Abstract for: Understanding Security Policies in the Cyber Warfare Domain through System Dynamics

In this paper we will delve with the analysis of the Italian Presidential Decree on Cyber Security, dated January 2013. By reading such Act, we got the impression that, again, policy makers lack both systemic skills and nonetheless the ability to evaluate the impacts of their choices and assumptions before implementing their decisions. The Italian Cyber Security Act (DL.2013) basically establishes, in case of national security put under threat by a cyber menace, to recur to an inter-ministerial working group (Inter-Ministerial Committee for the Security of the Republic - CISR) which, in case of deep crises, should be able to take decisions in a timely and effective manner. In this paper, we won’t argue about the effectiveness of such Board, which would have to be discussed by analyzing on one hand the specific competences (if any) brought to the Board by the various official stakeholders and, on the other, by the processes put in place in order to favour the work to be carried out by such Board; rather we will argue about the inherent delays in the system ultimately even made worse by the need to activate such Board for certain critical decisions.