COMPUTER CRIMES
Italian Government: new cybersecurity bill.
Government green light for cybersecurity bill. The measure approved by the Council of Ministers on 25 January 2024 introduces stricter rules to combat cybercrime.
The bill broadens the perimeter of those who must equip themselves with cybersecurity systems, and heavy fines are envisaged for hackers but also rewarding measures for those who cooperate. In addition, for tenders with cyber supplies, the bill provides for specific rules to be observed, which will be included in the calls for tenders and will be laid down by special dpcm. First of all, the bill expands the perimeter of the entities required to equip themselves with cybersecurity systems to municipalities with over 100,000 inhabitants, local health authorities, and regional capitals, calling on these entities to immediately notify Acn attack, in order to have an immediate reaction. A penalty is envisaged in the event of non-compliance with this obligation.
The measure also provides for the strengthening of public administrations, whereby it is stipulated that those affected by these rules must have their own cybersecurity office.
An increase in sanctions is envisaged, as well as the configuration of autonomous offence figures, e.g. cyber extortion, while 'reward measures for those who enable the restoration of cyber order' are introduced.
Changes of a criminal procedural nature are also envisaged because now all these offences fall under the discipline of organised crime offences and therefore allow not only the use of more effective investigation and detection tools, but also that coordination that goes through the anti-mafia district directorates and the national anti-mafia prosecutor's office.
Here are the qualifying points of the bill:
The bill broadens the perimeter of those who must equip themselves with cybersecurity systems, and heavy fines are envisaged for hackers but also rewarding measures for those who cooperate. In addition, for tenders with cyber supplies, the bill provides for specific rules to be observed, which will be included in the calls for tenders and will be laid down by special dpcm. First of all, the bill expands the perimeter of the entities required to equip themselves with cybersecurity systems to municipalities with over 100,000 inhabitants, local health authorities, and regional capitals, calling on these entities to immediately notify Acn attack, in order to have an immediate reaction. A penalty is envisaged in the event of non-compliance with this obligation.
The measure also provides for the strengthening of public administrations, whereby it is stipulated that those affected by these rules must have their own cybersecurity office.
An increase in sanctions is envisaged, as well as the configuration of autonomous offence figures, e.g. cyber extortion, while 'reward measures for those who enable the restoration of cyber order' are introduced.
Changes of a criminal procedural nature are also envisaged because now all these offences fall under the discipline of organised crime offences and therefore allow not only the use of more effective investigation and detection tools, but also that coordination that goes through the anti-mafia district directorates and the national anti-mafia prosecutor's office.
Here are the qualifying points of the bill:
- coordination between the National Cybersecurity Agency - ACN and the Judiciary in case of cyber attacks;
- operational coordination between the Security Intelligence Services (DIS) and the National Cybersecurity Agency;
- increasing the perimeter of public entities or entities providing a public utility service that are obliged to have mandatory cybersecurity systems, such as: Municipalities with over 100,000 inhabitants, local health authorities, regional capitals, etc. They will be obliged to notify the ACN without delay of the cyber attack they have suffered, so as to activate an immediate reaction. This obligation, if not complied with, is followed by an initial warning and then by a sanction imposed by the ACN itself, which may range from 25 thousand to 125 thousand euro.
- For PA employees, in the event of a sanction, disciplinary and administrative-accounting liability may also arise;
- warning and sanctions, therefore, for PAs that fail to notify cyber attacks suffered
- a cyber-security contact point is created for PAs affected by the bill.
