Innovation, cooperation and Innovation, cooperation and defense of national borders: This is the ultimate meaning of the National Cybersecurity Strategy 2022-2026 presented at Palazzo Chigi by Undersecretary Franco Gabrielli and Professor Baldoni director of the National Cybersecurity Agency (Acn).  

Nearly a decade after the first decree on cybersecurity, the National Cybersecurity Strategy 2022-2026 was presented on May 26 along with the 82 measures included in the document drafted by the National Cybersecurity Agency providing funding, incentives and tax relief, and the strengthening of public-private collaboration. An innovation-driven path defined by the National Cybersecurity Agency, which will also monitor that the goals are being met. 


5 Pillars of the National Cybersecurity Strategy

Pandemic, daily phishing campaigns toward the public administration, DDoS attacks on banks and ministries and long-standing cyber espionage have led to the implementation of a strategy that includes funding within a clear regulatory framework.  

Prime Minister Mario Draghi said “Italy’s cybersecurity strategy combines security and development, while respecting the values of our Constitution. It is in line with the December 2020 European Union Cybersecurity Strategy, the March 2022 EU Strategic Compass for Security and Defense, and recent NATO strategic directions. In order to do so, it will be crucial to allocate adequate funds on an ongoing basis.” 


Strategia nazionale di Cybersecurity

Types of threats:

Various kinds of cyber threats exist: aimed at obtaining illicit profits (cyber-crime), generating informational advantage for purposes of geopolitical competition (cyber-espionage), spreading divisive and polarizing narratives in adherence to specific ideologies or political motivations, no matter how technologically equipped and procedurally prepared”.

Therefore in order to counter these threats there are five pillars of the strategy:

  • Ensuring a resilient cyber digital transition of the public administration (PA) and the productive fabric 
  • National and European strategic autonomy in the digital domain 
  • Anticipating the evolution of the cyber threat 
  • Managing cyber crises 
  • Countering online disinformation in the broader context of the so-called hybrid threat 

The aims 

The goal is thus clear: “To plan, coordinate and implement measures aimed at making the country secure and resilient also in the digital domain, while ensuring the confidence of citizens in the full protection of fundamental rights and freedoms.

Cybersecurity has become a topic of strategic importance, and must be placed at the foundation of the Country’s digital transformation process also to achieve national strategic autonomy in the sector.

It must not be perceived as a cost, but as an investment and an enabling factor for the development of the national economy and industry, in order to increase the competitiveness of the Country at the global level.

That’s because the securing of infrastructure, systems and information from a technical point of view must be accompanied by cultural progress at every level of society, toward a “security-oriented” approach to protect our system of values and democracy. 


Challanges of the National Cybersecurity Strategy

Rapid technological evolution always brings new cybersecurity risks, and the National Cybersecurity Strategy aims to address the following challenges: 

  • Ensuring a cyber resilient digital transition of Public Administration (PA) and the productive fabric. Cybersecurity of digital services is crucial to incentivize their usability by citizens, who need to be confident that their data is protected. 
  • Anticipate the evolution of the cyber threat. There is a need to anticipate, prevent and mitigate the impacts of any offensive cyber activities as much as possible. 
  • Counter online disinformation in the broader context of the so-called hybrid threat. To ensure the exercise of fundamental freedoms, for example, during electoral consultations or in international crisis situations. 
  • Cyber crisis management. Coordination among all public and private stakeholders is needed to provide a prompt response in case of systemic cyber events. 
  • National and European strategic autonomy in the digital domain. To have direct control over data stored, processed and transmitted through modern technologies. 

The implementation of these measures in the near future will be preponderant in building and implementing a new Cybersecurity plan tailored to the country.