WEBVTT 00:00:00.000 --> 00:00:22.000 Okay, Great. 00:00:22.000 --> 00:00:25.000 Alright, Hello, everyone, we'll get started in 1 min. 00:00:25.000 --> 00:00:55.000 Just gonna let folks trickle in 00:01:07.000 --> 00:01:13.000 Okay, It looks like we have stabilized. good morning and good afternoon to everyone. 00:01:13.000 --> 00:01:19.000 My name is Robert Beverly. with me I have my fellow program, Officer Kevin Thompson. 00:01:19.000 --> 00:01:24.000 We're from the office of the advanced Cyber infrastructure within size at Nsf. 00:01:24.000 --> 00:01:32.000 And we're here today to tell you about the cc or cybersecurity, innovation for cyber infrastructure solicitation. 00:01:32.000 --> 00:01:38.000 This is solicitation. Nsf, 23, d, 5, 1 7. 00:01:38.000 --> 00:01:42.000 So we really just have 4 goals for this webinar. 00:01:42.000 --> 00:01:46.000 The first is to describe the Cc. program as well as its objectives. 00:01:46.000 --> 00:01:58.000 Detail the current solicitation again. 23, 5, 1, 7, and any changes that are in there; third, to help folks al align their proposals to be responsive. 00:01:58.000 --> 00:02:03.000 With these program goals and objectives, and then finally answer questions from the audience. 00:02:03.000 --> 00:02:17.000 I'd like to encourage you to please put questions in the question and answer box. We will handle those either online synchronously at the end, or we will my colleague will answer them in the chat 00:02:17.000 --> 00:02:23.000 box. So let's go ahead and talk about the cc program and its objectives. 00:02:23.000 --> 00:02:26.000 Before I do that I definitely did want to orient everyone. 00:02:26.000 --> 00:02:35.000 So you know who I am and who we are which organization we're with. so So first of all, Oac again is the office of advanced cyber infrastructure. 00:02:35.000 --> 00:02:48.000 Our mission is to support and coordinate the development, acquisition and provisioning of state-of-the-art cyber infrastructure, resources to and services that are essential to the advancement and transformation of 00:02:48.000 --> 00:02:52.000 science and engineering, and to clarify what we mean by infrastructure. 00:02:53.000 --> 00:02:55.000 We take a very broad view of cyber infrastructure. 00:02:55.000 --> 00:03:08.000 This encompasses computation data software networking as well as the workforce that's involved to facilitate the scientific discovery and innovation. 00:03:08.000 --> 00:03:16.000 So within oac, we provide cyber infrastructure that enables research, and we do this across many of the science disciplines. 00:03:16.000 --> 00:03:30.000 In fact, all of the science disciplines within Nsf: So here I have some images from various instruments and various disciplines, so some of the cyber infrastructure that we support supports initiatives within 00:03:30.000 --> 00:03:36.000 astronomy, for instance, or physics or climateology, material science, biology, so on, and so forth. 00:03:36.000 --> 00:03:41.000 And within these scientific domains there's many inf infrastructure challenges. 00:03:41.000 --> 00:03:56.000 For instance, there's large instruments that produce very big data that requires big compute compute, and it needs to be done for highly in a highly collaborative way for scientists that are in different specializations that are widely 00:03:56.000 --> 00:04:01.000 distributed both virtually and geographically. This infrastructure must be available. 00:04:02.000 --> 00:04:14.000 We need to ensure workflow intenseity, and all of this needs to be easy to use while adhering to various regulatory or policy requirements that may be in place. 00:04:14.000 --> 00:04:25.000 When we think about cybersecurity within this domain of scientific cyber infrastructure, we believe that there are many aspects that are similar to the enterprise. 00:04:25.000 --> 00:04:30.000 Scenario for cybersecurity, but many aspects that make it unique. 00:04:30.000 --> 00:04:43.000 For instance, if you think about the mission, the mission of science, cyber, infrastructure is primarily science-driven, whereas it may be monetarily driven in the enterprise sense, the physical environment can be very different and very 00:04:43.000 --> 00:04:54.000 unique and very distinct. Similarly, the hardware that's involved may not just be commodity inst instruments and commodity hardware, but, in fact, specialized sensors. 00:04:54.000 --> 00:05:05.000 Similarly, the operating systems may not be some of your traditional commodity operating systems, but specialized operating systems for for the instruments and the domain that they're in. 00:05:05.000 --> 00:05:18.000 Similarly, the applications may not be your standard suite of enterprise applications, but it may be things that are in specialized languages. They may be legacy code. It may be unsupported code, so on and so 00:05:18.000 --> 00:05:28.000 forth. and finally, the risk, for instance, may be very different so while we may think about, For instance, the risk of malware, which, of course, is prevalent risk in all domains. 00:05:28.000 --> 00:05:37.000 There's also risks simply of in the physical space here i've shown a a telescope that's actually collapsed. 00:05:37.000 --> 00:05:49.000 So when we think about the the why we think about cybersecurity in the research and education domain, providing benefits across the organization and across many organizations. 00:05:49.000 --> 00:06:04.000 So let me tell you what I mean by this. If we think about the scientist, the scientist is interested simply in doing her research right their colleagues, for instance, however, may be interested in sharing data and sharing resources, but 00:06:04.000 --> 00:06:11.000 also have strong interest in the reproducibility of the science, the integrity of the science. 00:06:11.000 --> 00:06:15.000 Meanwhile, management is it interested in reputation and finance? 00:06:15.000 --> 00:06:19.000 The research office is interested in protecting the intellectual property. 00:06:19.000 --> 00:06:29.000 The Information Technology Division is interested in the availability of the infrastructure, and of course, the public needs to have trust in the science. 00:06:29.000 --> 00:06:37.000 This is where Cc. Or, again, the cybersecurity, innovation for cyber infrastructure program comes into play. 00:06:37.000 --> 00:06:49.000 The objective of the Cc. program is to develop deploy. and integrate solutions that benefit the broader site of the community by securing science data workflows and infrastructure. 00:06:49.000 --> 00:06:56.000 And when i've given this talk in the past i've realized that sometimes folks are not familiar, even what we mean by a workflow. 00:06:56.000 --> 00:07:09.000 So let me just explain. So you have some context. here here's just a example of a potential workflow that's involved in some of these big science experiments where there might be an instrument that's collecting data so you 00:07:09.000 --> 00:07:16.000 have instruments. There's a data acquisition stage here. There may be some pre-processing stage here. 00:07:16.000 --> 00:07:21.000 There's data movement involved there's data storage and data sharing involved. 00:07:21.000 --> 00:07:24.000 And then there may be computation analytics on the data. 00:07:24.000 --> 00:07:29.000 And then, of course, the dissemination of all of the results and the data. 00:07:29.000 --> 00:07:32.000 So this is the kind of workflow that Cc. 00:07:32.000 --> 00:07:46.000 Is trying to ensure that it's secure it's available. and it's reproducible when we say secure in this science cyber infrastructure context, it's important to note that it can 00:07:46.000 --> 00:07:53.000 be much more than just confidentiality, which may be what jumps to mind immediately when you hear the word secure. 00:07:53.000 --> 00:08:00.000 Instead, we we need to consider things like the importance of intense integrity, the importance of the provenance of the process and the data. 00:08:00.000 --> 00:08:08.000 There may be issues of pi I and various kinds of protected research data, and then there may be issues of availability. 00:08:08.000 --> 00:08:15.000 It's very important to have the infrastructure available to support the Science Mission. 00:08:15.000 --> 00:08:19.000 So this is what Cc. is all about. So the Cc. 00:08:19.000 --> 00:08:25.000 Program supports applied research. so secure science data, workflows and infrastructure. 00:08:25.000 --> 00:08:33.000 It seeks to develop, deploy, and integrate solutions that benefit the broader scientific community. 00:08:33.000 --> 00:08:39.000 But it also seeks to operationalize emerging cyber security techniques into the Science Ci domain. 00:08:39.000 --> 00:08:44.000 And conversely, it seeks to develop new cybersecurity approaches. 00:08:44.000 --> 00:08:56.000 That may be specific to the science, ci domain and the particular requirements and environments that are inherent in the cyber infrastructure domain. 00:08:56.000 --> 00:09:02.000 So here's an an image of our vision for cybersecurity for cyber infrastructure. 00:09:02.000 --> 00:09:17.000 This is taken from the Oa. The text here is taken from one of the oac blueprint vision documents, where what we are seeking to envision and create is an agile, integrated, robust, trustworthy, and 00:09:17.000 --> 00:09:26.000 sustainable Ci ecosystem that drives new thinking and transformative discoveries in all areas of science and engineering research and education. 00:09:26.000 --> 00:09:30.000 And of course, in here i've highlighted the words robust and trustworthy. 00:09:30.000 --> 00:09:47.000 So within these threads of the facilities, that that Oac helps support, for instance, computing, networking and data, we see cybersecurity intertwined through all of these different activities. 00:09:47.000 --> 00:09:55.000 And what we see all of these combining to provide are really 4 main things we're looking to provide collaborative science. 00:09:55.000 --> 00:10:07.000 We're looking to provide accessible science we're looking to make the science cyber infrastructure robust, and we're looking to help facilitate reproducible science. 00:10:07.000 --> 00:10:17.000 And we see all of these 4 things contributing eventually to the basic Science and Discovery mission of the Nsf. 00:10:17.000 --> 00:10:24.000 Okay, So that's a high level on the cc program what it's seeking to do, and its objectives. 00:10:24.000 --> 00:10:34.000 Next i'm going to detail the actual solicitation again 23, 5, 1, 7, and any changes that are in the solicitation. 00:10:34.000 --> 00:10:45.000 So the solicitation has 3 program areas the first program area is Ucss or the usable and collaborative security for science. 00:10:45.000 --> 00:11:00.000 In this program area we're looking for applied research that can help facilitate scientific collaboration can help adopt security into scientific workflows and do all of this while overcoming security and usability 00:11:00.000 --> 00:11:08.000 obstacles that may be present to scientists and cyber infrastructure, performing data and resource. 00:11:08.000 --> 00:11:15.000 Sharing the second program area is the reference scientific security data sets or R. 00:11:15.000 --> 00:11:29.000 Ssd: This program area see seeks to capture scientific, specific workflow and workload behaviors and gather and curate canonical science workload data sets that can help facilitate techniques that to 00:11:29.000 --> 00:11:42.000 secure science Ci. The third area is tcr or the transition to cyber infrastructure resilience in this program area. 00:11:42.000 --> 00:11:52.000 We're looking for work that can help. improve the robustness and resilience of scientific cyber infrastructure through activities such as test in a value. 00:11:52.000 --> 00:12:04.000 Pardoning validation and transition of novel cybersecurity, research into cyber infrastructure 00:12:04.000 --> 00:12:12.000 Across these these 3 program areas are some key themes the first is applied security research. 00:12:12.000 --> 00:12:17.000 So within the domain of Nsf programs, Cc. 00:12:17.000 --> 00:12:24.000 Is certainly more on the applied side that we still are interested in a fundamental research. 00:12:24.000 --> 00:12:31.000 But we're also highly emphasizing the applied nature of cybersecurity, as it applies to cyber infrastructure. 00:12:31.000 --> 00:12:36.000 And so one of the key themes is applied security research that can benefit science. 00:12:36.000 --> 00:12:41.000 The domain scientists themselves and the scientific cyber infrastructure. 00:12:41.000 --> 00:12:51.000 A. A second and key theme is to recognize and leverage where a applicable, any inherent differences that are in the science. ci ecosystem. 00:12:51.000 --> 00:12:57.000 Again inclusive of data software workflows and workloads. 00:12:57.000 --> 00:13:06.000 Third is, we like to emphasize the fact that cyber infrastructure, cybersecurity needs to be usable and adoptable. 00:13:06.000 --> 00:13:14.000 So within Cc. we like to consider the usability aspects, the adoption, aspects and ways that the work will empower domain. 00:13:14.000 --> 00:13:25.000 Scientists. The fourth program area theme is transition we're looking to transition cybersecurity research into scientific cyber infrastructure. 00:13:25.000 --> 00:13:39.000 And finally, we're looking to discover and mitigate weaknesses and vulnerabilities that exist in science, cyber infrastructure. again inclusive of data software workflows and workflows. 00:13:39.000 --> 00:13:45.000 So the solicitation, 23, 5, 1, 7, continued, continues a commitment to 3 primary areas. 00:13:45.000 --> 00:13:51.000 So the program areas that I mentioned Ucss. R. Ssd. 00:13:51.000 --> 00:13:54.000 And Tcr. Those are unchanged from 2,022. 00:13:54.000 --> 00:14:01.000 In the last solicitation for the Ucss and Rss. D. areas. 00:14:01.000 --> 00:14:10.000 These are small awards. So this means up to $600,000 for a period of 3 years. 00:14:10.000 --> 00:14:15.000 The Tcr. or transition to cyber security resilience. 00:14:15.000 --> 00:14:24.000 Our medium awards that can be up to 1 point, 2 million dollars over 3 years one important update. 00:14:24.000 --> 00:14:39.000 I want to make sure the community is aware of is the fact that this solicitation actually includes 2 due dates which reaffirms our Nsf and Oacs commitment to cybersecurity within cyber infrastructure 00:14:39.000 --> 00:14:45.000 and this program. So the first due date is coming up next month, February, seventeenth of 2023. 00:14:45.000 --> 00:14:51.000 But we also have a due date in the next fiscal year. 00:14:51.000 --> 00:14:58.000 In February the first 2,024 there's no difference in the program between these 2 due dates. 00:14:58.000 --> 00:15:02.000 It it's just when it's most appropriate for you to submit. 00:15:02.000 --> 00:15:13.000 We anticipate in each year, supporting, and total 12 to 20 awards, subject, of course, to available funding. 00:15:13.000 --> 00:15:22.000 So what do successful Cc program proposals distribute some of the most successful Cc proposals to date. 00:15:22.000 --> 00:15:26.000 Describe, some of the non cybersecurity science drivers. 00:15:26.000 --> 00:15:34.000 They speak to the particular science applications and the particular users that will use the cybersecurity, cyber, infrastructure. 00:15:34.000 --> 00:15:39.000 Pardon me and benefit from the cyber security activities. 00:15:39.000 --> 00:15:45.000 They describe the scientific infrastructure itself and the environment that will benefit. 00:15:45.000 --> 00:15:55.000 They described unique properties that may be present in the scientific domain or within the cyber infrastructure that influences the desired security. 00:15:55.000 --> 00:16:09.000 Functionality, the security design, or the security mechanisms. Successful proposals describe the particular threat model that exists within the science domain and the application domain. 00:16:09.000 --> 00:16:19.000 And then last they describe plans for gathering quantitative metrics to help assess the security benefits and the impact of the work. 00:16:19.000 --> 00:16:24.000 I've left this url up here if you look at this Url. 00:16:24.000 --> 00:16:35.000 It will actually give you a listing of all of the prior awards that have been made in this program, and can give you an idea of some of the proposals that are current. 00:16:35.000 --> 00:16:42.000 Some of the research that's currently active within cc what what is Cc: not 00:16:42.000 --> 00:16:47.000 So It's important to note a Few Things that that are not responsive to the Cc. 00:16:47.000 --> 00:16:56.000 Solicitation the first is it's not an appropriate mechanism for non security infrastructure efforts. 00:16:56.000 --> 00:17:01.000 So it's not intended for instance, to support pure infrastructure operation. 00:17:01.000 --> 00:17:12.000 It is a research program, and it is part of nsf's, research, portfolio it is not for cyber security research that has no domain. 00:17:12.000 --> 00:17:16.000 Science, driver or no target science, cyber, infrastructure. 00:17:16.000 --> 00:17:23.000 So again emphasizing those points of a science driver and a target science, cyber, infrastructure. 00:17:23.000 --> 00:17:28.000 Finally, Cc. is not intended to support some of the basic cybersecurity or privacy. 00:17:28.000 --> 00:17:38.000 Research that's that goes on at nsf there are programs at Nsf that may better serve those kinds of initiatives. 00:17:38.000 --> 00:17:47.000 In particular, the satsy or secure and trustworthy cyberspace program is more focused on basic and fundamental cybersecurity and privacy. 00:17:47.000 --> 00:17:55.000 Research, which may be more appropriate so let's move on to proposal preparation. 00:17:55.000 --> 00:18:00.000 It's important for everyone to be aware of the pap G. 00:18:00.000 --> 00:18:11.000 Or the proposal award Policies and Procedure guide, which details all of the particular proposal, preparation, requirements that are involved. 00:18:11.000 --> 00:18:18.000 For this solicitation, proposal titles for your submissions need to include the Cc. 00:18:18.000 --> 00:18:23.000 Acronym, followed by a colon followed by the program area. 00:18:23.000 --> 00:18:29.000 Either Ucss or Ssd. or Tcr. followed by a Colon, and then the title. 00:18:29.000 --> 00:18:34.000 So, for instance, you might submit a proposal. Cc. 00:18:34.000 --> 00:18:41.000 Colon. Rss. D. Colon. My amazing proposal, and these proposals must be submitted by research. 00:18:41.000 --> 00:18:50.000 Gov: Not fastly. I want to emphasize to the community the departure of Development Fast Lane system. 00:18:50.000 --> 00:19:01.000 This is real. it's been in process for some time, but it will not be possible to submit your proposal through Fast Lane. 00:19:01.000 --> 00:19:15.000 It is actually being decommissioned and I want to Make everyone open aware of this ahead of time in case there are any issues in your submission process, or with your particular research office submitting. your proposals. 00:19:15.000 --> 00:19:25.000 So please don't submit. your proposal at the last minute, but allow appropriate time in case your research office is not yet familiar with submitting through research. 00:19:25.000 --> 00:19:32.000 Gov. eligibility. So eligibility for the Cc. 00:19:32.000 --> 00:19:46.000 Program proposed may only be submitted by universities and colleges, or the institutes of higher learning, and by nonprofit non-academic organizations. 00:19:46.000 --> 00:19:54.000 The limits on the number of proposals per api coppi, or senior personnel is 2. 00:19:54.000 --> 00:20:01.000 An individual may participate as Pi or Copi, or other senior personnel, on no more than 2 Cc. 00:20:01.000 --> 00:20:16.000 Proposals. Okay. great. so that's the solicitation and next, we'd like to tell you and provide some guidance on proposal alignment, and how to make your proposals responsive to the program as well 00:20:16.000 --> 00:20:22.000 as detail some of the ways that the proposals will be evaluated. 00:20:22.000 --> 00:20:28.000 So as many of you are familiar. Nsf has its standard merit, review, criteria. 00:20:28.000 --> 00:20:38.000 So the reviewers and the review panel will address the 2 main review criteria, which are intellectual merit and broader impacts in addition. 00:20:38.000 --> 00:20:43.000 And these are all detailed within the solicitation text itself. 00:20:43.000 --> 00:20:59.000 In addition, the reviewers and the panel will be asked to provide feedback, and to evaluate the casing specific review criteria, which i'll detail next. all of this will be considered not only in the reviews but also 00:20:59.000 --> 00:21:02.000 in the panel discussions as well as the panel summaries. 00:21:02.000 --> 00:21:08.000 So what are the Cc specific criteria? the 00:21:08.000 --> 00:21:11.000 These can be put into a couple of different categories. 00:21:11.000 --> 00:21:25.000 The first is project motivation and impact. So is the proposal Science driven. we've said this several times is the proposal innovative in terms of cyber infrastructure and cyber infrastructure 00:21:25.000 --> 00:21:32.000 plans? Does the work include project plans and system and process architectures? 00:21:32.000 --> 00:21:41.000 Does it build on existing recognized capabilities, and does it have close collaborations among the stakeholders that are identified? 00:21:41.000 --> 00:21:54.000 So here, for instance, is there demonstrable evidence between, for instance, the cybersecurity researcher and the cyber infrastructure folks that provide the cyber infrastructure. 00:21:54.000 --> 00:22:01.000 And then measurable outcomes are there sustained and sustainable impacts that have been identified. 00:22:01.000 --> 00:22:08.000 So all of this text is taken verbatim for the slip from the solicitation i'll just run through this quickly. 00:22:08.000 --> 00:22:17.000 Just so it's in your in your head the Science driven aspect talks about to what extent is the proposed project. 00:22:17.000 --> 00:22:23.000 Science driven. How will the project Outcomes fill? Well recognize science and engineering needs of the research community? 00:22:23.000 --> 00:22:38.000 What will be the broader impacts of the project such as its benefits to science and engineering communities beyond its initial targets, underrepresented communities and education and workforce development in terms of innovation we're interested in to what 00:22:38.000 --> 00:22:46.000 extent is the proposed project innovative? What innovative and transformational capabilities will the project bring to its target communities? 00:22:46.000 --> 00:22:55.000 And how will the project integrate innovation and discovery into the project activities in terms of cyber infrastructure plans? 00:22:55.000 --> 00:23:06.000 We're interested in how well detailed are the project plans and the logical and physical architectures in terms of building on existing recognized capabilities. 00:23:06.000 --> 00:23:12.000 We'd like to see to what extent does the proposed project build on existing recognized capabilities. 00:23:12.000 --> 00:23:19.000 How will the project project? Activities build on and leverage existing Nsf: by national and open source? 00:23:19.000 --> 00:23:26.000 Cyber, infrastructure, and cybersecurity investments as appropriate, and then close collaboration amongst stakeholders. 00:23:26.000 --> 00:23:32.000 To what extent does the proposed project involve close collaboration among the stakeholders? 00:23:32.000 --> 00:23:41.000 How will the project activities engage? cyber infrastructure experts, specialists, and scientists working in concert with the relevant domain? 00:23:41.000 --> 00:23:50.000 Scientists who are users of the cyber infrastructure and then sustained and sustainable impacts. 00:23:50.000 --> 00:24:04.000 How will the project's outcomes and its activities have long term impact, and how will these be sustained beyond the life of the award as appropriate? Are the sustainability approaches following well-established 00:24:04.000 --> 00:24:15.000 models. So please consider all of these Cc specific criteria Again, just to emphasize the deadline is February seventeenth. 00:24:15.000 --> 00:24:29.000 For this cycle of Cc. and then in next year, in 2024 there'll be a deadline February first in terms of scheduling, and how we review these proposals nsf targets 00:24:29.000 --> 00:24:34.000 a 6 month dwell time. So this means, from the time that the proposal is submitted. 00:24:34.000 --> 00:24:45.000 Until you get your reviews and decisions. is our target. of course we don't always adhere to that. but that's what we endeavor to do. 00:24:45.000 --> 00:24:52.000 Okay, So last i'd like to take the time to answer any questions from the audience. 00:24:52.000 --> 00:24:58.000 So I believe. my colleague Kevin has been answering many of the questions. 00:24:58.000 --> 00:25:14.000 I will emphasize. please let us know if at any time you would like to just you have questions concerns or have some particular aspect of your project that you would like to discuss one-on-one with a program officer 00:25:14.000 --> 00:25:20.000 we are always happy to speak with the community and talk to you about proposals. 00:25:20.000 --> 00:25:24.000 Please send us an email either of us, myself or or Heaven. 00:25:24.000 --> 00:25:28.000 Our email addresses are are here. And so with that. 00:25:28.000 --> 00:25:33.000 I am happy to take any questions from the community. 00:25:33.000 --> 00:25:40.000 Please put your questions in the Q. and a box. Okay. 00:25:40.000 --> 00:25:45.000 So the first question is, will these slides be made available? 00:25:45.000 --> 00:25:52.000 The answer is, Yes, they will. This takes a bit of time on on the Nsf side. 00:25:52.000 --> 00:25:59.000 We have a a process for public release of of these kinds of presentations. 00:25:59.000 --> 00:26:03.000 So. Yes, they will be available on the Nsf. Cc. 00:26:03.000 --> 00:26:09.000 Web page, but it may take a couple of weeks if you don't see the slides in a couple of weeks. 00:26:09.000 --> 00:26:16.000 Please let us know 00:26:16.000 --> 00:26:22.000 Okay, the next question is, could you please elaborate 00:26:22.000 --> 00:26:30.000 Examples of proposals that are good for both, or only Satsy, or or only only Cc: sure, 00:26:30.000 --> 00:26:35.000 So so happy to to talk about that. I you know. 00:26:35.000 --> 00:26:40.000 Of course there is is naturally some overlap between these these programs. 00:26:40.000 --> 00:26:48.000 They're both involved with security in privacy let me tell you what I have. 00:26:48.000 --> 00:26:54.000 I can. I can give some examples, but I also have a backup slide that perhaps I will show here. 00:26:54.000 --> 00:26:59.000 So this is a question that that we get quite a lot. 00:26:59.000 --> 00:27:05.000 Of course it's up to you as the proposal to decide what's more appropriate Cc. 00:27:05.000 --> 00:27:09.000 Or or sat see but at a very high level. 00:27:09.000 --> 00:27:18.000 When we think about these 2, typically when we talk about cc it's more on the towards the applied realm. 00:27:18.000 --> 00:27:27.000 When we talk about the research as opposed to in satsy, it's more basic science of cyber security and cyber privacy. 00:27:27.000 --> 00:27:38.000 So here, Cc is definitely on that spectrum and that continuum between between applied and basic research, Cc. is definitely more on the applied side. 00:27:38.000 --> 00:27:51.000 When you look at the target of the actual activities. it's important to think about Cc in the context of providing security and privacy for scientists and researchers, right? 00:27:51.000 --> 00:27:55.000 So it's really to benefit the the cyber infrastructure right? 00:27:55.000 --> 00:28:01.000 And so that could mean scientists in any of the fields that Nsf supports. 00:28:01.000 --> 00:28:04.000 Again a astronomy, or chemistry, or physics? 00:28:04.000 --> 00:28:11.000 Or what have you? and many times their cyber infrastructure that supports all of these domains? 00:28:11.000 --> 00:28:15.000 So, of course, Oac provides leadership, class computing. 00:28:15.000 --> 00:28:22.000 Hpc: We provide middleware we provide networks. we provide data and storage solutions. 00:28:22.000 --> 00:28:27.000 So all of these kinds of things are definitely in the wheelhouse of Cc. 00:28:27.000 --> 00:28:33.000 In contrast, sat see, is definitely more targeted to general society. 00:28:33.000 --> 00:28:47.000 Right and so, there may be security and privacy work that's targeted to a societal good as well as opposed to, for instance, security and privacy work that's targeted more narrowly to 00:28:47.000 --> 00:28:50.000 cyber infrastructure as we define it. 00:28:50.000 --> 00:28:56.000 And again, that applies to to the argument, to the environments. Excuse me, cc. 00:28:56.000 --> 00:29:03.000 Is more targeted to science cyber infrastructure, whereas Satzi is more targeted to general. 00:29:03.000 --> 00:29:21.000 The general environments. So I hope that helps i'm. i'm happy to take take that question offline or discuss further and let me go to the next question. 00:29:21.000 --> 00:29:33.000 Will the recording be made available? Yes, In addition to the video, the closed captioned transcript will be made available. Okay? 00:29:33.000 --> 00:29:44.000 The next question from the anonymous attendee, is is it advisable to include industry, support for applied cybersecurity? research? 00:29:44.000 --> 00:29:50.000 We certainly so so support, of course, is is a loaded word. 00:29:50.000 --> 00:29:56.000 So would be would be interested to know what you are thinking. there. 00:29:56.000 --> 00:30:06.000 But we are certainly interested in work that involves partnering and collaborating with industry as a appropriate 00:30:06.000 --> 00:30:17.000 And we have found, for instance, that many of the more transition oriented activities do indeed include some industry component. 00:30:17.000 --> 00:30:23.000 However, I would not say it's advisable it may be very context dependent. 00:30:23.000 --> 00:30:30.000 So it depends on what you're you're trying to do it's certainly not a requirement so let me say it that way. 00:30:30.000 --> 00:30:48.000 If you have some specific questions about including industry and industry support in your idea, please, please reach out to us offline. and we're happy to talk about that particular circumstance in in detail. 00:30:48.000 --> 00:30:59.000 Okay, the next question: Can the security and privacy for include clinic, clinicians and and doctors? 00:30:59.000 --> 00:31:08.000 The the answer to that is is, is, yes, this is a a bit of a fuzzy area. 00:31:08.000 --> 00:31:22.000 Both nsf and our our Federal you know, partner Nih are are involved, of course, in these kinds of activities. 00:31:22.000 --> 00:31:28.000 It, you know, really comes down to you know what the activity is. 00:31:28.000 --> 00:31:34.000 There is a bit of a fuzzy line between Nsf and what any what's in the wheelhouse of Nih. 00:31:34.000 --> 00:31:45.000 So I think we'd like to know more about it but certainly, nsf is involved in in this kind of work. 00:31:45.000 --> 00:31:51.000 And some of the cyber infrastructure, of course, supports supports, medicine and this kind of activity. 00:31:51.000 --> 00:31:58.000 So I think we would need more more details about that. Okay? 00:31:58.000 --> 00:32:03.000 Thank you for all the questions. Please keep them coming we really appreciate it. 00:32:03.000 --> 00:32:14.000 So let's see next question do we need collaborators stakeholders in a specific domain for Cc: So again, there it's not required. 00:32:14.000 --> 00:32:19.000 But it can certainly help right. So this provides some evidence. 00:32:19.000 --> 00:32:37.000 If your project's success in some way you know depends on this collaboration, then then yes, it's it's good to have those folks included whether that means as being part of the proposal or whether that 00:32:37.000 --> 00:32:44.000 means a letter of of of collaboration right is is of course, appropriate it. 00:32:44.000 --> 00:33:02.000 Doesn't need to be a funded activity necessarily but including stakeholders in a specific domain helps provide evidence to the panel and the reviewers and Nsf. that that the actual stakeholders are engaged and will not only 00:33:02.000 --> 00:33:12.000 benefit, but provide some of their input into the process, and in the the cybersecurity of the subgroup cyber infrastructure. 00:33:12.000 --> 00:33:21.000 Excuse me. Okay, next question. the how big of a competition is expected? 00:33:21.000 --> 00:33:26.000 What fraction of proposals were funded, small medium, rough orders of magnitude. 00:33:26.000 --> 00:33:33.000 So on. So, unfortunately we're not able to give any specific numbers on on that 00:33:33.000 --> 00:33:39.000 I would again encourage you to look at what's been funded in the past. 00:33:39.000 --> 00:33:58.000 I believe in the last rough order of magnitude in in in the last solicitation from 20 22 we made around a dozen awards. is a rough order of magnitude. 00:33:58.000 --> 00:34:10.000 So hopefully, that helps. Okay, next question: Could you speak a bit more on the focus for the collaboration with Ci stakeholders for successful proposal? 00:34:10.000 --> 00:34:17.000 Is there specific focus on working directly with end users or or with Ci staff that supports end users. 00:34:17.000 --> 00:34:20.000 So I think this is very similar to the to the last question. 00:34:20.000 --> 00:34:28.000 Again. it may depend on exactly the activity that's being proposed. 00:34:28.000 --> 00:34:45.000 But it's certainly the case that we'd like to see some of this evidence of collaboration, and that the domain scientists, and that the domain cyber infrastructure, is engaged again that could be as a as 00:34:45.000 --> 00:34:52.000 an unfunded collaborator. that can be a A letter of collaboration which is, is certainly welcome. 00:34:52.000 --> 00:35:01.000 But this helps, as I stated previously, provide some evidence of the engagement with the folks. 00:35:01.000 --> 00:35:10.000 That will be the consumers of the work. as well as providing evidence that there will be some feedback loop there to help. 00:35:10.000 --> 00:35:23.000 Sort of complete, that virtualist virtuous cycle where results of the the research may be improved by getting feedback from the collaborators. 00:35:23.000 --> 00:35:30.000 So not required. But it is great to see that kind of evidence of cloud operations. 00:35:30.000 --> 00:35:40.000 Okay, can you please give an example or elaborate on an impact that can be sustainable beyond the duration of the project? Ai: Yeah. 00:35:40.000 --> 00:35:44.000 Eg. Does that mean to be economically sustainable? 00:35:44.000 --> 00:35:50.000 Right, so sustainability is a a hard nut to to crack 00:35:50.000 --> 00:36:09.000 And you know what we're we certainly don't expect you know, every project to be sustained beyond the the life of the the project, that being said, we want folks to think about the sustainability right we want folks to sort of take 00:36:09.000 --> 00:36:25.000 that longer that longer view right? The thing that we we absolutely like to try to mitigate is some very nice piece of work being done. 00:36:25.000 --> 00:36:34.000 And then the funding runs out, and then that particular piece of of work, you know, no longer provides benefit to the the community. 00:36:34.000 --> 00:36:42.000 Right. So in your proposals. Really, I I know this can be hard to do a priori. 00:36:42.000 --> 00:36:50.000 But as much as possible articulate what you envision beyond the the life of of the project. 00:36:50.000 --> 00:36:59.000 After it's after it finishes and that could be you know something along the lines as an example, as you know we will do this activity. 00:36:59.000 --> 00:37:10.000 We'll get it. we'll work with this particular identified collaborator, and this particular collaborator plans to you know. 00:37:10.000 --> 00:37:19.000 Continue using it. This artifact or whatever piece of work in their cyber infrastructure beyond the life of the the award. 00:37:19.000 --> 00:37:26.000 But that's certainly a hard sustainability is hard, but it's something that we want the community to think about. 00:37:26.000 --> 00:37:37.000 In these proposals. Okay, next question: does Cc support research on enhancing cyber infrastructure dedicated for cybersecurity purposes? 00:37:37.000 --> 00:37:53.000 So this this is a a great question. So we certainly are are open to those kinds of activities. So this would be cyber infrastructure for cybersecurity, for cyber infrastructure for cyber security we are 00:37:53.000 --> 00:38:00.000 certainly open to those. But please talk to us about those if they're they're too narrowly focused. 00:38:00.000 --> 00:38:07.000 Those kinds of activities may be more appropriate for for sat, See? 00:38:07.000 --> 00:38:16.000 Okay, okay. next question is, is the topic of securing continuous fuzzing platforms considered within scope. 00:38:16.000 --> 00:38:23.000 So you know Again, one of the things that nsf we like to say is that we? 00:38:24.000 --> 00:38:30.000 We encourage your best ideas, Right? We want to know what you think is is in scope. 00:38:30.000 --> 00:38:39.000 What you think will have the most impact on the the cyber infrastructure. And so you know, to to answer this. 00:38:39.000 --> 00:38:47.000 You know certainly. If you believe that this activity will have an impact on on cyber infrastructure and science. 00:38:47.000 --> 00:38:52.000 I think it it would be considered within scope it's of course. 00:38:52.000 --> 00:38:59.000 You know it it's up to you to to our articulate that that vision. 00:38:59.000 --> 00:39:12.000 Okay, are there any preservations? maybe this is reservations on collaborations with with national labs? 00:39:12.000 --> 00:39:19.000 Right. Okay. So please let me just say this this does come up. 00:39:19.000 --> 00:39:23.000 I believe you're talking about things like ffr Dc's. 00:39:23.000 --> 00:39:34.000 For for instance. it is gender in general it is difficult for us to fund the national labs. 00:39:34.000 --> 00:39:39.000 This in effect, is government money going back to the Government? 00:39:40.000 --> 00:39:46.000 When, indeed, our objective is to get money out of the government. 00:39:46.000 --> 00:39:54.000 It is possible, in some exceptional circumstances now if you're simply talking about collaborating with the national lab. 00:39:54.000 --> 00:40:10.000 That is, is absolutely welcome. and encouraged. and we have several examples of Cc activities that are ongoing right Now, that involve national labs. 00:40:10.000 --> 00:40:15.000 It's the whether that collaboration involves funding that it gets a bit fuzzier. 00:40:15.000 --> 00:40:24.000 So please, if you have particular questions about that let's discuss that one on one on one reach out to us. 00:40:24.000 --> 00:40:33.000 Okay, could you please explain more about the level of requirements in applications? 00:40:33.000 --> 00:40:39.000 Field research and fundamental research for for cybersecurity. 00:40:39.000 --> 00:40:45.000 So I i'm not in I think I might need a little bit more more detail. 00:40:45.000 --> 00:41:03.000 About this So you know field research I is absolutely something that that occurs in many of the scientific disciplines that that Nsf supports and and is engaged in. 00:41:03.000 --> 00:41:13.000 I think if i'm reading the question correctly you know field research would be considered part of of one of these scientific workflows. 00:41:13.000 --> 00:41:31.000 And if what you are envisioning involves helping to secure that workflow, that includes some field research, I think that that is absolutely in scope in terms of the the level of requirements. 00:41:31.000 --> 00:41:36.000 You know it would definitely depend on on the particular idea. 00:41:36.000 --> 00:41:44.000 I would absolutely encourage you to, you know. Again read through the the solicitation. 00:41:44.000 --> 00:41:58.000 Look at the solicitation specific criteria in terms of the the requirements of of what we're what we're looking for, and then put forth your best idea. if that doesn't answer your question and i'm sorry 00:41:58.000 --> 00:42:11.000 if I if I didn't, please send us an email Okay, next question: is it required to have the proposed cyber infrastructure? 00:42:11.000 --> 00:42:17.000 Serve a diverse range of research fields so no that's not a requirement. 00:42:17.000 --> 00:42:26.000 Indeed there's cyber infrastructure that's you know what we might call the spoke to a particular research field. 00:42:26.000 --> 00:42:40.000 Certainly there's cyber. infrastructures that are used within very widely within one particular science field and one particular domain, but not used outside of that domain. 00:42:40.000 --> 00:42:45.000 It is not a requirement that it serves this diverse range of fields. 00:42:45.000 --> 00:42:50.000 It really depends on what the cyber infrastructure you're targeting actually is. 00:42:50.000 --> 00:43:00.000 Again. If you have particular questions about that aspect or your idea, please reach out to us. 00:43:00.000 --> 00:43:10.000 Okay, all right. So I believe I have reached the end of the Q. 00:43:10.000 --> 00:43:23.000 A I will give a few more moments for anyone to join in with a last minute question 00:43:23.000 --> 00:43:29.000 Okay, here we go. what is the expectation of collaborations with it? 00:43:29.000 --> 00:43:33.000 Support organizations that's a that's a great question 00:43:33.000 --> 00:43:45.000 So so here we have found that so expectation there's no particular expectation. 00:43:45.000 --> 00:43:59.000 It's not a able, if the cyber infrastructure stakeholders include, the it support organization at a university, or wherever it is. 00:43:59.000 --> 00:44:07.000 Then it again would be advisable to have them as a collaborator and engaged in the project again. 00:44:07.000 --> 00:44:15.000 That doesn't mean that they're funded necessarily but they have expressed cognizance and support of the activity. 00:44:15.000 --> 00:44:29.000 For instance, through a letter of collaboration. I would just comment on this really quickly, that some of the most successful cyber infrastructure, you know, projects and and Cc. 00:44:29.000 --> 00:44:37.000 Projects have involved some of the It support organization. And indeed it often helps. 00:44:37.000 --> 00:44:41.000 These activities often are beneficial to the it support organization. 00:44:41.000 --> 00:44:49.000 So it it depends on your particular idea long winded way of saying it's not it's not a requirement. 00:44:49.000 --> 00:45:01.000 But if they are integral to the to the cyber infrastructure, then it's great to see some sort of collaboration with the It support. organization. 00:45:01.000 --> 00:45:16.000 Thank you for the question. Okay, So i've been done a fairly efficient job of covering the solicitation. 00:45:16.000 --> 00:45:27.000 Again. I Oh, here's one more can a university serve as the prime on a proposal along with an industry organization as a sub, ie. 00:45:27.000 --> 00:45:32.000 A funded collaborator under this program. So yes, they can. 00:45:32.000 --> 00:45:57.000 This is permissible. the only comment I would have here is, if this is the planned activity, please do a good job on motivating and explaining the relationship with the industry organization and the motivation for including them as 00:45:57.000 --> 00:46:07.000 a sub Awardy So yes, they. In fact, this would be the only way that we would be able to do. 00:46:07.000 --> 00:46:19.000 This is to make the award to the university and have the University make a a suburb, because, we do not, for this program make awards to to industry. 00:46:19.000 --> 00:46:21.000 So it would have to be done as a sub award. 00:46:21.000 --> 00:46:27.000 If there is a any additional question about that, please please let me know. 00:46:27.000 --> 00:46:36.000 I hope I answer that. Yeah. Okay, can there be 2 pi's each from from different institutions. 00:46:36.000 --> 00:46:44.000 So so excuse me. yes, there can be 2 pris from different institutions. 00:46:44.000 --> 00:46:49.000 However. i'm glad you asked this question we in this program. 00:46:49.000 --> 00:46:57.000 Do not allow for the collaborative proposals. so to have the 2 Pi's from different institutions. 00:46:57.000 --> 00:47:01.000 It would need the need that it would need to be done as a sub award. 00:47:01.000 --> 00:47:09.000 So the award would need to be made to the one institution, and then a sub award. 00:47:09.000 --> 00:47:12.000 Can we sub award to to national labs? 00:47:12.000 --> 00:47:17.000 So let me. let me take that one off offline. 00:47:17.000 --> 00:47:25.000 If it's the individual who who wrote that? 00:47:25.000 --> 00:47:42.000 Could could send me an email. Let me let me take that offline to to give you a an accurate answer 00:47:42.000 --> 00:47:48.000 Oh, sorry! I see one more. Could you still request a meeting with the program directors to discuss the scope of the proposals? 00:47:48.000 --> 00:47:56.000 So so yes, we again, we we often are hesitant to give any. 00:47:56.000 --> 00:47:59.000 Yes, no answers in terms of scope. Right? 00:47:59.000 --> 00:48:13.000 We want your your best ideas and we rely on the expertise of the panel and the reviewers to decide whether something is appropriate and responsive to the solicitation. 00:48:13.000 --> 00:48:16.000 So we're we're happy to give some some high level guidance. 00:48:16.000 --> 00:48:22.000 But just so. you know we're happy to do meetings and and talk to the community. 00:48:22.000 --> 00:48:27.000 But we generally don't give yes, no is this in scope or not. 00:48:27.000 --> 00:48:41.000 It it's again incumbent upon the pis to to describe why it's in scope, and how it's responsive to the criteria of the solicitation, so I hope that helps we're always happy to 00:48:41.000 --> 00:48:45.000 to speak with the community 00:48:45.000 --> 00:48:49.000 They? This is great. Thank you for all the participation. very much. 00:48:49.000 --> 00:48:58.000 Appreciate it. Okay, within one institution, any limits on the number of Pis and Copis. 00:48:58.000 --> 00:49:11.000 On one proposal Submission I would have to I would have to look at the the Pap G for that. 00:49:11.000 --> 00:49:16.000 The proposals the the policy guide on that one. 00:49:16.000 --> 00:49:25.000 Let me. please get If you could send us an email the the individual that asked that question. 00:49:25.000 --> 00:49:33.000 I I would have to to to look I believe I believe there's a limit of 4. 00:49:33.000 --> 00:49:48.000 But I need to to confirm that 00:49:48.000 --> 00:49:57.000 All right. So again, thank you so much for being a part of this community. 00:49:57.000 --> 00:49:59.000 Thank you so much for your interest in the Cc. program. 00:49:59.000 --> 00:50:12.000 Thank you for the work that you all do. And sorry, last question are the awards for the proposals based on program areas? 00:50:12.000 --> 00:50:21.000 So I if you're if you are you're asking about the the monetary. 00:50:21.000 --> 00:50:34.000 Amounts. we have a rough idea of the allocation of funds to various program areas. but this is not. 00:50:34.000 --> 00:50:53.000 This is not a strict think we are really looking for the best proposals, and if all of the best proposals are in one program area, then certainly there will be more funding apportioned within our 00:50:53.000 --> 00:50:58.000 admittedly limited budget to those proposals and that program area. 00:50:58.000 --> 00:51:14.000 So we have no proof, Precon, no strongly preconceived notion on how much funding goes to each program area, with the exception of the fact that we do recognize that the Tcr awards are are larger 00:51:14.000 --> 00:51:17.000 okay awards. those are Those are medium awards. 00:51:17.000 --> 00:51:32.000 And so within our our limited within our limited budget they're they're what we'll likely be fewer of those than in the other 2 program areas all of that being said if folks submit a amazing ideas. 00:51:32.000 --> 00:51:37.000 We we can. we can try to make things happen. 00:51:37.000 --> 00:51:44.000 So thank you for the question 00:51:44.000 --> 00:52:12.000 This is this is great. These are really good questions. I will, I will do the awkward silence for one more minute to see if any last minute questions come in 00:52:12.000 --> 00:52:18.000 Okay, So thank you so much for participating again. Thank you for the work you do. 00:52:18.000 --> 00:52:29.000 Thank you for the interest in Cc. please. let us know if we can clarify anything further.