TITLE: Frequently Asked Questions (FAQs) for NSF 14-599, Secure and Trustworthy Cyberspace (SaTC) (nsf15010) DATE: 11/7/2014 NSF 15-010 Frequently Asked Questions (FAQs) for [1]NSF 14-599, Secure and Trustworthy Cyberspace (SaTC) PROGRAM OBJECTIVES & PERSPECTIVES 1. What are the objectives of the SaTC program? SaTC seeks to fund a broad spectrum of innovative research that will improve the resilience of individual hosts, networked systems, hardware, software, applications and critical infrastructure from malicious cyber-attacks while preserving privacy and promoting usability. The program recognizes that this is not only a problem of developing trustworthy computing technology, but also of understanding the economic, social, and behavioral factors that affect its use and deployment. 2. Is SaTC interested in efforts that indirectly help prevent or ameliorate cybersecurity issues? Yes. We expect funded research to address a wide variety of topics, including research on behavior, motivation, and other factors that indirectly help to ensure that cyberspace systems can be effectively and safely utilized. 3. How can I determine whether a particular topic is suitable as a SaTC proposal as opposed to a Directorate for Computer & Information Science & Engineering or Directorate for Social, Behavioral & Economic Sciences Core solicitation? There will be proposals whose objectives overlap with SaTC and some other program(s). In general, SaTC proposals should take account of malicious behavior, but there is no hard line between program boundaries. PIs should consider what research field will be advanced by the proposed work items, as opposed to the potential applications of the research. If the focus of a particular program is not clear, PIs are advised to consult with a Program Officer in the program they think is most suitable for the project. Consider whether the proposed work primarily aims to advance the topics of the core solicitation (for example, a focus on networked systems) and incidentally addresses (for example) improving system resilience to attack, or whether its primary contribution is in improving system resilience under attack but there are incidental contributions to core solicitation topics. It is the latter proposal that should be submitted to SaTC. Although Program Officers have the discretion to transfer or share proposals between programs, it is strongly advised that PIs target the most relevant program. 4. How do these Perspectives - Trustworthy Computing Systems (TWC) and Social, Behavioral and Economic (SBE) - affect how I submit my proposal? As specified in the solicitation, you should submit your proposal to the NSF division that is relevant to the primary perspective of your proposal. The acronym of the division associated with your main perspective should be used to start the proposal title. If there is more than one perspective, you should start your proposal title with the division related to the primary perspective first, followed by acronyms for the other relevant perspectives. 5. Is SaTC's Trustworthy Computing Systems Perspective more narrow in scope than CISE's former Trustworthy Computing program? No. As indicated in the solicitation, SaTC extends the scope of the prior Trustworthy Computing program. Any research that was in scope for the prior program remains in scope for SaTC. The scope for SaTC now specifically includes research from the Social, Behavioral, and Economic perspective as outlined in the solicitation, as well as efforts to promote transition of technology into practice, also as outlined in the solicitation. 6. When is the first SaTC PI meeting for awards under the FY15 SaTC solicitation? A SaTC PI meeting will be held in January 2015. However, as we expect most FY15 SaTC awards will not be complete by that point, the first PI meeting for new FY15 SaTC awardees will be in late 2016 or early 2017. LARGE PROPOSALS 7. What happened to Frontier category proposals? For FY15, SaTC is offering Large awards (up to $3M), and not offering Frontier awards (up to $10M). Plans for FY16 and beyond will be decided based on the results of the FY15 competition. 8. What is the intention of the Large award category? A Large proposal should support objectives that could not be attained simply by a collection of small or medium proposals provided with similar resources. Large awards should promote synergy among academic, industrial and other partners. They should address the combined needs for in-depth or multidisciplinary research investigations, education and workforce development, and incorporation of research results into deployed products and systems. 9. Are there approval requirements before submitting a Large proposal? No. Like any NSF award, an interested PI may contact an NSF Program Officer to discuss the idea and the team before submitting a Large proposal. 10. Can Large proposals be submitted to the SBE perspective (only)? Yes. Large proposals can be responsive to both the TWC and SBE perspectives, the SBE perspective only, or the TWC perspective only. 11. Can Large proposals contain a Transition Option? Yes. Large proposals can have a Transition Option, with a budget of up to $750,000. 12. Can an Education proposal be submitted as a Large? No. Large proposals must be responsive to the TWC and/or SBE perspectives only. 13. Will Large awards involve site visits? Large Awards will be administered in accordance with normal NSF procedures for awards of this size and scope. 14. Can Large proposals be significantly less than the $3M maximum? Yes. Large can be any amount between $1.2M and $3M. CYBERSECURITY EDUCATION PROPOSALS 15. Can a Cybersecurity Education proposal be submitted as a Small, Medium, or Large, either on its own or as an additional perspective? No. Cybersecurity Education proposals may not be submitted in Small, Medium, or Large sizes, or as a perspective within any of these sizes. Rather, proposals focusing entirely on Cybersecurity Education with total budgets limited to $300,000 and durations of up to two years may be submitted pursuant to the deadline specified in the program solicitation. 16. Are there alternatives for capacity building beyond the $300K limit for SaTC? The Capacity track of the CyberCorps®: Scholarships For Service (SFS) program allows funding for cybersecurity education capacity building up to $900K. See [1]NSF 14-568 for more information. TRANSITION TO PRACTICE (TTP) 17. Can a STARSS perspective proposal include a Transition to Practice (TTP) Option? Yes. A STARSS perspective proposal is like any other Small proposal, and may include a TTP Option. 18. Is the TTP Perspective that was present in the FY12 solicitation still available? No. Transition to Practice (TTP) options are available, but not the perspective. 19. Is it expected that work pursuant to the TTP Option will occur only at the end of a project? Not necessarily. Although Transition work often does come toward the end of a project, after preliminary work is successfully completed, other project schedules are possible. For example, a project could be iterative, whereby research and transition activities alternate, each activity building upon the previous work. Software development might be done in a similarly iterative manner. A basic project plan with general milestones is helpful when added as part of the five-page TTP Option Supplementary Document. 20. Should the budget for a TTP Option be included in the budget submitted with the proposal? No. The Supplementary Document should provide a sketch of the TTP budget as part of the five-page description of the Option. The TTP budget is considered separately from the research budget, and therefore should not be included in the budget forms submitted with the proposal. If a proposal is selected for funding, and if NSF chooses to exercise the Option, NSF Program Officers will request a revised budget that increases the budget amount to include the Option. 21. Software developed under the TTP Option must be open source. Does that requirement apply to all software developed under any SaTC award? No. The open source requirement applies only to software developed under the TTP Option, but not to the base grant. However, the open source requirement for the TTP Option may be waived on a case by case basis. 22. What is the relationship between SaTC's TTP and NSF's I-Corps program? The programs are independent and have different structures, though both aim to help bring the fruits of research projects to general use. Award sizes, scope and duration are different. Please see the solicitations for details and consult NSF Program Officers if you have questions. STARSS PERSPECTIVE 23. What is the relationship between the STARSS perspective and the FY14 STARSS solicitation ([2]NSF 14-528)? Will there be a separate STARSS solicitation for FY15? The STARSS solicitation was separate in FY14, but is part of the SaTC solicitation in FY15. There will not be a separate STARSS solicitation in FY15. The FY15 STARSS perspective is very similar to the FY14 STARSS solicitation, with some changes to indicate areas of increased or decreased focus. 24. May STARSS perspectives be pursued in Small, Medium, Large, and Education class proposals? STARSS perspectives may only be pursued in Small proposals. A STARSS perspective for a Medium, Large, or Education class proposal will be returned without review. 25. What additional requirements are there for STARSS perspective proposals? Proposals must include a statement of consent that indicates NSF may share with Semiconductor Research Corporation the proposal, reviews, and any related information. STARSS perspective proposals that do not contain this statement will be returned without review. Small STARSS projects selected for joint funding by NSF and SRC will be funded through separate NSF and SRC funding instruments. For each such project, NSF support will be provided via an NSF grant and SRC support will be provided via an SRC contract. 26. What does the "statement of consent" contain? Please consult with your sponsored research office. At your institution's discretion, it may be as simple as a statement by the PI, included in a supplementary document, providing permission to share information with SRC. Neither NSF nor SRC have any particular format, nor is there a requirement that the statement be signed by the institution's legal department. 27. Should the budget submitted for a STARSS proposal include both the anticipated NSF and SRC funding? The budget submitted with the proposal should include all necessary project funds without regard to the two funding organizations. Should a proposal be recommended for funding, NSF and SRC will inform selected PIs of the breakdown in funding between the two organizations, and will request revised budgets at that point. 28. Why should I submit to STARSS vs. TWC perspectives for my hardware-focused proposal? STARSS provides the possibility to work closely with industry, involve industry participants, and facilitate technology transition. 29. Will STARSS proposals be reviewed by SRC reviewers? It is likely review panels for STARSS proposals will include experts from both academia and industry. 30. Are there additional post-award requirements for STARSS proposals? Yes. In addition to NSF annual reports, awardees will be required to submit reports to SRC, which will be largely similar to the contents of the NSF annual report. Like any other SaTC awardee, STARSS PIs will be required to attend SaTC PI meetings. In years when no SaTC PI meeting is held, there will be an SRC PI meeting for STARSS award recipients. SBE PERSPECTIVE QUESTIONS 31. My research to some extent involves people - attitudes, cognitions, behaviors, groups, organizations, markets, and/or social systems. Should I submit it as a SaTC proposal under the SBE (Social, Behavioral and Economic) perspective? A proposal should be submitted with SBE first in its title (that is, SBE primary) only if SBE aspects of the proposal are its primary focus and the proposed research is apt to make contributions to the SBE sciences. A proposal may be submitted with SBE second in its title (that is, SBE non-primary) if SBE aspects of the proposal are not its primary focus but the research applies SBE science methods. Alternatively, a proposal that involves applied SBE science may fit under "Trustworthy Computing Systems" alone, as work on human factors has in the past. We and prominent members of the cybersecurity community believe that groundbreaking SBE science will be beneficial for advancing the goal of a Secure and Trustworthy Cyberspace. The SBE portion of the SaTC program targets SBE research that contributes to this goal and that makes contributions to the basic SBE sciences. 32. What makes research a "contribution" to the SBE sciences? Good SBE science research contributes to the basic SBE sciences, identifying generalizable theories and regularities and "pushing the boundaries" of our understanding of social, behavioral, or economic phenomena in cybersecurity and beyond. In identifying what might contribute to the SBE sciences, we seek research that is generalizable, identifies scope conditions, provides an advance in SBE science methods, or provides valuable data for the SBE community. We seek research that holds the promise of constructing new SBE theory that would apply to a variety of domains (generalizable), or new generalizations of existing theory which clarify the conditions under which such generalizations hold (scope conditions). More inductive or interpretative approaches might contribute to the SBE sciences, especially if they provide needed groundwork for generalizable research or reveal broad connections that forward SBE science understandings. SBE/SaTC proposals should clearly state and elaborate how the proposed research will contribute to SBE sciences. A variety of methods can be used, including field data, laboratory experiments, observational studies, simulations, and theoretical development, among others. 33. When is research not a "contribution" to the SBE sciences? Research that applies an existing SBE proposition or theory to a cybersecurity context will not be considered a SBE science contribution, unless it promises to make a novel contribution to the originating theory. 34. Is it enough for my SBE/SaTC proposal to contribute to the SBE sciences? No. A successful SBE/SaTC proposal must also contribute toward the goal of creating a secure and trustworthy cyberspace. The SBE science contribution of any SBE/SaTC proposal should be related to bringing about that goal. It is not sufficient for a proposal submitted under SBE/SaTC to have an SBE science contribution. Such proposals are best submitted to a standing (core) SBE program. You can find a list of core programs at [3]http://www.nsf.gov/dir/index.jsp?org=SBE. SUPPLEMENTARY DOCUMENTS 35. What is the difference between the required personnel list and the collaborators list? Both are mandatory. They must be included even if the only person on the list is the PI him/herself. The personnel list includes all PIs, co-PIs, other senior personnel (paid or unpaid), advisors, etc. The collaborators list includes all those on the personnel list as well as anyone with whom these individuals have collaborated in the past 48 months (except editing, where only 24 months is required). 36. Why do you need both personnel and collaborators lists? Both are used to avoid accidental Conflicts of Interest in reviewing proposals. People on the first list are precluded from being panelists or ad hoc reviewers on any panel of the same size as your proposal, while people on the second list are precluded from being panelists or ad hoc reviewers for your proposal in particular (but could be panelists or ad hoc reviewers for other proposals of the same size). 37. In the list of personnel, how should we list cases where the person has not been identified (e.g., grad students)? List the person's name as "TBD", and include the institution and role he/she will have. MISCELLANEOUS 38. Are multi-perspective proposals encouraged or discouraged? Neither. PIs should decide which perspectives to submit their proposals to based upon the research components of the work. A proposal will be negatively affected if its impact is lessened by its failure to consider a highly relevant perspective. Similarly, a perspective that appears "tacked on" and irrelevant to the main focus of the work, will also not be favorably reviewed. 39. What about proposals for workshops and other meetings or infrastructure? Given the nascent state of research in cybersecurity, we welcome proposals for workshops and other opportunities for intellectual engagements. Such proposals, however, should clarify how the efforts are likely to enable future scientific contributions. Infrastructure-oriented proposals should include components that go beyond merely providing a resource for other researchers and should contribute directly to research. PIs should indicate which perspective or perspectives apply to their proposals, as with non-workshop proposals. 40. Will SaTC review panels contain reviewers from all of the CISE, SBE, Education, and Mathematics communities? All proposals will be evaluated by qualified reviewers. Proposals with similar topics will be paneled together. If no proposals in that panel require expertise in that area, a panel may omit members from a particular community. 41. I have a general question about SaTC - is there an email address for the program? Yes: [4]satc@nsf.gov. 42. Should I discuss my proposal with NSF program officers? PIs are encouraged to discuss planned proposals with Program Officers to assist them in determining whether SaTC is a suitable program for the work. Please be considerate of Program Officers' time and refrain from scheduling separate meetings with multiple program officers in the same program. Once submitted, the substance of proposals may not be discussed with NSF Program Officers, as this would constitute unfair competition, or the perception thereof. 43. Who are the SaTC program officers, and which one should I talk with? The list of current SaTC program officers is at the end of this document and will be available on NSF web pages for the program. PIs should discuss potential proposals with the Program Officer whose area is closest to that of the proposed research. 44. Do SaTC proposals count against the CISE Core program limits on number of proposals allowable per year? No. SaTC is a NSF-wide cross-cutting program, so the limits imposed by the CISE Core programs do not apply. However, no person can be PI, co-PI or senior personnel on more than three SaTC proposals per NSF fiscal year, two of which may be Small, Medium or Large, and one Education. 45. Does SaTC allow international cooperation? Yes. We encourage collaboration with the international community, and actively support it. For such efforts, NSF normally funds the US participants. International participants are funded by their respective countries. If a proposal is to be simultaneously submitted to a non-US funding agency and the work cannot proceed without being cofunded by the other agency, please discuss the situation with a Program Officer as soon as possible, preferably before submitting your proposal. A Dear Colleague Letter (DCL) provides information about additional funding available for collaboration between US and Israeli cybersecurity researchers. This program applies only to SaTC Small proposals. For more information, see [5]NSF 14-104. 46. Is the SaTC solicitation focused on US research? SaTC is primarily concerned with creating knowledge about cybersecurity and applying this knowledge. Cybersecurity knowledge could be garnered outside the US as well as inside, and it need not be focused on specifically American examples of cybersecurity problems. 47. Can I be a reviewer for the SaTC program if I've submitted a SaTC proposal? Yes, but only in the funding categories (Small, Medium, Large, Education) to which you did not submit SaTC proposals. 48. Can I sign up for a mailing list to receive SaTC announcements? Yes. The SaTC-Announce mailing list provides occasional announcements (no more than a dozen per year). To join, simply send an email (from the address where you would like instructions to be sent) to [6]listserv@listserv.nsf.gov. In the text of the message, put the following command (only): subscribe SaTC-Announce For example: subscribe SaTC-Announce Jane Doe You will receive instructions via return email on how to proceed. SMALL BUSINESSES AND COMMERCIALIZATON 49. Can a small business apply in this solicitation? Yes, small businesses can apply under this solicitation. 50. Can a faculty member be the principal investigator (PI) for a proposal from a small business? No, a faculty member cannot serve as the PI as long as the faculty member is a full time employee of the university. However, the faculty member can be a PI on a proposal from a small business as long as the faculty member is employed by the company at least 51% of the time for the duration of the award. Regardless, a faculty member can be on a sub-contract from a small business to the university. 51. Are there companies interested in working with university researchers on transitioning and commercializing university research? Yes, PIs can contact Peter Atherton ([7]patherto@nsf.gov) for companies that have previously received SBIR/STTR awards from NSF and that may have interest in collaboration with university researchers. OPTIONAL CHECKLIST FOR SUBMISSION 52. For Education Proposals + Project description up to 15 pages + Must include EDU in title; TWC, SBE, and STARSS may NOT be included in title + Collaboration plan (up to 2 additional pages) ALLOWED if multiple institutions, and must be a Supplementary Document, not part of the Project Description + Extra pages for Collaboration plan PROHIBITED if only one institution + Senior personnel list and collaborators list, in the specified format, as a Supplemental Document + TTP Option PROHIBITED 53. For Small Proposals + Project description up to 15 pages + Must include TWC, SBE, TWC SBE, SBE TWC, or STARSS in title (no other combinations allowed); EDU may NOT be included in title + Collaboration plan (up to 2 additional pages) ALLOWED if multiple institutions, and must be a Supplementary Document, not part of the Project Description + Extra pages for Collaboration plan PROHIBITED if only one institution + Senior personnel list and collaborators list, in the specified format, as Supplemental Documents + If TTP Option (1) include keyword "TTP Option" in title, (2) do NOT include Option budget in base, (3) required TTP plan as supplemental doc (up to 5 pages including budget sketch up to $167,000) + If STARSS perspective, include in Supplementary Documents a statement of consent that indicates NSF may share with Semiconductor Research Corporation the proposal, reviews, and any related information. 54. Medium Proposals + Project description up to 15 pages + Must include one or both of TWC and SBE in title (STARSS perspective is not permitted); EDU may NOT be included in title + Collaboration plan (up to 2 additional pages) REQUIRED if multiple institutions, ALLOWED if only one institution, and must be a Supplementary Document, not part of the Project Summary + Senior personnel list and collaborators list, in the specified format, as Supplemental Documents + If TTP Option (1) include keyword "TTP Option" in title, (2) do NOT include Option budget in base, (3) required TTP plan as supplemental doc (up to 5 pages including budget sketch up to $400,000) 55. Large Proposals + Project description up to 20 pages + Must include one or both of TWC and SBE in title (STARSS perspective is not permitted); EDU may NOT be included in title + Collaboration plan (up to 2 additional pages) REQUIRED, and must be a Supplementary Document, not part of the Project Description + Senior personnel list and collaborators list, in the specified format, as Supplemental Documents + If TTP Option (1) include keyword "TTP Option" in title, (2) do NOT include budget in base, (3) required TTP plan as supplemental doc (up to 5 pages including budget sketch up to $750,000) 56. Who should I contact? Following are current Program Officers for the Secure and Trustworthy Computing Program: CISE/CNS: Jeremy Epstein, [8]jepstein@nsf.gov CISE/CNS: Deborah Shands, [9dshands@nsf.gov CISE/CNS: Ralph Wachter, [10]rwachter@nsf.gov CISE/CCF: Sol Greenspan, [11]sgreensp@nsf.gov CISE/CCF: Nina Amla, [12]namla@nsf.gov CISE/IIS: Chris Clifton, [13]cclifton@nsf.gov CISE/ACI: Anita Nikolich, [14]anikolic@nsf.gov SBE/SES: Heng Xu, [15]hxu@nsf.gov MPS/DMS: Andrew Pollington, [16]adpollin@nsf.gov EHR/DGE: Victor Piotrowski, [17]vpiotrow@nsf.gov ENG/ECCS: Zhi (Gerry) Tian, [18]ztian@nsf.gov References 1. http://www.nsf.gov/publications/pub_summ.jsp?ods_key=nsf14568 2. http://www.nsf.gov/publications/pub_summ.jsp?ods_key=14528 3. http://www.nsf.gov/dir/index.jsp?org=SBE 4. mailto:satc@nsf.gov 5. http://www.nsf.gov/publications/pub_summ.jsp?ods_key=nsf14104 6. mailto:listserv@listserv.nsf.gov 7. mailto:patherto@nsf.gov 8. mailto:jepstein@nsf.gov 9. mailto:dshands@nsf.gov 10. mailto:rwachter@nsf.gov 11. mailto:sgreensp@nsf.gov 12. mailto:namla@nsf.gov 13. mailto:vatluri@nsf.gov 14. mailto:anikolic@nsf.gov 15. mailto:pmuhlber@nsf.gov 16. mailto:adpollin@nsf.gov 17. mailto:vpiotrow@nsf.gov 18. mailto:ztian@nsf.gov