NSF unveils new cybersecurity research initiative

The National Science Foundation (NSF) on Wednesday announced a new program stemming in part from a mandate in a law on cybersecurity research and development that charges the agency with promoting computer-security research.

"NSF's cybersecurity mission primarily is to ensure the health of research enterprises at American universities," said Carl Landwehr, NSF's program director for cyber trust. "We have no mission to protect a particular piece of infrastructure, but this is an area where we need more research and trained people. The research will foster ideas and create the talent pool that is needed."

He noted that the new program allocating $30 million is in part NSF's response to the 2002 act requiring NSF and the National Institute of Standards and Technology to foster new computer-security research. The "cyber trust" R&D program will fund up to three research-center-level collaborations between industry and academia, as well as individual "single investigator" and team awards.

Landwehr said the program is funded partly from the NSF's "trusted computing" program for managing privacy and security and other plans already in place, "and I am reasonably confident we will have the money to spend," he said. NSF officials said the bulk of the $30 million has been allocated, but portions will be contingent on fiscal 2004 appropriations.

Landwehr added that NSF and the Homeland Security Department already are collaborating on cybersecurity research, including a recent grant to the University of Southern California and University of California at Berkeley to create a network test bed to practice defending against computer attacks.

The cyber-trust program is seeking proposals in the areas of fundamental research, multi-disciplinary research, and education and workforce development. All will be subject to the foundation's peer-review process and the availability of funds.

Fundamental research covers cutting-edge technology in trustworthy computing, evaluation and certification methods, efforts to prevent attacks that deny service by bombarding networks with activity, and long-term data-archiving technology.

Multidisciplinary research will cover the social, legal and ethical, and economic compromises that impact the design and operation of secure network systems. Education and workforce development projects will address the training of system operators.

Research center grants require a letter of intent to be submitted by Jan. 23 and an application by March 31. The deadline for single investigators and team proposals is March 3.