Istituto Superiore delle Comunicazioni e delle Tecnologie dell'Informazione
The Istituto Superiore delle Comunicazioni e delle Tecnologie dell'Informazione (ISCOM), founded in 1907, is a technical/scientific body within the Italian Ministero dello Sviluppo Economico. Its activity is focused on technical support to regulation and standardization, experimentation, basic and applied research, training, specialized education and dissemination in the field of electronic communications and services. In addition, the ISCOM ensures technical support to private organizations, public institutions and citizens through its laboratories and specialized personnel.
One of the main areas of expertise of ISCOM is in the field of cybersecurity, where it implements various functions, including the role of Italian National CERT, and the Italian National ICT Security Certification body, as OCSI (Organismo per la Certificazione della Sicurezza Informatica) under the international Agreement CCRA (Common Criteria Recognition Acknowledgement - Mutual Recognition Agreement) and the European SOGIS-MRA (Senior Officials Group Information Systems Security. It is committed in the fight against botnets, and implements a National Support Centre (NSC) within the network and information protection function of the National CERT. It hosts an ICT security evaluation lab, i.e. Ce.Va (Centro Valutazioni), where ICT systems thought for classified data processing are tested.
The Italian National CERT operates within the Ministry of Economic Development, and namely at the High Institute of Communications and Information Technology – ISCOM – which is the technical scientific body for ICT matters of the Ministry.
CERT Nazionale, according to the public-private partnership model, supports citizens and companies through awareness and prevention measures and by coordinating the response to large-scale cyber attacks. Main goals of CERT Nazionale are:
- Provide prompt information on potential cyber threats that could damage companies and citizens;
- Improve the awareness and the promotion of a stronger security culture;
- Cooperate with national and international institutions and other actors, public and private, involved in cyber security, promoting the cooperation among them;
- Ease the response to large-scale security information incidents;
- Support the process of cyber crisis management
Role and main tasks in COMPACT
ISCOM will play a key role in WP2 (Scenarios, Human factors and Legal/Ethical aspects). The deep knowledge that ISCOM has of the threat landscape will be a valuable resource for clearly understanding the issues that the project must address and the constraints that the platform must satisfy. The information sharing environment established by CERT Nazionale will feed COMPACT with up to date news about attacks and attack trends.
ISCOM will participate in WP3 (COMPACT Architecture), where they will contribute to the solution of issues related to data exchange.
ISCOM will participate in WP4 (COMPACT Platform), where they will mainly contribute their experience in remote monitoring of cyber-related events.
ISCOM will participate in WP5 (Validation and Demonstration in Operational Environment), contributing to the production of contents for security awareness raising.
ISCOM will participate in WP6 (Communication & Dissemination), communicating and disseminating COMPACT results to other national CERTs - such as: the Spanish one (INCIBE), the Romanian one (CERT.RO), and more - as well as to Italian SMEs and citizens, also via the organization of public events.
ISCOM will participate in WP7 (Exploitation), exploring the possibility of taking COMPACT results from lab to real setups.