{"id":439933,"date":"2025-11-12T18:45:05","date_gmt":"2025-11-12T17:45:05","guid":{"rendered":"https:\/\/www.eunews.it\/2025\/11\/12\/digitale-lamministrazione-pubblica-e-troppo-vulnerabile-agli-attacchi-informatici\/"},"modified":"2025-11-13T12:43:43","modified_gmt":"2025-11-13T11:43:43","slug":"digital-public-administration-too-vulnerable-to-cyber-attacks","status":"publish","type":"post","link":"https:\/\/www.eunews.it\/en\/2025\/11\/12\/digital-public-administration-too-vulnerable-to-cyber-attacks\/","title":{"rendered":"Digital, public administration too vulnerable to cyber attacks"},"content":{"rendered":"

Brussels – The public administration<\/strong> is as greedy as it is an easy target for cyber attacks<\/strong>. Despite being one of the EU’s priority areas for action in cybersecurity<\/strong>, the defence of public digital infrastructure has lagged, exposing a range of services <\/span>fundamental to citizens’ lives to increasing risks. Sounding the alarm is ENISA<\/strong>, the European Union Agency for Cybersecurity<\/strong>, in its November 2025 report<\/a><\/span>. <\/p>\n

The public administration (PA) sector, recalls the Athens-based body, is considered “highly critical”<\/strong> under the so-called NIS2 directive<\/strong>, with which the 12-star co-legislators (EU Parliament and Council) updated the relevant legislation in 2022. Those rules established a unified legal framework to ensure minimum security levels in 18 critical sectors<\/strong>, urging member states to define national cybersecurity strategies<\/strong>.<\/p>\n

Yet, ENISA’s report warns, the PA’s digital infrastructure<\/strong> remains too vulnerable to malicious action<\/strong>, despite its centrality in providing<\/span> indispensable services to citizens, from education to healthcare, from transport to waste collection. The sector is “still developing its cybersecurity resilience<\/strong>,” reads an agency statement. Translated: it takes little to compromise it, even seriously.<\/p>\n

\"cyber<\/a>
Photo via Imagoeconomica<\/figcaption><\/figure>\n

\n

The report analysed 596 cyber incidents that occurred in 2024<\/strong>, targeting the public administrations of the Twenty-Seven. With 38 per cent<\/strong> of the reports, the Public Administration sector<\/strong> is defined as “at risk” and is the most affected in the EU<\/strong>. Specifically, the most affected were the central governments<\/strong> (69 per cent<\/strong> of the total), mainly through attacks on the websites of parliaments, ministries, and national authorities or agencies. <\/p>\n

<\/p>\n

Among the most frequent types of incidents are Distributed denial of service<\/strong><\/em> <\/strong><\/em>(DDoS)<\/strong>, which consist of an overload of requests directed at the targeted server, which stops working. They account for 60 per cent of the total<\/strong><\/span> but usually have short durations<\/strong> and produce a limited impact<\/strong>. More dangerous, though less frequent, are data breaches and so-called ransomware<\/em><\/strong>, i.e., malicious programmes (malware) that “infect devices<\/strong>” in various ways, demanding a ransom<\/strong> to unlock the devices or the files<\/strong> on them, if they are encrypted to prevent their use. <\/p>\n

<\/p>\n

Data-related threats, ENISA explains, include both breaches per se<\/strong> (17.4 per cent of cases) and data exposures<\/strong> (1 per cent), and represent the second most frequent type of incidents recorded by PAs in 2024. The employment services<\/strong>, the platforms of local administrations<\/strong>, as well as the sites of law enforcement<\/strong> and educational systems<\/strong>, were in the crosshairs. <\/p>\n

<\/p>\n

At the level of malicious actors, 2.5 per cent<\/strong> of total incidents are entities linked in some way to state powers, responsible for what the Agency calls cyberspionage campaigns<\/strong>. A small share, but one whose impact on national security may prove to be “significant.” The lion’s share\u2014just under 63 per cent\u2014is taken by the so-called hacktivists<\/strong>, i.e., individuals or collectives ideologically motivated to defend a political cause. Finally, “cybercrime operators<\/strong>” account for about 16 per cent of the total.<\/p>\n

\"hacktivisti\"<\/a>
Photo via Wikimedia Commons<\/span><\/figcaption><\/figure>\n

<\/strong><\/strong><\/strong><\/p>\n

“EU public administrations are likely to remain the most affected sector in the short to medium term<\/strong>,” ENISA predicts, especially given the new possibilities offered by artificial intelligence (AI)<\/strong> developments. Among the services most at risk, according to the report, are those of tax portals, electronic identification systems, and court work management. <\/p>\n

<\/p>\n

What to do, then? To counter DDoS, the EU Agency suggests strengthening controls<\/strong> to improve “architectural resilience and operational readiness<\/strong>,” also through operations such as enrolling critical sites in a “content distribution network<\/strong>” or protecting them with a “firewall for web applications<\/strong>.” <\/p>\n

<\/p>\n

Regarding incidents involving data, recommendations include multi-factor authentication<\/strong> with conditional access and privileged access management. Regarding ransomware, the implementation of specific protocols, such as Endpoint Detection and Response (EDR), is mentioned. In general, ENISA recommends improved preparedness and response, and greater cooperation between Member State authorities<\/strong>, both domestically and across countries.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

The latest report by the EU Information Security Agency (ENISA) indicates that the digital infrastructures of public authorities are excessively easy targets for cyber predators, especially in the age of artificial intelligence<\/p>\n","protected":false},"author":7876,"featured_media":235008,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","jnews-multi-image_gallery":[],"jnews_single_post":{"format":"standard","override":[{"template":"1","parallax":"1","fullscreen":"1","layout":"right-sidebar","sidebar":"default-sidebar","second_sidebar":"default-sidebar","sticky_sidebar":"1","share_position":"top","share_float_style":"share-monocrhome","show_featured":"1","show_post_meta":"1","show_post_author":"1","show_post_author_image":"1","show_post_date":"1","post_date_format":"default","post_date_format_custom":"Y\/m\/d","show_post_category":"1","show_post_reading_time":"0","post_reading_time_wpm":"300","post_calculate_word_method":"str_word_count","show_zoom_button":"0","zoom_button_out_step":"2","zoom_button_in_step":"3","show_post_tag":"1","show_prev_next_post":"1","show_popup_post":"1","show_comment_section":"1","number_popup_post":"1","show_author_box":"0","show_post_related":"1","show_inline_post_related":"0"}],"image_override":[{"single_post_thumbnail_size":"crop-500","single_post_gallery_size":"crop-500"}],"trending_post_position":"meta","trending_post_label":"Trending","sponsored_post_label":"Sponsored by","disable_ad":"0","subtitle":""},"jnews_primary_category":[],"jnews_override_counter":{"view_counter_number":"0","share_counter_number":"0","like_counter_number":"0","dislike_counter_number":"0"},"footnotes":""},"categories":[25710],"tags":[32599,25963,28373,32600,32601,27376],"class_list":["post-439933","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net-tech-en","tag-attacchi-ddos","tag-cybersecurity-en","tag-dati-en","tag-direttiva-nis2","tag-enisa","tag-administration-public-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/posts\/439933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/users\/7876"}],"replies":[{"embeddable":true,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/comments?post=439933"}],"version-history":[{"count":1,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/posts\/439933\/revisions"}],"predecessor-version":[{"id":439934,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/posts\/439933\/revisions\/439934"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/media\/235008"}],"wp:attachment":[{"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/media?parent=439933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/categories?post=439933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.eunews.it\/en\/wp-json\/wp\/v2\/tags?post=439933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}