Cyber Threats – like ransomware or other types of malwares – are evolving, pervasive, and ubiquitous. They endanger both individuals and organizations across several communities worldwide. They run through addresses networks, information systems, and services, which represent the backbone of contemporary digital societies and the premises for their industrial, economic, and social development. Overall, cyberthreats undermine the potential benefits that stem from the use of new or emerging digital technologies in many sectors, e.g., transport, energy, health, telecommunications, finance, democratic processes, education, space, defence, and national security. Tackling cyber threats requires organizations to acquire, maintain, and further develop adequate cyber capabilities.

As far as countries are concerned, this entails assigning clear responsibilities and mandates to existing or newly established institutions, as well as sustaining their functioning through both the allocation of sufficient resources – human, financial, technological -, and the definition of efficient operational procedures. To prevent and counter cyberthreats, states should also adopt concrete measures and actions that are multidisciplinary and multi-layered in their essence. These can range from enacting specific policy and legal instruments, supporting the establishment of cybersecurity stakeholders’ communities or cooperation fora, financing technological research and development, to sustaining cyber-related education, and promoting educational campaigns in the field of cybersecurity. Altogether, the above-mentioned actions aim at building a cyber-resilient and cyber-secure community.

However, given the transnational nature and reach of cyber threats, countries cannot limit the scope of their preventive and counter initiatives to the domestic realm. They should act at the international level, too, promoting and contributing to universal, regional, and bilateral cooperation in the field of cybersecurity.

 

Cyber capacity building as international cooperation

International cooperation initiatives can take several forms, involve various partners, and focus on different elements or aspects. Some of these initiatives fall within the scope of so-called “cyber capacity building” (CCB).

Put it simply, CCB is a growing field of cooperation whose boundaries and content continue to evolve.[1]It is a tool comprising a rich set of activities and projects aimed at developing capabilities to mitigate risks and promote opportunities vis-à-vis cyberspace and digital technologies.

CBB initiatives’ topics and items can vary according to their promoters’ goals and needs. They can span from cyber policy and law-making, institution building, strategic planning, incident response, information sharing, critical national infrastructure protection, the promotion of information and awareness campaigns, to education and training. Since it is intrinsically based on a win-win logic, CCB can strengthen partners’ cyber resilience and sustain their technological and industrial development.

From a multilateral perspective, it can improve the overall cybersecurity of regional and sub-regional areas as well as boost their economic and social growth. To be truly beneficial, CCB initiatives should be coordinated and not fragmented. Furthermore, they should be premised upon transparent and shared goals and rely on effective resources for their implementation.

 

The role played by the Italian National Cybersecurity Agency

By acknowledging CCB’s value in terms of trust-building and strategic partnership, Italy aims at resorting to such tool to establish and reinforce close relationships and collaborations with its partners in the field of cybersecurity. The recently established Italian National Cybersecurity Agency has a clear mandate and functions in this field.[2]

The Agency is Italy’s cybersecurity authority, which ensures coordination between the domestic public entities having a stake in cybersecurity nationwide as well as promotes the implementation of common actions aimed at strengthening national cybersecurity and resilience. It is also responsible for safeguarding Italy’s national security and interests in cyberspace.

Among its assigned tasks, the Agency coordinates, in partnership with the Ministry of Foreign Affairs, international cooperation in the field of cybersecurity. In particular, it can stipulate bilateral and multilateral agreements – also through the involvement of the private and industrial sectors – with institutions, entities, and bodies of other countries for Italy’s participation in cybersecurity programmes. These agreements can be framed within the context of CCB initiatives. Among CCB partners, there are institutions from countries of the wider Mediterranean Region (North Africa and the Middle East), most of which have long-standing friendship ties with Italy.

In line with what is described above, CCB initiatives with these countries should aim at improving regional cyber resilience and promote technological innovation and development. Initiatives may have either a broad or narrow scope. Among others, they may include the sharing of best practices and experiences in the field of cybersecurity (for example, with a focus on the maritime, health or energy sectors); the exchange of data and insights on cyberthreats and other cyber-related malicious activities; the promotion of educational or training programmes aimed at filling skills or labour force shortages; or the support to institution building as well as policy and law-making in the field of cyber.

As per the latter, for example, Italy could share with its partners the experiences it has developed so far from the adoption and progressive implementation of the National Security Perimeter Law for Cyber[3], as well as from the domestic application of the Directive EU 2016/1148[4]. It could provide insights on the content and main features of the recently adopted National Cloud Strategy, which has the goal of providing strategic direction for the implementation and control of cloud solutions in public administration[5].

In conclusion, cybersecurity is transnational by nature. Safeguarding domestic cybersecurity and cyber-resilience requires states to act jointly at the international level. CCB can represent a useful instrument in this regard. It is an opportunity for Italy and its Mediterranean partners to prompt regional security, innovation, and growth.

 

 

SOURCES:

[1] R. Collett and N. Barmpaliou, International Cyber Capacity Building: Global Trends and Scenarios, Luxembourg: Publications Office of the European Union, 2021.

[2] The Agency was established by the Law Decree No. 82, 14.06.2021. See https://www.acn.gov.it/en.

[3] Law Decree No. 105, 21.09.2019, in the Italian Official Journal No. 222, 21.09.2019 (in Italian).

[4] The so-called “Network and Information Systems (NIS) Directive”, in European Official Journal L 194, 19.7.2016.

[5] See https://assets.innovazione.gov.it/1634299755-strategiacloudit.pdf (in Italian).