Security, Privacy, and Trust in Cyberspace

Our world is at a pivotal moment where the boundaries dividing the physical and social worlds from the cyber world have become blurred. Cyberspace has evolved from an interconnected digital environment into a complex and interdependent cyber ecosystem that involves hardware, software, networks, data, people, organizations, countries, and the physical world. Critical functions of everyday life are deeply intertwined with computing, including health, government, commerce, the public sphere, education, critical infrastructure, interpersonal communication, and transportation. The complexity and inter-dependencies in cyberspace can be misused and exploited by malicious actors. These in turn can trigger adverse outcomes such as disruption of critical infrastructure and systems; theft of intellectual property and sensitive data; amplification of inequalities; disclosure of private information of individuals, organizations, and governments; and threats to lives, livelihoods, and reputations. Furthermore, constant attacks on the data and assets of corporations, governments, and individuals undermine people’s trust in decision-making and processes that depend critically on these cyber systems.

The Security, Privacy, and Trust in Cyberspace (SaTC 2.0) program aims to build trust in global cyber ecosystems. Trust is the core tenet of this program and, for the purposes of this solicitation, is broadly defined to include our confidence in the security, privacy, and resilience of cyberspace, particularly in the face of malicious intent. Achieving this level of confidence in cyberspace requires not only understanding the vulnerabilities in a system that could be exploited and how they can be addressed, but also understanding the social and technical dimensions of trust in cyber systems, along with the educational efforts needed to increase public awareness of risks in cyberspace, and building a well-trained corps of privacy and security professionals.


SaTC 2.0 spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU). Proposals must be submitted pursuant to one of the following designations, each of which may have additional requirements:


RES: The Research (RES) designation is the focus of the multidisciplinary SaTC 2.0 research program. RES projects are limited to $1,200,000 in total budget, with durations of up to four years. Proposals with a total budget of more than $600,000 have additional requirements including Broadening Participation in Computing and collaboration plans. RES proposals may include an optional Transition to Education (TTE) plan with a budget up to $50,000 (within the RES total budget request) to co-evolve novel educational initiatives in the context of the proposed research.
EDU: The Education (EDU) designation is used to identify proposals focusing on education and workforce training in building trust in security, privacy, and resilience of cyberspace. EDU proposals are limited to $500,000 in total budget, with durations of up to three years. EDU proposals that primarily focus on education research with demonstrated collaboration, as reflected in the PI team between cybersecurity subject matter experts and education researcher(s), may request an additional $100,000 beyond the $500,000 limit.
SEED: The Seedling (SEED) category is intended for special topics defined by accompanying Dear Colleague Letters. SEED projects are limited to $300,000 in total budget, with durations of up to two years.

Our world is at a pivotal moment where the boundaries dividing the physical and social worlds from the cyber world have become blurred. Cyberspace has evolved from an interconnected digital environment into a complex and interdependent cyber ecosystem that involves hardware, software, networks, data, people, organizations, countries, and the physical world. Critical functions of everyday life are deeply intertwined with computing, including health, government, commerce, the public sphere, education, critical infrastructure, interpersonal communication, and transportation. The complexity and inter-dependencies in cyberspace can be misused and exploited by malicious actors. These in turn can trigger adverse outcomes such as disruption of critical infrastructure and systems; theft of intellectual property and sensitive data; amplification of inequalities; disclosure of private information of individuals, organizations, and governments; and threats to lives, livelihoods, and reputations. Furthermore, constant attacks on the data and assets of corporations, governments, and individuals undermine people’s trust in decision-making and processes that depend critically on these cyber systems.

The Security, Privacy, and Trust in Cyberspace (SaTC 2.0) program aims to build trust in global cyber ecosystems. Trust is the core tenet of this program and, for the purposes of this solicitation, is broadly defined to include our confidence in the security, privacy, and resilience of cyberspace, particularly in the face of malicious intent. Achieving this level of confidence in cyberspace requires not only understanding the vulnerabilities in a system that could be exploited and how they can be addressed, but also understanding the social and technical dimensions of trust in cyber systems, along with the educational efforts needed to increase public awareness of risks in cyberspace, and building a well-trained corps of privacy and security professionals.


SaTC 2.0 spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU). Proposals must be submitted pursuant to one of the following designations, each of which may have additional requirements:

• RES: The Research (RES) designation is the focus of the multidisciplinary SaTC 2.0 research program. RES projects are limited to $1,200,000 in total budget, with durations of up to four years. Proposals with a total budget of more than $600,000 have additional requirements including Broadening Participation in Computing and collaboration plans. RES proposals may include an optional Transition to Education (TTE) plan with a budget up to $50,000 (within the RES total budget request) to co-evolve novel educational initiatives in the context of the proposed research.


• EDU: The Education (EDU) designation is used to identify proposals focusing on education and workforce training in building trust in security, privacy, and resilience of cyberspace. EDU proposals are limited to $500,000 in total budget, with durations of up to three years. EDU proposals that primarily focus on education research with demonstrated collaboration, as reflected in the PI team between cybersecurity subject matter experts and education researcher(s), may request an additional $100,000 beyond the $500,000 limit.


• SEED: The Seedling (SEED) category is intended for special topics defined by accompanying Dear Colleague Letters. SEED projects are limited to $300,000 in total budget, with durations of up to two years.

*Who May Submit Proposals: Proposals may only be submitted by the following:
-Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U.S. that are directly associated with educational or research activities.
-Institutions of Higher Education (IHEs): Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members. Special Instructions for International Branch Campuses of US IHEs: If the proposal includes funding to be provided to an international branch campus of a US institution of higher education (including through use of sub-awards and consultant arrangements), the proposer must explain the benefit(s) to the project of performance at the international branch campus, and justify why the project activities cannot be performed at the US campus.

*Who May Serve as PI:

As of the date the proposal is submitted, any PI, co-PI, or other Senior/Key project personnel must hold either:

• a tenured or tenure-track position, or


• a primary, full-time, paid appointment in a research or teaching position

at a US-based campus of an organization eligible to submit to this solicitation (see above), with exceptions granted for family or medical leave, as determined by the submitting organization. Individuals with primary appointments at for-profit non-academic organizations or at overseas branch campuses of U.S. institutions of higher education are not eligible.