With regard to the cyberattack that has occurred worldwide, Undersecretary of State Alfredo Mantovano, delegated authority for cybersecurity, coordinated a meeting at Palazzo Chigi this morning with Director General of the National Cybersecurity Agency (‘ACN’) Roberto Baldoni and Director General of the Security Intelligence Department (‘DIS’) Elisabetta Belloni to verify that, despite the seriousness of the incident, in Italy no institutions or leading companies operating in sectors of key importance for national security have been affected.
An initial assessment carried out by the ACN together with the Postal and Communications Police has not revealed any evidence of an attack by a hostile state or similar; it is instead likely to be an act by cybercriminals demanding payment of a ‘ransom’.
The cyberattack, which came to light on the evening of 3 February and culminated in yesterday’s widespread act of aggression, had been identified by the ACN as being hypothetically possible back in February 2021, which is why it had alerted all susceptible players to adopt the necessary protection measures. Some recipients took the alert into due consideration, while others did not and, unfortunately, they are now paying the consequences. By way of analogy with the healthcare sector, it is as if a particularly aggressive virus had begun circulating in February 2021 and the health authorities had urged vulnerable people to take due precautions, with the damage to the health of those who did not take preventive measures emerging at a later date.
The ACN and Postal and Communications Police are also currently working to identify all potentially vulnerable entities, in order to limit the negative effects not only for their IT systems but also for the entire population (take, for example, the repercussions of a local health authority’s system being blocked).
All entities involved are therefore once again recommended to step up possible prevention measures, immediately getting in touch with the ACN if they have not already done so.
Implementing Decree Law no. 82/2021, the Government will promptly adopt a Decree of the President of the Council of Ministers to link the fundamental prevention work carried out by regional authorities with the ACN. At the same time, said National Cybersecurity Agency will establish regular institutional round table discussions with all public and private providers of critical services for the nation, starting with ministries and insurance and credit institutions.