Evaluating cybersecurity in Italian Public Administrations

A methodology for cybersecurity assessment of public administration: a case study on Lombardy municipalities

Cybersecurity represents an abilitating factor for the digital transition of public administration (PA). A fundamental component of PA is municipalities. Therefore, our project focused on the cybersecurity level of the Lombardy municipalities. During our analysis, we performed (on a voluntary basis) the assessment of the IT infrastructures of the cities (e.g., phishing test, analysis of exposed resources and their vulnerabilities) as well as an evaluation of the cybersecurity skills of the people involved in these infrastructures. While the first point was assessed with a remote vulnerability test, the last was assessed with focus groups and an online survey involving more than 200 participants. Our analysis concluded that considering the resources available to the municipalities, the cybersecurity level of the municipalities is reasonable. However, further work is needed to defend PA against phishing attacks and education about the cloud transition.