Roma Capitale capacity building for cyber incident detection and response

Cybersecurity (Mission 1, Component 1, Investment 1.5)

Italy’s Recovery and Resilience Plan provides this investment to strengthen Italy’s defences against the risks posed by cybercrime, notably through the implementation of a ‘National Perimeter for Cyber Security’ (PSNC), in line with the security requirements set out in the Directive (EU) 2016/1148 on security of network and information systems (NIS Directive), and by strengthening national cyber-defence capabilities of technical inspection and risk monitoring.

The measure envisages the development of a state-of-the-art, integrated system, tightly interconnecting different entities across the country and connecting internationally with partners and trusted technology providers. This is articulated on four pillars: (i) Strengthen front line capabilities towards the public and companies/entities to manage alerts and actual publicly recognized events; (ii) Build/strengthen the country’s inspection and audit capabilities of hardware and software used by subjects with essential functions to certify trustworthiness/pre-empt threats; (iii) Power up units of law enforcement and cyber units within the Police forces in charge of investigations of criminal activities; (iv) Strengthen significantly cyber asset and human resources in charge of national security and response to cyber threats.

The investment is financed by the Recovery and Resilience Plan by EUR 623 million.

This project is part of this invesment. The initial phase will involve a detailed analysis and mapping of the current state of Roma Capitale, including hardware, software, networks, VPNs, and firewalls. Next, the security architecture—serving as the operational and decision-making center for Roma Capitale's cybersecurity—will be defined, involving both internal resources and external consultants. This will be followed by the development phase, in which the SOC will be concretely realized from both an organizational and technological perspective through enabling solutions. The information collected by the third-party solutions adopted by Roma Capitale (such as Cloud, Endpoint, Network, and Server) will converge into a single repository, ensuring a cross-sectoral view that is independent of specific service operators.
This architecture will enable quick and effective responses by using machine learning algorithms to detect sophisticated threats. Information from Cyber Threat Intelligence will be used to activate preventive defense mechanisms, and incident responses will be automated. After the architecture design phase, all activities to implement the processes and supporting technologies will be carried out, along with the training of personnel involved in the detection and management of security incidents.

This project is financed by the Recovery and Resilience Facility with EUR 995.100,00.