One year after the Network and Information Security Directive, the European Parliament and the Council adopted the Cyber Security Act Regulation. The two acts, together with the GDPR, constitute the pan-European digital security system, according to an article signed by Isabella Alessandrucci, Lawyer and Auditor ISO / IEC27001 – 37001 – 9001 on Digital Agenda. The Directive, in fact, provides for a “high level of security of the network and information systems at national level”; the Regulation “has the objective of cyber security and cyber resilience within the Union”. In particular the NIS directive stresses that “the networks, information systems and services play a vital role in society and is, therefore, crucial that they are reliable and safe.” For the Cyber Security Act, ICT are the basis of the operation of those key areas for society: health, energy, finance and transport. ” With the advent of the 5G network transnational commitment to the network and system security is greatly increased, adds the lawyer, Alessandrucci. According to the Clusit Report 2019 on the security there is a significant increase in “cyber attack” from the previous year especially in the categories of espionage, and information warfare. To ensure a higher level of cyber security in the digital single market, the NIS Directive requires digital service providers and core service operators to take technical and organizational measures “adequate” risk management and prevention of cyber incidents according to guidelines prepared by the Cooperation Group. In this regard, the Cyber Security Act in addition to strengthening the role of ENISA takes an important step towards full implementation of the principle of so-called “security by design”: namely the adoption of safety measures, technical and organizational, during the entire system life cycle. Also in the area of PA the need to guarantee information security and information confidentiality is increasingly perceived as a priority. In the 2019-2021 three-year plan AgID has prepared a useful document to the Administrations to evaluate your computer security level required for all PA. News are also recorded on the certification front. To implement art. 42 of the European legislation on privacy, the Data Protection Authority of the European Economic Agreement and the European Data Protection Supervisor have adopted the definitive version of the Annex to the Guidelines on all certification mechanisms and accreditation of the certification bodies, laying the foundations for the determination of the “additional requirements”, in the awareness that these schemes, voluntary, cannot be defined as compliant with articles 42 and 43 of the GDPR, since the specific certification criteria have not yet been determined.
Roma Capitale