The Agenzia per la Cybersicurezza Nazionale (ACN) is an Italian government agency established by decree 82 of 14 June 2021.[1]
The ACN was established to provide cybersecurity to information technology, and also for the purpose of protecting national security in the cyberspace, and ensures coordination between the public entities involved in the matter.
It pursues the achievement of national and European strategic autonomy in the digital sector, in synergy with the national production system, as well as through the involvement of the university and research world. It favors specific training courses for the development of the workforce in the sector and supports awareness campaigns as well as a widespread culture of cybersecurity.[2]
Cyberattack alerts, monitoring, detection and prevention activities
The agency constantly carries out activities of alert, monitoring, detection and prevention of cyber attacks as in the case of the massive global cyberattack of 5 February 2023.[3]
During the cyberattack, a large part of the TIM network was out of order due to a problem with data flows from the international network which also had an impact in Italy.[4]
The attack exploited a vulnerability on VMware ESXi servers.[5]
The damage to the Italian national network has amounted to millions of euros, and thousands of servers affected.[6]
However, the following day, the agency reduced the scope of the attack, reporting that no critical systems were affected.
On 22 February 2023, the agency issued a new alert against an attack perpetrated by Russian activists. The cyberattack is claimed by the pro-Russian group NoName057.[7][8]
On 7 March 2023, the director of the agency, Roberto Baldoni resigned for differences with the Italian government, following the cyber-attacks suffered by Italy.[9]
The pro-Russian group NoName057 comments on the resignation of Roberto Baldoni on its Telegram channel, claiming the attacks against the Italian internet infrastructure as a complete success.[10]
On 9 March 2023, the prefect of Rome, Bruno Frattasi, was appointed new director of the agency in place of the resigned Roberto Baldoni.[11]
On 19 March 2023, the pro-Russian group NoName057 attacked again the Italian institutional websites, in particular that of the CSM.
In claiming the cyberattack, they directly addressed the director of the agency, Bruno Frattasi and Francesco Lo Voi, the chief prosecutor of Rome.[12]
On 27 March 2023, there was a new cyberattack against the websites of the Italian ministers and the postal police, however it did not achieve the objective of hindering users from using the sites under attack. The attack was considered failed, only that of Atac, the municipal transport company of Rome, suffered slowdowns and temporary unavailability.[13]
On May 13, 2023, during the visit to Rome in Italy of Volodymyr Zelensky, president of Ukraine, to the Italian president, Sergio Mattarella and the Italian premier Giorgia Meloni and to the Pope, the pro-Russian group noName057 claims a new cyberattack on the website of the Viminale and on the Csm. However, the damage was mitigated and no malfunctions or slowdowns of the affected websites occurred.[14][15]
On 19 June 2023, the agency sent the 2022 annual report to the Italian parliament which showed that 1,094 cyber attacks took place in 2022, a marked increase due to the conflict in Ukraine.[16][17]
Computer Security Incident Response Team - Italia (CSIRT) operates within the agency with the following functions defined on the basis of Legislative Decree 18 May 2018, n. 65 and by the Decree of the President of the Council of Ministers of 8 August 2019 art. 4.[24]