Today, the National Science Foundation (NSF) announced $74.5 million in funding for foundational research and education that aims to address the growing cybersecurity challenge. This investment, through the NSF Secure and Trustworthy Cyberspace (SaTC) program, is critical to achieving a safe, secure, resilient and trustworthy cyberspace, including associated critical infrastructure such as the energy grid and transportation systems.
"The Secure and Trustworthy Cyberspace program is poised to strengthen our nation's competitive edge through safer and more secure cyber systems, and to develop the knowledge base that will lead to a well-trained cyber workforce," said Jim Kurose, NSF assistant director for Computer and Information Science and Engineering (CISE). "Safeguarding cyberspace requires a wealth of expertise from many disciplines, and we are especially excited about the interdisciplinary, highly collaborative nature of this portfolio across a wide range of research areas."
The SaTC program aims to maximize the growing economic and societal benefits of computing and communication systems by ensuring their security and privacy. While this goal may seem simple at the surface, securing cyber systems and maintaining information privacy has proven quite challenging. The interplay of system vulnerabilities and human behaviors and motivations has resulted in countless instances of attacks, damage and unauthorized access, costing billions of dollars annually in recent years.
"The cutting-edge research in these proposals investigates not only technical solutions to cybersecurity but also the critically important element of people and their behavior," said Fay Cook, assistant director for Social, Behavioral and Economic Sciences (SBE).
To address this challenge, NSF is issuing 214 awards to researchers to pursue a broad range of research areas, including access control and identity management, cryptography, intrusion detection, human interaction and usability, network topology and other areas. NSF's SaTC investment spans activities that further foundational research, nurture a capable, next-generation cyber workforce, and accelerate the transition of research innovations to practice and useful products.
This year's awards build upon a long history of innovations that have resulted from previous NSF funding of cybersecurity and privacy research, including encryption algorithms that form the basis for all electronic commerce; tools that detect software bugs; and methods that enable identification of the technological, economic and social vulnerabilities underlying spam email and other cybercrime.
Among the awards being announced are the following three large projects with budgets ranging from $1.4 million to $3 million each over five years:
- Viaduct: A Framework for Automatically Synthesizing Cryptographic Protocols, Andrew Myers, Cornell University
This project will explore how to bridge the gap between the security goals of software developers and the lower-level functionality for end users offered by hardware and cryptography protocols.
- Accountable Information Use: Privacy and Fairness in Decision-Making Systems, Anupam Datta, Carnegie Mellon University
This project is investigating how to ensure data privacy and fairness in automated systems that determine decisions and actions that affect people's lives.
- Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation, Amogh Dhamdhere, University of California, San Diego
This project is developing methodologies to identify potential weaknesses in the topology of the internet infrastructure, and to quantify the potential impact if attackers were to compromise these critical elements.
Other awards focus on the cybersecurity workforce, including pilot programs for new instructional materials and professional development for teachers.
Reflecting the interdisciplinary nature of cybersecurity, the SaTC program is led by NSF's CISE Directorate, in collaboration with the directorates for Education and Human Resources (EHR), Engineering (ENG), Mathematical and Physical Sciences (MPS), and Social, Behavioral and Economic Sciences (SBE).
The program also includes a partnership with the Semiconductor Research Consortium (SRC), focused on the security of hardware systems.
The awards announced today are part of a portfolio of approximately $160 million invested in cybersecurity research and education across the agency in Fiscal Year 2017.