Italy is reshaping its national maritime security priorities, placing emphasis on the increasingly concrete threat of cyber risk

 Ministry of Infrastructure and Transport in Italy  is reshaping its national maritime security priorities, placing emphasis on the increasingly concrete threat of cyber risk. With the publication of the Circular "Navigation Safety, General Series No. 177/2025" on December 16, the General Command of the Port Authorities and the NIS Authority for the Transport Sector defined the new binding regulatory framework. The measure applies to ships flying the Italian flag, ISM management companies, and port facilities, requiring an update of digital defense measures consistent with IMO guidelines and harmonized with the European framework of the NIS2 Directive, implemented in Italy with Legislative Decree 138/2024 according to Shipping Italy 

Establish a dedicated cyber arm staffed  

.It is noteworthy that Marco Braccioli spoke with Airpress, Decode39’s sister magazine, about Italy’s plan to recognise cyberspace as an operational domain and create a national cyber force. Defence Minister Guido Crosetto has presented to Parliament a project that would establish a dedicated cyber arm staffed with up to 1,500 specialists and supported by a new information-warfare command. The goal: The initiative aims to consolidate Italy’s fragmented cyber capabilities and strengthen national resilience against hybrid threats targeting critical infrastructure and national security.

ECDI, AIS, and remote access interfaces.

Meanwhile the convergence of information and operational technologies has made modern naval vessels and port terminals dependent on interconnected systems such as ECDI, AIS, and remote access interfaces. While this evolution has optimized logistical efficiency, it has also increased the surface area exposed to attacks that, by compromising Computer-Based Systems, could threaten not only operational continuity, but also the very safety of navigation and environmental integrity. Hence the need for regulatory intervention.

Circular 177/2025

Circular 177/2025 thus marks the transition from a voluntary to a structural and mandatory approach. The provision focuses on the need for companies to organically integrate cyber risk management into their Safety Management Systems and security plans. It is no longer simply a matter of installing technological barriers, but of formalizing corporate procedures that cover the entire threat lifecycle: from intrusion prevention and detection to response planning and post-incident recovery strategies to ensure the resilience of critical systems, such as propulsion, steering, power generation, and load management.

Human capital is a fundamental pillar

In this context, human capital is a fundamental pillar, which is why the Ministry has established that technological upgrades must go hand in hand with a qualified training program for all key personnel, from crews to Company and Port Facility Security Officers, and even IT/OT technicians. This training must also be constantly updated to enable them to recognize the most sophisticated attack techniques and respond promptly.

The Pushing forward to future technological frontiers

The legislator pushes forward to future technological frontiers, including provisions regarding autonomous systems and integrated ship-shore services, anticipating the vulnerabilities of a rapidly automating sector. Furthermore, emergency management is integrated with the notification requirements of the NIS2 regulation, requiring operators to promptly report significant incidents to the Italian National Cybersecurity Research Centre (CSIRT), thus strengthening cooperation between the maritime sector and national cyber defense.

The NIS2 Directive Transposition Tracker 

As jointly emphasized by the General Command and the NIS Authority, cybersecurity is becoming an essential component of overall maritime security. To allow operators to adapt to these high standards, the new provisions have been set to enter into force on November 1, 2026..On the other hand The NIS2 Directive Transposition Tracker is a collaborative project providing a streamlined and comprehensive overview of the Directive’s transposition across EU Member States and beyond.

In aligning their national cybersecurity policies with EU legislation

Organised into dedicated sections for each country, the tracker covers key aspects such as the sectoral scope, applicable standards, registration processes, sanctions, lists of competent authorities, and deadlines. This initiative aims to identify similarities and differences in implementation while ensuring clarity for stakeholders navigating the evolving regulatory landscape. The tracker was updated to reflect the efforts of Eastern Partnership and Western Balkan countries in aligning their national cybersecurity policies with EU legislation and standards.

Source : Italy Media 

#NIS Authority #national cybersecurity policies #Italy #: Cybersecurity  integrated  #national maritime security #Marco Braccioli # ISM management companie #Navigation Safety