CNR is currently present in two of the four European Pilot Competence Networks in CYBERSECURITY (Established in 2019). CNR was among the 5 founding members of the European Cyber Security Organization (ECSO), unique RTO/academia, (currently 230 with more than 60 RTOs/academia) and promoted the creation of the Cyber Security contractual Public/Private/Partnership (an EU initiative with 450ME of budget). CNR co-edited the first strategic European strategic research agenda in cyber security since 2013. 

This naturally extends the Cybersecurity Area Progettuale (AP) of the DIITET although it is open to contribution from the whole CNR network and outside. 

The VL it is also instrumental in cooperating with the CINI National Cyber Security Lab in the ambit of the Comitato nazionale per la ricerca in cybersecurity (Italian National Committee for Cybersecurity Research) signed between the president of CNR and the president of CINI in 2017.

At the European Level near 2-3 Billion Euros are expected in FP9 (HE and DEP). CNR through the Pilot networks and ECSO is also able to influence the allocation of such budget to specific research and innovation topics.

Objectives

• Contribute to the national security system by collaborating with public and private organizations. The project will foster the national security by providing training courses (such as the master of first level co-organized with the University of Pisa or the Master of the University of Calabria at Rende), fostering research on the matter, helping to rapidly and privately exchange information among the interested parties raising the overall cyber risk awareness. 
• Consolidate and extend the leading role of CNR at national and international level in the sector by means of further investments in strategic cooperation. CNR LV-CS will help the institutes and CNR to cooperate with other research, industrial and governmental bodies at the national level. This cooperation will disseminate the knowledge about the research results of the institute, gain a similar knowledge about advancements and practices used by partners, and further develop novel ideas by combining and sharing the available knowledge. 
• Maximize the visibility of all these activities for CNR. A successful implementation of the project, from both the technological and the political point of view, will increase the awareness of the interested parties in relevant (as well as other) activities conducted by CNR. 
• Facilitate participation in national and international projects. A wider network of (potential) partners and experience in cooperation within the project will foster further development of common ideas which will grow into national and international projects, using also the third party clause (if formally required). The extended capabilities of the LV-CS will attract the attention of potential partners, which could use the results of the project for further research.
• Ease relations with government bodies and industry. The need for the project results is not only academic. Government is interested in the project because of the international pressure in establishing minimal levels of protection. Moreover, the government will benefit from the project because of increased social good. Industry will get the required cyber security professionals, new technologies, and the increased possibility of exchanging the information with partners, significantly reducing the risk level. 
• Cooperate with international and industrial partners which have already established cooperation: SAP, BT, UNIPOL, HP, Polizia, Guardia di Finanza, MISE, Carabinieri,  etc…
• Collaborate at European level with the network of centres of Excellence on Cyber security, crime and intelligence. It is natural for the project, in general, and for CNR, in particular, to cooperate and exchange knowledge with other centres of Excellence on Cyber Crime already established in Europe, increasing further the network of partners.
• Collaborate with the European Cyber Security Research and Competence Centre and constitute a national cyber security competence centre as envisaged by the new European Cyber Security Strategy (Sept. 2017). Initial funding for this initiative being 50ME.
• Dissemination and training activities. The project will help to raise awareness of different national and international organizations about the activities of CNR through the dissemination of the project results. Also, training events, including specialized courses, organized within the project, will contribute to the spread of public awareness about the LV within the cyber security community.
• Statistics shows that the number of students willing to study computer science is declining in Europe, while the demand for people having such skills is high. It increases both in the academic environment and  in industry. There is a need to increase at all levels the skills and competences in the field. 

Motivation at EU level

• Cyber-security attacks become more and more frequent and complex. This can be partially explained by the emergence of a black-market for personal information, obtained from business, government and public bodies, and a growing understanding that valuable assets, that are not only financial data, can be stolen from IT systems. Many traditional crimes migrate to the cyber world (for example credit card fraud), where attacks are easier and safer for the criminal. Advanced persistent threats (APTs) and targeted attacks, cyber-espionage and cyber-terrorism also increase in numbers. A research of Verizon found 855 targeted attacks and 174 million compromised records among the largest businesses in the USA. The ENISA’s report on National and international Cyber Security Exercises revealed that 75% of the respondents said that the issue has been or is an increasing concern. The majority reported that they believe to have been the victim of a targeted attack and 30% reported a significant business impact.
• More than 1 million people suffer from cyber attacks every day and the overall worldwide total could reach 388 billion dollars. The annual cost of cybercrime to the UK was estimated to be £27bn (about 1.8% of GDP). Moreover, the losses by citizens and the government were estimated to be around £3bn each, when the losses for business were £21bn. Such magnitude of the cyber threat forced the UK Government to invest more than £650m in cyber-security in recent Strategic Defence and Security Reviews.
• The fight against international terrorism has highlighted the shortcomings of the European Law Enforcement Agencies regarding the availability and effectiveness of tools, OSINT and, more generally, of Cyber Intelligence. Thus, there is a need for further fostering cyber security research, incentives for information exchange, and education of cyber security professionals. This is a growing area of interest.
• The increase in cyber attacks and their impact provoked the increase in demands for skilled cyber-security professionals in the developed world. An article published by Computing magazine stated that there is the need of 21 million additional cyber-security professionals to properly provide basic protection against cyber criminals and hackers. Burning Glass Technologies, which works on technologies to match people with jobs, reported that the demand for cyber-security professionals grows twice faster than the demand for other IT jobs. Cyber-security jobs account for about 10% of all IT jobs. Other sources of data confirm the growing need in cyber security specialists. For example, CBTJobs.com, a specialized job searching web site, stated that “employment of computer security specialists is expected to increase by 27% by 2016, which is much faster than the average for all occupations”. According to the Bureau of Labor Statistics, the need for information security professionals is about to grow by 53% through 2018.
• Europe is witnessing a similar increase in the demand for highly skilled cyber-security professionals. As a consequence, Cyber-Security Challenge UK has been established. This not-for-profit organisation is working to encourage talented and skilful people to move into the cyber-security profession. The recent survey of Sans Institute found that 60% of respondents reported that the demand for recruits is increasing, but 90% of them find it hard to get the people with the skills they need. Saying this, it is worth mentioning that several EU member state government agencies reported a decline in the number of undergraduate and graduate students studying computer science. In other words, the shortage of qualified professionals in the cyber-security sector may continue for up to 20 years.
• The most problematic, from the hiring point of view, cyber security jobs are incident response and threat assessment, followed closely by policy, strategy and governance jobs. The three other categories concluding the top 8 security jobs are: education and training, researchers and legal experts. These three categories are close to thhis proposal. The legal expertise in cyber security is especially important regarding the significant effort in recent regulatory actions on the European level:
  • The policy on Critical Information Infrastructure Protection (CIIP)
  • Data protection regulation (GDPR)
  • Commission Directive on Network and Information Security (NIS) 
  • Cyber Security Act  
• The Directive imposes on Member States enforcing a minimal level of cyber-security preparedness, including training and education. Furthermore, the directive urges the Member States to foster the exchange of the information on accidents. This will boost the demand for highly qualified security professionals, as well as the requirement for establishing training and educational centres on cyber security. 

 

Relevance of Cyber Security on EU level

• The Directive on Network and Information Security (NIS) has been approved. 
• The NIS directive imposes measures on Member States for cyber security of the critical infrastructures and other:
  • In particular, reach the minimal level of protection
  • Exchange the information on accidents:
  • CNR has contributed by coordinating a working group  on Research and Innovation WG3 of the technological platform associated with the NIS directive (successfully concluding the assigned work)
• New funding on European and National levels (also in relation to the recent facts). The new European Cyber Security Strategy demands for national competence centres in cyber security as well as a European Cyber Security Research and Innovation centre. CNR ran in the past the virtual centre of excellence in Secure Future Internet and currently the European Cyber Security network. 
• The fight against international terrorism has highlighted the shortcomings of the European Law Enforcement Agencies regarding the availability and effectiveness of tools OSINT and, more generally, of Cyber Intelligence.
• New cyber security act released on Sept. 13th 2017.
• The Scientific and Advise Mechanisms of the European Commission (SAM), composed mainly by recipients of Noble prizes and Fields medals defined the first two priorities for science and technology in Europe, the first one is the pollution due to lightweight vehicles and the second is cyber security. 

Motivation at Italian Level

National context 

Growing national awareness of Cyber Security Issues, testified by the request of major governmental institutions to have a unique interface to the cyber security research expertise. This culminated in the creation of the “Coordinamento Nazionale della Ricerca in Cyber Security”, realized by CNR and CINI, under the auspices of all the main law enforcement, intelligence and defence organizations. 

• With fundamental role and recognition by the CNR in Research and Services (Projects and Activities).
• Role of CNR as the Italian birthplace of the Internet.
• New important players at Italian level on cyber security:
  • National CERT (MISE)
  • National Cyber Security Lab of CINI – with 300 employees.
  • The cyber security district in Cosenza (30 million euro) – CNR is a part of it.
• New funding and activities of strategic interest.
• Lack of adequate tools of OSINT and Cyber Intelligence by police and DIS.

Main research areas covered

The Lab stems from the activities of the AP cybersecurity and other that have competencies in the following sectors:

1. 1. Cyber-Physical Systems (CPS) join security and safety needs, i.e. cyber-attacks may lead to injuries to human beings and loss of lives.
   2. Network security will investigate emerging issues such as Slow Denial-of-Service (DoS) attacks as well as last generation covert channels methodologies or monitoring emerging networks and systems like Tor (The Onion Router) web network for illegal activities.
   3. Intrusion Detection and Protection by means of energy-based security, i.e. the measure of (abnormal) power consumption.
   4. Privacy risk assessment and privacy-by-design methods are needed to guarantee high protection of personal data to enable (big) data analytics.
   5. Information Sharing and Analytics (ISHA): the design of machine learning, artificial intelligence and data analytics techniques able to make sense of large amounts of data.
   6. Cyber-intelligence on Social Media: techniques for gathering and analyzing data from Social Media for Intelligence purposes.

• Secure Software Engineering assures integrated approaches to face continuous evolution and criticalities rising during all the development cycle of software-intensive systems.

1. Access Control and Trust Management are among the most important security tools in large distributed systems.
2. Cryptography is a keyword: reliable, efficient implementations of state-of-the-art  algorithms and protocols are required, and must be assessed w.r.t. high-performance code breaking platforms.
3. Cloud Security concerns the protection of data and resources that are stored and shared on the Cloud, and of the business or research process that are outsourced to the Cloud.
4. Cyber insurance is a new domain: damages caused by targeted attacks need new mathematical models and regulations w.r.t. accidental events.

The Lab will cover research activities, training and education, networking and dissemination, aiming on consolidating the Lab as a main stakeholder in Europe. 

It will cover several research areas:

• Cyber risk management: The methodologies and techniques to assess the risk level of complex cyber infrastructures and define the management of such risks
• Cyber protection: The methodologies and techniques to protect the cyber world from attacks. It covers topics from IoT systems to large application domains as smart grids. 
• Cyber crime and forensics: The methodologies and techniques for studying criminal activities in the cyber world and provide means for managing evidence to be used in forensic activities. 
• Cyber intelligence: The methodologies and the techniques devoted to the collection and analysis of information from visible and dark web (including social media) for the protection of society.
• Cyber attacks. This area involves the study of how cyber attack methodologies that could be used to harm the cyber infrastructures at national level.   

Although the Lab will cover usual education & training activities as well as awareness & communication ones, its main focus will be on becoming the ideal place for the design and the implementation of solutions (at a suitable TRL) to specific problems of ICT security with a tight relation with the major stakeholders in the field. Research activities will be driven by the needs of the Institutional partners (LEA, Intelligence Agencies, etc.) from the very beginning, i.e. from the crucial step of defining in a clear way the problem and the alternatives to address it.

Main activities

The Cyber Security Lab should be structured in WPs (activities as follows):

• Management 
• Joint research activities
  • Core research areas
  • Vertical domains (transport, healthcare, Industry 4.0,  energy, ….)
• Education and training
• Consultancy services (including certification and testing)
• Exploitation, dissemination and eco system networking  
• Infrastructures development 
  • Development of the Italian Cyber security observatory.