Title: Frequently Asked Questions for Secure and Trustworthy Cyberspace (SaTC)([1]NSF 12-503) Date: 01/05/12 NSF 12-028 Frequently Asked Questions for Secure and Trustworthy Cyberspace (SaTC)([1]NSF 12-503) 1. What are the objectives of the SaTC program? Like the Trustworthy Computing program which it extends, SaTC seeks to fund a broad spectrum of innovative research that will improve the resilience of individual hosts, networked systems, hardware, software, applications and critical infrastructure from malicious cyber-attacks while preserving privacy and promoting usability. The program recognizes that this is not only a problem of developing trustworthy computing technology, but also of understanding the economic, social, and behavioral factors that affect its use and deployment. 2. Is SaTC interested in efforts that indirectly help prevent or ameliorate cybersecurity issues? Yes. We expect funded research to address a wide variety of topics, including research on behavior, motivation, and other factors that indirectly help to insure that cyberspace systems can be effectively and safely utilized. 3. How can I determine whether a particular topic is suitable as a SaTC proposal as opposed to a Directorate for Computer & Information Science & Engineering, Directorate for Social, Behavioral & Economic Sciences or Office of Cyberinfrastructure Core solicitation? We recognize that there will be proposals whose objectives overlap SaTC and some other program. In general, SaTC proposals should take account of malicious behavior, but there is no hard line between program boundaries. PIs should consider what research field will be advanced by the proposed work items, as opposed to the potential applications of the research. If the focus of a particular program is not clear, PIs are advised to consult with a Program Director in the program they think is most suitable for the project. Consider whether the proposed work primarily aims to advance the topics of the core solicitation (for example, a focus on networked systems) and incidentally addresses (for example) improving system resilience to attack, or whether its primary contribution is in improving system resilience under attack but there are incidental contributions to core solicitation topics. It is the later proposal that should be submitted to SaTC. Although Program Officers have the discretion to transfer or share proposals between programs, it is strongly advised that PIs target the most relevant program. 4. How do these Perspectives - Trustworthy Computing Systems; Social, Behavioral and Economic (SBE); and Transition to Practice - affect how I submit my proposal? As specified in the solicitation, you should submit your proposal to the NSF division that is relevant to the primary perspective of your proposal. The acronym of the division associated with your main perspective should be used to start the proposal title. If there is more than one perspective, you should start your proposal title with the division related to the primary perspective first, followed by acronyms for the other relevant perspectives. 5. Is SaTC's Trustworthy Computing Systems Perspective more narrow in scope than CISE's former Trustworthy Computing program? No. As indicated in the solicitation, SaTC extends the scope of the prior Trustworthy Computing program. Any research that was in scope for the prior program remains in scope for SaTC. The scope now specifically includes research from the Social, Behavioral, and Economic perspective as outlined in the solicitation, as well as efforts to promote transition of technology into practice, also as outlined in the solicitation. 6. Does the fact that there are no Large proposals mean that SaTC is focusing on smaller projects? No. On the contrary, we recognize that many problems in the field require substantial resources over an extended period and that resources available to FY11 Trustworthy Computing Large proposals were too constraining. As a result, we are replacing "Large" proposals with "Frontier" proposals, which can receive funding up to $10 Million over five years. 7. What is the intention of the Frontier award category? A Frontier proposal should support objectives that could not be attained simply by a collection of small or medium proposals provided similar resources. Frontier awards should promote synergy among academic, industrial and other partners. They should address the combined needs for in-depth or multidisciplinary research investigations, education and workforce development, and incorporation of research results into deployed products and systems. If you are considering submitting a Frontier proposal, please contact one of the SaTC Program Officers (See list at the bottom of this document). 8. Can Frontier proposals be submitted to the SBE perspective (only), or contain a Transition Phase? No. Although Frontier proposals can have multiple perspectives, which include SBE, a Frontier proposal cannot be submitted solely to the SBE perspective. Frontier proposals cannot have a Transition Phase. 9. Will Frontier awards involve site visits? NSF may, at its discretion, conduct site visits prior to issuing Frontier awards. Frontier Awards will be administered in accordance with normal NSF procedures for awards of this size and scope. 10. How do I decide whether to submit a SaTC Frontier proposal or a CISE Expedition proposal? Consider the scope and objectives of the proposed research in relation to the two solicitations, and select the most appropriate one. In case of doubt, contact appropriate NSF Program Officers from each program. 11. Are multi-perspective proposals encouraged or discouraged? Neither. PIs should decide which perspectives to submit their proposals to based upon the research components of the work. A proposal will be negatively affected if its impact is lessened by its failure to consider a highly-relevant perspective. Similarly, a perspective that appears "tacked on" and irrelevant to the main focus of the work, will also not be favorably reviewed. 12. What about proposals for workshops and other meetings or infrastructure? Given the nascent state of research in cybersecurity, we welcome proposals for workshops and other opportunities for intellectual engagements. Such proposals, however, should clarify how the efforts are likely to enable future scientific contributions. Infrastructure-oriented proposals should include components that go beyond merely providing a resource for other researchers and should contribute directly to research. PIs should indicate which perspective or perspectives apply to their proposals, as with non-workshop proposals. 13. Will SaTC review panels contain reviewers from all of the CISE, SBE, OCI and Mathematics communities? All proposals will be evaluated by qualified reviewers. Proposals with similar topics will be paneled together. A panel may omit members from a particular community if no proposals in that panel require expertise in that area. 14. Does the Transition to Practice perspective imply that SaTC is focusing on short-term research? NSF recognizes that many promising research results wind up on the metaphorical laboratory shelf in part because the resources to turn them into usable prototypes are difficult to obtain. This perspective aims to make those resources available to qualified projects. 15. Is it expected that Transition to Practice/Transition phase work come only at the end of a project? Not necessarily. Although Transition work often does come at the project end, other work plans are possible. For example, a project could be iterative, whereby research and transition activities alternate, each activity building on the previous work. 16. I note that software developed under the Transition to Practice perspective must be open source. Does that requirement apply to all software developed under any SaTC award? No. The open source requirement applies only to software developed under the Transition to Practice perspective. 17. What is the relationship between SaTC's Transition to Practice and NSF's I-Corps program? The programs are independent and have different structures, though both aim to help bring the fruits of research projects to general use. Award sizes, scope and duration are different. Please see the solicitations for details and consult NSF Program Officers if you have questions. 18. I have a general question about SaTC - is there an email address for the program? Yes: [2]satc@nsf.gov 19. Should I discuss my proposal with NSF program officers? Yes, PIs are encouraged to discuss planned proposals with Program Officers to assist them in determining whether SaTC is a suitable program for the work. Please be considerate of Program Officers' time and refrain from scheduling separate meetings with multiple program officers in the same program. Once submitted, the substance of proposals may not be discussed with NSF Program Officers, as this would constitute unfair competition, or the perception thereof. 20. Who are the SaTC program officers, and which one should I talk with? The list of current SaTC program officers is at the end of this document and will be available on NSF web pages for the program. PIs should discuss potential proposals with the Program Officer whose area is closest to that of the proposed research. 21. Do SaTC proposals count against the CISE Core program limits on number of proposals allowable per year? No. SaTC is a NSF-wide cross-cutting program, so the limits imposed by the CISE Core programs do not apply. However, no person can be PI, co-PI or senior personnel on more than two SaTC proposals per NSF fiscal year. 22. Does SaTC allow international cooperation? Yes. We encourage collaboration with the international community, and actively support it. For such efforts, NSF normally funds the US participants and international participants are funded by their respective countries. If a proposal is to be simultaneously submitted to a non-US funding agency and the work cannot proceed without being cofunded by the other agency, please discuss the situation with a Program Director as soon as possible. 23. Is the SaTC solicitation focused on U.S. research? SaTC is primarily concerned with creating knowledge about cybersecurity and applying this knowledge. Cybersecurity knowledge could be garnered outside the U.S. as well as inside, and it need not be focused on specifically American examples of cybersecurity problems. 24. Can I be a reviewer for the SaTC program if I've submitted a SaTC proposal? Yes, but only in the funding categories (Small, Medium, Frontier) to which you did not submit SaTC proposals. 25. Can I sign up for a mailing list to receive SaTC announcements? Yes. A new SaTC-Announce mailing list has been created. All subscribers to the old Trustworthy-Computing-Announce have been subscribed to the new list, and this FAQ is the first message to the new list. If you did not receive this message from the list and wish to join the new list, simply send an email (from the address where you would like instructions to be sent) to [3]listserv@listserv.nsf.gov. In the text of the message, put the following command (only): subscribe SaTC-Announce For example: subscribe SaTC-Announce Jane Doe You will receive instructions via return email on how to proceed. Some Specifically SBE Perspective Questions 26. My research to some extent involves people-attitudes, cognitions, behaviors, groups, organizations, markets, and / or social systems. So, should I submit it as a SaTC proposal under the SBE (Social, Behavioral and Economic) perspective? Not necessarily. A proposal involving SBE aspects should not be submitted under SBE if a) they are not the primary focus of the proposal or b) if the research described in the proposal is primarily an application of the SBE sciences, rather than a contribution to the SBE sciences. A proposal that involves applied SBE science may fit under "Trustworthy Computing Systems," as work on human factors has in the past. We and prominent members of the cybersecurity community believe that ground-breaking SBE science will be beneficial for advancing the goal of a Secure and Trustworthy Cyberspace. The SBE portion of the SaTC program targets SBE research that contributes to this goal and that makes contributions to the basic SBE sciences. 27. What makes research a "contribution" to the SBE sciences? Good SBE science research contributes to the basic SBE sciences, identifying generalizable theories and regularities and "pushing the boundaries" of our understanding of social, behavioral, or economic phenomena in cybersecurity and beyond. In identifying what might contribute to the SBE sciences, we seek research that is generalizable, identifies scope conditions, or provides an advance in SBE science methods. We seek research that holds the promise of constructing new SBE theory that would apply to a variety of domains (generalizable), or new generalizations of existing theory which clarify the conditions under which such generalizations hold (scope conditions). More inductive or interpretative approaches may contribute to the SBE sciences as well, especially if they set the groundwork for generalizable research or reveal broad connections that forward SBE science understandings. SBE / SaTC proposals should clearly state and elaborate how the proposed research will contribute to SBE sciences. A variety of methods can be used, including field data, laboratory experiments, observational studies, simulations, and theoretical development, among others. 28. When is research not a "contribution" to the SBE sciences? Research that applies or tests an existing SBE proposition or theory to a cybersecurity context will not be considered a SBE science contribution, unless it makes a contribution to the originating theory itself. 29. Is it enough for my SBE/SaTC proposal to contribute to the SBE sciences? No. A successful SBE / SaTC proposal must also contribute toward the goal of creating a secure and trustworthy cyberspace. The SBE science contribution of any SBE / SaTC proposal should be related to bringing about that goal. It is not sufficient for a proposal submitted under SBE / SaTC to have an SBE science contribution. Such proposals are perhaps best submitted to a standing (core) SBE program. You can find a list of core programs at [4]http://www.nsf.gov/dir/index.jsp?org=SBE. Current lead Program Officers for the Secure and Trustworthy Computing Program: CISE: CNS: Sam Weber [5]sweber@nsf.gov Ralph Wachter [6]rwachter@nsf.gov CCF: [7]sgreensp@nsf.gov Nina Amla [8]namla@nsf.gov IIS: Vijay Atluri [9]atluri@nsf.gov SBE: SES: Peter Muhlberger [10]pmuhlber@nsf.gov OCI: Kevin Thompson [11]kthompso@nsf.gov MPS: DMS: Andrew Pollington [12]adpollin@nsf.gov References 1. http://www.nsf.gov/publications/pub_summ.jsp?ods_key=nsf12503 2. mailto:satc@nsf.gov 3. mailto:listserv@listserv.nsf.gov 4. http://www.nsf.gov/dir/index.jsp?org=SBE 5. mailto:sweber@nsf.gov 6. mailto:rwachter@nsf.gov 7. mailto:sgreensp@nsf.gov 8. mailto:namla@nsf.gov 9. mailto:vatluri@nsf.gov 10. mailto:pmuhlber@nsf.gov 11. mailto:kthompso@nsf.gov 12. mailto:adpollin@nsf.gov