Fast Facts

• Italy’s National Cybersecurity Agency (ACN) updated its ban on Russian software in government, now including Security Gen, formerly Positive Technologies.
• Previous bans covered Kaspersky Lab and Group-IB; the new directive widens restrictions due to national security concerns.
• The measure applies to direct and indirect sales, cloud services, and all related suppliers linked to Russia.
• Public offices must now inventory all software and demand detailed supply chain lists from vendors.
• This move follows ongoing geopolitical tensions and fears of cyber-espionage or sabotage.

The Digital Iron Curtain Descends

Picture Italy’s public digital infrastructure as a modern city: bustling, interconnected, and vulnerable to sabotage if the wrong hands hold the keys. This week, the National Cybersecurity Agency (ACN) redrew the city’s boundaries, slamming the gates on a new set of Russian tech companies. The latest circular, signed by ACN director Bruno Frattasi, not only reaffirms bans on Kaspersky Lab and Group-IB but adds Security Gen (formerly Positive Technologies) to the blacklist.

The official rationale? “Possible prejudice to national security in cyberspace” - a diplomatic way of saying that, in the current climate of suspicion and hybrid warfare, trusting Russian code in sensitive systems is a risk Italy no longer wants to take. The directive covers software sold directly, through resellers, or embedded in cloud services, and applies to any company with Russian ties.

Why This Ban, and Why Now?

This isn’t Italy’s first digital barricade. In 2022, shortly after Russia’s invasion of Ukraine, ACN’s earlier circular took aim at prominent Russian cybersecurity vendors. The concern: software from these firms could serve as a Trojan horse, opening backdoors for espionage or cyberattacks. Kaspersky, for instance, has been scrutinized by Western governments for years, with Germany, the US, and others issuing warnings or bans over perceived risks.

Security Gen, previously known as Positive Technologies, is no stranger to controversy. The US sanctioned it in 2021, alleging it supported Russian state cyber operations. As tensions persist, Italy’s updated policy reflects a broader European trend: reducing reliance on Russian technology, especially where critical infrastructure is concerned.

What Does This Mean for Italy’s Digital Defenses?

The new measures go beyond a simple blacklist. Italian public agencies must now ask suppliers for a comprehensive “software bill of materials” - essentially, a full ingredient list for any digital product. This aims to spot hidden Russian components that might slip through the cracks. IT managers must also map out all software in use, reinforcing the “risk management” mindset: if you don’t know what’s in your system, you can’t protect it.

For the market, these bans signal a clear pivot toward trusted, transparent suppliers. For Russia, it’s another sign of technological decoupling. And for Italy’s cyber defenders, it’s a high-stakes game of trust - where the cost of a single compromised line of code could be national security itself.

WIKICROOK

• National Cybersecurity Agency (ACN): The National Cybersecurity Agency (ACN) is Italy’s main body for coordinating and defending national digital infrastructure and cybersecurity policies.
• Software Bill of Materials (SBOM): A Software Bill of Materials (SBOM) is a detailed list of all code and components in a software product, helping ensure transparency and security.
• Hybrid Warfare: Hybrid warfare mixes military, cyber, and information tactics to destabilize opponents, allowing states or groups to cause disruption without direct conflict.
• Cloud Services: Cloud services are online platforms for storing and processing data, often targeted by attackers seeking to hide activities or steal information.
• Risk Management: Risk management is the process of identifying, evaluating, and addressing potential threats to an organization’s assets to minimize negative impacts.