[Aug 2021-March 2023] In August 2021, Roberto Baldoni was appointed by Prime Minister Mario Draghi as the first Director General of the National Cybersecurity Agency (ACN). Position held till March 2023. ACN is responsible for preventing, detecting, alerting and mitigating cyberattacks. During his 18 months tenure, ACN has been built legally, operationally and logistically and ACN hired the first core of 170 qualified employees. During his term, among the others, ACN kicked off:
the National Cybersecurity Cell (Nucleo per la Cybersicurezza - NCS), a cross-organizational body that includes the cyber units of the Ministry of Defense, the Secret Service and the Ministry of the Interior, and is responsible for mitigating attacks that could affect national security.
the National Center for Certification and Evaluation (CVCN) and the network of testing laboratories, which is currently also supporting technical work related to the Italian Foreign Investment Screening Law, also known as the Golden Power Law;
a roadmap for sustainable cybersecurity technology development for Italy, including a network of national incubators, various types of public-private partnerships, and a research and innovation agenda eventually published in June 2023;
published the National Cloud Strategy, published in September 2021, together with the Ministry of Digital innovation;
published the National Cybersecurity Strategy, which was signed by Prime Minister Draghi in May 2022. It includes 82 holistic measures to be implemented by 2026. The strategy was followed by a companion document, the Operational Plan, which was submitted to Parliament by the end of 2022 and includes the definition for each lead organization measure, kpi-s, and implementation guidelines. These documents are a joint effort of all Italian central administrations, coordinated by ACN.
At the EU level, ACN has been at the forefront of the most important EU dossiers. Italy was one of the countries leading the creation of the EU 5G security toolbox. Together with France, Italy proposed the establishment of the Cyber Crisis Liaison Organization Network (CyCLONe) and played a leading role in its implementation. CyCLONe is a cooperation network for Member States' national authorities responsible for cyber crisis management located in between the EU CSIRT technical network and the integrated political crisis response (IPCR). In the context of the European Cloud Certification Scheme (EUCS), ACN followed a line of action aligned with the National Cloud Strategy aiming to combine the open cloud market with the need for national security of strategic domestic data.
During his tenure, ACN coordinated the implementation of cybersecurity projects totaling 623 million euros under Objective 1.5 of the EU's Next Generation Program. All milestones through December 31, 2022 were achieved. Among these projects was the National HyperSOC, similar to the Israeli Cyberdome, launched by Baldoni to detect and prevent malicious cyber activities in Italian cyberspace, currently in its first prototype phase. All milestones within December 31st have been achieved.
ACN positioned Italy as one of the leading countries in the International Counter Ransomware Initiative. ACN actively worked to bring NATO Cyber Defense Pledge Conference 2022 to Rome.
[Dec 2017-Aug 2021] In December 2017, Roberto Baldoni was appointed by Italian Prime Minister Paolo Gentiloni as Deputy Director General of the Department of Information for Security (DIS, the equivalent of the U.S. Office of the Director of National Intelligence) with responsibility for national cybersecurity. As DIS Deputy DG, Baldoni chaired the Italian Cybersecurity Management Board (Nucleo Sicurezza Cibernetica or NSC), an inter-ministerial organization established at DIS and further empowered by an Executive Decree (DPCM n.2/2017). The NSC implements and oversees the prevention and management of nationwide cyber crises and coordinates national cybersecurity operations centers, including the two existing National CERTs established at AgID and MISE, respectively, the Postal Police (Ministry of the Interior), the Inter-Force Cyber Command (Ministry of Defense), and the intelligence agencies. The NSC is also responsible for national cybersecurity positions in international organizations and for promoting Italian government-research-industry collaboration in cybersecurity. He oversaw the establishment of the first national CSIRT at DIS following the entry into force of the Executive Decree (DPCM 8/8/2019) transferring this function from MISE and AgID to DIS. The national CSIRT began operations in March 2020.
At DIS, Roberto Baldoni oversees Italy's activities to implement the EU NIS directive (DLgs n.65/2018) and he was the Italian PoC for the policy of the agreement between Italy and NATO on cybersecurity signed in 2017 and a member of the High Level Management Board of NATO.
In 2019, Roberto Baldoni designed the "National Security Perimeter for Cyber" and chaired the working group that drafted the law DL n.105/2019, approved by the Italian Parliament in November 2019. In 2020, on behalf of the Interministerial Committee for the Security of the Italian Republic (CISR)chaired by protempore Prime Minister Giuseppe Conte, he acted as Director for the actual implementation and for the drafting of the five Executive Decrees stemming from DL n.105/2019. The implementation involved the coordination of 9 working groups with more than 200 people from the CISR ministries of legal and tech profiles. The "National Security Perimeter for Cyber" Law and its five implementing Executive Decrees establish a security framework that imposes mandatory requirements on digital assets owned by public or private entities that support services or infrastructures whose disruption may affect national security. Requirements enforce a minimum level of security measures, risk analysis, and technical testing for devices to be deployed in the assets. The security framework also includes a requirement to report incidents occurring in the assets within 1 or 6 hours of discovery. During his tenure, from February to July 2021, he designed and coordinated the planning of the activities of 623-million-euro cybersecurity projects under Objective 1.5 of the Next Generation EU program.
In April 2021, he chaired the working group set up by Undersecretary to national security Franco Gabrielli to draft the law restructuring Italy's cybersecurity architecture and establishing ACN. The law (DL n.82/2021) was approved by the Italian ministries council in June 2021 and by the Italian Parliament in August 2021. The law provides for a budget for ACN that will gradually increase to 110 million euros per year in 2027, reaching 800 personnel units by the same year.