategy outline a clear path toward greater infrastructure protection and cyber resilience that involves the entire citizenry.

Questions and answers 

  1. What does the 2022-2026 National Cyber security Strategy entail? 
    The strategy defines objectives and measures to protect critical infrastructures and ensure the country’s cyber resilience. It includes actions to improve threat management, strengthen public administration resilience, and promote digital autonomy. 
  2. What are the main objectives of the strategy? 
    The objectives include strengthening digital security, improving national resilience against cyber crises, promoting innovative technologies, and raising awareness among citizens and businesses about cyber risks. 
  3. What is the role of the Prime Minister in the strategy? 
    The Prime Minister leads the implementation of the plan, supervises the coordination of activities, and promotes national and European strategic autonomy in the digital sector. 
  4. What is the fund for implementing the National Cyber Security Strategy? 
    This fund supports the economic measures outlined in the strategy, including resources for managing cyber crises and protecting digital infrastructures. 
  5. How are cyber crises managed under this strategy? 
    The strategy includes measures for prevention, rapid response, and recovery to limit the damage caused by cyberattacks. The Emergency Management Fund provides resources for these situations. 
  6. What does the National Coordination Center do? 
    The center facilitates the sharing of information and best practices among competent authorities and promotes collaboration at national and European levels to tackle hybrid threats. 
  7. Which sectors are involved in the strategy? 
    The strategy covers critical sectors such as energy, transportation, healthcare, and finance, aiming to protect essential infrastructures and public administration resilience. 
  8. How does the strategy counter hybrid threats and online disinformation? 
    It includes measures to monitor and respond to hybrid threats, focusing on combating online disinformation, considered a significant risk to national stability. 
  9. What is the link between the national and European strategies? 
    The strategy promotes national and European strategic autonomy in the digital sector, fostering coordination with other member states to address cyber threats and develop common technologies. 
  10. How are citizens and businesses made aware of cyber security? 
    The strategy includes training programs, awareness campaigns, and guidelines on best practices for cyber hygiene to increase awareness and improve digital skills. 
15
To top