Washington, DC - Cyberattacks on corporations, agencies, national infrastructure and individuals have exposed the fragility and vulnerability of the internet and networked systems. Achieving truly secure cyberspace requires addressing both the technical vulnerabilities in systems, as well as those that arise from human behaviors and choices.
Today, the National Science Foundation (NSF) announced $76 million in research grants through its Secure and Trustworthy Cyberspace (SaTC) program to study the scientific, engineering and socio-technical aspects of cybersecurity. The grants support 241 projects across 36 states and 129 institutions, and touch on all aspects of the field. These include hardware, software, network security, human incentives and behaviors, and the integration of computation with the physical world.
"Examining the fundamentals of security and privacy from a multidisciplinary, sociotechnical perspective can lead to fundamentally new ways to design, build and operate cyber systems, protect existing infrastructure, and motivate and educate individuals about cybersecurity," said Jim Kurose, NSF assistant director for Computer and Information Science and Engineering.
The program is inspired by and aligned with two new strategic plans that the administration released in 2016: the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy. Both are dedicated to protecting and preserving the growing social and economic benefits of cyber systems while ensuring security and privacy.
The SaTC program takes an interdisciplinary, comprehensive approach to cybersecurity research, development and education. It also encourages the transition of promising research ideas into practice.
In addition to supporting computer science and engineering research, this year's SaTC awards emphasize the fundamental mathematics at the core of cybersecurity.
"Improvements in the statistical and mathematical sciences can have a major impact on many aspects of cybersecurity from cryptography and risk assessments to privacy methods and encryption that is resistant to classical and quantum attacks," said Fleming Crim, NSF assistant director for Mathematical & Physical Sciences.
The program also emphasizes the need for sociotechnical approaches that consider human, social, organizational and economic factors involved in the creation, maintenance and operation of secure systems and infrastructure.
"No solution for securing cyberspace is complete without the integration of research that examines how people -- from the users of internet commerce to the attackers who endanger networks -- behave in the complicated systems that constitute the internet," said Fay Lomax Cook, NSF assistant director for Social, Behavioral & Economic Sciences. "Technology and behavior are intrinsically linked in the world of cybersecurity, and NSF's support for interdisciplinary research reflects that."
Three new large projects, each supported by $3 million grants, will investigate emerging areas of interest: the relationship between the Internet of Things and humans, the development of verifiably secure hardware, and cryptographic methods to improve privacy. They include:
- Living in the Internet of Things. L. Jean Camp, Indiana University; Tadayoshi Kohno, University of Washington.
- Verifiable Hardware: Chips that Prove their Own Correctness. Abhi Shelat, University of Virginia; Siddharth Garg, New York University; Michael Taylor, University of California, San Diego; Mariana Raykova, Yale University; Rosario Gennaro, CUNY City College.
- Computing Over Distributed Sensitive Data. Yaacov Nissim Kobliner, Harvard University; Marco Gaboardi, University of Buffalo.
Several SaTC projects involve engagement with industry through Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS), a collaboration between NSF and the Semiconductor Research Corporation (SRC). Others were submitted under the SaTC Transition to Practice designation, for projects focusing on transitioning existing research results to practice.
The awards are part of a portfolio of approximately $160 million invested in cybersecurity research across the agency in Fiscal Year 2016.