The proposal emerges from the third meeting of the webinar series on the National Cybersecurity Strategy, organized by Cyber 4.0 in collaboration with National Cybersecurity Agency, dedicated to the topic of public-private information sharing.
The third meeting of the webinar series that Cyber 4.0, in collaboration with ACN, is devoting to delving into some of the important aspects of the National Cybersecurity Strategy was held on Wednesday, July 20.
The seminar focused on the theme of public-private information sharing, with reference both to the activities of the national CSIRT as a collector and distributor of information on ongoing or suspected attacks and as a channel of contact with law enforcement agencies, and to the initiatives planned at the level of the National Cybersecurity Strategy, with particular reference to the creation of the nationalInformation Sharing and Analysis Center (hereinafter also ISAC) and sectoral ISACs.
ISACs are nonprofit organizations that provide:

  • Provide a centralized resource for gathering information regarding cyber threats and incidents;
  • Encourage and enable the two-way exchange between the private and public worlds of such information;
  • Foster the sharing of experience, knowledge and analysis regarding cyber threats and incidents, as well as benchmark best practices for mitigating and countering cyber attacks.

For more details, please refer to the European Union Agency for Cybersecurity (ENISA) web page on ISACs.

The opening remarks by the National Cybersecurity Agency outlined the many initiatives underway or planned to foster information sharing, operational and contextual, between public agencies and private organizations.

In particular, Actions #34 and #35 of the National Strategy were mentioned, relating to:

  • Establish an ISAC at ACN, tasked with coordinating the collection and analysis of higher-value added operational and strategic information produced by the various national cyber services. The facility will be linked to the European network of ISACs contributing to the realization of the “European CyberShield,” envisioned by the EU Cybersecurity Strategy.
  • Promote the creation of sectoral ISACs integrated with ACN’s ISAC, including through public-private initiatives, so as to foster the enhancement of information and best-practice exchange to serve government and domestic industry.

The intervention by CNAIPIC (Postal and Communications Police) reconfirmed the substantial role that information sharing has played with public agencies and private organizations since its establishment. The cyber threat is by its very nature asymmetrical and multifaceted, and the time and possibilities for attackers always outweigh the time and possibilities for prevention and counteraction. With the aim of making this collaboration permanent and activating a daily channel of communication, the Postal Police has long since initiated the signing of Conventions with relevant entities.

Experts from the private sector then spoke, representing entities that have developed successful public-private information sharing experiences nationwide.

These were the main insights that emerged during the seminar:

  • The impetus that will come from the implementation of the National Cybersecurity Strategy will bring to fruition a model of public-private collaboration that has hitherto been absent on a national scale but has been realized in some virtuous sectors such as banking. ACN’s essential leadership role will need to be assisted by sector organizations and entities that are already characterized by the implementation of an operational model of collaboration between public institutions and the private world.
  • Cybersecurity should not be framed as a competitive field, and the return value of making system and sharing information even with potential actors in the same business sector should be emphasized. In this context, initiatives to increase trust (trust) among members of the same information sharing network is a basic element on which to build permanent mechanisms of exchange and collaboration.
  • Therefore, it is important to have a third party that can act as a guarantor of the exchange of information, that can neutrally filter and route communications, that can-if requested-anonymize reporting sources, verify their trustworthiness, that carries out trust-building and one-to-one knowledge initiatives of the members of its constituency, and that defines and implements appropriate and uniform rules of engagement.
  • The number of reports of attacks, either ongoing or suspected, that may affect counterparts in an information sharing community is very high. It becomes not only appropriate but necessary touse technical solutions and international standards for structured information exchange, such as the MISP standard. This also enables direct dialogue with enterprise SIEM systems.
  • The experience developed by CERTFin in this regard has enabled the development of effective sharing of indicators of compromise (IOCs) and structured information on cyber fraud, organized by severity levels and according to a TLP protocol.
  • It is important to build a reporting system of the managed alerts, which allows periodic reports to be extracted that are useful both in terms of cyber threat intelligence and in terms of scenario interpretation and adjustment of corporate prevention and protection policies.
  • In the context of cybersecurity, extending the exchange of information beyond the boundaries of one ‘s home industry sector and geographic area assumes paramount importance. Mechanisms of inter-ISAC coordination and/or with similar entities active in other countries are to be encouraged. Structural in this is the role of the national ISAC as a liaison of the different sectoral ISACs and an interface for international cooperation.
  • One issue of interest that remains open is to determine a way to measure the impact of information sharing initiatives on cybersecurity, so as to target their development and maximize their effectiveness. For while there is no doubt about the practical benefits of belonging to an information sharing network, some variables to be considered as a “cost” are certainly the effort required to find and make information available, as well as its corporate sensitivity.

The meeting was then an opportunity to launch a proposal to create an ISAC dedicated explicitly to SMEs, a context that is confirmed to be particularly exposed to information security problems and often underrepresented in system initiatives.

An ISAC for SMEs would provide a common point of reference for companies that often share issues more related to their size than to their specific industry, and would serve as an aggregation point for sharing incident response experiences and for a collective raising of the level of awareness about ongoing or prospective threats.

In view of the public-private nature of its constituency, and the institutional mandate to support SMEs given to it by the Ministry of Economic Development, as well as the expertise it can bring to bear in managing related initiatives and communications to and from the National Cybersecurity Agency, Cyber 4.0 certainly represents an important operational context in which to initiate reasoning on the appropriateness of creating an ISAC for SMEs.

Webinar presentations are available:

Luca Massarelli, Advisor Agency for National Cybersecurity, Information Sharing and Public-Private Collaboration

Romano Stasi, CERTFin Chief Operating Officer, Information Sharing and Public-Private Partnerships.

Andrea Pugini, Security Governance & Data Protection Sogei, Sogei Information Sharing

A recording of the event is also available by clicking here