Italy's National Cyber Perimeter: Who Really Guards the National Cyber Borders

In the realm of national cybersecurity, the focus is on what the national defense cyber perimeter actually means. The objective is to define roles, responsibilities, and tools to protect strategic assets in a continuously evolving landscape. The article focuses on the key institutions, current limits, and prospects for more cohesive governance. Finally, it explores possible development scenarios and the challenges for startups and private players seeking to operate in this ecosystem.

Key actors and responsibilities

Italy's cyber perimeter is built on roles and responsibilities distributed among several bodies: the Agency for National Cybersecurity (ACN), established in 2021, sits at the heart of protecting critical infrastructure and cyber resilience. ACN does not have offensive capabilities, but its task is to safeguard security and resilience, prevent and mitigate cyberattacks, and foster the achievement of technological autonomy. It is also responsible for implementing the National Cybersecurity Strategy.

The framework is complemented by the law enforcement agencies: the Postal Police (Polizia Postale), Carabinieri and Guardia di Finanza each operate within their respective competencies to counter cybercrime. The Ministry of Defense is tasked with leading military operations in the cyber domain, supporting defense and national security. Operationally, the Network Operations Command (COR) organizes and coordinates the capabilities needed for targeted and timely interventions. Another important piece is the National Anti-Mafia and Anti-Terrorism Directorate, which coordinates investigations into organized crime and terrorism and has begun operating in the cyber domain as well. However, the array of actors is often uncoordinated, underscoring a clear need for greater cohesion and interoperability.

A map of requirements, data, and potential synergies

The review of the structures has been driven by the need for a framework capable of protecting strategic assets and coordinating resources efficiently. According to evaluations in the recent period, the ideal would be a structure of roughly 800 personnel. Currently, as of December 2024, there are 309 employees, of whom 212 are classified as managers. These figures highlight a mismatch between operational needs and available resources and raise questions about management capacity, training, and dissemination of skills within the apparatus.

Integrated governance requires a common line of action among intelligence, law enforcement, and defense. Intelligence remains the prerogative of the intelligence services, while the management of other functions—such as critical infrastructure protection, incident response, and resilience—requires a public-private synergy, as well as cross-sector skills management. A clear map of responsibilities is crucial to avoid duplications, bottlenecks, and delays in decision-making during crises.

Without leadership: challenges, risks, and opportunities

Without leadership

The absence of a single, ongoing leadership capable of coordinating the various actors exposes the country to fragmentation and inefficiency risks. On one hand, there is a need to maintain operational autonomy of individual structures; on the other, an integrated vision is needed to accelerate decisions, enable mutual intelligence sharing, and establish common standards for technologies and procedures. The balance between centralization and flexibility is crucial: governance that is too rigid can slow action, governance that is too diffuse can create gaps, duplications, and unnecessary costs. In this context, the role of businesses and the private sector becomes crucial: providers of critical infrastructure must be able to collaborate with public authorities on common standards, security auditing, and risk management, while respecting privacy regulations and fundamental rights.

Discussion: different perspectives on the evolution of the cyber perimeter

Two lines of thinking emerge clearly. On one side, the trend toward more centralized governance appears as a necessary response to wide-ranging threats: incidents affecting multiple sectors, direct attacks on critical infrastructures, and the need for a coordinated national-scale response. A centralized structure can ensure consistency in security standards, speed up decision-making in crisis contexts, and increase effectiveness in emergency management. On the other side, there is defense of decentralization, supported by the idea that cybersecurity is a continually evolving domain where effectiveness depends on operational agility, widespread technical competence, and the ability to quickly adapt to new threats. Decentralization fosters innovation and the participation of startups and private operators, but it poses the challenge of coordinating activities among actors with different priorities and operating paces.

A crucial theme is the role of the private sector: critical infrastructures, digital service providers, and technology companies are an integral part of national defense, but operate in a complex regulatory environment that creates opportunities, but also risks of conflicts of interest or opaque governance. Public-private synergy can accelerate the adoption of advanced technologies, such as real-time risk analysis, shared threat intelligence, automated incident response systems, and operational resilience management. However, a clear framework of responsibilities, independent audits, transparency in procurement procedures, and safeguards to prevent conflicts with privacy and civil rights are needed. International implications remain: interoperability with European and NATO standards, cross-border cooperation, and alignment with European digital security policies that foster a coordinated response to common threats. Finally, for startups and innovators, the cyber perimeter offers market opportunities: providing monitoring solutions, early detection, risk management, and compliance services, provided they operate in a regulated ecosystem with clear incentives and definitions of responsibility.

Conclusion: toward a more cohesive and innovative cyber defense

Italy's national defense cyber perimeter requires governance capable of uniting institutional roles, public forces, and private actors within a framework of clear and interoperable responsibilities. The challenges are not only technological: they involve resource management, ongoing training, inter-agency cooperation, and the ability to respond quickly to incidents. For startups and innovators, the opportunity lies in contributing to more effective defense through solutions that improve visibility, speed of response, and resilience of critical networks, all while respecting laws and protecting rights. In this scenario, entrepreneurial action can be a key driver of innovation, provided it is accompanied by transparent governance, common standards, and ongoing public-private dialogue.

Fonte wired.it