Upload
linda-hicks
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
What are the Opportunities Available
to Obtain Federal Research Funding
Douglas MaughanDivision Director, Cyber Security Division
Homeland Security Advanced Research Projects Agency (HSARPA)
Science and Technology (S&T) Directorate
Department of Homeland Security (DHS)
Obtaining Federal Research Funding
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
4
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across
Federal Systems
Pursue Deployment of Automated Defense
Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
NetworksExpand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
http://cybersecurity.whitehouse.gov
Federal Cybersecurity Research and Development
Program: Strategic Plan
Federal Cybersecurity R&D Strategic PlanResearch Themes
Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY12)
Science of Cyber Security
Transition to PracticeTechnology Discovery
Test & Evaluation / Experimental Deployment
Transition / Adoption / Commercialization
Support for National PrioritiesHealth IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services
Released Dec 6, 2011http://www.whitehouse.gov/blog/2011/12/06/federal-cybersecurity-rd-strategic-plan-released
Federal Cybersecurity Research Community
Agency / Org Research Agenda ResearchersCustomers / Consumers
National Science Foundation (NSF)
Broad range of cyber security topics; Several academic centers
Academics and Non-Profits
Basic Research - No specific customers
Defense Advanced Research Projects Agency (DARPA)
Mostly classified; unclassified topics are focused on MANET solutions
Few academics; large system integrators; research and government labs
Mostly DOD; most solutions are GOTS, not COTS
National Security Agency (NSA)
SELinux; Networking theory; CAEIAE centers
Mostly in-house Intelligence community; some NSA internal; some open source
Intelligence Advanced Research Projects Agency (IARPA)
Accountable Information Flow (AIF); Large Scale System Defense (LSSD); Privacy Protection Technologies (PPT)
Mostly research labs, system integrators, and national labs; Some academics
Intelligence community
Department of Homeland Security (DHS) S&T
All unclassified; Secure Internet Protocols; Process Control Systems (PCS), Emerging Threats, Insider Threat, Cyber Forensics; Open Security Technologies, Next Generation Technologies
Blend of academics, research and government labs, non-profits, private sector and small business
DHS Components (including NPPD, NCSC, USCG, FLETC and USSS); CI/KR Sectors; USG and Internet
How to increase your success rateHow to increase your success rate
Understand your client 1. Federal agencies have distinctly different characters
2. Different missions
3. Different processes
Federal agencies are not charities 4. Money is appropriated to them for specific purposes
5. You will be more successful if you can explain why your proposed R&D supports their mission
• Identify requirements • Develop program plan and allocate resources• Communicate plans and priorities to
technical community
• Posting Solicitations• Solicitation Process – White Papers• Submitting proposals
• Different programs demand different contract vehicles
• Flexibility used to match mission
• Programs tailored to meet unique conditions of objectives
• Active interaction with performers
Execution
Contract
Solicitation
Planning
Federal R&D Process
Federal R&D Programs
A program is led by a Program Manager(PM)
A program will have:
1. Specific Technology Objectives aligned with customer needs; some will have a significant operational impact
2. Plan to move from current level of technical maturity to a higher level (e.g., For DOD it’s TRLs – Technology Readiness Levels)
3. A technical approach indicating how the objectives will be achieved
4. A program structure indicating how the PM has deployed resources (time, money, executors) to achieve the objectives
5. Deliverables
6. Transition Strategy/Technology Development Path
Mechanics of Proposing R&D
1. Find agencies with closest mission match
2. Identify R&D element(s) within the agencies
3. Look for existing R&D solicitations (Money already exists for these efforts!)
4. Do your homework (LOOK AT PREVIOUS SOLICITATIONS, read websites, workshop results, and any presentations on your target program solicitation)
5. Respond to solicitation carefully – meet all administrative requirements and make sure your R&D matches the stated program needs
6. If no solicitation, contact R&D PM. Explain relevance to his/her mission. Be patient. Be persistent.
Contracting Vehicles
The Government has a range of contracting vehicles to match programmatic needs and contractor character.
1. Grants
2. Contracts
3. Cooperative agreements
4. Other Transactions for Research or PrototypesAllows government to deal with non-traditional contractors who have desirable technologies, but do not want to keep “Government books”Must comply with “generally acceptable accounting principles”
R&D Proposals
Team approach (technical & business)Consider hiring government contracting specialist
Cost Realism / Price Analysis
Past Performance
Contract Types for R&D
Sticking Point: Financial AuditIf you’ve never had a government contract, consider talking with
DCAA sooner rather than later.
DCAA = Defense Contract Audit Agency
Helpful Contracting Websites
http://www.dcaa.mil/dcaap7641.90.pdf
http://www.sba.gov/services/contractingopportunities
http://farsite.hill.af.mil
http://acquisition.gov/far/index.html
Programs for U. S. Small Business
Small Business Innovation Research (SBIR)
Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization
Small Business Technology Transfer (STTR)
Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization
2.5%
.3%
PHASE I • Feasibility Study • $100K (in general) and 6 month effort (amounts are changing)
PHASE III• Commercialization Stage• Use of non-SBIR Funds
PHASE II• Full Research/R&D• $750K and 24 month effort (amounts are changing)• Commercialization plan required
SBIR - A 3 Phase Program
Which Government Agencies?
Both SBIR/STTR1. Defense
2. Health & Human Services
3. NASA
4. DOE
5. NSF
SBIR only6. DHS
7. DOA
8. DOC
9. ED
10. EPA
11. DOT
12. NIH
Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
Agency DifferencesALWAYS CHECK WITH
AGENCIES
Added Bonus - Cost Match
Allows small businesses to seek additional funding for Phase II
projects from non-SBIR sources
Minimum of $100,000 to maximum of $500,000 of outside funding
Matched by DHS SBIR up to $250,000 in a 1:2 ratio
Additional funds require additional scope – need to either add R&D on
SBIR contract or other development and commercialization
activities (or some of both)
Cost match is a motivator for, and an indicator of, commercial
potential
DHS SBIR Phase IData from 14 Competitions through FY10.2*
MA 269/55
Total Phase I Submissions/Awards
2,608/423
* Includes STTR data
HI 17/3
OR22/5
WA51/12
AK3/1
CA535/104
NV17/1
ID8/0
MT9/2
ND1/0
SD2/0
NE7/1
KS6/1
WY2/0
UT28/7 CO
68/10
AZ46/10 NM
42/7
TX140/23
OK10/3
MN41/7
WI13/2
IA4/0
MO19/2
AR3/0
LA19/2
MI70/9
IL49/6
IN35/3
OH49/1
PA 63/8
KY 10/1
TN 19/1
VA239/35
NC 32/5
SC8/1
GA39/3
FL93/11
AL48/7
MS5/0
WV10/1
NY101/28
ME11/0
NH25/6
VT 10/1
RI 7/1
CT 47/8
NJ 69/6
DE 9/0
MD 169/23
PR 3/0
DC 6/0
Small Business Innovative Research (SBIR)
Important program for creating new innovation and accelerating transition into the marketplace
Since 2004, DHS S&T Cyber Security has had:
63 Phase I efforts
28 Phase II efforts
5 Phase II efforts currently in progress
9 commercial/open source products available
Four acquisitionsKomoku, Inc. (MD) acquired by Microsoft in March 2008Endeavor Systems (VA) acquired by McAfee in January 2009Solidcore (CA) acquired by McAfee in June 2009HBGary (CA) acquired by ManTech in February 2012
Useful Web Sites
https://sbir.dhs.gov
www.baa.st.dhs.gov
www.dhs.gov
www.dhs.gov/xopnbiz/
www.fedbizopps.gov
www.sbir.gov
Useful Web Sites andDHS S&T Directorate SBIR Point of Contact
Elissa (Lisa) SobolewskiDHS SBIR Program [email protected] (202) 254-6768
S&T SBIR Program Email:[email protected]
Broad Agency Announcement (BAA)
https://baa2.st.dhs.govDelivers both near-term and medium-term solutions1. To develop new and enhanced technologies for the detection of,
prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
2. To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
3. To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology Maturity
Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
BAA 11-02 Technical Topic Areas (TTAs)
TTA-1 Software Assurance DHS, FSSCC
TTA-2 Enterprise-Level Security Metrics DHS, FSSCC
TTA-3 Usable Security DHS, FSSCC
TTA-4 Insider Threat DHS, FSSCC
TTA-5 Resilient Systems and Networks DHS, FSSCC
TTA-6 Modeling of Internet Attacks DHS
TTA-7 Network Mapping and Measurement DHS
TTA-8 Incident Response Communities DHS
TTA-9 Cyber Economics CNCI
TTA-10 Digital Provenance CNCI
TTA-11 Hardware-Enabled Trust CNCI
TTA-12 Moving Target Defense CNCI
TTA-13 Nature-Inspired Cyber Health CNCI
TTA-14 Software Assurance MarketPlace (SWAMP) S&T
1003 White Papers
224 Full Proposals encouraged
Expected awards in Aug 2012
DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations
Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager
CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE
LRBAA 12-07 Closes on 12/31/12 at 11:59 PM
S&T BAA Website: https://baa2.st.dhs.gov
Additional information can be found on the Federal Business Opportunities website (www.fbo.gov) (Solicitation #:DHSS-TLRBAA12-07)
CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics
CSD.02 – Internet Infrastructure Security
CSD.03 – National Research Infrastructure
CSD.04 –Homeland Open Security Technology
CSD.05 – Forensics support to law enforcement
CSD.06 – Identity Management
CSD.07 – Data Privacy and Information Flow technologies
CSD.08 – Software Assurance
LRBAA Summary Listing
CSD.09 – Cyber security competitions and education and curriculum development.
CSD.10 – Process Control Systems and Critical Infrastructure Security
CSD.11 – Internet Measurement and Attack Modeling
CSD.12 – Securing the mobile workforce
CSD.13 - Security in cloud based systems
CSD.14 – Experiments – Technologies developed through federally funded research requiring test and evaluation in experimental operational environments to facilitate transition.
A Roadmap for Cybersecurity Research
http://www.cyber.st.dhs.gov
1. Scalable Trustworthy Systems
2. Enterprise Level Metrics
3. System Evaluation Lifecycle
4. Combatting Insider Threats
5. Combatting Malware and Botnets
6. Global-Scale Identity Management
7. Survivability of Time-Critical Systems
8. Situational Understanding and Attack Attribution
9. Information Provenance
10. Privacy-Aware Security
11. Usable Security
Summary
Learn about the agencies, their missions, and meet the Program Managers
Build your team to deliver – consider including contracting personnel
Understand the opportunities – SBIR, STTR, BAA, CNCI R&D, RFP (not discussed in this presentation)
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced Research Projects Agency (HSARPA)
202-254-6145 / 202-360-3170
For more information, visithttp://www.cyber.st.dhs.gov