Banca d'Italia engages in systematic activities designed to prevent and combat cyber threats and ensure its cyber resilience and operational continuity, so as to uphold high levels of quality in its action and services.
This page describes:
Objectives
Cyber resilience resides in the ability of an organization to ensure the reliability and operational integrity of its services over time, even in the presence of an adverse cyber event, by adapting its systems and processes to the developments of the cyber threat scenario. Banca d'Italia is committed to carrying out its tasks in the best way possible and aims to ensure the resilience of the services it provides to users and the financial sector, both at national level and within the European System of Central Banks (ESCB).
Banca d'Italia performs many functions that require secure infrastructures that operate continuously. The Bank manages the infrastructure of the national financial system; provides national digital services such as Treasury services, government securities auctions, and the general government transactions information system (SIOPE); it provides digital services to the Eurosystem (in the form of the TARGET Services and TIPS platforms, for example), and stores large amounts of data and, pursuant to the General Data Protection Regulation (GDPR), has responsibility over the personal data processed in digital transactions.
Further information:
Activities
Banca d'Italia has undertaken numerous activities to improve the effectiveness of its business continuity measures, which include an effort to combat cyber threats. The objectives set out in the Strategic Plan for 2023-25 identify the activities required to strengthen the Bank's internal procedures and controls, and its prevention and defence capabilities, in line with the general risk-management framework for cooperation among central banks and European supervisory authorities. The framework adopted by Banca d'Italia to strengthen its cyber-risk prevention and defence procedures is inspired by the leading international best practices and standards (see 'Further information' section). The main areas of activity in cyber threat prevention and defence are:
- Cyber threat intelligence (CTI): is the process of collecting and analysing information about a cybersecurity threat actor, so as to assign them a risk profile based on the characteristics of the assets to be protected and devise appropriate threat remediation actions. Understanding and monitoring the numerous lines of development of cyber threats is key to identifying the most effective remediation actions. This ability is defined as situational awareness, which is the expertise required to understand how the cyber threat scenario evolves, relative to the characteristics of the interests to be protected, and involve all decision-making levels in an organization. To this end, Banca d'Italia acquires, analyses and processes the information in a way that is functional to provide an understanding of the threat and its development, and to convey the information effectively and in a timely manner to internal and external stakeholders.
- cybersecurity awareness: developments in the cyber threat scenario confirm that human vulnerabilities are a key target in conducting effective attacks against public and private organizations, institutions, as well as the general public (see 'Risk awareness and cybersecurity for end users'). The aim of cybersecurity awareness is to alert all staff within an organization to the main risks deriving from cyber threats and to promote sound practices for their prevention, so that the benefits of technology can be safely enjoyed. Banca d'Italia runs an ongoing programme of activities to raise awareness among its staff of the chief cyber threats within the financial sector and on the more general risks encountered in cyberspace, and to issue guidelines for the prevention or mitigation of possible impact on the organization.
- information sharing: Banca d'Italia is active in building high levels of trust and developing the means and opportunities for public-private cooperation (see 'Institutional cooperation and dialogue with the market'), and in fostering information sharing on cyber threats between qualified and mutually recognized counterparties (see 'Frequently Asked Questions and Key Concepts'). Information sharing is crucial for effective identification, analysis and assessment of cyber risk, as well as for the cyber resilience of the individual stakeholders, and for the entire ecosystem, potentially. Banca d'Italia has stipulated agreements, conventions and collaborations over time, consolidating its relationships with institutional operators in the national cybersecurity architecture, including:
- the National Cybersecurity Agency (ACN), with a Memorandum of Understanding for information sharing and for cooperation against cyber threats;
- the Department of Public Security of the Ministry of the Interior, which includes the National Anti-Crime Centre for the Protection of Critical Infrastructure (CNAIPIC);
- the Carabinieri military police, with a Memorandum of Understanding for information sharing and cooperation against cyber threats.
There are also active working relationships for cyber-threat information sharing with the Finance Police, the Ministry of Defence, the Ministry of Economy and Finance (MEF), the Italian authority for financial markets supervision (Consob) and the State Printing Works and Mint.
Further information:
The Computer Emergency Response Team of Banca d'Italia, CERTBI
CERTBI is the reference point within Banca d'Italia for cyber threat intelligence, information sharing and security awareness.
In addition, CERTBI participates in cooperation and information exchange initiatives in different multilateral forums, and collaborates with qualified counterparties at national, European and international level (see 'Institutional cooperation and dialogue with the market'). It also participates in major international bodies that ensure cooperation between CERTs, thus increasing the overall level of security, thanks to the ability to respond quickly to cyberattacks and new emerging threats.
Since 2018, CERTBI has been accredited by Trusted Introducer (TI), a European body that coordinates the cooperation between CERTs, and, in 2019, it obtained full membership in the Forum of Incident Response and Security Teams (FIRST), which operates worldwide.
For more details on the history of CERTs and CSIRTs, also see 'Frequently Asked Questions and Key Concepts'.
Further information:
CERTBI (trusted-introducer.org) (external link)
CERTBI (first.org) (external link)
Memorandum of Understanding between Banca d'Italia and the National Cybersecurity Agency
