Secure and Trustworthy Cyberspace (SaTC)

In today's increasingly networked, distributed, and asynchronous world, cybersecurity involves hardware, software, networks, data, people, and integration with the physical world. Society's overwhelming reliance on this complex cyberspace, however, has exposed its fragility and vulnerabilities that defy existing cyber-defense measures; corporations, agencies, national infrastructure, and individuals continue to suffer cyber-attacks. Achieving a truly secure cyberspace requires addressing both challenging scientific and engineering problems involving many components of a system, and vulnerabilities that stem from human behaviors and choices. Examining the fundamentals of security and privacy as a multidisciplinary subject can lead to fundamentally new ways to design, build, and operate cyber systems; protect existing infrastructure; and motivate and educate individuals about cybersecurity.

The goals of the SaTC program are aligned with the National Science and Technology Council's (NSTC) Federal Cybersecurity Research and Development Strategic Plan (RDSP) and National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy. The RDSP identified six areas critical to successful cybersecurity research and development: (1) scientific foundations; (2) risk management; (3) human aspects; (4) transitioning successful research into practice; (5) workforce development; and (6) enhancing the research infrastructure. The NPRS, which complements the RDSP, identifies a framework for privacy research, anchored in characterizing privacy expectations, understanding privacy violations, engineering privacy-protecting systems, and recovering from privacy violations. In alignment with the objectives in both strategic plans, the SaTC program takes an multidisciplinary, comprehensive, and holistic approach to cybersecurity research, development, and education, and encourages the transition of promising research ideas into practice.  SaTC goals are also aligned with the Roadmap for Researchers on Priorities Related to Information Integrity Research and Development, the National Strategy to Advance Privacy-Preserving Data Sharing and Analytics, and the National Cyber Workforce and Education Strategy.

The SaTC program welcomes proposals that address cybersecurity and privacy, drawing on expertise in one or more of these areas: computing, communication, and information sciences; engineering; education; mathematics; statistics; and social, behavioral, and economic sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both welcome.

The SaTC program spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Engineering (ENG), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU). Proposals must be submitted pursuant to one of the following designations, each of which may have additional restrictions and administrative obligations as specified in this program solicitation.

·       CORE: This designation is the main focus of the multidisciplinary SaTC research program.

·       EDU: The Education (EDU) designation is used to label proposals focusing on cybersecurity and privacy education and training.

·       TTP: The Transition to Practice (TTP) designation will be used to label proposals that are focused exclusively on transitioning existing research results to practice.

CORE and TTP proposals may be submitted in one of the following project size classes:

·       Small projects: up to $600,000 in total budget, with durations of up to three years; and

·       Medium projects: $600,001 to $1,200,000 in total budget, with durations of up to four years.

EDU proposals are limited to $400,000 in total budget, with durations of up to three years. EDU proposals that demonstrate a collaboration, reflected in the PI, co-PI, and/or Senior Personnel composition, between a cybersecurity subject matter expert (researcher or practitioner) and an education researcher may request up to $500,000 for three years.