The goals of the Secure and Trustworthy Cyberspace (SaTC) program are aligned with the Federal Cybersecurity Research and Development Strategic Plan (RDSP) and the National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. The NPRS, which complements the RDSP, identifies a framework for privacy research, anchored in characterizing privacy expectations, understanding privacy violations, engineering privacy-protecting systems, and recovering from privacy violations. In alignment with the objectives in both strategic plans, the SaTC program takes an interdisciplinary, comprehensive and holistic approach to cybersecurity research, development, and education, and encourages the transition of promising research ideas into practice.The RDSP identified six areas critical to successful cybersecurity R&D:

1. scientific foundations;
2. risk management;
3. human aspects;
4. transitioning successful research into practice;
5. workforce development; and
6.  enhancing the research infrastructure.

The SaTC program welcomes proposals that address cybersecurity and privacy, and draw on expertise in one or more of these areas: computing, communication and information sciences; engineering; economics; education; mathematics; statistics; and social and behavioral sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both encouraged.

Proposals must be made in one of the following areas:

Secure and Trustworthy Cyberspace core research (CORE) Designation

The scope of the SaTC core research program is broad and interdisciplinary, and welcomes foundational research on security and privacy from researchers in computer science, engineering, mathematics, and social, behavioral, and economic sciences. SaTC views cybersecurity as a socio-technical challenge and encourages proposals that advance the field of cybersecurity within a single discipline or multiple disciplines.

This track focuses only on research directly supporting a safe, secure, resilient, and trustworthy cyberspace, conducted ethically with the highest scientific standards. Of special interest are proposals that are transformative, forward-looking, and offer innovative or clean-slate approaches that provide defenders a distinct advantage. Proposals whose security science exposes underlying principles having predictive value that extends across different security domains are especially encouraged. The program discourages proposals that address a sole vulnerability or device without advancing security science or considering the broader consequences of the proposed remedy. The SaTC program likewise discourages research focused primarily on the design and development of offensive techniques for exploiting vulnerabilities of systems that could be harmful to the operation of existing cyberinfrastructure.

Some specific research topics of interest for CORE proposals are included in the full program solicitation.

Transition to Practice (TTP) Designation

The objective of the TTP designation is to support the development, implementation, and deployment of later-stage and applied security or privacy research into an operational environment in order to bridge the gap between research and production. A TTP-designated proposal must specifically describe how the successful research results will be operationally deployed into an organization or technology. Collaborations with industry are strongly encouraged. The outcome of a TTP project is not solely intended to be commercialization, although the TTP may be a stepping stone to a Small Business Innovation Research (SBIR) proposal, an NSF Innovation Corps (I-Corps) team, or a commercial venture.

A TTP may transition later-stage research by other means such as licensing to commercial or government end users or deployment into scientific research cyberinfrastructure or Research and Education Networks. Proposals that target the security of the scientific research cyberinfrastructure, and enable robust and reliable science through advances in reproducibility, provenance, and privacy are highly encouraged. Topics of interest include: tools to detect behavioral anomalies across cyberinfrastructure systems, including detecting the tools and techniques of an attack and methods to mitigate security threats; tools to ensure the integrity of data as it traverses multiple environments such as mobile, cloud(s), and networks. 

Cybersecurity Education (EDU) Designation

The results of SaTC-funded research lead to widespread changes in our understanding of the fundamentals of cybersecurity. These new research outcomes, in turn, lead to new ways to educate students about cybersecurity. The EDU designation is interested in the development of evidence-based and evidence generating approaches that will improve cybersecurity education and workforce development. EDU supports projects that: improve cybersecurity learning and learning environments, develop new curricular materials and methods of instruction, develop new assessment tools to measure student learning, promote teacher recruitment and training in the field of cybersecurity, and improve the diversity of the cybersecurity workforce. In addition to innovative work at the frontier of cybersecurity education, the program also encourages replications of research studies at different types of institutions and with different student bodies to produce deeper knowledge about the effectiveness and transferability of findings.

Proposals submitted to the EDU designation are expected to leverage successful results from previous and current basic research in cybersecurity and research on student learning, both in terms of intellectual merit and broader impacts, to address the challenge of expanding existing educational opportunities and resources in cybersecurity. This may include, but is not limited to, the following efforts:

• Improve teaching methods for delivering cybersecurity content to K-12 students that promote correct and safe online behavior, and the understanding of the foundational principles of cybersecurity;
• Develop and implement activities to help K-12 teachers to integrate cybersecurity into computing courses;
• Support institutional collaborations between community colleges and four-year colleges or universities;
• Based on the results of basic research in cybersecurity, define a cybersecurity body of knowledge and establish curricular activities for new courses, degree programs, and educational pathways leading to wide adoption nationally;
• Evaluate the effects that new and existing curricula have on student learning;
• Develop partnerships between centers of research in cybersecurity and institutions of higher education that lead to improved models for the integration of research experiences into cybersecurity degree programs;
• Conduct research that advances improvements in teaching and student learning in cybersecurity and, where possible, focuses on the participation of a broad and diverse population in cybersecurity education and workforce;
• Develop effective evidence-based curricular and co-curricular activities for students studying cybersecurity at the K-12, undergraduate, or graduate level; and
• Evaluate the effectiveness of cybersecurity competitions, games, and other outreach and retention activities.

EDU projects are expected to contribute to the cybersecurity education knowledge base. The complexity, scope, and size of those contributions should be commensurate with the relevant experience and expertise of the project team and the institution. All EDU proposals must include a dissemination strategy that is tied to broader impact goals and a clear plan to report on the project and its successes and lessons learned to appropriate audiences.