The ACN-CyEX24 exercise, the first on a national scale to involve the administrations represented in the Cybersecurity Unit, ended at the headquarters of the National Cybersecurity Agency (ACN). The event, held on 5 and 6 December, saw the participation of over 50 representatives of Ministries and Departments, engaged in an activity aimed at testing and perfecting the Italian public system's capabilities for preventing and responding to cyber incidents.
The exercise simulated a cyber attack scenario of increasing intensity, starting from the identification of a critical vulnerability up to the management of a complex incident. The complete response cycle was tested, including the alerts transmitted by CSIRT Italia, an operational unit of the ACN, and the adoption of containment and recovery measures.
Inserted in the implementation path of the National Cybersecurity Strategy 2022-2026, the exercise also represented an opportunity to consolidate knowledge of sector regulations. Among these, the 28 Law June 2024, n. 90, which strengthens the national legislative framework, and the Legislative Decree no. 138 of 4 September 2024, which implements the European Directive NIS2.
The exercise confirmed the value of information exchange and technical-operational collaboration for timely and effective management of cyber events. “ACN-CyEX24 represents an important step in the path of growing national cyber resilience,” said Prefect Bruno Frattasi, Director General of ACN.
Unification and Digital Sovereignty
In addition to strengthening operational capabilities, experiences such as ACN-CyEX24 highlight the need to optimize digital systems in Public Administration. By unifying digital platforms and services, it would be possible to reduce costs, avoid duplications and build a digital sovereignty centralized and monitored.
A concrete example of the importance of centralized management emerged recently, when dozens of Italian municipalities were removed from Google's index due to an algorithmic update. This situation highlights the current fragmentation, with thousands of platforms managed by different companies for the publication and delivery of public services.
Unifying these platforms would improve efficiency and offer citizens more accessible and secure digital services. Furthermore, it could represent a strategic step towards building a more resilient and autonomous public system, reducing dependence on third parties and ensuring better protection of critical infrastructures.
THEACN-CyEX24 it was not just a technical exercise, but a clear example of how institutions can collaborate to address cybersecurity challenges. Initiatives like this, also extended to the local level, could involve the entire Public Administration and lay the foundations for a cohesive and sustainable public digital system, capable of responding to cyber threats effectively and promptly.
"A Cyber attack of increasing intensity represents a simulation or real event in which a cyber attack unfolds progressively, increasing in complexity, severity, and impact over time. This type of scenario is designed to test an organization or system's ability to address the different phases of a cyber incident, adapting to new challenges as they arise.
An attack of this kind is characterized by some peculiarities. First, there is a progressive increase in severity: the attack can start with a relatively simple problem, such as the discovery of a vulnerability in a software, and then evolve into increasingly complex and damaging situations, such as the blocking of essential services or the compromise of critical data. In addition, there is a diversification of the tools and techniques used. During the attack, different methodologies can be used, such as phishing, malware, ransomware or DDoS attacks, increasing the pressure on the targets.
As the attack progresses, the impact on operations becomes more significant. The consequences are not limited to technical systems, but can extend to business processes, critical infrastructure, and the organization’s reputation. Managing these situations requires a complex and multifaceted response, requiring advanced countermeasures such as in-depth monitoring, isolation of network segments, and in some cases, coordination with other organizations.
A practical example of an escalating attack might start with a malicious actor exploiting a known vulnerability to gain access to a corporate network (the early stage). The attacker might then move laterally through the system, compromising multiple machines and harvesting sensitive data (the mid-stage). Finally, the attack might culminate in ransomware that locks down all corporate data, with the threat of making it public unless a ransom is paid (the late stage).
Simulations of this type have specific objectives: they allow testing the entire response cycle to an incident, from initial discovery to resolution; they evaluate the ability of teams and organizations to coordinate; and they help identify weaknesses in security protocols, thus improving overall resilience.