The goals of the Secure and Trustworthy Cyberspace (SaTC) program are aligned with the Federal Cybersecurity Research and Development Strategic Plan (RDSP) and the National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. The NPRS, which complements the RDSP, identifies a framework for privacy research, anchored in characterizing privacy expectations, understanding privacy violations, engineering privacy-protecting systems, and recovering from privacy violations. In alignment with the objectives in both strategic plans, the SaTC program takes an interdisciplinary, comprehensive and holistic approach to cybersecurity research, development, and education, and encourages the transition of promising research ideas into practice. The SaTC program welcomes proposals that address cybersecurity and privacy, and draw on expertise in one or more of these areas: computing, communication and information sciences; engineering; economics; education; mathematics; statistics; and social and behavioral sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both encouraged. The RDSP identified six areas critical to successful cybersecurity R&D:
- scientific foundations;
- risk management;
- human aspects;
- transitioning successful research into practice;
- workforce development; and
- enhancing the research infrastructure.
Proposals must be made in one of the following areas:
CORE: This solicitation focuses only on core research directly supporting a safe, secure, resilient, and trustworthy cyberspace, conducted ethically with the highest scientific standards. Of special interest are proposals that are transformative, forward-looking, and offer innovative or clean-slate approaches that provide defenders a distinctive advantage. SaTC views cybersecurity as a socio-technical challenge and encourages proposals that advance the field of cybersecurity within a single discipline, or efforts that span multiple disciplines. Some specific research topics of interest for CORE proposals include, but are not limited to:
- Access Control & Identity Management
- Authentication & Biometrics
- Cryptography Applied & Theory
- Cyber-Physical Systems
- Data Science
- Formal methods & Language-based Techniques
- Hardware Security Architecture
- Hardware Security Design
- Information Trustworthiness
- Intrusion Detection
- Mathematics & Statistics
- Social, Behavioral, & Economic Sciences
- Softare Security Engingeering
- Usability & Human Interaction
EDU: The Education (EDU) designation will be used to label proposals focusing entirely on cybersecurity education. Proposals submitted to this designation leverage successful results from previous/current basic research in cybersecurity and research on student learning, both in terms of intellectual merit and broader impacts, to address the challenge of expanding existing educational opportunities and resources in cybersecurity. This might include but is not limited to the following efforts:
- Based on the results of previous and current basic research in cybersecurity, define a cybersecurity body of knowledge and establish curricular recommendations for new courses (both traditional and online), degree programs, and educational pathways leading to wide adoption nationally;
- Evaluate the effects of these curricula on student learning;
- Encourage the participation of a broad and diverse population in Cybersecurity Education;
- Develop virtual laboratories to promote collaboration and resource sharing in Cybersecurity Education;
- Develop partnerships between centers of research in cybersecurity and institutions of higher education that lead to improved models for the integration of research experiences into cybersecurity degree programs;
- Develop and evaluate the effectiveness of cybersecurity competitions, games, and other outreach and retention activities; and
- Conduct research that advances improvements in teaching and student learning in cybersecurity and, where possible, focuses on broadening participation.
TTP: The Transition to Practice (TTP) designation will be used to label proposals that are focused exclusively on transitioning existing research to practice. The TTP designation may be used for Small and Medium proposals.
The objective of TTP is to support the development, implementation, and deployment of later-stage and applied security or privacy research into an operational environment in order to bridge the gap between research and production. A TTP proposal must specifically describe how the successful research results will be operationally deployed into an organization or technology. Collaborations with industry are strongly encouraged. The outcome of a TTP project is not solely intended to be commercialization. Proposals that target the security of the scientific research cyberinfrastructure, and enable robust and reliable science through advances in reproducibility, provenance, and privacy are highly encouraged. Topics of interest include: tools to detect behavioral anomalies across cyberinfrastructure systems, including detecting the tools and techniques of an attack and methods to mitigate security threats; tools to ensure the integrity of data as it traverses multiple environments such as mobile, cloud, multiple clouds, and networks; and real-time data analytics for security incident response.