The European Blockchain Services Infrastructure is a joint initiative of the European Commission and the European Blockchain Partnership (EBP), which aims to provide digital cross-border public services at European level, which should become increasingly usable and performing through the pan-European blockchain services infrastructure.

As part of the definition of the planned activities for EBSI security management, the tool developed by the Agency for Digital Italy has been chosen. The tool of AgID, in its role of support to administrations in the design and planning of actions to ensure the resilience of the national IT infrastructure of the Public Administration, will be used to carry out the risk analysis of the infrastructure itself, based on the framework defined at national level following the NIS directive (approved in 2016, is aimed at establishing measures for the implementation of a secure and reliable digital environment in Europe).

The tool also allows each PA to carry out self-assessment operations, to provide a report of the processing actions necessary to deal with the risks identified, to calculate and assess the risk arising from the use of cross national and local services, to manage user access to the various functionalities according to the assigned attributes and to carry out analysis and statistics on data security at a precise and general level.

The aim is to ensure the continuity of public services, managing the planning, coordination and monitoring of information security, presenting itself as a valid tool to protect the security of administrations that provide services to citizens and businesses.

The tool is accessible in web mode with SPID credentials, and it is designed to guide the user in the various phases of risk assessment execution:

• evaluation of the possible impacts of the loss of RID in relation to economic, operational, legal and reputational aspects;
• definition of the primary and secondary characteristics of the service and assignment of the criticality profile;
• identification of threats and security controls;
• calculation and monitoring of risk levels;
• preparation of the treatment plan.