Institute of Informatics and Telematics


IIT CNR Cyber security Lab has been set up putting together the competences of several research and technological units and it covers 4 main areas:

  • Cyber risk management: The methodologies and techniques to assess the risk level of complex cyber infrastructures and define the management of such risks
  • Cyber protection: The methodologies and techniques to protect the cyber world from attacks. It covers from IoT systems till large application domain as smart grids). 
  • Cyber crime and forensic: The methodologies and techniques for studying criminal activities in the cyber world and provide means for managing evidence to be used in forensic activities. 
  • Cyber intelligence: The methodologies and the techniques devoted to the collection and analysis of information from visible and dark web (including social media) for the protection of society. 

The units involved are the followings:

  • Trust, Security and Privacy
  • Innovazione Digitale
  • Cyber Intelligence
  • Unità relazioni esterne, media, comunicazione
  • Ubiquitous Internet 
  • Computer and communication networks 
  • Knowledge organization systems


The main researchers involved are the followings:

Gianpiero Costantino

Arianna Del Soldato

Abraham Gebrehiwot

Filippo Lauria 

Fabio Martinelli 

Maurizio Martinelli

Ilaria Matteucci

Paolo Mori

Andrea Passarella

Marinella Petrocchi

Andrea Saracino

Maurizio Tesconi

Anna Vaccarelli



  • Cyber governance, risk and compliance    
    • Governance
    • Metrics
    • Risk management
    • Cyber insurance
  • Cyber Protection/Defence    
    • software assurance
    • formal models for secure and reliable systems
    • identity and trust management
    • Access and usage control
    • Cloud, IoT, mobile, network  security
    • Protocols security
    • Penetration testing
    • cyber threat management
  • Cyber intelligence    
    • machine and deep learning
    • privacy aware big data analytics
    • fake news, fake followers
    • cyber intelligence information sharing
    • Open source Intelligence
    • Natural language processing
    • Data mining techniques


1 febbraio 2019 – 31 gennaio 2022

SPARTA mira a reinventare il modo in cui la ricerca, l’innovazione e la formazione sulla sicurezza informatica vengono svolte in Europa in tutti i settori e le competenze, dalle fondamenta alle applicazioni, nel mondo accademico e industriale. SPARTA creerà una comunità di lunga durata in grado di collaborare per definire, sviluppare, condividere ed evolvere soluzioni che aiuteranno i professionisti a prevenire il crimine informatico e migliorare la sicurezza informatica

1 settembre 2019 – 31 agosto 2022

Il progetto CyberSANE propone una soluzione all’avanguardia per migliorare il rilevamento e l’analisi degli attacchi informatici alle infrastrutture critiche. Si aggiunge quindi alla base di conoscenze sulla situazione attuale relativa a questo tipo di minaccia informatica. Inoltre, CyberSANE supporta gli operatori della sicurezza (come i professionisti della risposta agli incidenti) nella preparazione, nella risposta e nell’adozione delle misure appropriate per la gestione dei rischi, nonché nel processo decisionale relativo agli incidenti di sicurezza.

1 giugno 2020 – 31 maggio 2023

The EU-funded E-CORRIDOR project will develop a flexible, secure and privacy-aware framework aimed at ensuring the safety and security of multimodal transport systems. Specifically, it will design a framework for the security of passengers and transportation operators. Collaborative policy-aware edge-enabled information sharing, analysis and protection-as-a-service will form the basis of the new framework.

1 ottobre 2020 – 30 settembre 2023

SIFIS-Home aims at providing a secure-by-design and consistent software framework for improving resilience of Interconnected Smart Home Systems at all stack levels. To this end, the framework enables the development of security, privacy aware and accountable applications, algorithms and services, and makes it possible to detect and dynamically react to cyber-attacks and intrusion attempts or violation of user-defined policies, thus increasing control and trust of Smart Home end users,

1 novembre 2020 – 31 ottobre 2023

The EU-funded MEDINA project will propose a framework for achieving a continuous audit-based certification for cloud service providers, complying with the EU Cybersecurity Act. The project will also address the definition and assessment of technical and organisational measures, security testing, machine-readable certification language and audit evidence management.


  • CNR IIT contributed to shape the European community through several WGs projects 
    • ERCIM STM WG (2004-2009) Coordinator
    • EU FP7 NESSOS Network of excellence (2010-2013) Coordinator
    • EU H2020 NECS training network(2015-2019) Coordinator
    • EU H2020 SPARTA pilot competence network (2019-2022) Partnership Coordinator
  • CNR IIT was the 5 founding member of ECSO in 2016 
  • Roadmapping in cyber security
    • NIS platform WG3 co-chair, ECSO WG6 co-chair, H2020 PASAG advisory group WG ICT security co-chair
  • CNR IIT has its own cyber Lab since 2016
  • CNR IIT contributed to set up the cyber lab of Tuscany Region 
  • Runs a master with the University of Pisa (5th edition)