Navigation path

Action 38 in Italy flag Italy

Member States to establish pan-European Computer Emergency Response Teams

Indicator Status Evidence
Has a national or governmental CERT been established? Yes The establishment of a National CERT has been laid down in the framework of the Directive 2009/140/EC transposition (Legislative Decree n.70, 2012) At present the state of play is the following: -CERT-SPC, established in 2004 . -Governmental CERT, Costituency: Central Public Administration (http://www.cert-spc.it) Other CERTs: -CERT-Difesa: Computer Emergency Response Team of the Ministry of Defense, costituency: military (http://www.difesa.it/SMD/Staff/Reparti/II-reparto/CERT/Pagine/default.aspx) -GARR-CERT: Academic and Research Network -Computer Emergency Response Team, constituency: Italian Research & Education Network (NREN) (http://www.cert.garr.it/index-en.html)
Is the CERT fully operational? Yes The National CERT is operational. It had been delayed and subject to revision following the coming into force of law n. 134/2012.
Does the CERT participate in international CERT communities/initiatives? Yes CERT-SPC and CERT-Difesa participated in international activities through the coordination of the Ministry of Economic Development (Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione: -CERT DIFESA: NATO "Cyber Coalition 2010", source NATO (http://www.nato.int/cps/en/SID-70CABE49-11886860/natolive/news_69805.htm) -CERT DIFESA and CERT-SPC: First Pan-European exercise on CIIP, “Cyber Europe 2010”, source ENISA (http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe/ce2010) -CERT DIFESA: first EU-US Cyber Atlantic 2011 exercise, source ENISA (http://www.enisa.europa.eu/media/press-releases/first-joint-eu-us-cyber-security-exercise-conducted-today-3rd-nov.-2011)

Other initiatives:

-Agreement between the Italian Postal Police and the US Secret Service which in 2009 created the European Electronic Crime Task Force (EECTF), aimed at tackling cyber crime by the mean of a stricter collaboration between public and private actors. Sources http://salastampa.poste.it/uploaded_files/G8_cartellastampa04.pdf and http://www.secretservice.gov/press/GPA05‐09_EuropeanECTF.pdf. -Establishment of the "Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche" - National Centre for the Informatic Anticrime and for Critical Infrastructures Protection (CNAIPIC). Source http://poliziadistato.it/articolo/18494/ -In the scope of the European Programme for Critical Infrastructure Protection, EPCIP, from 2007 is operative the “Tavolo PIC” at the Bureau of the Military Counsellor to the Prime Minister, source: Presidency of the Council of Ministers. -ISCTI (Istituto Superiore delle Comunicazioni e delle Tecnologie dell’Informazione) (Superior Institute for Information and Communication Technologies). Source http://www.isticom.it/

External contribution

CERT-SPC evolves into CERT-PA. According to DPCM 24/1/2013, that establish the Italian cyber security organisation, the Agenzia per l’Italia Digitale evolves the CERT-SPC into the CERT for the Italian Public Administration (CERT-PA). CERT-PA is operative in the pilot phase with four major administrations (Ministry of Foreign Affairs, Ministry of Justice, Ministry of Economy and Finance, Consip – the national procurement agency).
Reported by Mario Terranova (Agenzia per l'Italia Digitale) - 10 Feb 2014

External contributions are more than welcome. If you would like to share with us a country, regional or local-level initiative relevant for this DAE action, you can do it via the online form.