The goals of the Secure and Trustworthy Cyberspace (SaTC) program are aligned with the Federal Cybersecurity Research and Development Strategic Plan (RDSP) and the National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. The NPRS, which complements the RDSP, identifies a framework for privacy research, anchored in characterizing privacy expectations, understanding privacy violations, engineering privacy-protecting systems, and recovering from privacy violations. In alignment with the objectives in both strategic plans, the SaTC program takes an interdisciplinary, comprehensive and holistic approach to cybersecurity research, development, and education, and encourages the transition of promising research ideas into practice.The RDSP identified six areas critical to successful cybersecurity R&D:
- scientific foundations;
- risk management;
- human aspects;
- transitioning successful research into practice;
- workforce development; and
- enhancing the research infrastructure.
The SaTC program welcomes proposals that address cybersecurity and privacy, and draw on expertise in one or more of these areas: computing, communication and information sciences; engineering; economics; education; mathematics; statistics; and social and behavioral sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both encouraged.
Proposals must be made in one of the following areas:
Secure and Trustworthy Cyberspace core research (CORE) Designation
The scope of the SaTC core research program is broad and interdisciplinary, and welcomes foundational research on security and privacy from researchers in computer science, engineering, mathematics, and social, behavioral, and economic sciences. SaTC views cybersecurity as a socio-technical challenge and encourages proposals that advance the field of cybersecurity within a single discipline or multiple disciplines.
This track focuses only on research directly supporting a safe, secure, resilient, and trustworthy cyberspace, conducted ethically with the highest scientific standards. Of special interest are proposals that are transformative, forward-looking, and offer innovative or clean-slate approaches that provide defenders a distinct advantage. Proposals whose security science exposes underlying principles having predictive value that extends across different security domains are especially encouraged. The program discourages proposals that address a sole vulnerability or device without advancing security science or considering the broader consequences of the proposed remedy. The SaTC program likewise discourages research focused primarily on the design and development of offensive techniques for exploiting vulnerabilities of systems that could be harmful to the operation of existing cyberinfrastructure.
Some specific research topics of interest for CORE proposals are included in the full program solicitation.
Transition to Practice (TTP) Designation
The objective of the TTP designation is to support the development, implementation, and deployment of later-stage and applied security or privacy research into an operational environment in order to bridge the gap between research and production. A TTP-designated proposal must specifically describe how the successful research results will be operationally deployed into an organization or technology. Collaborations with industry are strongly encouraged. The outcome of a TTP project is not solely intended to be commercialization, although the TTP may be a stepping stone to a Small Business Innovation Research (SBIR) proposal, an NSF Innovation Corps (I-Corps) team, or a commercial venture.
A TTP may transition later-stage research by other means such as licensing to commercial or government end users or deployment into scientific research cyberinfrastructure or Research and Education Networks. Proposals that target the security of the scientific research cyberinfrastructure, and enable robust and reliable science through advances in reproducibility, provenance, and privacy are highly encouraged. Topics of interest include: tools to detect behavioral anomalies across cyberinfrastructure systems, including detecting the tools and techniques of an attack and methods to mitigate security threats; tools to ensure the integrity of data as it traverses multiple environments such as mobile, cloud(s), and networks.
Cybersecurity Education (EDU) Designation
The EDU designation is interested in inquiry into and the development of evidence-based and evidence-generating approaches that will improve cybersecurity education and workforce development at the K-12, undergraduate, graduate, and professional education levels. EDU supports projects that: improve cybersecurity learning and learning environments, conduct education research, develop new educational materials and methods of instruction, develop new assessment tools to measure student learning, promote teacher recruitment and training in the field of cybersecurity, and improve the diversity of the cybersecurity workforce. In addition to innovative work at the frontier of cybersecurity education, the program also encourages replications of research studies at different types of institutions and with different student bodies to produce deeper knowledge about the effectiveness and transferability of findings.
Proposals submitted to the EDU designation are expected to leverage successful results from previous and current basic research in cybersecurity and research on student learning, both in terms of intellectual merit and broader impacts, to address the challenge of expanding existing educational opportunities and resources in cybersecurity. This may include, but is not limited to, the following efforts:
- Conduct research that advances improvements in teaching and student learning in cybersecurity;
- Based on the results of basic research in cybersecurity, define a cybersecurity body of knowledge and establish curricular activities for new courses, degree programs, and educational pathways leading to wide dissemination and adoption
- Investigate approaches to make cybersecurity education and workforce development broadly diverse and inclusive, including the effects of instructional strategies on the culture of the STEM classroom
- Design and implement graduate programs to produce future faculty and cybersecurity professionals with research expertise in critical areas, such as the secure use of AI, quantum computing, advanced manufacturing, and emerging wireless technologies
- Improve teaching methods for delivering cybersecurity content to K-12 students that promote correct and safe online behavior, and understanding of the foundational principles of cybersecurity
- Develop and implement activities to help K-12 teachers integrate cybersecurity into formal and informal learning settings
- Support institutional collaborations between community colleges and four-year colleges and universities
- Develop educational approaches or pathways to foster industry-relevant skills for cybersecurity jobs of the future
- Develop effective evidence-based co-curricular activities for students studying cybersecurity at the K-12, undergraduate, or graduate level;
- and Evaluate the effectiveness of cybersecurity competitions and other engagement, outreach, and retention activities
As a response to the COVID-19 pandemic, the U.S. Cyberspace Solarium Commission underscores the importance of cyberspace resilience and reflects on current and long-term societal and technological challenges. Consequently, the EDU designation welcomes proposals that address cybersecurity education and workforce development topics including security, reliability, and privacy issues of such areas as learn-and-work-from-home society; school policies and practices to protect school security and student privacy, and secure records management; cloud services, digitization, and contact-free processes; cyber awareness against opportunistic cybercrime; innovation in incident handling; cyber-enterprise risk management; and societal resilience to foreign influence and disinformation operations.
EDU projects are expected to contribute to the cybersecurity education knowledge base. The complexity, scope, and size of those contributions should be commensurate with the relevant experience and expertise of the project team and the institution. All EDU proposals must include a dissemination strategy that is tied to broader impact goals and a clear plan to report on the project and its successes and lessons learned to appropriate audiences.
All proposals must include a prioritized list of 1-3 keywords separated by ";". The keywords must be drawn from the list of topic areas listed below, described in detail in Section II Program Description, that best characterizes the project. Proposals submitted to the EDU designation must choose Cybersecurity Education as one of the keywords, and proposals submitted to the TTP designation must choose Transition to Practice as one of the keywords.