Improving Critical Infrastructures Protection from Cyber Attacks in Italy: The Public-Private Partnership Model

This Thesis has aimed to analyse the use of PPP as a tool to enhance the protection of critical infrastructures from cyber attacks in the Italian legal and institutional context. The protection of critical infrastructures in democratic societies with a liberal economy like Italy implies, inter alia, the balance between the State’s prerogatives and obligations (at national, supranational and international level) with the needs and the interests of the operators who manage or maintain the infrastructures. In other words, policies and regulatory actions implemented in the critical infrastructures protection (CIP) context need to be incorporated into an institutional architecture based on an ad hoc legal framework, in order to encourage collaboration between government representatives and private actors. For these reasons, the vast majority of developed countries have recognized, through the approval of specific national policies, PPP as a solution to improve the protection of critical infrastructures from cyber attacks. In light of this, the Thesis examined the implications of national policies and European legislation on CIP and cyber security on the Italian legal and institutional framework, highlighting the use of PPP in this context. Italy, indeed, has recognized in its strategic documents and regulatory policies the importance of developing appropriate forms of public-private partnerships in order to improve national capacity to protect critical infrastructures against threats stemming from cyberspace. In line with these premises, the Thesis has focused not only on the analysis of the Italian institutional and regulatory context, but also on the study of the tools implemented to foster collaboration between the public and private sectors to examine their strengths and weaknesses in protecting critical infrastructures from cyber attacks. In accordance with the multidisciplinary character of the PhD program, the Thesis aimed to provide a complete analysis on the implications arising from the interactions between the evolution of cyber threats, vulnerabilities of critical infrastructures, implementation of policies and diffusion of the PPP in this context, examining their implications on the legal, political, philosophical, organizational, economic, social and technical-procedural spheres.