Cybersecurity: with 80 favorable votes from the Senate, a definitive yes to the bill, what does it provide

June 19, 2024

14 4 minutes read

Untitled design6 — cybersicurezza italia.jpg

With 80 votes in favor, 3 against and 57 abstentions, the Senate definitively approved the government-initiated bill on strengthening national cybersecurity and computer crimes. The Green Alliance and the Left were against the measure, while the M5S, Pd, Italia Viva and Action groups abstained.

The measure aims to offer answers to an exponentially growing issue. In fact, cyber attacks are increasingly frequent and, in addition to creating insecurity for Italian systems, they can also encourage the disclosure of sensitive data. The text therefore prepares additional tools for public administrations to try to prevent, avoid and promptly report cyber attacks in order to limit the damage as much as possible. The text is made up of 24 articles – some of which provide for interventions on the Criminal Code and the Code of Criminal Procedure – which introduce, among other changes, significant increases in sentences for crimes such as unauthorized access to a computer system (which, in the case in which the act is committed by a public official, is sanctioned with imprisonment from two to ten years) or damage to information, data and computer programs (which, in the simple hypothesis, would be sanctioned with imprisonment from two to six years and, in the aggravated case, with imprisonment from three to eight years). The introduction of a third paragraph in the art. was also foreseen. 629 of the Criminal Code (extortion) – in turn referred to in the art. 24-bis legislative decree 231/2001 regarding the liability of entities – pursuant to which “anyone, through the conduct referred to in articles 615-ter, 617-quater, 617-sexies, 635-bis, 635-quater and 635 -quinquies or with the threat of carrying them out, forces someone to do or omit something, procuring for himself or others an unjust profit to the detriment of others, is punished with imprisonment from six to twelve years and with a fine of 5.000 euros to 10.000 euros. The penalty is imprisonment from eight to twenty-two years and a fine from 6.000 to 18.000 euros, if any of the circumstances indicated in the third paragraph of article 628 occur, as well as in the event that the act is committed against a person incapable due to age or due to illness”.

In detail, Article 4 of the provision provides that data relating to cyber incidents are collected on the basis of the notification requirements established by current legislation by the National Cybersecurity Agency, which takes care of their publicity as official reference data of cyber attacks. . Additional subjects may participate in the meetings of the cybersecurity unit, including representatives of the national Anti-Mafia and Anti-Terrorism directorate and representatives of the Bank of Italy (article 5). Furthermore, the President of the Council of Ministers may order the deferral of the information obligations and resilience activities of the National Cybersecurity Agency, in cases where this is considered strictly necessary by the security services of the Republic (Article 6). The Minister of Agriculture, the Minister of Infrastructure and Transport and the Minister of University and Research are also members of the Inter-ministerial Committee for the Security of the Republic (CISR) (article 7). And again, the structure responsible for cybersecurity activities is established for the public administrations indicated in article 1, paragraph 1, where it is not already present (article 8). Article 10 establishes the promotion of the use of cryptography as a cyber defense tool and establishes the National Cryptography Center at the National Cybersecurity Agency, while Article 14 introduces some cybersecurity criteria in the regulation of public contracts. Finally, article 19 extends the regulation of wiretapping provided for organized crime events to computer crimes referred to the coordination of the national Anti-Mafia and Anti-terrorism prosecutor and article 21 modifies the procedure for applying the special protection measures for witnesses of justice and for the others protected, providing that the Central Commission must ask the opinion of the national Anti-Mafia and Anti-terrorism prosecutor on the proposal for admission to the special measures. In conclusion, Article 22 regulates the relationship between the National Cybersecurity Agency, the National Anti-Mafia and Anti-Terrorism Prosecutor, the Judicial Police and the Public Prosecutor.

“I express my appreciation and satisfaction for the final approval by the Senate of the government bill on cybersecurity: it is a text that has found enrichment and positive integration in the parliamentary process, thanks also to the amending contribution of the opposition. From today the entire national security system, and in particular the cyber one, which has become the main front for attacks by hostile state entities, is finally equipped with more adequate operational tools to repel them”.

The Undersecretary of State declared it, Alfredo Mantovano, which adds: “The so-called ‘perimeter’ of the subjects required to strengthen their defenses is expanded, an alarm and collaboration procedure is identified with ACN, the Cybersecurity Agency, for remedial interventions, the intervention method is defined when there are concurrent competences of, for example, the ACN and the judicial police, the action against cyber crime is strengthened, with the identification of new types of crime and the use of more effective investigation tools”.

Mantovano concludes: “From today the responsibility passes from Parliament, which meritoriously approved the text a few months after its launch by the Council of Ministers, to all the protagonists of the cyber system, each within their own sphere of competence”.