At the completion of the course, attendees: • will get knowledge of UN SDGs, understanding of the processes constituting the given global challenges (environmental costs, circular health, ecosystem services and biodiversity, technological solutions). They will acquire the basic elements of the scientific method (falsifiability, repeatability, models, science dissemination), and general knowledge of major technical elements related to the challenge Digital. • will be aware of the very basic concepts related to security in general and to cybersecurity in particular, including several taxonomies; • will know about the main pillars of security and get a wide overview of the most significant weaknesses, vulnerabilities, and attacks in different fields and domains; • will be informed about the most significant set of laws, regulations, and standards adopted at National, European, and International level; • will experience the completion of a simple multidisciplinary research project work on a hot topic in the current cybersecurity field.

None.

Lectures & Syllabus The course will include 40 hours of lectures, whose syllabus is detailed in the sequel. • A first introduction to all the “Big Challenges” courses (11,5 hours) will consist of: ◦ the UN Sustainable Development Goals (SDGs) ◦ four samples of global challenges needing an integrated approach: 1) Climate Change and the definition of Anthropocene; 2) One Health (i.e.: pandemics and ecology); 3) Biodiversity crisis (Sixth Extinction model); 4) Beyond Problem Solving: global crisis and the evolution of technologies. • The specific challenge Digital will then be detailed analysing the technical elements of greatest social relevance (3 hours); the following 24 hours of lectures will be structured as follows: • CS_00 – CyberReadiness Pre-course assessment test • CS_01 – Security – An Introduction ◦ Introduction ◦ Safety ◦ Security ◦ Cybersecurity ◦ Dependability • CS_02 – Cybersecurity – Definition & relevance ◦ Cybersecurity ◦ Cyberspace ◦ Threat Chain ◦ Why attacks are possible ◦ Possible fallouts ◦ Side aspects ◦ Conclusions • CS_03 – Security Pillars ◦ Basic pillars ◦ Examples of triad attacks ◦ Additional pillars • CS_04 – Cybersecurity – Vulnerabilities ◦ Weakness vs. Vulnerability ◦ Vulnerability Taxonomy • CS_06 - Security vs Safety ◦ The concept of Failure ◦ Different “perceptions” ◦ Safety vs. Security • CS_07 - Security – The role of Hardware ◦ Introduction ◦ Hardware Security ◦ Hardware-based Security ◦ Hardware Trust • CS_08 - Social Engineering – Attack Vectors ◦ Phishing ◦ Spear Phishing ◦ Whaling ◦ Vishing ◦ Via social ◦ Impersonation ◦ Do ut des ◦ Quid pro Quo ◦ Baiting ◦ Dumpster Diving ◦ Piggybacking o Shoulder Surfing ◦ Physical Access ◦ Hoaxing ◦ Fake news ◦ Fake software & Trojans • CS_09 - Social Engineering – Prevention ◦ Training and Education ◦ Cyber Hygiene ◦ Assessment Tools ◦ Continuous Education ◦ Certifications ◦ Awareness ◦ Policies ◦ Third-party support • OSInt & SocMInt • CS_10 – Ethics and legal aspects ◦ Regulatory frameworks in cybersecurity: from a technical to a legal point of view ◦ Comparative analysis on cybersecurity legal aspects ◦ Cybersecurity policies, legal and social implications ◦ The role of Ethic in cybersecurity • CS_11 – The new Italian Cybersecurity National Architecture ◦ The Italian cybersecurity National Architecture: Historical approach ◦ The National Legal and Regulatory framework on cybersecurity ◦ Italian cybersecurity governance between public and private roles ◦ The Italian public-private partnership approach on cybersecurity ◦ The new Italian Cybersecurity National Architecture: from the perimeter to the National Cybersecurity Agency • CS_12 – European Laws ◦ The European Union approach on cybersecurity ◦ The EU Cybersecurity Strategy ◦ The EU legal framework: NIS Directive, GDPR and Cybersecurity Act ◦ The EU operative approach on cybersecurity: the role of ENISA ◦ The EU standard setting approach • CS_13 – International standards ◦ Comparative analysis of relevant standards in cybersecurity ◦ The NIST Standards ◦ The National Framework on Cybersecurity and Data Protection ◦ The ISO standard ◦ The Common criteria standard ◦ The EU Standards • CS_14 – CyberReadiness Post-course assessment test.

4 Course organization The course includes 3 main parts: • The part common to all the courses set up within the “Grandi Sfide” project • The Lectures • The Research Project work based on practical case study. 4.1 Common Part It will include 12 hours of lectures, as detailed above. 4.2 Lectures & Syllabus Il will include 40 hours of lectures, whose syllabus is detailed above. 4.3 Project works Attendees will then be invited to set up groups of 4-5 people and each group will have to carry on a research project work, whose topic will be freely selectable from a portfolio of proposed ones. During the development of its project, each group will be actively and effectively tutored. Each group will be asked to deliver a final project report, whose implementation and delivery details will be included in the project specifications.

Teaching materials PIEVANI: Books: - Jared Diamond, 1997, Armi, acciaio e malattie, Einaudi, Torino, 1998 (+ nuove edizioni) - Simon L. Lewis, Mark A. Maslin, 2018, Il pianeta umano, Einaudi, Torino, 2019. Articles (available on Politecnico Library System website, https://www.biblio.polito.it/): - David Morens, Anthony Fauci, 2020, “Emerging Pandemic Diseases: How We Got to COVID-19”, in Cell, 182: 1077-1092. - Emily Elhacham, Liad Ben-Uri, Jonathan Grozovski, Yinon M. Bar-On & Ron Milo, 2020, “Global human-made mass exceeds all living biomass”, in Nature, 588: 442-444. Attendees will be provided, via the dedicated Dropbox directory: • copies of all the slides used during the lectures; • Additional teaching materials; • Additional suggested readings. No textbook is required.

Exam: Computer lab-based test; Group essay;

The final evaluation includes three contributions, one for each part of the course, and namely: • Common part (15%): • Lectures (50%): the exam will consist in answering a set of questions covering the complete syllabus and delivered as multiple choice closed answers via the Politecnico Exam platform; • Research Project report evaluation (35%).

In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.