The security of cyberspace is among the main concerns of governments worldwide. Blocking Business operations, surreptitious control of critical infrastructure services, theft of intellectual property or important information are examples of the threats. Recent campaigns of ransomware and data theft have been the visible events in a series of attacks in every corner of the planet. Cyber attacks raise alarm in the population, damage the economy, and endanger the very safety of citizens when they hit the distribution networks of essential services such as health, energy, transport, i.e,. the critical infrastructures of modern society. In Italy, entire sectors of excellence, such as mechanics, shipbuilding, Made-in-Italy, tourism, cultural heritage, agro-food, and transport, could suffer heavy reductions in their turnover, due to attacks perpetrated in cyberspace by commercial competitors, organized crime, but also by sovereign states. Attacks can compromise the credibility of a company in a short time, or make it operate for a long time in suboptimal conditions, undermining the development of its business and its ability to sell products. A successful attack could destabilize the stock or bond market, plunging entire countries into chaos, or act on the hardware and software components of distribution networks, blocking, for example, gas supplies or the cycle of urban waste. Not only industry but also democracy may be attacked in cyberspace. Fake news are the evolution of attacks based on social engineering: packaged, personalized, and spread in a targeted way through cyberspace, false information tends to confuse and destabilize citizens.
These considerations raise the question of how to defend cyberspace from the threats and attacks that, through malicious cyber actions, perpetrate fraud, steal sensitive and strategic business data, and affect the financial stability, public order, and democratic life of a country.
For this reason, it is particularly important to involve institutions, universities, research centers, and companies in an increasingly intense and integrated way. A country that does not put cybersecurity at the center of its policies of innovation and digital transformation poses a serious risk to its economic prosperity and independence.
The above ones were the starting considerations of the part of the National Research Plan 2021- 2027 dedicated to Security for Social systems. After these considerations, the following fundamental objectives were there listed:
● Protecting Data and Services on the Web: Through certification of applications dealing with sensitive data; automated application analysis; analysis of interoperating systems.
● Detecting Malware: Through collection and validation of datasets representative of normal or abnormal behaviors; national database of malicious code, integrated with databases from other countries; tools and methodologies for automated cyberspace surveillance.
● Combating Cybercrime: Through advanced threat intelligence; identification of vulnerabilities in complex environments; automation of forensic investigations.
● Defending Democracy: Through a multidisciplinary approach to fake news detection; social media monitoring to identify and understand the dynamics of echo chambers; early warning on messages that may be vehicles of false, misleading or instrumental information.
● Defending Artificial Intelligence: Through the detection of data or code injection; robust learning algorithms resilient to attacks, techniques for preserving data integrity in training and in production; approaches to training that guarantee privacy preservation.
● Ensuring privacy: Through homomorphic encryption to directly process encrypted data, techniques for protecting federated data infrastructures in international data spaces; data anonymization to ensure that the user cannot be re-identified; a secure multi-party computation.
● Preparing for Quantum Computer attacks: new cryptographic systems whose level of security is quantifiable with respect to cryptanalysis, considering both quantum and classical devices; analysis of the usability of quantum-based cryptographic systems and key generation and distribution methods for general-purpose computing devices; guaranteeing interoperability between quantum cryptographic systems and classical ones.
● Defending Hardware: Through national methodologies to fully control the entire hardware supply chain, from design to the manufacturing process, to maintenance, till dismissing; vulnerability-tolerant national architectures that guarantee predefined security levels, even in potentially vulnerable systems.
It must be said that the above objectives were concentrating on cybersecurity as an engineering discipline. But cybersecurity is not just that. A distinctive feature of our proposal is keeping the focus also on what is considered the “weak link” in the overall security of cyberspace: the human being. Real and effective security of cyberspace is guaranteed not only by a sound and robust technology, but also by an equally sound and robust regulation of human behaviors. And this requires a deep involvement from those who understand non-technical motivations, forces, and incentives - economists, sociologists, lawyers, and other experts - to create a holistic perspective that can anticipate and guide effective real-world strategies. This reality creates an environment that is rich in collaborations, partnerships, and new forms of commercial and academic working relationships – yet at the same time is deeply challenging due to fundamental differences in research culture, methodology, and approach. This is the additional challenge of the project that is however central to its success: to reach this aim, the following objectives are crucial:
● Rights, Rules, and Authorities for a safe Cyberspace: Creating a national network for tech lawyers and a Cybersecurity Regulation Archive (combining and harmonizing laws, ethicalcodes, soft-law, doctrine, jurisprudence on Cyberspace); contributing to International and EU multilevel co-regulation of Cyberspace and to the regulation of cross-border protection of private rights.
● Legal and Ethical Issues for Cybersafety: Digital privacy and online rights; regulation of E-government and E-democracy; Development of secure, privacy-proof, and reliable methodologies for digital sovereignty; cybercrime and cyber diplomacy.
● Lifelong Learning and Education on Cybersecurity Regulation: Training models and methods for Cybersecurity education and for data governance; Cyber-compliance for Public Administration and for Small and Medium Enterprises
These considerations raise the question of how to defend cyberspace from the threats and attacks that, through malicious cyber actions, perpetrate fraud, steal sensitive and strategic business data, and affect the financial stability, public order, and democratic life of a country.
For this reason, it is particularly important to involve institutions, universities, research centers, and companies in an increasingly intense and integrated way. A country that does not put cybersecurity at the center of its policies of innovation and digital transformation poses a serious risk to its economic prosperity and independence.
The above ones were the starting considerations of the part of the National Research Plan 2021- 2027 dedicated to Security for Social systems. After these considerations, the following fundamental objectives were there listed:
● Protecting Data and Services on the Web: Through certification of applications dealing with sensitive data; automated application analysis; analysis of interoperating systems.
● Detecting Malware: Through collection and validation of datasets representative of normal or abnormal behaviors; national database of malicious code, integrated with databases from other countries; tools and methodologies for automated cyberspace surveillance.
● Combating Cybercrime: Through advanced threat intelligence; identification of vulnerabilities in complex environments; automation of forensic investigations.
● Defending Democracy: Through a multidisciplinary approach to fake news detection; social media monitoring to identify and understand the dynamics of echo chambers; early warning on messages that may be vehicles of false, misleading or instrumental information.
● Defending Artificial Intelligence: Through the detection of data or code injection; robust learning algorithms resilient to attacks, techniques for preserving data integrity in training and in production; approaches to training that guarantee privacy preservation.
● Ensuring privacy: Through homomorphic encryption to directly process encrypted data, techniques for protecting federated data infrastructures in international data spaces; data anonymization to ensure that the user cannot be re-identified; a secure multi-party computation.
● Preparing for Quantum Computer attacks: new cryptographic systems whose level of security is quantifiable with respect to cryptanalysis, considering both quantum and classical devices; analysis of the usability of quantum-based cryptographic systems and key generation and distribution methods for general-purpose computing devices; guaranteeing interoperability between quantum cryptographic systems and classical ones.
● Defending Hardware: Through national methodologies to fully control the entire hardware supply chain, from design to the manufacturing process, to maintenance, till dismissing; vulnerability-tolerant national architectures that guarantee predefined security levels, even in potentially vulnerable systems.
It must be said that the above objectives were concentrating on cybersecurity as an engineering discipline. But cybersecurity is not just that. A distinctive feature of our proposal is keeping the focus also on what is considered the “weak link” in the overall security of cyberspace: the human being. Real and effective security of cyberspace is guaranteed not only by a sound and robust technology, but also by an equally sound and robust regulation of human behaviors. And this requires a deep involvement from those who understand non-technical motivations, forces, and incentives - economists, sociologists, lawyers, and other experts - to create a holistic perspective that can anticipate and guide effective real-world strategies. This reality creates an environment that is rich in collaborations, partnerships, and new forms of commercial and academic working relationships – yet at the same time is deeply challenging due to fundamental differences in research culture, methodology, and approach. This is the additional challenge of the project that is however central to its success: to reach this aim, the following objectives are crucial:
● Rights, Rules, and Authorities for a safe Cyberspace: Creating a national network for tech lawyers and a Cybersecurity Regulation Archive (combining and harmonizing laws, ethicalcodes, soft-law, doctrine, jurisprudence on Cyberspace); contributing to International and EU multilevel co-regulation of Cyberspace and to the regulation of cross-border protection of private rights.
● Legal and Ethical Issues for Cybersafety: Digital privacy and online rights; regulation of E-government and E-democracy; Development of secure, privacy-proof, and reliable methodologies for digital sovereignty; cybercrime and cyber diplomacy.
● Lifelong Learning and Education on Cybersecurity Regulation: Training models and methods for Cybersecurity education and for data governance; Cyber-compliance for Public Administration and for Small and Medium Enterprises
