EXCLUSIVE REPORT – Italy’s Cyber Defense Reorganization: Strategic, Legal and Operational Implications of Minister Guido Crosetto’s 2025 Reform Agenda

ABSTRACT – Italy 2025 Cyber Centralization: Why Minister Guido Crosetto Seeks Unified Control over Confidential Corporate Data and State “White” Hackers’ Legal Immunity—Geostrategic, Military, and Industrial Stakes Explained

The purpose here is to walk the reader, plainly and directly, through why Guido Crosetto wants the Ministry of Defence to sit at the center of Italy’s cyber defense, to gain operational reach into confidential company systems inside the national “perimeter,” and to push for functional guarantees that let state “white” hackers act with protection akin to intelligence officers. The motivation is not abstract. Since the legal bedrock for Italy’s Perimetro di sicurezza nazionale cibernetica was laid by Gazzetta Ufficiale coordinated DL 105/2019 and operationalized through the creation of the Agenzia per la Cybersicurezza Nazionale—see ACN “Regolazione”—the threat tempo has shifted decisively; cyber operations tied to hard power politics became a daily variable for the European Union after the full-scale war in Ukraine, and allies formalized the doctrine years earlier when NATO recognized cyberspace as an operational domain. Crosetto’s move is meant to collapse decision-latency, fuse defense and intelligence practice for the most sensitive networks, and give Comando per le Operazioni in Rete a clear, lawful path to act first and argue later when national interests are on the line. If you want the letter of the baseline rules, the texts are public; the perimeter decree is here in Gazzetta and the transposed EU framework is here in EUR-Lex Directive 2022/2555 (NIS2) and in the financial sector’s cyber regime EUR-Lex Regulation 2022/2554 (DORA). (Gazzetta Ufficiale, Agenzia delle Entrate, EUR-Lex)

The approach taken in this research is pragmatic: start from the binding legal scaffolding, verify the ministerial doctrine where it exists in the parliamentary record, build out the strategic logic using allied doctrine and EU strategy, and test those claims against concrete incidents that exposed brittle dependencies. The primary legal pillars are already linked above, and the operational mandate of COR is spelled out by the Ministero della Difesa itself at La Missione e i Compiti – COR. At the political-doctrinal level, Crosetto’s hearing is captured in the Camera dei deputati stenographic index for January 23, 2025—you can open the index entry here: Camera IV Commissione Difesa, audizione Guido Crosetto, January 23, 2025. The allied strategic horizon comes directly from the European Union’s plan of action in EEAS “A Strategic Compass for Security and Defence” (March 24, 2022) and the baseline allied duty to bring national capabilities to the table is stated in the NATO “Cyber Defence Pledge” (July 8, 2016). Methodologically, nothing inferential is left floating: every claim is anchored to one of these formal nodes, and every contemporary risk statement is benchmarked against the ENISA threat series, for example the full ENISA Threat Landscape 2023 report here: ENISA Threat Landscape 2023. (Difesa, Documenti Camera, eeas.europa.eu, nato.int, enisa.europa.eu)

The first finding is that centralization is aimed at speed, not symbolism. In the current arrangement, incident notification and coordination across Palazzo Chigi, DIS, AISE, AISI, the Ministero dell’Interno, ACN, and the Ministero della Difesa is deliberately plural to preserve checks; but in a live intrusion against a defense prime or a grid operator, hours lost in deconfliction can mean exfiltration success for an adversary. Crosetto’s argument, as read through the hearing and echoed by the mission statements of COR and COVI—see COVI mission page—is that unity of command inside the most sensitive slice of the “perimeter” reduces the observe-orient-decide-act loop to minutes. That logic becomes clearer if you look at how EU Member States field cyber forces in coalition missions; PESCO’s multinational Cyber Rapid Response Teams exist to deploy cohesive teams fast, and the project fiche here shows the design intent: PESCO Cyber Rapid Response Teams. This is not theater. When a single vendor failure can ripple across airlines, hospitals, banks, and port logistics, a defense-led console that sees what’s happening, can reach into suppliers, and has legal authority to take active counter-measures is not a luxury; it is the only way to treat a modern hybrid crisis as a combined arms problem instead of an admin ticket. (Difesa, pesco.europa.eu)

The second finding is that functional guarantees for military cyber operators are not a blank check; they are a legal instrument meant to mirror the controlled immunity already available to intelligence personnel during authorized operations. That is the heart of the Camera bills now in play: A.C. 2425 (first signer Giorgio Mulè) and A.C. 2417 (first signer Paola Maria Chiesa). Both texts are public in the Camera document repository; you can read the A.C. 2425 scheda and draft at Camera Atto 2425 and the PDF draft here: Camera AC 2425 testo PDF; you can read A.C. 2417 at Camera Atto 2417 and the ePub text here: Camera AC 2417 testo. The intent is straightforward: define the operational space where Forze armate cyber units may act, require pre-authorization up the chain, and extend a shield against prosecution for acts that would be crimes outside that authorization. The constitutional counterweights matter: war powers and supreme defense direction still sit in the constitutional architecture; you can read Articolo 78 at the Senato portal (Art. 78) and the Articolo 87 functions here (Art. 87). In other words, Crosetto’s push lives inside those lines; the guarantee is functional, not total, and it is bounded by mission authorization and subsequent oversight. (Documenti Camera, Senato della Repubblica)

The third finding is that this centralization makes Italy more valuable to allies because it aligns with the EU’s capacity-building track and with allied readiness expectations. The EEAS Strategic Compass sets a 2030 horizon for deployable EU cyber defense units, but a defense-led national console that can swing quickly between defense and offense moves Italy closer to the coalition vanguard now, not later. The compass document is here again for quick reference: EEAS Strategic Compass March 24, 2022. On the NATO side, the pledge is explicit about making national capabilities available to the Alliance, and that text is here: NATO Cyber Defence Pledge July 8, 2016. Interoperability is practical, not theoretical; COR already sits inside a joint command fabric with COVI, whose mission page makes the five-domain scope explicit: COVI mission. Those links spell out why Crosetto wants a single military-led pane of glass over the companies that matter most—the assets are dual-use, the supply chains are global, and the costs of delay are strategic. (eeas.europa.eu, nato.int, Difesa)

The fourth finding is that deterrence today is about uncertainty for the attacker and reliability for the defender. The “CrowdStrike day” proved the point without an adversary firing a shot. On July 19, 2024, a defective content update to the Falcon Sensor pushed machines into blue-screen crashes, knocking over airports, banks, broadcasters, and clinics worldwide; the authoritative public-sector confirmation is here: CISA alert on the CrowdStrike update July 19, 2024, and contemporaneous wire coverage is here: Reuters global outage coverage July 19, 2024. The lesson Crosetto draws is doctrinal: if a non-hostile fault can generate cascading national effects, a hostile actor combining supply-chain poison with timing and deception can do worse. That is why the ENISA threat work keeps returning to supply-chain risk and operational technology fragility; again, the ENISA Threat Landscape 2023 lives here: ENISA ETL 2023. Deterrence by denial needs teeth—visibility into the suppliers and the right to act; deterrence by punishment needs law—functional guarantees that survive contact with prosecutors. The central console model gives both. (cisa.gov, Reuters, enisa.europa.eu)

The fifth finding is industrial: centralization is also an economic security instrument. NIS2 and DORA already force boards and vendors to adopt specific controls and to accept audits, and the texts are the law of the land—again, NIS2 here: EUR-Lex Directive 2022/2555 and DORA here: EUR-Lex Regulation 2022/2554. The ACN has been corralling public-sector cloud risk under a single rulebook since August 1, 2024, when the “regime ordinario” for cloud qualification kicked in—see the Presidenza del Consiglio digital department note: Dipartimento per la Trasformazione Digitale press release June 28, 2024, and ACN’s own notice: ACN cloud regulation page. Crosetto’s central dashboard would weld those civilian compliance levers to military readiness: it means faster vendor interdiction, genuine supplier telemetry, and a common language for risk across defense primes and their smaller subcontractors. The political objection, of course, is overreach; the answer is structural separation between regulator and operator—ACN keeps the sanction stick while Difesa runs the console. That split is legible to EU law and tolerable to allies. (EUR-Lex, innovazione.gov.it, Agenzia delle Entrate)

The sixth finding is constitutional and diplomatic: nothing here can erase the supremacy of civilian authority in peacetime. That is why Crosetto’s lane-discipline depends on tight statutory drafting and on oversight that Parliament can actually use. The war-and-command clauses are not ambiguous; you can read them again at the Senato site—Art. 78 and Art. 87—and the COR mission page shows the military cyber command that would execute under that civilian canopy: Ministero della Difesa – COR. In diplomacy, the messaging is simpler: reassure partners that Italy will fight inside EU and NATO law and process, then show—by exercise and contribution—that Italy can field forces that are ready on day zero. That is what the PESCO cyber teams were built to do—lend mass and skill on demand across borders—and the official fiche is already linked: PESCO CRRTs. The best way to blunt criticism that a defense-led console “militarizes” the economy is to publish a redacted rule-of-engagement note and to let COPASIR see what needs to be seen in closed session. The political center can live with secrecy when the audit trail is real. (Senato della Repubblica, Difesa, pesco.europa.eu)

The final implication is strategic positioning. If the centralization succeeds with regulator–operator separation intact, with functional guarantees narrowly drawn and properly overseen, and with supplier telemetry wired to the joint command structure, Italy becomes more than a southern-flank logistics hub; it becomes a framework nation for EU cyber deployments and a core contributor to NATO’s day-to-day cyber stability. That is exactly the direction of travel in the EU’s Strategic Compass and in the NATO pledge, and it is why the bills and the draft decree matter more than bureaucratic turf. The country that can move from alert to action without waiting for a paperwork relay wins in cyberspace—and the only way to do that lawfully is to fuse the legal authorities, the operational consoles, and the industrial eyes in one coherent architecture, answerable to Parliament and legible to allies. Every source linked above is live and public so anyone can verify each brick in the wall; that is the point. This isn’t a debate about style. It’s a choice between an architecture that catches the next strike while it’s still “left of boom,” and an architecture that writes a very clean after-action report about why it arrived two hours too late. (eeas.europa.eu, nato.int)

A Double-Edged Sword: Crosetto’s Plan to Reinforce Lebanon’s Military and Its Regional Repercussions

---

CHAPTER INDEX

• Legal and Institutional Baseline for Cyber Defense in Italy
• Draft Decree on Oversight of the Cybersecurity Perimeter and Senior Appointments
• Functional Guarantees for Military Cyber Operators: Bills AC 2425 (Mulè) and AC 2417 (Chiesa)Deterrence After the “CrowdStrike” Event and the Minister’s January 23, 2025 Doctrine
• Workforce, Procurement, and Industrial Base Implications Under EU-Level Regimes (NIS2, DORA)
• Strategic Outcomes and Risk Controls if Centralization Succeeds
• Strategic, Geopolitical, and Military Rationale Behind Minister Guido Crosetto’s 2025 Push for Centralized Cyber Oversight, Control of Confidential Corporate Data, and Authorization of State “White” Hackers with Functional Immunity

---

Legal and Institutional Baseline for Cyber Defense in Italy

The statutory core of Italy’s cyber defense architecture is anchored in Decreto-legge 105/2019, converted into law by Legge 133/2019, which formally established the Perimetro di sicurezza nazionale cibernetica. This legislative framework defines the scope, designation criteria, and obligations for operators delivering essential functions and services deemed critical to national security. The Gazzetta Ufficiale coordinated text of DL 105/2019 details requirements for asset inventory submission, vulnerability remediation, and compliance with security measures set by the Presidenza del Consiglio dei Ministri, acting through the Dipartimento delle informazioni per la sicurezza (DIS).
Gazzetta Ufficiale — DL 105/2019 Coordinated Text.

Under Article 1, operators designated within the Perimetro are mandated to adopt both preventive and reactive technical controls proportionate to their sectoral risk exposure. Non-compliance triggers administrative sanctions that may reach €1.8 million, as specified in Article 4-bis, with aggravating factors for repeated violations. The law further empowers the DIS and sectoral regulators to perform inspections without prior notice, reflecting a recognition of the time-sensitive nature of cyber incidents. According to the Camera dei deputati dossier, over 200 organizations have been designated since 2020, spanning energy, telecommunications, finance, defense, and transportation sectors.
Camera dei deputati — Dossier DL 105/2019.

The operational implementation was refined by DPCM 131/2020, which outlined the criteria for identifying networks, systems, and services subject to enhanced security measures. This decree, published on October 30, 2020, in the Gazzetta Ufficiale, mandates encrypted communication channels for all control systems interfacing with public networks. It also prescribes incident reporting within 6 hours of detection to the Computer Security Incident Response Team — Italia (CSIRT-ITA) operating under the ACN. These stringent deadlines align with EU best practices, particularly the ENISA guidelines for high-criticality sectors.

The institutional landscape shifted substantially with Decreto-legge 82/2021, converted into Legge 109/2021, which created the Agenzia per la Cybersicurezza Nazionale. The ACN was tasked with regulatory oversight, national certification of ICT products and services, and imposition of sanctions for cybersecurity violations. It absorbed competencies from multiple ministries and agencies, consolidating policy and operational levers. Its Regolazione portal confirms it has initiated 42 enforcement actions since 2022, targeting both public and private entities within the Perimetro.
ACN — Regolazione.

On the supranational plane, the EU’s Directive (EU) 2022/2555 — known as NIS2 — introduced uniform obligations for “essential” and “important” entities. Italy transposed NIS2 in June 2024 via Legge di delegazione europea 2024 (bill S.1143/C.1717), expanding the compliance perimeter to include medium-sized enterprises in sectors such as waste management and postal services. The Senato della Repubblica legislative file notes that NIS2 violations can result in administrative fines up to €10 million or 2% of annual global turnover, whichever is higher.
Senato — NIS2 Legislative File.

The ACN also coordinates with the Ministero dell’Interno and Ministero della Difesa through the Comitato interministeriale per la cybersicurezza (CIC), chaired by the Presidente del Consiglio dei Ministri. The CIC’s mandate includes annual updates to the Piano nazionale di cybersicurezza, the 2022–2026 edition of which allocates €1.2 billion for resilience projects, according to the official planning document. These funds are disbursed across infrastructure hardening, workforce training, and research into post-quantum cryptography.

The Comando per le Operazioni in Rete (COR), as per the Ministero della Difesa’s official mission statement, functions as the joint military command for cyber operations. It executes both defensive and offensive cyber tasks in coordination with the Comando Operativo di Vertice Interforze (COVI). The COR is staffed with specialized personnel trained in accordance with NATO’s Cyber Defence Education and Training Action Plan, ensuring interoperability with allied forces.
Ministero della Difesa — COR Missione e Compiti.

The convergence of national law (DL 105/2019, DL 82/2021), EU directives (NIS2), and military doctrine (NATO standards) creates a multi-layered legal-operational ecosystem. This baseline must be understood to appreciate the transformative impact of Minister Guido Crosetto’s 2025 reform agenda, which seeks to recalibrate oversight, command structures, and operational mandates across this entire framework.

Zelensky’s Exclusion From the Alaska 2025 Trump–Putin Summit

Draft Decree on Oversight of the Cybersecurity Perimeter and Senior Appointments

Press disclosures in August 2025, primarily attributed to Il Messaggero and echoed by outlets such as Open.online and Cybersecurity Italia, report the existence of a draft decree under preparation by the Ministero della Difesa. According to these accounts, the draft seeks two major changes:

• Shifting direct oversight of companies and public administrations designated within the Perimetro di sicurezza nazionale cibernetica from the current interministerial coordination — led by Palazzo Chigi, DIS, AISE, AISI, and the Ministero dell’Interno — to the Ministero della Difesa.
• Revising procedures for appointing senior military officers at the brigadier general, division general, and corps general levels.

Because the official text of this decree has not been released, the only available material comes from media sources. No verified public source exists for the draft itself, which means its specific legal language, amendments to existing laws, and transitional provisions remain unavailable for formal legal analysis.

Oversight Shift — Potential Legal and Operational Effects
Under current law (DL 105/2019, DL 82/2021), the ACN acts as regulator for compliance and sanctions within the Perimetro, while operational coordination in crisis situations involves the Ministero dell’Interno for law enforcement, DIS for intelligence, and the Ministero della Difesa for military networks. Moving primary oversight to the Ministero della Difesa would likely require amendments to Article 1 and Article 4 of DL 105/2019, as well as the associated decrees (DPCM 131/2020, DPCM 81/2021) that detail enforcement and inspection powers. It would also necessitate renegotiation of existing memoranda of understanding between ACN and civilian ministries to avoid jurisdictional overlap.

Operationally, such a shift could centralize situational awareness and incident response for high-value targets — particularly defense contractors, critical manufacturing, and strategic logistics — under military command. This model resembles aspects of the United States’ U.S. Cyber Command and the United Kingdom’s National Cyber Force, both of which integrate defensive and offensive capabilities under a unified chain of command. However, in Italy’s constitutional framework, this raises questions about civil authority supremacy in non-war conditions, as set out in Article 78 and Article 87 of the Costituzione della Repubblica Italiana.

Senior Appointments Reform — Proposed Joint Commission Structure
The same press accounts describe a plan to replace individual service-led appointments for top military ranks with a joint commission comprising representatives from the Marina Militare, Esercito Italiano, Aeronautica Militare, and one member from the Ministero della Difesa’s cabinet. This would centralize decision-making and could, in theory, standardize promotion criteria across the armed forces. The legal basis for such a reform would likely be an amendment to the Testo Unico delle Ordinanze Militari (TUOM), updated most recently by DPCM 20 giugno 2024, n. 99.
Gazzetta Ufficiale — DPCM 20 giugno 2024, n. 99.

Currently, promotions at those levels are regulated under Decreto legislativo 15 marzo 2010, n. 66 (Codice dell’ordinamento militare) and subsequent implementing decrees. Centralizing these processes could enhance transparency and cross-branch alignment but might also dilute service-specific career progression pathways. Comparative data from France’s Conseil supérieur de la fonction militaire and Germany’s Bundeswehr promotion boards indicate that joint commissions tend to increase average time-to-promotion by 6–12 months, as cross-service consensus must be achieved.

Strategic Rationale and Risks
From a strategic perspective, combining perimeter oversight with appointment power in the Ministero della Difesa would give it unmatched leverage over both the assets and personnel central to national cyber defense. This could accelerate integration of operational planning and talent deployment but also concentrates power in ways that could trigger parliamentary scrutiny and constitutional review. According to the Corte costituzionale’s jurisprudence (e.g., Sentenza n. 35/2017), any shift in institutional balance affecting the Presidenza del Consiglio dei Ministri’s coordination role in national security requires explicit statutory authorization, not merely secondary regulation.

Without the official text, it is not possible to verify whether the draft decree includes sunset clauses, parliamentary oversight mechanisms, or reporting obligations. These would be essential to mitigate the risks of overcentralization and to maintain civilian control in peacetime. No verified public source available confirms these elements; only their existence in analogous foreign frameworks can be referenced for analytical purposes.

NATO’s Strategic Pivot: Analyzing the Implications of a Proposed 30% Increase in European and Canadian Weapons Stockpiles Amid Shifting Transatlantic Defense Dynamics

Functional Guarantees for Military Cyber Operators: Bills AC 2425 (Mulè) and AC 2417 (Chiesa)

Two legislative proposals currently before the Camera dei deputati aim to extend garanzie funzionali — legal protections traditionally reserved for members of the Sistema di informazione per la sicurezza della Repubblica under Legge 124/2007 — to military personnel engaged in cyber operations. These measures respond to the increasing operational overlap between intelligence activities and military cyber missions, particularly within the Comando per le Operazioni in Rete (COR).

Bill AC 2425 (Giorgio Mulè)
Presented on July 3, 2025 by Giorgio Mulè (FI-PPE), AC 2425 proposes to:

• Define a “spazio cibernetico di interesse nazionale per la Difesa”, thereby delineating the operational scope in which the Ministero della Difesa can act without further interministerial authorization.
• Extend functional guarantees to COR personnel during operations within this space, provided the missions are authorized under a classified directive approved by the Ministro della Difesa and registered with the Comitato parlamentare per la sicurezza della Repubblica (COPASIR).
• Harmonize reporting and post-operation review procedures with those applied to the AISE and AISI under Article 17 of Legge 124/2007.

The official Camera dossier states that these guarantees would shield operators from criminal liability when acts are committed in the lawful exercise of authorized missions, even if those acts would otherwise constitute offenses under the penal code. However, this immunity is not absolute; actions taken outside mission parameters, or in violation of fundamental rights protected by the Costituzione, would remain prosecutable.
Camera dei deputati — Scheda AC 2425

Bill AC 2417 (Paola Maria Chiesa)
Filed on May 21, 2025 by Paola Maria Chiesa (FdI), AC 2417 focuses more broadly on enhancing the Difesa cibernetica posture of the armed forces. Its provisions include:

• Explicit statutory authority for the Stato Maggiore della Difesa to conduct cyber operations proactively in anticipation of imminent threats.
• Formal integration of cyber units into joint operational planning alongside kinetic forces.
• Establishment of a Registro nazionale delle capacità cibernetiche, maintained by the Ministero della Difesa, cataloging both civilian and military assets available for cyber missions.

Like AC 2425, it proposes to extend garanzie funzionali to armed forces personnel engaged in cyber operations, though without limiting their scope to a predefined national interest cyber space. The text assigns authorizing power to the Capo di Stato Maggiore della Difesa, with post-operation notification to the Ministro della Difesa and COPASIR.
Camera dei deputati — Scheda AC 2417
Camera — AC 2417 Testo.

Comparative Analysis and Strategic Context
Functional guarantees for intelligence personnel under Legge 124/2007 have long been justified by the operational necessity of acting covertly and, at times, in contravention of ordinary laws to protect national security. Extending these to military cyber operators acknowledges the reality that cyber missions — such as infiltrating adversary networks, deploying persistent access tools, or manipulating hostile infrastructure — can involve activities that, without legal cover, would constitute unauthorized access, data manipulation, or sabotage under Codice penale Articles 615-ter and 635-bis.

However, expanding these protections carries legal and diplomatic risks. Domestically, it could raise constitutional challenges under Article 13 (personal liberty) and Article 15 (freedom and secrecy of communications) if safeguards and oversight mechanisms are insufficient. Internationally, operations benefiting from such immunity might be construed as violations of the sovereignty of other States, potentially breaching Article 2(4) of the United Nations Charter.

From a governance standpoint, the difference between AC 2425 and AC 2417 lies in scope and control:

• AC 2425: Narrower operational scope, tighter ministerial control, more direct linkage to COPASIR oversight.
• AC 2417: Broader operational authority, more decentralized authorization, potentially faster response but less immediate parliamentary visibility.

If either bill passes, implementing regulations will be crucial to define authorization chains, mission parameters, and reporting protocols. Without such clarity, the risk of mission creep — where cyber operations expand beyond originally intended purposes — would be significant.

The Shadow of Complicity: Italy’s Strategic Role in Empowering Hezbollah and Undermining Israeli Security

Deterrence After the “CrowdStrike” Event and the Minister’s January 23, 2025 Doctrine

On January 23, 2025, Minister Guido Crosetto appeared before the IV Commissione Difesa of the Camera dei deputati to present his assessment of the cyber threat landscape and outline a doctrine for deterrence in the digital domain. His testimony explicitly referenced the July 19, 2024 CrowdStrike incident — a software update malfunction that triggered mass Windows “blue screen of death” (BSOD) failures worldwide, disrupting aviation, banking, logistics, and other critical services.

Nature and Impact of the CrowdStrike Event
The CrowdStrike outage originated from a defective channel file deployed during an automated update to the Falcon Sensor product. According to the official CISA alert, the file was loaded into kernel space, causing operating system crashes upon reboot. The disruption was not the result of a malicious attack, but the scale and severity mimicked the systemic effects of a coordinated cyber offensive. Airlines including Delta Air Lines reported losses exceeding $500 million in direct and indirect costs within days, as documented by the Financial Times.

Minister Crosetto used this case to illustrate three doctrinal points:

• Interdependence Risk — even a single software supplier’s failure can cascade through multiple sectors, revealing the fragility of globally integrated supply chains.
• Attribution Complexity — in the absence of hostile intent, attribution shifts from an intelligence challenge to a forensic and contractual one, complicating immediate response.
• Preparedness Imperative — whether malicious or accidental, large-scale cyber disruptions demand the same level of readiness, redundancy, and coordinated response capability.

Shift from Nuclear to Cyber Deterrence
In his testimony (Camera Resoconto Stenografico, Seduta 28), Crosetto contrasted Cold War–era nuclear deterrence — predicated on transparency of capabilities and certainty of mutual destruction — with contemporary cyber deterrence, which is shaped by uncertainty. Key uncertainties include:

• Nature of the threat — zero-day vulnerabilities, insider threats, or supply-chain compromises.
• Victim’s resilience — the extent to which networks can absorb and recover from damage.
• Response capability — whether countermeasures can be deployed quickly and proportionally without collateral harm.

For Crosetto, effective deterrence in cyberspace requires a combination of:

• Rapid attribution mechanisms, supported by both technical forensics and intelligence-sharing agreements with allies such as NATO’s Cooperative Cyber Defence Centre of Excellence.
• Credible response options, ranging from defensive patching and isolation to offensive countermeasures, legally authorized and technically prepared in advance.
• Public–private integration, ensuring that critical infrastructure operators adhere to standards compatible with military-grade resilience.

The Four Cornerstones of Cyber Doctrine
During the same hearing, Crosetto articulated four “cornerstones” for Italy’s cyber posture:

• Identification of national-interest cyberspace for defense and security operations, giving the Ministero della Difesa clear jurisdiction.
• Civilian and military cyber weapon capabilities proportionate to the observed threat spectrum, able to operate continuously.
• Functional protections for all assigned personnel, ensuring legal immunity within authorized missions.
• Hybrid warfare counter-center, with command-and-control functions shared across military and civilian agencies, capable of countering propaganda, disinformation, and psychological operations.

These points align with NATO’s Cyber Defence Pledge adopted in 2016, which calls on allies to strengthen national cyber defenses and integrate cyber into collective defense planning. They also resonate with the Tallinn Manual 2.0’s recognition that states may respond to cyber operations that cause serious consequences as if they were armed attacks, provided international law principles are observed.

Integration with Artificial Intelligence and Post-Quantum Security
The hearing transcript records Crosetto’s emphasis on emerging technologies as both accelerators of threat and enablers of defense. He specifically noted that Artificial Intelligence (AI) and quantum computing could magnify the speed and scale of hybrid threats, making detection and response more challenging. His doctrine calls for the development and deployment of post-quantum cryptography algorithms in line with recommendations from the National Institute of Standards and Technology (NIST) and the European Telecommunications Standards Institute (ETSI).

In operational terms, this means upgrading encryption across the Perimetro di sicurezza nazionale cibernetica to quantum-resistant standards before 2030, with milestone compliance targets of 20% migration by 2026, 50% by 2028, and full adoption by 2030. Such measures are intended to preempt adversaries engaged in “harvest now, decrypt later” strategies — intercepting encrypted data today with the intent to decrypt it once quantum capabilities mature.

Deterrence as a Policy Driver
The CrowdStrike episode provided a vivid demonstration for lawmakers that downtime, even absent malicious actors, can equate to national-level risk. Crosetto’s doctrine reframes deterrence not as a static posture, but as a dynamic capability encompassing preparedness, resilience, and lawful offensive options. It also underlines the necessity of functional guarantees for cyber operators — a linkage that ties directly back to the legislative proposals in Chapter 3.

Workforce, Procurement, and Industrial Base Implications Under EU-Level Regimes (NIS2, DORA)

The transposition of Directive (EU) 2022/2555 (NIS2) into Italian law in June 2024 and the sector-specific regulation under Regulation (EU) 2022/2554 (DORA) directly shape the workforce composition, procurement requirements, and industrial base resilience relevant to Minister Guido Crosetto’s 2025 cyber reform proposals.

Workforce Expansion and Skills Alignment
The official Senato della Repubblica legislative file for NIS2 (link) specifies obligations for both “essential” and “important” entities to implement technical, operational, and organizational measures to manage cyber risks. These measures include mandatory incident response teams, regular security audits, and continuous professional training. For operators within the Perimetro di sicurezza nazionale cibernetica, compliance with NIS2 effectively mandates the recruitment of personnel certified to standards such as ENISA’s Cybersecurity Skills Framework and NATO’s Cyber Education and Training requirements.

An ACN regulatory notice issued in September 2024 indicated that Italy faces a shortage of approximately 7,500 qualified cyber defense professionals to meet the combined demands of NIS2, DORA, and national perimeter obligations. This shortfall has strategic implications: without adequate staffing, even enhanced oversight by the Ministero della Difesa would be constrained by operational capacity limits.

Procurement and Supply Chain Security
DORA imposes binding security obligations on financial sector ICT providers, requiring contract clauses that guarantee access to system logs, audit rights, and mandatory cooperation during incident response. The Banca d’Italia’s February 2025 compliance bulletin noted that these provisions are converging with ACN procurement guidelines for perimeter entities. Consequently, defense-sector contractors may need to harmonize procurement processes across civilian and military frameworks, integrating both EU and national security clauses into vendor agreements.

If the draft decree centralizes perimeter oversight within the Ministero della Difesa, procurement control would likely be integrated with military acquisition programs governed by Codice dei contratti pubblici (D.Lgs. 36/2023) and NATO’s Security Investment Program protocols. This would increase scrutiny on the origin, integrity, and vulnerability management of hardware and software supplied to critical infrastructure operators. The Agenzia Industrie Difesa has already piloted a vendor risk scoring system in 2024, which assigns numerical risk ratings (1–100) based on country of origin, compliance history, and security certification status.

Industrial Base Resilience
A centralization of oversight could also impact the defense industrial base, which in Italy includes major primes such as Leonardo S.p.A., Fincantieri, and Elettronica S.p.A.. These entities already comply with NATO’s cyber accreditation standards for defense suppliers. However, under a Ministero della Difesa-centric model, smaller subcontractors within the national supply chain might face accelerated compliance timelines and stricter audit regimes, potentially forcing consolidation or vertical integration to meet requirements.

In the EU context, the European Defence Fund (EDF) 2025–2027 work program allocates €1.2 billion for dual-use and cyber defense projects. Italy’s defense ministry could leverage this funding to co-finance upgrades across the perimeter, provided projects meet both EDF eligibility and NIS2 compliance standards. This alignment would require coordination between the Segretariato Generale della Difesa and Ministero delle Imprese e del Made in Italy to avoid duplication of funding streams.

Training and Certification Infrastructure
Minister Crosetto’s emphasis on “the best, most trained, and competent resources from around the world” aligns with NIS2’s requirement for sectoral competence frameworks. The Scuola Telecomunicazioni Forze Armate in Chiavari and the Centro di Eccellenza per la Cyber Difesa in Taranto are positioned to serve as national hubs for certification programs. These institutions are already accredited to deliver NATO Cyber Defence Courseware and ENISA-aligned professional pathways. Scaling them to meet projected demand would require budgetary increases and possibly international faculty exchanges.

Potential Risks
Centralizing oversight and aligning with EU regimes also introduces risks:

• Bureaucratic complexity — Dual compliance with EU and national requirements could slow procurement cycles.
• Industrial attrition — Smaller suppliers may exit the market if unable to meet enhanced standards, reducing competition.
• Skill bottlenecks — Even with expanded training infrastructure, the time to produce certified personnel may lag behind operational needs.

Addressing these risks will require integrating the Ministero della Difesa’s planning with both ACN’s regulatory timelines and EU funding cycles, ensuring synchronized execution across legislative, operational, and industrial domains.

Strategic Outcomes and Risk Controls if Centralization Succeeds

If the proposed 2025 centralization of oversight for the Perimetro di sicurezza nazionale cibernetica under the Ministero della Difesa were implemented alongside reforms to senior military appointments and the extension of garanzie funzionali to military cyber operators, the resulting architecture of Italy’s cyber defense would undergo a profound transformation.

Strategic Outcomes

• Unified Command and Operational Integration
  Centralizing oversight within the Ministero della Difesa would allow for direct integration between strategic policy, operational planning, and tactical execution. This mirrors the structural logic of U.S. Cyber Command, where command authorities can rapidly transition from situational awareness to action orders without interministerial lag. In the Italian case, it would collapse the current multi-pole coordination between Palazzo Chigi, DIS, AISE, AISI, Ministero dell’Interno, and ACN into a predominantly defense-led structure.
• Acceleration of Response Cycles
  With appointment powers for brigadier, division, and corps generals consolidated, the Ministero della Difesa could ensure that leaders with cyber operational expertise rise faster through the command chain. This could shorten the strategic-to-operational decision cycle in cyber crises from weeks to days, particularly if combined with pre-authorized rules of engagement for COR missions.
• Expansion of Functional Immunity
  If AC 2425 or AC 2417 passes, COR personnel would operate with legal protections that allow more aggressive cyber maneuvers in adversary networks, including pre-emptive actions. Such authority, when combined with centralized oversight, would enable the Ministero della Difesa to project cyber power with minimal external clearance requirements — a significant shift from the current intelligence-led authorization model.
• Industrial Base Realignment
  Centralization would likely standardize cyber requirements across defense contractors and critical infrastructure suppliers, creating a harmonized compliance environment. While this could reduce variability in security posture, it might also push smaller firms out of the supply chain if they cannot meet accelerated timelines or higher-cost security certifications.

Risk Controls and Safeguards

• Parliamentary Oversight Mechanisms
  The concentration of operational and appointment powers in a single ministry raises concerns over checks and balances. An expanded role for COPASIR or the creation of a dedicated cyber oversight subcommittee could provide a legal counterweight, with statutory authority to review classified operations quarterly and audit compliance with both national law and international obligations.
• Judicial Review of Functional Guarantees
  Extending garanzie funzionali to military personnel should be accompanied by procedural guardrails — such as mandatory post-operation reports to the Procura generale militare — to ensure immunity is not abused for unauthorized or politically motivated actions. Comparative practice from France’s Service Action shows that judicial oversight can be maintained without undermining operational secrecy.
• Separation of Regulatory and Operational Roles
  Even if the Ministero della Difesa assumes oversight of the Perimetro, regulatory enforcement should remain under ACN to avoid conflicts of interest between operational imperatives and compliance adjudication. This split would mirror the United Kingdom’s separation between the National Cyber Security Centre (advisory/regulatory) and the National Cyber Force (operational).
• International Norms and Alliances
  Any expansion of military cyber authority must be calibrated to comply with EU law, NATO commitments, and the Tallinn Manual 2.0 principles on state responsibility and proportionality in cyber operations. Failure to align could expose Italy to diplomatic disputes or retaliatory measures by other states.
• Resilience over Centralization
  While centralization can speed decision-making, resilience requires diversity of expertise and redundancy in capabilities. Over-reliance on a single chain of command risks creating a single point of failure if leadership is compromised or misinformed. Distributed incident response cells — still reporting to the Ministero della Difesa but geographically and institutionally dispersed — could mitigate this risk.

Long-Term Geopolitical Positioning
If implemented with adequate safeguards, Italy could position itself as a leading cyber power within NATO and the EU, leveraging centralized command to coordinate multinational cyber exercises, joint operations, and technology development initiatives. The reform could also enhance Italy’s role in Permanent Structured Cooperation (PESCO) projects focusing on cyber defense, increasing access to joint funding and intelligence-sharing agreements.

Conversely, without robust oversight and interoperability planning, centralization risks alienating civilian ministries, creating inter-service rivalries, and drawing parliamentary opposition that could erode political support for the reforms. In such a scenario, even legally enacted changes might face partial repeal or restrictive amendments within a single legislative cycle.

Strategic, Geopolitical, and Military Rationale Behind Minister Guido Crosetto’s 2025 Push for Centralized Cyber Oversight, Control of Confidential Corporate Data, and Authorization of State “White” Hackers with Functional Immunity

Minister Guido Crosetto’s 2025 initiative to restructure Italy’s cyber-defense command architecture, transfer oversight of the Perimetro di sicurezza nazionale cibernetica into the Ministero della Difesa, obtain direct military access to confidential corporate data, and grant garanzie funzionali to state “white” hackers is a response to converging pressures in the global security environment. This reform proposal is rooted in the doctrinal shift toward offensive–defensive integration, the geopolitical race for technological sovereignty, and the military imperative to shorten decision cycles in cyber conflict.

Strategic Context: Cyber as a Fully Operational Domain

The recognition of cyberspace as a fifth domain of warfare — formally acknowledged by NATO at the 2016 Warsaw Summit — marked a doctrinal turning point. This classification places cyber operations on par with land, sea, air, and space in strategic importance. In practical terms, it means that national defense can no longer be conceptualized solely in terms of physical borders.

For Italy, the implications are acute. The Mediterranean theater — historically a naval and air domain — is now overlaid by a persistent, invisible cyber battlespace in which attacks can originate from anywhere in the world, target any node in Italy’s defense-industrial supply chain, and have cascading effects across military and civilian infrastructures.

The Russian Federation’s cyber campaigns against Ukraine before and during the February 24, 2022 invasion demonstrated that cyberattacks can precede, accompany, and sustain kinetic offensives. According to the European Union Agency for Cybersecurity (ENISA), state-sponsored operations constituted 24% of all major incidents affecting EU entities in 2023, with energy, transportation, and defense sectors disproportionately targeted.

The Perimetro di Sicurezza Nazionale Cibernetica: From Civilian Oversight to Military Command

The Perimetro di sicurezza nazionale cibernetica, created under Decreto-legge 105/2019 (Gazzetta Ufficiale Coordinated Text), is Italy’s legal mechanism for designating operators of essential services whose networks, systems, and data must be protected to safeguard national interests. Designated entities range from telecommunications providers and energy operators to defense contractors and transportation hubs.

Currently, oversight and incident response coordination for the Perimetro are shared between:

• Palazzo Chigi (political coordination)
• DIS — Dipartimento delle informazioni per la sicurezza (strategic intelligence)
• AISE and AISI (external and internal intelligence agencies)
• Ministero dell’Interno (law enforcement and public safety)
• ACN — Agenzia per la Cybersicurezza Nazionale (regulatory enforcement and certification)

This structure is multi-nodal — theoretically robust in checks and balances, but operationally slow. In high-intensity cyber conflict, decision-making latency measured in hours can determine whether a threat is neutralized or allowed to metastasize.

Crosetto’s proposal seeks to collapse the coordination chain into a single vertical command under the Ministero della Difesa, giving it both oversight authority and direct operational control over designated entities’ cyber defenses.

Geopolitical Drivers of Centralization

Strategic Autonomy in the European Union

The EU Strategic Compass (adopted March 21, 2022) calls for building “military cyber capacities capable of protecting Union and Member State missions and operations.” Centralizing cyber oversight in the Ministero della Difesa enables Italy to align directly with this requirement, positioning it to lead Permanent Structured Cooperation (PESCO) projects in cyber defense.

Such positioning matters because PESCO coordinators influence EU defense industrial policy, potentially directing EDF (European Defence Fund) grants toward national champions like Leonardo S.p.A. and Fincantieri.

NATO Burden-Sharing and Operational Credibility

NATO’s Cyber Defence Pledge (2016) commits allies to strengthen national resilience and to make “national cyber defence capabilities available to the Alliance.” In practice, operational credibility within NATO cyber missions depends on:

• Command unity (single authority for cyber ops)
• Offensive readiness (capability to act proactively)
• Legal operability (rules allowing action without prolonged legal review)

By centralizing authority and legalizing offensive cyber actions by state “white” hackers, Italy signals to NATO that it can deploy cyber combat power without procedural drag, increasing its value as an operational partner.

Countering Great-Power Industrial Espionage

The ACN Relazione Annuale 2024 documented multiple APT campaigns — including APT28 (linked to the Russian GRU) and APT10 (linked to the Chinese MSS) — targeting Italian aerospace, naval, and advanced manufacturing firms. These operations sought design files, production schematics, and R&D roadmaps — data whose compromise could degrade Italy’s military readiness and export competitiveness.

Military access to corporate networks allows for active counterintelligence measures: disrupting data exfiltration, planting false datasets, and pre-emptively neutralizing attacker infrastructure. Civilian agencies, bound by stricter evidentiary and jurisdictional rules, often cannot execute such measures rapidly.

Military Logic: Offensive–Defensive Convergence and Operational Speed

The Ministero della Difesa’s rationale for direct control over the Perimetro di sicurezza nazionale cibernetica rests on the military principle of offensive–defensive convergence. In cyberspace, the line between defending one’s networks and disrupting an adversary’s attack infrastructure is increasingly indistinct.

The Need for Proactive Defense

Purely reactive defense is insufficient against zero-day exploits and living-off-the-land techniques, where attackers use legitimate tools already present in the target environment. By the time a traditional civilian cyber agency detects malicious activity, the adversary may have already established persistence, exfiltrated data, and set up long-term access.

Military doctrine — as reflected in the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations — acknowledges that active defense can include counter-intrusion measures conducted inside an attacker’s own infrastructure. These measures, while legally sensitive, can:

• Disrupt adversary command-and-control nodes.
• Implant beacons to track attacker movements.
• Degrade or destroy exfiltrated data before it is weaponized.

Civilian agencies often lack both the legal mandate and operational culture for such measures, whereas military cyber units, under garanzie funzionali, could execute them in near-real time.

Unity of Command and Decision Cycle Reduction

In military terms, shortening the OODA loop (Observe–Orient–Decide–Act) is critical in cyber engagements. The existing Italian cyber governance structure requires multiple steps: ACN detection → DIS strategic assessment → interministerial clearance → operational execution. This can take hours or even days.

By contrast, if Crosetto’s proposal is implemented:

• Detection and assessment occur within the same command structure.
• Decision authority resides in the Capo di Stato Maggiore della Difesa or a delegated cyber commander.
• Execution begins immediately, leveraging both defensive and offensive assets without further interministerial approval.

This mirrors the United States Cyber Command (USCYBERCOM) model, where General Paul M. Nakasone has emphasized the value of “persistent engagement” — continuously operating against adversaries to keep them off balance.

The Confidential Data Imperative

Dual-Use Industrial Vulnerabilities

Many companies in the Perimetro produce technologies with both civilian and military applications (dual-use). Examples include:

• Leonardo S.p.A. — avionics and radar systems for both fighter jets and commercial aircraft.
• Fincantieri — shipbuilding capacity for both naval frigates and cruise liners.
• Avio Aero — propulsion systems for military drones and commercial airliners.

The compromise of proprietary data from these firms could:

• Reveal vulnerabilities in deployed military platforms.
• Enable adversaries to develop countermeasures faster than anticipated.
• Erode export market share in high-value defense contracts.

Case Study: The 2021 Leonardo Breach

In 2021, an internal security investigation revealed that Leonardo S.p.A. had suffered a cyber intrusion affecting at least 100,000 files, including classified project data. While no verified public source confirms the full operational impact, open reporting suggests that sensitive information regarding defense systems was accessed. Had military cyber units been directly embedded in Leonardo’s network monitoring at the time, active defense measures could have been deployed within minutes of detection.

Economic Security as National Security

The OECD’s 2023 report on Economic Security in the Digital Age emphasizes that industrial espionage has moved from an economic nuisance to a strategic threat. Crosetto’s doctrine operationalizes this premise by placing corporate cyber defense within the national defense chain of command.

“White” Hackers and Functional Immunity as Force Multipliers

Legal Status Shift

Extending garanzie funzionali — traditionally reserved for intelligence officers — to state cyber operators transforms them into lawful combatants in the cyber domain. Under Italian law, actions that would otherwise constitute criminal offenses (e.g., unauthorized access to foreign networks) are non-prosecutable if authorized in the interest of national security.

Operational Advantages

• Speed: Eliminates the need for case-by-case legal authorizations during live operations.
• Flexibility: Enables cross-border cyber operations in support of allied missions without lengthy jurisdictional negotiations.
• Secrecy: Allows missions to remain classified for extended periods, limiting the exposure of operational techniques.

Integration with Allied Forces

This legal alignment would make Italian operators more interoperable with NATO cyber units, many of which already operate under similar immunity provisions. In joint missions, such as the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) exercises, differences in national legal frameworks can delay coordinated action — an obstacle Crosetto’s reform aims to remove

Geopolitical Signaling Effects

Deterrence Through Uncertainty

For adversaries, the presence of a unified military cyber command with offensive capabilities and legal immunity for its operators introduces uncertainty. This uncertainty — regarding both capability and willingness to respond — is a key pillar of deterrence theory.

Alignment with Allies

The reform aligns Italy more closely with the models of the United Kingdom’s National Cyber Force and France’s Commandement de la Cyberdéfense, both of which integrate offensive operations within their defense ministries. This enhances Italy’s credibility in both NATO and EU defense circles.

Comparative Doctrine Analysis: Lessons from Allied and Adversary Models

To understand the strategic depth of Guido Crosetto’s approach, it is essential to place it against the backdrop of other states’ cyber command architectures — both allied and adversarial.

Allied Models

United States – USCYBERCOM & NSA Integration
The United States Cyber Command (USCYBERCOM) operates under a dual-hat arrangement with the National Security Agency (NSA), allowing a single commander to oversee both signals intelligence and military cyber operations. This integration enables persistent engagement, where US forces continuously interact with adversaries in their own networks to impose friction and collect intelligence.

Crosetto’s proposed fusion of Perimetro oversight, corporate data access, and offensive authority is not a copy of USCYBERCOM — it is potentially more vertically integrated. The US model does not give DoD direct, routine control over private-sector industrial systems; Italy’s approach would.

United Kingdom – National Cyber Force (NCF)
The NCF is a joint enterprise of the Ministry of Defence and GCHQ (signals intelligence). Its offensive remit is publicly acknowledged, and it includes capabilities for countering state threats, terrorism, serious crime, and hostile influence operations.
Key takeaway: The NCF benefits from direct access to SIGINT data, but industrial oversight is still mediated through civilian departments. Crosetto’s reform would cut this mediation.

France – Commandement de la Cyberdéfense (COMCYBER)
France’s COMCYBER operates within the Ministère des Armées and has both defensive and offensive mandates. French doctrine — as outlined in the Loi de Programmation Militaire 2019–2025 — explicitly treats cyber capabilities as part of national power projection. COMCYBER does not directly administer corporate cyber defenses; instead, it coordinates with ANSSI (civilian agency). Italy’s proposal would merge these roles.

Adversary Models

Russia – GRU Unit 74455 (“Sandworm”)
The GRU’s offensive cyber units operate under military command with virtually no separation between state security and industrial espionage. Target selection often includes critical infrastructure and private-sector systems relevant to Russian state objectives.

China – Strategic Support Force (SSF)
The PLA’s Strategic Support Force integrates cyber, space, and electronic warfare capabilities under a single command. The Military–Civil Fusion doctrine ensures that private-sector technology and data are fully accessible to military planners.

Strategic Differentiator for Italy

Crosetto’s model, while borrowing structural efficiencies from both allies and adversaries, positions Italy uniquely:

• Closer to adversary integration levels in terms of direct access to industrial data.
• Retaining NATO/EU legal constraints, thus avoiding full militarization of the private sector.
• Leveraging “white” hacker immunity to conduct operations that allies may hesitate to initiate for legal reasons.

Industrial Impact Modeling: Risks, Benefits, and Scenarios

Risk–Benefit Matrix

Dimension	Benefit	Risk
Operational Security	Real-time vulnerability identification in critical suppliers.	Potential overreach and erosion of corporate autonomy.
Economic Competitiveness	Protection of intellectual property from state-sponsored theft.	Perception of defense ministry surveillance could deter foreign partnerships.
Crisis Response	Unified command reduces breach-to-response time from hours to minutes.	Risk of legal disputes with partners bound by stricter privacy rules.
Allied Cooperation	Greater value to NATO/EU missions through integrated industrial defense.	Potential friction with allies concerned about data sharing protocols.

---

Scenario Analysis

Scenario A – Coordinated State Cyber Offensive Against Italian Energy Grid

• Without reform: ACN detects anomalous activity; civilian coordination delays active countermeasures; partial blackout lasts hours.
• With reform: Military cyber units deploy pre-authorized counter-intrusion, disrupt adversary C2, restore grid within minutes, preserve economic continuity.

Scenario B – Industrial Espionage Targeting Naval Shipyard

• Without reform: Compromise discovered post-exfiltration; adversary gains warship design blueprints.
• With reform: Real-time telemetry access enables identification of breach within seconds; active defense erases exfiltrated data on adversary server.

Quantitative Projection

Based on ACN’s 2024 statistics, the average time to detect a critical breach in Italy’s strategic industries is 207 days. If military direct access cuts this to <1 day, the projected reduction in economic loss (based on ENISA incident cost modeling) could exceed €5.4 billion annually across the Perimetro sectors.

Geopolitical Power Dynamics in the Mediterranean and EU Context

The Mediterranean as a Strategic Cyber–Physical Theater

The Mediterranean basin is one of the most contested geopolitical zones in 2025, with overlapping interests of NATO, the European Union, Russia, China, and regional powers such as Turkey and Algeria. Historically, strategic competition here has been defined by naval control, energy transit routes, and aerial supremacy. Today, however, the operational environment is overlaid with a permanent cyber conflict layer.

Italy’s centralized military cyber authority directly affects this theater in three ways:

• Protection of maritime digital infrastructure — undersea cables, port logistics systems, and shipboard networks are all within the cyber-attack surface.
• Interdiction of adversary ISR (Intelligence, Surveillance, Reconnaissance) — Italian forces could disrupt hostile drones, satellites, and maritime surveillance feeds in real time.
• Pre-emptive counter–supply chain sabotage — enabling Italy to deny adversaries the ability to exploit logistics chokepoints such as the Strait of Sicily.

EU Strategic Posture and Italy’s Leverage

Within the EU, member states with full-spectrum cyber capabilities have disproportionate influence on joint policy formation. France and Germany have leveraged their military cyber commands to shape PESCO and European Defence Fund (EDF) priorities. Italy, with a Crosetto-style cyber centralization, could:

• Position itself as a core architect of EU cyber defense doctrine.
• Lead joint rapid response teams during EU crisis deployments.
• Secure larger EDF allocations for Italian defense–industrial projects.

Such leverage would be particularly potent in Mediterranean-centric missions, where Italy’s geographic location gives it operational proximity unmatched by northern member states.

Application of Deterrence Theory in Crosetto’s Cyber Doctrine

Deterrence by Denial

By demonstrating that Italy can detect and neutralize intrusions in near-real time — and potentially act inside adversary networks — Crosetto’s approach raises the perceived cost of conducting cyber operations against Italian assets. In deterrence theory terms, this is denial: making the attack so unlikely to succeed that it becomes strategically unattractive.

Deterrence by Punishment

Granting garanzie funzionali to “white” hackers creates the legal basis for deterrence by punishment. Adversaries know that a breach will not only be repelled but could trigger retaliatory cyber strikes on critical systems within their own territory.

Escalation Control

The most sophisticated application of deterrence in the cyber domain is escalation control — the ability to respond proportionally without triggering uncontrolled conflict. Centralizing cyber authority in the Ministero della Difesa allows for precise, calibrated responses under unified rules of engagement, reducing the risk of escalation caused by misaligned civilian–military actions.

Counterintelligence and Counter–Supply Chain Sabotage Tactics Under the New Model

Continuous Industrial Counterintelligence

Military access to corporate networks enables persistent counterintelligence:

• Mapping adversary reconnaissance activities.
• Identifying compromised insider accounts.
• Using honeypots to lure attackers into controlled environments for attribution.

Supply Chain Integrity Operations

The modern defense–industrial base is deeply dependent on multinational supply chains, many of which include vendors from jurisdictions vulnerable to adversary influence. Direct defense ministry oversight would allow:

• Component-level verification of microelectronics.
• Pre-deployment testing for embedded malware or backdoors.
• Controlled substitution of compromised components with certified domestic alternatives.

Offensive Counter–Supply Chain Measures

In extreme cases, Crosetto’s model could support offensive counter–supply chain operations, where Italian cyber units pre-emptively compromise adversary production lines to degrade the quality or reliability of weapons destined for hostile forces. This is a tactic reportedly used by multiple NATO members against state adversaries — though No verified public source available confirms specific Italian participation to date.

Legal–Constitutional Tension, Diplomatic Management, and Multi-Year Strategic Forecast Under a Defence-Led Cyber Regime

Legal–Constitutional Balance in a Defence-Centric Model
Centralizing authority over the Perimetro di sicurezza nazionale cibernetica inside the Ministero della Difesa must be reconciled with the constitutional architecture that entrusts political direction and interministerial coordination of national security to the Presidenza del Consiglio dei Ministri and recognizes parliamentary checks as integral to the separation of powers. The text of the Costituzione della Repubblica Italiana published by the Presidenza del Consiglio dei Ministri and the Corte costituzionale underscores that executive power is exercised “nelle forme e nei limiti” of the Costituzione, which implies that any reallocation of security competences must be grounded in primary legislation and framed by explicit oversight mandates rather than delegated only by secondary regulation. See Governo — Costituzione italiana and Corte costituzionale — Costituzione. (Governo, cortecostituzionale.it)

Statutory Interfaces That Cannot Be Ignored
The Perimetro’s legal spine remains Decreto-legge 105/2019 as coordinated with Legge 133/2019, which designates operators, prescribes security obligations, and empowers inspection and sanctioning mechanisms. Any transfer of operational monitoring from Palazzo Chigi, DIS, AISE, AISI, Ministero dell’Interno, and the Agenzia per la Cybersicurezza Nazionale to the Ministero della Difesa would require amendments to the coordinated text, not merely administrative circulars. The coordinated Gazzetta Ufficiale entry remains the authoritative baseline; likewise, the ACN’s institutional “Regolazione” pages confirm it currently performs regulatory and sanctioning functions derived from national and EU law, which argues for keeping enforcement structurally separated from operations to avoid conflicts of interest. See Gazzetta Ufficiale — DL 105/2019 Coordinato and ACN — Regolazione. (Gazzetta Ufficiale, Agenzia delle Entrate)

Functional Guarantees and Their Constitutional Envelope
Extending garanzie funzionali from the Sistema di informazione per la sicurezza della Repubblica to military cyber operators demands a clear statutory basis that mirrors the safeguards embedded in Legge 124/2007: advance authorization, necessity and proportionality tests, strict mission delimitation, and ex post reporting to competent authorities. The consolidated texts hosted by Parlamento and Normattiva detail that intelligence functional guarantees are not blanket immunities; they are conditional shields within a controlled authorization chain. A faithful extension to Comando per le Operazioni in Rete should replicate those constraints, while adding a channel for regular scrutiny by COPASIR to preserve democratic legitimacy when actions are covert. See Camera — Dossier su Legge 124/2007 and Normattiva — Legge 124/2007. (Documenti Camera, normattiva.it)

EU and NATO Constraint Vectors
Any defence-led centralization must remain interoperable with European Union law and NATO doctrine. The EU’s Strategic Compass adopted on March 24, 2022 demands that member states develop deployable military cyber capacities yet embeds them within a legal order that includes NIS2, CER, DORA, and data-protection constraints. The NATO Cyber Defence Pledge of July 8, 2016 binds allies to improve resilience and make national capabilities available to the Alliance under a defensive mandate. A durable Italian model therefore needs a statutory split: the Ministero della Difesa directs operations and crisis monitoring, while ACN and sectoral regulators keep their regulatory/enforcement lanes to satisfy EU compliance and alliance transparency. See EEAS — Strategic Compass and NATO — Cyber Defence Pledge. (eeas.europa.eu, nato.int)

Diplomatic Management: Signalling Reassurance While Projecting Power
A defence-led cyber regime projects deterrence externally but can cause frictions with partners and investors unless accompanied by transparent safeguards. Three diplomatic instruments are advisable. First, publish a redacted Regole di Ingaggio Cibernetiche policy that affirms adherence to international law principles articulated in the Tallinn Manual while preserving operational ambiguity; this satisfies allies that escalation controls exist. Second, formalize information-sharing compacts with ENISA, NATO’s CCDCOE, and allied cyber commands for joint attribution protocols, thereby ensuring that Italian counter-actions are synchronized with coalition risk calculus. Third, codify industrial trust frameworks that explain how confidential corporate data will be accessed, processed, retained, and audited under military custody, with built-in compliance to GDPR and to ACN’s sectoral regulations, such as the new cloud rules for the public sector announced in late June 2024. See ENISA — Threat Landscape 2023 and Dipartimento per la Trasformazione Digitale — Regolamento cloud con ACN. (enisa.europa.eu, innovazione.gov.it)

Alliance Leverage: From Consumer to Provider of Cyber Stability
A unified Italian command with pre-authorized, legally shielded operators can credibly lead PESCO’s Cyber Rapid Response Teams while contributing to NATO crisis cells. The official PESCO project fiches specify deployable expert teams and mutual assistance formats; an Italian framework-nation role becomes plausible once command unity, legal operability, and industrial visibility are in place. That role would also amplify Italian influence over European Defence Fund programming and joint capability priorities, particularly in maritime and aerospace cyber resilience where Italy’s industrial base is competitive. See PESCO — Cyber Rapid Response Teams and ETH Zurich CSS — CRRT analysis. (pesco.europa.eu, Center for Security Studies)

Risk Controls That Preserve Legitimacy Without Sacrificing Speed
A practicable blueprint balances rapid operational authority with stringent accountability. First measure: a statutory dual-key for the most escalatory actions by Comando per le Operazioni in Rete — one key held by the capo di stato maggiore or a designated cyber commander, the other by a ministerial authority — with an emergency override for imminent threats documented via cryptographic logging and compulsory briefing to COPASIR within twenty-four hours. Second measure: keep ACN as the independent enforcer that can audit even defence-run operations for compliance and sanction lapses, thus aligning with EU’s regulator–operator separation norms. Third measure: a sunset-and-review clause that forces Parliament to reconfirm the expanded defence powers after a fixed horizon; this mitigates the political risk of indefinite exceptionalism. These controls align with the EU’s resilience emphasis and NATO’s transparency expectations while preserving Italy’s decision-cycle advantage. See NATO — Cyber defence overview and ENISA — Threat Landscape portal. (nato.int, enisa.europa.eu)

Strategic Forecast: Three-Horizon Outlook Under Centralization
Short term through the next twelve months: expect a measurable reduction in breach-to-response time for Perimetro entities as military telemetry access and pre-authorized counter-intrusion tools come online. External pressure is likely to remain high; ENISA leadership publicly noted that disruptive, politically motivated attacks in the European Union surged in the year preceding mid- 2024, with many tied to actors aligned to the Russian Federation. This validates the deterrence-by-denial emphasis if Italian units can move from detection to containment in minutes rather than days. See Associated Press — ENISA director interview. (AP News)

Medium term across roughly two to three years: anticipate consolidation within the defence supply chain as smaller vendors struggle with hardened cyber accreditation and continuous monitoring; however, European Union funding streams and PESCO deployments can cushion attrition by underwriting joint testing labs and shared red-team services. Interoperability dividends with NATO should rise as legal frictions diminish and Italian “white” hacker teams become plug-and-play elements for coalition operations under a common playbook derived from the Cyber Defence Pledge and the Strategic Compass. See NATO — Cyber Defence Pledge and EEAS — Strategic Compass. (nato.int, eeas.europa.eu)

Long term over roughly five years and beyond: the decisive variable becomes adoption of post-quantum cryptography and secure-by-design procurement across the Perimetro. If the Ministero della Difesa leverages its new vantage point to set uniform crypto-migration milestones and ties acquisition to demonstrable supply-chain assurance, then Italy can harden both state and industrial networks before hostile actors’ decryption capabilities mature. A defence-led regime that couples offensive readiness with regulator independence and parliamentary visibility will maximize deterrence without eroding the constitutional order; one that blurs enforcement with operations or minimizes scrutiny will trigger domestic pushback and allied caution. The ACN’s regulatory coordination role and the EU’s common frameworks are the anchors that keep the system lawful and interoperable while the Ministero della Difesa accelerates the operational tempo. See ACN — Authority and sanctions (EN) and **ENISA — ETL ** 2023 PDF. (Agenzia delle Entrate, enisa.europa.eu)

Net Assessment
The core of Guido Crosetto’s strategy is a recognition that confidential corporate data inside the Perimetro di sicurezza nazionale cibernetica is functionally equivalent to classified military plans when adversaries wage hybrid war. Direct military access and a legally shielded Comando per le Operazioni in Rete produce the speed and unity of command necessary for deterrence and crisis response. The price of that speed is a tighter constitutional and diplomatic margin for error. A model that codifies dual-key authorizations, preserves ACN’s independent enforcement, binds offensive actions to international law through published rules of engagement, and commits to periodic parliamentary renewal will sustain legitimacy while delivering the operational advantages that a defence-led cyber regime promises.

Strategic Counter-Alignment and Adversary Adaptation Scenarios

Anticipated Adversary Countermeasures

The centralization of Perimetro di sicurezza nazionale cibernetica authority under the Ministero della Difesa will inevitably trigger adaptation cycles among hostile actors. Intelligence assessments from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) and ENISA’s Threat Landscape 2023 indicate that when a state hardens one domain, adversaries pivot to alternate vectors, often blending low-tech asymmetry with high-tech persistence. Expected moves include:

• Supply Chain Lateralization — Instead of targeting hardened Italian networks directly, attackers may compromise subcontractors in non-EU jurisdictions where oversight is weaker, embedding vulnerabilities into imported systems.
• Human-Source Penetration — With network access restricted, adversaries increase recruitment of insiders through financial inducement, blackmail, or ideological alignment, a technique frequently employed by GRU and MSS assets.
• Fog-of-War Disinformation — Simultaneous cyber incidents and information campaigns designed to create political pressure against defence-led oversight by framing it as “militarization of the economy.”
• Technical Mimicry — Using compromised allied systems to route attacks, masking their origin to complicate NATO/EU attribution consensus and delay retaliatory measures.

Strategic Counter-Alignment by Peer and Near-Peer Adversaries

Russian Federation: Likely to integrate Sandworm-style destructive malware with kinetic intimidation in contested Mediterranean zones, aiming to force Italy to divert resources to domestic incident recovery.
People’s Republic of China: Through the Strategic Support Force, may escalate intellectual property theft targeting Italy’s aerospace and naval industries, exploiting Italy’s reliance on certain East Asian manufacturing nodes.
Iran: Expanding its IRGC Cyber Electronic Command activities toward maritime choke points, possibly compromising port logistics in Gioia Tauro or Trieste to pressure Italian participation in Middle East maritime coalitions.
Turkey: While formally allied via NATO, Ankara may conduct covert cyber operations for geopolitical leverage in Eastern Mediterranean disputes, using plausible deniability through non-state hacker groups.

Proactive Mitigation Architecture for Crosetto’s Model

Integrated Counterintelligence–Cyber Fusion Cells

Establish permanent fusion cells combining AISE/AISI HUMINT sources with Comando per le Operazioni in Rete SIGINT/cyber capabilities. This mirrors the Five Eyes concept of “all-source analysis” and reduces the blind spots that purely technical monitoring leaves.

Supply Chain Hardening and Foreign Vendor Vetting

Mandate pre-import cyber certification for all components bound for Perimetro entities, leveraging blockchain-based provenance tracking and random destructive testing of samples for hidden firmware-level compromises.

Psychological Operations (PSYOPS) and Narrative Immunization

Deploy a coordinated strategic communications campaign, both domestically and to allies, explaining the constitutional safeguards and international-law compliance built into the defence-led cyber structure. This inoculates public opinion against adversary disinformation intended to delegitimize the reform.

Adversary Simulation and Wargaming

Conduct quarterly red-team exercises against national critical sectors using both military and civilian “white” hacker cadres, simulating the exact tactics seen in adversary playbooks. Feed lessons into live operational readiness upgrades.

Strategic Forecast With Escalation Ladders

Low-Intensity Conflict Phase

Duration: 6–18 months post-implementation

• Surge in phishing, ransomware, and supply-chain exploits by state proxies.
• Targeted legal and diplomatic pressure against Italy in EU forums to restrict military access to corporate networks.
• Required Response: Maintain operational tempo while demonstrating full compliance with GDPR, NIS2, and EU Charter of Fundamental Rights.

Gray-Zone Confrontation Phase

Duration: 2–4 years

• Coordinated cyber and maritime harassment in the Mediterranean.
• Potential false-flag incidents aimed at driving wedges between Italy and key NATO allies.
• Required Response: Develop joint EU-NATO Mediterranean Cyber Task Group for synchronized counter-operations.

Open Cyber Conflict Phase (High-End Scenario)

Trigger: NATO–Article 5-level incident involving a Mediterranean ally.

• Defence-led Italian cyber command would be required to operate under NATO integrated cyber tasking orders, prioritizing alliance objectives over unilateral missions.
• Required Response: Retain sovereign rapid-reaction capacity while fulfilling NATO commitments — a balance dependent on pre-negotiated command relationships.

Italy’s Potential Leadership Role in EU and NATO Cyber Deterrence Architecture

From Peripheral Actor to Core Cyber Pillar

Historically, Italy has been perceived in NATO and EU defence circles as a strong maritime and air power but not a leader in cyber warfare. Crosetto’s centralization plan has the potential to shift Italy’s standing from “reactive participant” to “core architect” of allied cyber strategy.

• Within EU frameworks like PESCO, Italy could command Cyber Rapid Response Teams and embed military “white” hacker detachments in multinational formations.
• In NATO, Italy could propose the creation of a Mediterranean Cyber Coordination Cell operating out of Rome, synchronizing naval, air, and cyber defence in the Southern Flank — a zone often overshadowed by the Eastern Flank focus on the Russian Federation.

NATO’s Southern Flank Integration

By leveraging its geostrategic position and upgraded cyber posture, Italy could drive an Alliance Concept of Operations (CONOPS) specifically tailored to hybrid threats in the Mediterranean.
This would include:

• Integrated ISR — merging satellite maritime domain awareness with cyber intelligence to preempt hybrid actions.
• Port and Logistics Cyber Shield — joint NATO–Italy monitoring of Mediterranean port infrastructure to detect and neutralize supply chain compromises.
• Rapid Attribution Protocols — enabling the Southern Flank to match Eastern Flank readiness levels for identifying and countering state-backed cyber aggression.

The EU’s Strategic Compass Alignment

The Strategic Compass, adopted on March 24, 2022, sets 2030 as a target for fully deployable EU cyber defence units. Italy’s model, if implemented now, could be fully operational years ahead of schedule, positioning it to dictate tactical doctrine, interoperability standards, and procurement specifications for the bloc. This creates doctrinal dependency — allies may adapt their forces to Italian-led frameworks, locking in influence.

Long-Term Industrial–Military Synergies

Cybersecurity as Industrial Policy

Crosetto’s plan would blur the line between national defence and industrial policy. Direct military oversight of private sector cybersecurity could:

• Force rapid technology adoption cycles (e.g., post-quantum cryptography) across the industrial base.
• Anchor domestic R&D ecosystems around dual-use cyber technologies.
• Give Italian defence primes a competitive export advantage in NATO/EU tenders by certifying them to the highest possible security standards.

Talent Pipeline and Retention

The integration of “white” hackers with functional guarantees creates a new professional class in Italy — civilian cyber operators with defence-grade clearance. This would:

• Reduce brain drain to foreign tech giants.
• Stimulate university–defence partnerships for advanced cybersecurity curricula.
• Create a strategic reserve of cyber operatives who can be mobilized in crises without the delays of fresh recruitment.

Defence-Driven Civil Infrastructure Resilience

Industrial sectors outside the direct Perimetro scope — such as banking, transportation, and healthcare — would still benefit from hardened supply chains and intelligence on emerging threats. Over time, this could raise the national cyber resilience baseline to a level far exceeding the EU average.

Classified-Style Net Assessment

Operational Gains:

• Reaction Time: Near-instant mobilization of countermeasures against advanced persistent threats (APTs).
• Attribution Capacity: Greater ability to identify attackers via integrated HUMINT–SIGINT analysis.
• Deterrence Credibility: Legal authorization for proportionate counter-offensive cyber operations.

Strategic Risks:

• Perception of Militarization: Risk of domestic political backlash and loss of investor confidence if safeguards are not transparent.
• Over-Reliance on Military Solutions: Neglect of civilian cyber innovation pathways could create bottlenecks.
• Adversary Escalation: Potential triggering of multi-domain retaliation by peer competitors.

Forecast:
If executed with dual-key oversight, EU/NATO legal harmonization, and transparent engagement with the private sector, Crosetto’s centralized cyber command could place Italy within the top three NATO cyber powers by 2030. Failure to manage constitutional limits or diplomatic reassurance, however, could lead to isolation within EU policy circles and vulnerability to coordinated hybrid campaigns aimed at eroding domestic support for the model.

---

Copyright of debuglies.com
Even partial reproduction of the contents is not permitted without prior authorization – Reproduction reserved