Fast Facts

• Italy is debating a law to expand military powers in cyberspace, even in peacetime.
• The Ministry of Defense could enlist outside cyber experts under strict oversight.
• Debate includes not just defense, but also potential for government-backed cyber counterattacks.
• The move follows the 2022 “decreto Aiuti,” which first laid groundwork for national cyber resilience.
• Concerns over legal, ethical, and international implications remain front and center.

A Digital Shield - and Sword?

Imagine the Italian military not just patrolling borders or the Mediterranean, but also prowling invisible frontlines online. That’s the vision emerging from Rome this autumn as lawmakers debate a sweeping new bill to turbocharge Italy’s cyber defense - and, for the first time, openly contemplate striking back against digital aggressors.

The legislation, championed by Defense Committee president Nino Minardo, would extend the Ministry of Defense’s reach in cyberspace, empowering the armed forces to act not only in times of war, but also during peacetime. The aim: to defend critical institutions, essential infrastructure, and ordinary citizens from an ever-rising tide of digital threats. From ransomware crippling hospitals to espionage targeting ministries, the stakes have never been higher.

From “Decreto Aiuti” to Digital Counterstrikes

Italy’s journey into cyber defense gained momentum in 2022 with the “decreto Aiuti,” which first established a regulatory framework for responding to cyberattacks and hybrid threats. That decree was a wake-up call, acknowledging that the country’s essential services - energy, transport, healthcare - could be paralyzed by unseen adversaries wielding malicious code instead of bombs.

The new bill goes further. It mandates specialized cyber training for military personnel and allows the Defense Ministry to tap external technical experts - think digital “special forces” - provided their activities are tightly monitored to ensure transparency and legality.

What’s truly new, however, is the open discussion of “offensive” capabilities. Italian officials are now weighing whether to develop tools not just to defend, but to strike back: exploiting unknown software flaws (“zero-days”), deploying custom malware, or disabling hostile servers. These are not abstract debates - recent headlines about the government’s use of spyware like Graphite have dragged these issues into the public spotlight.

Treading a Legal and Ethical Tightrope

Italy’s move echoes a broader European and global shift. As countries like France, Germany, and the UK invest heavily in cyber operations, Italy faces pressure not to fall behind. Yet with greater power comes greater scrutiny. Each step towards an active cyber posture raises thorny questions: What are the rules of engagement in the digital realm? How can transparency and accountability be ensured, especially when operations are shrouded in secrecy?

The challenge is to balance robust security with respect for international norms and civil liberties. As Italian lawmakers debate, the world watches: will Italy set a new standard for democratic cyber defense, or stumble into the same legal and ethical gray zones that have plagued other nations?

WIKICROOK

• Zero: A zero-day vulnerability is a hidden security flaw unknown to the software maker, with no fix available, making it highly valuable and dangerous to attackers.
• Malware: Il malware è un software dannoso progettato per infiltrarsi, danneggiare o rubare dati da dispositivi informatici senza il consenso dell’utente.
• Critical infrastructure: Critical infrastructure includes key systems - like power, water, and healthcare - whose failure would seriously disrupt society or the economy.
• Spyware: Spyware is software that secretly monitors or steals information from your device without your consent, putting your privacy and data at risk.
• Hybrid threats: Hybrid threats are attacks that combine traditional tactics, like sabotage, with digital methods such as hacking and disinformation to achieve complex goals.