Cybersecurity: completed cybernetic exercise coordinated by the NSC

(To Department of Security Information (Dis))

ROME - Back "Cyber ​​Europe 2018", The IT security exercise organized by ENISA, the European IT and Network Security Agency, launched in collaboration with 30 Countries.

For Italy, the simulation was coordinated, for the first time, by the NSC: the Core for Cyber ​​Security established at the Department of security information (DIS), which works in support of the President of the Council and the Inter-ministerial Committee for the Security of the Republic (CISR) for matters concerning cybersecurity. It is precisely the new directive on national cybernetic architecture (DPCM of 17 February 2017), in fact, to provide, among other tasks assigned to the NSC, also to promote and coordinate, in conjunction with MiSE and AgID, the national participation in international exercises concerning the simulation of cybernetic events.

More specifically, the simulation had to solve a large-scale cyber attack targeting the infrastructures that control air traffic, causing the compromise of check-in.

Imagine a normal day at the airport. Suddenly, the check-in shows a system failure. The app travel on smartphones stop working. Operators at the banks of the check-in they can not use their computers. Travelers can neither check baggage nor pass security checks. All flights are shown as canceled on the airport monitors.

This is the scenario of the simulation of "Cyber ​​Europe 2018"Concluded yesterday, which simultaneously involved 30 participating countries (28 EU members, plus Switzerland and Norway), and more than 900 European cybersecurity who have been able to operate through a common IT platform in which, to make the scenario more truthful, fake websites, social media and security blogs have also been created.

A further opportunity to verify the capacity for reaction and cooperation at the European level, in line with the provisions of the recent implementation of the Network and Information Security (NIS) Directive, which provides for the adoption of common measures for the raising of a high level of security of networks and information systems in the Union.

For example, Italy has had the opportunity to test the procedures of the new institutional actors envisaged by the NIS: as the intervention group for IT security in case of accidents, the Computer Security Incident Response Team, CSIRT (which will be the result of the unification of CERT-N, Computer Emergency Response Team-National of the Ministry of Economic Development and CERT-PA, a similar structure of the Agency for Digital Italy), which operated during the exercise in close synergy with the Ministry of Defense's bodies (Interforces Command for Cybernetic Operations) , of the Postal Police (CNAIPIC) and with the European network of CSIRTs.

ENAC, ENAV, Aeroporti di Roma SpA and Alitalia have also been involved in the simulation Internet Service Providers including TIM, WIND-TRE, Vodafone, Fastweb and BT Italia.

"The exercise ended successfully", Underlines the Cypnetic Security Unit at the DIS. Because on the one hand a significant improvement in the efficiency of cybersecurity performance was certified; and on the other hand, evidence of a good maturation of the sector was given for those strategic aspects concerning the cooperation between public and private sectors.