In recognition of National Cyber Security Awareness Month, we want to highlight some of NSF’s recent activities in this area. The Internet and cyber-enabled systems have become a part of our everyday lives. We surf the web for the day’s news; we use email and social applications like Facebook, Twitter, and LinkedIn to stay connected to our family, friends, and colleagues; we go online to access our bank accounts, make purchases, and transfer money; and we depend on cyber-connected physical systems to fly our planes, control the power grid, run medical devices, and so much more.
These dependencies leave us vulnerable to a wide range of threats that challenge the security, reliability, availability, and overall trustworthiness of information technology resources. Solutions require a holistic approach, grounded not only in technology but also extending to economics (e.g., understanding the economic incentives and models), social and behavioral sciences (e.g., what makes some people more vulnerable than others), and education (e.g., preparing both future cyber warriors and informed citizens).
Here are four recent cybersecurity efforts involving NSF:
Input Requested for the National Privacy Research Strategy
The President’s Council of Advisors for Science and Technology (PCAST) has called for increased federal investments for the science and technology underlying privacy. In response, and at the request of the White House Office of Science and Technology Policy (OSTP), a National Privacy Research Strategy is being developed by the Cyber Security and Information Assurance Research and Development Senior Steering Group (CSIA R&D SSG), which is part of the interagency Networking and Information Technology Research and Development (NITRD) program. The strategy will be used to guide federally-funded privacy research and provide a framework for coordinating research and development in privacy-enhancing technologies. Input is requested by October 17, 2014 on the key privacy objectives that should be considered in formulating the strategy. In order to fully consider stakeholder feedback, the group plans to draft the strategy within a year and hold a workshop for community discussion before presenting a final draft to OSTP.
Advancing Security and Privacy in Cyber-Physical Systems
NSF and Intel have formed a new partnership to advance the security and privacy of cyber-connected physical systems (e.g., embedded medical devices, autonomous vehicles, smart cities, and a myriad of other systems that are enabled by the emerging Internet of Things). This partnership combines CISE’s experience in developing and managing successful large, diverse research portfolios with Intel’s long history of building research communities in emerging technology areas through programs such as its Science and Technology Centers program. As part of this partnership, NSF and Intel sponsored an Ideas Lab on August 12-16, 2014, that brought together leading researchers from the cybersecurity, privacy, and cyber-physical systems communities in order to foster new multidisciplinary research collaborations. Much discussion focused on how the physical aspects of the systems could affect security and privacy. Later this month (October 28, 2014), full proposals to the program solicitation are due. Applicants need not have participated in the Ideas Lab to submit a full proposal.
Great Ideas from a NSF-funded Workshop to Enhance the Security of the Internet
A new workshop report, Interdisciplinary Pathways towards a More Secure Internet, suggests 16 ideas for enhancing the security of the Internet ecosystem. The recommendations are clustered by themes (technology, policy, and leadership) and range from accelerating new foundational research areas to creating new organizations, comparable to the National Transportation Safety Board, charged with responding to cyber attacks. These recommendations are the result of a NSF-sponsored Cybersecurity Ideas Lab held on February 10-12, 2014, with a multidisciplinary group of participants drawn from academia, government, and industry. The report focuses on the most robust of the ideas discussed at the workshop, rather than presenting a comprehensive strategy.
Changes to the Secure and Trustworthy Cyberspace (SaTC) Solicitation
NSF’s flagship cybersecurity program is the Secure and Trustworthy Cyberspace (SaTC) program. There are over 650 active awards through SaTC and its legacy programs, and, in this last fiscal year (FY 2014) alone, we invested nearly $75M to support more than 225 new projects.
The most recent SaTC program solicitation posted in August 2014 has a couple noteworthy changes. The partnership with the Semiconductor Research Corporation (SRC) for Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS) will continue as a perspective within the SaTC solicitation. Projects submitted to the STARSS perspective must focus on protecting hardware and may include industry collaboration through the Transition to Practice (TTP) option. During the FY 2014 STARSS competition, 9 projects in 10 universities were supported.
There has also been a change to the project size classes in the SaTC program. In order to balance our research portfolio, Large projects are being offered in lieu of Frontier projects. Large projects should be multi-disciplinary, multi-organizational, and/or multi-institutional and may request $1,200,001 to $3,000,000 for durations of up to five years.
In closing, these recent activities continue NSF’s legacy as the global leader in enabling security and privacy of the Internet and of cyber-enabled systems. Community engagement is a vital component of these efforts. We look forward to continuing to work with you to ensure our nation remains a world leader in innovating secure technologies and solutions.
Keith Marzullo is the Division Director, Division of Computer and Network Systems, National Science Foundation
Gera Jochum is a Communications Specialist at the Directorate for Computer & Information Science & Engineering, National Science Foundation