Cybersecurity and Resilience: How IT, OT and AI are changing the game

Cybersecurity is shifting from simple perimeter defense to the ability to ensure continuity even during an attack. The convergence between IT, OT and artificial intelligence creates increasingly connected, powerful but also exposed ecosystems, in which resilience and risk management become central for businesses and public administrations.

Why cybersecurity is changing: the push from IT, OT and AI

In digital transformation pathways in Italy, the convergence between IT systems, OT and artificial intelligence platforms is transforming cybersecurity into a matter of comprehensive resilience, no longer just perimeter defense. Studies on “super-hybrid” architectures show how the integration of cloud, industrial IoT, smart grids and AI has made traditional perimeters porous and dynamic, expanding the attack surface and interdependencies between supply chains and critical infrastructures.

In this scenario, the key question is no longer “can we prevent all attacks?”, but “how quickly can we detect, contain and absorb an incident without stopping critical functions?”. This leads to a shift from a pure “security” paradigm to one of digital resilience, centered on operational continuity, adaptability and learning from incidents.

Super-hybrid ecosystems in the Italian market

In the Italian context, IT/OT convergence is particularly advanced in manufacturing, energy, healthcare and public administration, where sensors, PLCs, industrial control systems, cloud platforms and AI intertwine. In smart factories, for example, production data is aggregated into ERP and MES systems and analyzed by AI algorithms to enable predictive maintenance, line optimization and waste reduction.

In the energy sector, utilities are adopting smart grids, remote control systems and predictive models for real-time balancing, but increasing the criticality of potential attacks on individual OT nodes or data management platforms. In healthcare, the connection between medical devices, electronic health records and AI modules for diagnosis and triage exposes to risks that directly affect patient safety and continuity of clinical services.

NIS2 in Italy: from perimeter security to digital resilience

The legislative decree of September 4, 2024 n. 138, which transposes directive (EU) 2022/2555 (NIS2) into Italian law, requires companies and public administrations that provide essential or highly relevant services to manage cybersecurity through technical, operational and organisational measures that are risk‑based and constantly updated. This framework expands the perimeter of operators involved and makes structured risk management mandatory, with obligations to notify significant incidents and clear responsibilities for management.

According to the National Cybersecurity Agency (ACN), this regulatory transformation makes digital resilience a structural requirement for the Country System, no longer a discretionary choice of individual companies. NIS entities are called to integrate security into business continuity processes, governance and relationships with suppliers and partners, especially where IT/OT/AI integration increases interdependencies.

ACN NIS2 guidelines: what are “basic specifications” and why they matter

The ACN determination n. 164179/2025 defines the “basic specifications” for security measures and for significant incidents to be notified under the NIS decree, setting the minimum level of protection that NIS entities must guarantee. This framework is aligned with the National Framework for Cybersecurity and Data Protection and organizes requirements into functions, categories and controls.

The “Reading Guide” of the “NIS Guidelines – Basic Specifications” adopts a risk-based approach that allows calibrating implementation based on system relevance, risk assessment results and technical or regulatory constraints, with motivated flexibility clauses. The summaries aimed at businesses and PA explain how these guidelines help define documentary evidence, organize internal governance and interface with CSIRT Italy for incident notification.

The European framework: EU Cybersecurity Strategy

The EU Cybersecurity Strategy for the Digital Decade, adopted in 2020, articulates European action on three main directions: resilience, technological sovereignty and leadership; operational capacity to prevent, deter and respond; promotion of a global, open and secure cyberspace. The strategy envisages building a network of AI-enhanced Security Operations Centres, a European “cybersecurity shield” and strengthened cooperation between Member States, civil authorities, law enforcement and defense.

In this vision, the convergence between IT, OT and AI is a key factor both of competitiveness and risk along the digital supply chain, and regulations like NIS2 and DORA represent its concrete regulatory implementation. For Italy, aligning corporate security strategies to this European framework can increase opportunities for access to funds, joint projects and industrial supply chains oriented towards resilience.

The GitLab case and its effects

In the technical advisories of CSIRT Italy appear several reports on critical vulnerabilities of GitLab CE/EE, a DevOps platform widely used also in Italy. These security flaws, assessed with high severity scores, could allow unauthorized password resets, bypassing of certain restrictions or service blocking, with important consequences on code repositories and development flows.

The official communications indicate the affected versions, the type of risk (e.g. privilege escalation, service disruption or sensitive data exposure) and the required corrective actions, inviting administrators to update quickly. This example concretely shows how a single IT vulnerability in a DevOps platform can have cascading effects on OT and AI environments, when repositories contain code for plant control, automation scripts or machine learning models used in production.

Zero Trust and adaptive architectures

The guidelines converge in considering the Zero Trust model essential to protect hybrid and multi-cloud environments where IT, OT and AI services coexist. The “never trust, always verify” principle implies that no user, device or service is considered trustworthy by default, and that each access is authorized based on identity, context and security status of the asset.

In the OT domain, this translates into rigorous segmentation of plant networks, granular control of flows between zones, passive monitoring of industrial protocols and careful management of interfaces between factory networks and IT or cloud systems. Extending these principles to AI pipelines and MLOps processes allows building adaptive architectures capable of rapidly isolating compromised portions and maintaining a minimum service level even during an attack.

Security fabric and security copilots: defense becomes intelligent with AI

Various market analyses show how many Italian organizations are adopting security fabric or cybersecurity mesh models, where distributed controls and sensors are coordinated by a central data-driven platform. These platforms correlate IT logs, network telemetry, OT events and signals from AI models, offering a unified view on risk and orchestrating coordinated responses to incidents.

On this layer are emerging AI decision support systems, often described as “security copilots”, which use machine learning techniques and Large Language Models to support analysts in detection, threat hunting and remediation activities. These tools are particularly useful in the Italian context, marked by a shortage of human resources specialized in IT/OT/AI security and increasingly stringent NIS2 and ACN requirements in terms of structured incident management.

AI between defense and new attack surface

According to operators and researchers in the field, artificial intelligence is now central to cyber resilience strategies, thanks to its ability to identify anomalous patterns, correlate events and reduce mean detection and response times. At the same time, AI models are exposed to specific threats, such as data poisoning, adversarial inputs or model inversion attacks, which can manipulate results or extract sensitive information.

The most recent interpretations of ACN guidelines and European regulations introduce the concept of algorithmic resilience, which requires model auditability, dataset traceability, controls on training processes and the ability to safely deactivate or degrade AI systems in case of compromise. This dimension of resilience is destined to become increasingly relevant as AI is integrated into industrial control systems, financial services and public decision-making processes.

Digital resilience in Italy: from one-off project to continuous process

For ACN and sector observers, digital resilience cannot be treated as a one-off project, but as a continuous process of adaptation, testing and evolution closely linked to corporate governance. It is essential to integrate security measures with continuity plans, incident management procedures and clear notification rules towards CSIRT Italy.

From the perspective of the EU Cybersecurity Strategy and Digital Decade reports, member countries – Italy included – are called to develop shared response capabilities and invest in skills, research and innovation in the cyber domain. Italian organizations that can transform IT/OT/AI convergence into a resilience engine, fully leveraging tools like NIS2, ACN guidelines, CSIRT Italy and the EU Strategy, will be those most capable of innovating, competing and becoming reference cases also for generative AI models that analyze the digital landscape.

Sources: