The Security, Privacy, and Trust in Cyberspace (SaTC) 2.0 program aims to build trust in all aspects of global cyber ecosystems. Trust can assume different meanings according to the context but, for the purposes of this solicitation, is broadly defined to include concepts covering security, privacy, and resilience of cyberspace, particularly in the face of malicious intent and specific threats. Examining the fundamentals of trust from these different perspectives and with strong research methodologies can lead to fundamentally new and holistic ways to design, build, and operate future trustworthy cyber systems, protect people and existing cyberinfrastructure, and motivate and educate the professional cybersecurity workforce and the general public.
The SaTC 2.0 program welcomes proposals that address trust in cyberspace, drawing on expertise in one or more of these areas: computer and information science and engineering; education; mathematics; statistics; and social, behavioral, and economic sciences. Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both welcome. Proposals whose security science exposes underlying principles having predictive value that extend across different security domains and are resilient against strong, adaptive attackers are preferred over those that are limited to a single platform, technology, or system, or that offer ad-hoc solutions that are not generalizable.
The SaTC 2.0 program spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU). Proposals must be submitted pursuant to one of the following designations, each of which may have additional requirements:
- RES: This designation is the focuse of the SaTC 2.0 research program.
- EDU: The Education (EDU) designation is used to label proposals focusing on cybersecurity and/or privacy education and training.
- SEED: This designation is intended for special topics defined by accompanying Dear Colleague Letters.
The focus of each designation is described below:
Secure and Trustworthy Cyberspace 2.0 Research (RES) Designation:
Projects with budgets above $600,000 have additional requirements. RES proposals may include an optional Transition to Education (TTE) plan with a budget allocation of up to $50,000 within the RES total budget request to co-evolve novel educational initiatives in the context of the proposed research.
All RES proposals should (a) clearly articulate the notion of trust that the research will focus on; (b) include a clear and concise description of the specific risk(s), malicious intent or applicable threat scenario or model that the proposed research addresses; (c) discuss the generalizable contributions that will be developed beyond the state of the art (theories, research methods, empirical understanding, capabilities, tools and datasets, or other contributions appropriate to the project and the intellectual communities the project speaks to); and (d) discuss evaluation, reproducibility, trade-offs, and countermeasures involved in the project as appropriate.
Projects are expected to include, but not be limited to, expertise in one or more the following research disciplines that correspond to the core building blocks of cyberspace: algorithms; artificial intelligence; compilers; communication networks; cryptography; data science; economics; ethics; formal methods; hardware security architecture and design; human centered computing; law and policy; machine learning; mathematics; programming languages; quantum and other emerging computing models and architectures; social and behavioral sciences; software; statistics; and systems. Broad topics of interest include computing and communication systems; foundations; human aspects; information ecosystems; and cybersecurity and artificial intelligence.
Proposers who choose to submit a Transition to Education plan as part of their SaTC 2.0 RES research proposal must describe how successful research outcomes will be transitioned into an educational setting for formal or informal learning.
Cybersecurity Education (EDU) Project Designation:
The EDU designation is interested in innovative inquiries into and the development of evidence-based and evidence-generating approaches that will improve cybersecurity education and workforce development at the K-12, undergraduate, graduate, and professional education levels; and/or develop cybersecurity awareness that promotes safe online behavior across all age groups. EDU proposals must directly contribute to the development of foundational cyber skills or transformation of cybersecurity education in terms of scope, mechanism, methods, tools, and engagement of diverse learners through traditional or non-traditional approaches.
Competitive proposals submitted to the EDU designation will leverage results from basic and/or applied research in cybersecurity and student learning, both in terms of intellectual merit and broader impacts, and will articulate how they will address the challenge of expanding existing educational opportunities and resources in cybersecurity and/or privacy. This may include, but is not limited to, the following efforts:
- Conduct research that enhances the teaching and learning of cybersecurity, privacy and trust at K-12 and post-secondary levels;
- Based on the findings of basic and applied research in cybersecurity, define a cybersecurity body of knowledge and establish curricular activities for new course modules and educational pathways leading to wide dissemination and adoption;
- Research approaches to increasing undergraduate and graduate enrollment in cybersecurity and produce more cybersecurity professionals and practitioners;
- Investigate approaches to develop a cybersecurity workforce, including research and development workforce, in critical areas, such as secure software design and development, trustworthy AI development and usage, human- centered approaches to building secure systems, quantum computing, memory safety techniques, formal methods, advanced manufacturing, aerospace, microelectronics, and advanced wireless technologies;
- Design and implement new skill-based approaches, such as hands-on learning experiences, competitions, certifications, micro-credentials, and alignment with national and industry standards;
- Create innovative and scalable strategies to increase the number of cybersecurity faculty in institutions of higher education and K-12 schools;
- Develop approaches to support institutional collaborations between community colleges and four-year colleges and universities
- Cultivate digital literacy to ensure correct and safe online behavior for everyone;
- Integrate cybersecurity, privacy, and trust concepts into educational opportunities for learners of all ages;
- Design and develop instructional strategies to align cybersecurity education and workforce development with the NICE Cybersecurity Workforce Framework and make them more diverse, inclusive and culturally responsive;
- Investigate effective and ethical use of AI and automation in cybersecurity and privacy education; and
- Evaluate the effectiveness of learning, outreach, and retention methods and activities.
Seedling (SEED) Project Designation:
The SEED designation is intended for special topic areas to be defined by accompanying Dear Colleague Letters (DCLs) while this solicitation is in effect. The total budget for SEED projects is limited to $300,000, with durations of up to two years. The associated DCLs will solicit proposal submissions in specified topic areas within a specified time frame. Investigators seeking to submit SEED proposals in response to a DCL may be required to (a) submit concept outlines (as described in the PAPPG Chapter I.D.1) to be evaluated by the SaTC 2.0 Program and invited for proposal submission; or (b) have a specific team composition intended to foster multi- and/or interdisciplinary research.
Previous recipients can be viewed online at https://www.nsf.gov/awardsearch/advancedSearchResult?ProgEleCode=806000&BooleanElement=Any&BooleanRef=Any&ActiveAwards=true#results
All projects with a total budget greater than $600,000 that include an organization (department, school, or institute) that primarily carries out research and education in computer science, computer engineering, information science, and/or other closely related fields, must include a Broadening Participation in Computing (BPC) plan. CISE encourages the use of the resources available at the NSF-funded BPCnet Resource Portal (https://bpcnet.org). BPCnet provides BPC project and departmental plan templates, suggested activities, and opportunities for consultant services, and publicly available data to support PIs and Departments in creating their BPC Plans. CISE encourages PIs to leverage departmental plans verified by BPCnet to coordinate efforts within their institution. BPC plans must include roles for all PIs and co-PIs and be included as a Supplementary Document, following the guidelines as described in the Proposal Preparation Instructions. A meaningful BPC plan can answer positively to the following questions:
In addition to a BPC plan, all proposals with more than one investigator and a total of more than $600,000 must include a Collaboration Plan of up to 2 pages. The length of and degree of detail provided in the Collaboration Plan should be commensurate with the complexity of the proposed project. Where appropriate, the Collaboration Plan might include:
All RES and SEED proposals must include a prioritized list of 1-6 keywords that describe the general area(s) of the investigation, to assist in identifying reviewers with appropriate knowledge and expertise to review the proposal. The first keyword must (and other keywords may) be drawn from the following list of topic areas that correspond to key areas of study: