News

National Cybersecurity Agency (ACN) 

Discover the agency protecting Italy's digital infrastructure and coordinating cyber defences.

Digital hammer in a control room for national security law

2 September 2024

Table of contents 

  • Origins and establishment of ACN 
  • Functions of the National Cybersecurity Agency 
  • Structure and governance 
  • Projects and initiatives 
  • Challenges and future objectives 

The National Cybersecurity Agency (ACN) is a key institution in protecting Italy’s digital infrastructure.

This institution was created to ensure network and system security, develop national prevention and monitoring capabilities, and promote cybersecurity innovation projects.

Origins and Establishment of the ACN

The National Cybersecurity Agency (ACN) was officially established on June 14, 2021, with the aim of strengthening Italy’s cybersecurity and protecting the country’s critical digital infrastructure. The agency was created through a decree law, initiated by the Prime Minister, with the support of the Council of Ministers.

The ACN was conceived as a national authority in the field of cybersecurity, tasked with coordinating cybersecurity efforts at the national level and responding promptly to emerging cyber threats. Additionally, it plays a central role in Italy’s national cybersecurity strategy, collaborating with public entities, private companies, and international organizations.

Functions of the National Cybersecurity Agency

The ACN is responsible for ensuring the protection and resilience of Italy’s networks and IT systems. Its main functions include:

  • Prevention and Monitoring: Developing advanced tools to protect critical infrastructure through continuous updates to security measures. The agency constantly monitors emerging threats and implements proactive strategies to mitigate cyber risks.
  • Security Incident Response Team (CSIRT Italia): Managing and coordinating responses to cybersecurity incidents on a national scale. CSIRT Italia serves as a reference point for public and private entities, providing support in the event of cyberattacks and ensuring the restoration of system security.
  • Computer Security Incident Response: Ensuring a prompt response to cyberattacks on national networks. The ACN oversees forensic analysis of attacks, identifies vulnerabilities, and implements countermeasures to prevent future breaches.
  • Secure Cloud Services: Establishing security standards for managing and protecting sensitive data in cloud environments. With the expansion of cloud services, the ACN develops regulations and best practices to ensure security and regulatory compliance.
  • International Cooperation: Collaborating with other global cybersecurity authorities to share information and defensive strategies. The agency participates in international initiatives and agreements, contributing to a more secure and resilient global cybersecurity ecosystem.
  • Innovation and Research: Promoting the adoption of advanced cybersecurity technologies by partnering with universities and research centers. Through funding programs and research projects, the ACN encourages the development of cutting-edge solutions to protect digital infrastructure.
  • Training and Awareness: Educating citizens and businesses about cyber risks and best security practices. The agency organizes awareness campaigns, training courses, and initiatives to enhance cybersecurity skills and create a culture of digital security.
  • Critical Infrastructure Security: Protecting the networks, systems, and data of essential national infrastructure, ensuring that cyber threats do not compromise vital services such as energy, transportation, and healthcare.
  • Public Administration and Business Protection: Ensuring that public institutions and private companies adopt adequate security measures by providing technical support and strategies for digital resilience.
  • Cyber Crisis Management: Developing rapid response plans to address cyber emergencies and ensure the swift restoration of operations.

The ACN’s Strategy Focuses on Three Key Pillars:

  • Protection: Ensuring a cyber-resilient digital transition for the Public Administration (PA) and the production sector.
  • Response: Addressing national cyber threats, incidents, and crises through monitoring, detection, analysis, and the activation of response processes that engage the entire national cybersecurity ecosystem.

Development: Safely advancing digital technologies to meet market demands, through tools and initiatives that support centers of excellence, research activities, and businesses.

Digital security shield

Structure and Governance

The ACN operates under the leadership of a designated authority, responsible for coordinating cybersecurity activities among various ministries and institutions. The agency is organized into several operational units, each with specific responsibilities:

  • CSIRT Italia: Provides technical and operational support in case of cyberattacks. It handles cybersecurity incidents, prevents threats, and provides security guidelines for businesses and public institutions.
  • National Cybersecurity Center: Analyzes emerging threats and develops counter-strategies. This center gathers and processes intelligence on cyber threats, supporting institutions in strengthening the country’s digital defense.
  • Training and Awareness Unit: Organizes courses, workshops, and awareness campaigns to enhance cybersecurity knowledge. This unit collaborates with schools, universities, and businesses to spread advanced cybersecurity knowledge and develop a national digital security culture.
  • Research and Development Department: Supports innovation and technological development projects in the cybersecurity field. It researches new defense methodologies, develops advanced cybersecurity tools, and promotes partnerships with specialized companies.

General Directorate

On March 9, 2023, Prefect Bruno Frattasi was appointed Director General of the National Cybersecurity Agency, upon recommendation of the Prime Minister.

With over forty years of administrative experience, Frattasi has held high-profile institutional roles. Having joined the public administration in 1981, he was appointed Prefect of the Republic in 2005. Throughout his career, he has held numerous positions, including:

  • Prefect of Latina and Rome;
  • Head of the Fire Department, Public Rescue, and Civil Defense;
  • Head of the Legislative Office and Chief of Staff of the Ministry of the Interior;
  • Director of the National Agency for the Administration and Destination of Assets Seized and Confiscated from Organized Crime (ANBSC).

His appointment underscores the importance of experienced leadership in addressing national cybersecurity challenges.

FAQs

What is the National Cybersecurity Agency (ACN)? The ACN is an Italian national entity established to protect digital infrastructure and ensure cybersecurity.

What are the main functions of the ACN? Its main functions include cyber threat prevention and monitoring, coordination with other authorities, promotion of innovation, and cybersecurity training.

How was the ACN established? The ACN was established through Decree Law No. 82 on June 14, 2021, initiated by the Prime Minister and supported by the Council of Ministers.

What is the goal of the ACN? Its goal is to safeguard national interests and ensure the resilience of essential state services against cyber threats.

What are the key challenges faced by the ACN? Major challenges include maintaining a high level of preparedness and responsiveness to evolving cyber threats.

How does the ACN promote innovation? The ACN supports scientific and technological projects, collaborates with universities and research centers, and fosters the growth of a specialized cybersecurity workforce.

Who leads the ACN? The ACN is led by Prefect Bruno Frattasi, who coordinates cybersecurity efforts among ministries and institutions.

Which entities collaborate with the ACN? The ACN collaborates with national authorities, international organizations, and global cybersecurity agencies.

How does the ACN contribute to cybersecurity training? The ACN organizes awareness campaigns and training programs for the public and professionals to enhance cybersecurity knowledge.

What role does the ACN play in national network security? The ACN ensures the security of critical national networks and IT systems, preventing and responding to cybersecurity incidents.

128
To top