What are the Opportunities Available to Obtain Federal Research

Report
What are the
Opportunities Available
to Obtain Federal
Research Funding
Douglas Maughan
Division Director, Cyber Security Division
Homeland Security Advanced Research Projects Agency (HSARPA)
Science and Technology (S&T) Directorate
Department of Homeland Security (DHS)
Obtaining Federal Research Funding
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
Comprehensive National Cybersecurity
Initiative (CNCI)
Establish a front line of defense
Reduce the Number of
Trusted Internet
Connections
Deploy Passive
Sensors Across
Federal Systems
Pursue Deployment of
Automated Defense
Systems
Coordinate and
Redirect R&D Efforts
Resolve to secure cyberspace / set conditions for long-term success
Connect Current
Centers to Enhance
Situational Awareness
Develop Gov’t-wide
Counterintelligence
Plan for Cyber
Increase Security of
the Classified
Networks
Expand Education
Shape future environment / secure U.S. advantage / address new threats
Define and Develop
Enduring Leap Ahead
Technologies,
Strategies & Programs
Define and Develop
Enduring Deterrence
Strategies & Programs
Manage Global
Supply Chain Risk
Cyber Security in
Critical Infrastructure
Domains
http://cybersecurity.whitehouse.gov
4
Federal Cybersecurity
Research and Development
Program: Strategic Plan
Federal Cybersecurity R&D
Strategic Plan
Research Themes
Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY12)
Science of Cyber Security
Transition to Practice
Technology Discovery
Test & Evaluation / Experimental Deployment
Transition / Adoption / Commercialization
Support for National Priorities
Released Dec 6, 2011
http://www.whitehouse.gov/blog/2011/12/06/
federal-cybersecurity-rd-strategic-planreleased
Health IT, Smart Grid, NSTIC (Trusted
Identity), NICE (Education), Financial Services
Federal Cybersecurity Research
Community
Agency / Org
Research Agenda
Researchers
Customers /
Consumers
National Science
Foundation (NSF)
Broad range of cyber security
topics; Several academic centers
Academics and NonProfits
Basic Research - No
specific customers
Defense Advanced
Research Projects
Agency (DARPA)
Mostly classified; unclassified
topics are focused on MANET
solutions
Few academics; large
system integrators;
research and government
labs
Mostly DOD; most
solutions are GOTS, not
COTS
National Security Agency
(NSA)
SELinux; Networking theory;
CAEIAE centers
Mostly in-house
Intelligence community;
some NSA internal; some
open source
Intelligence Advanced
Research Projects
Agency (IARPA)
Accountable Information Flow
(AIF); Large Scale System
Defense (LSSD); Privacy
Protection Technologies (PPT)
Mostly research labs,
system integrators, and
national labs; Some
academics
Intelligence community
Department of Homeland
Security (DHS) S&T
All unclassified; Secure Internet
Protocols; Process Control
Systems (PCS), Emerging
Threats, Insider Threat, Cyber
Forensics; Open Security
Technologies, Next Generation
Technologies
Blend of academics,
research and government
labs, non-profits, private
sector and small business
DHS Components
(including NPPD, NCSC,
USCG, FLETC and
USSS); CI/KR Sectors;
USG and Internet
How to increase your success rate
Understand your client
1. Federal agencies have distinctly different characters
2. Different missions
3. Different processes
Federal agencies are not charities
1. Money is appropriated to them for specific purposes
2. You will be more successful if you can explain why
your proposed R&D supports their mission
Federal R&D Process
Planning
• Identify requirements
• Develop program plan and allocate resources
• Communicate plans and priorities to technical
community
Solicitation
• Posting Solicitations
• Solicitation Process – White Papers
• Submitting proposals
Contract
• Different programs demand
different contract vehicles
• Flexibility used to match mission
Execution
• Programs tailored to meet
unique conditions of
objectives
• Active interaction with
performers
Federal R&D Programs
A program is led by a Program Manager(PM)
A program will have:
1. Specific Technology Objectives aligned with customer
needs; some will have a significant operational impact
2. Plan to move from current level of technical maturity to a
higher level (e.g., For DOD it’s TRLs – Technology
Readiness Levels)
3. A technical approach indicating how the objectives will be
achieved
4. A program structure indicating how the PM has deployed
resources (time, money, executors) to achieve the
objectives
5. Deliverables
6. Transition Strategy/Technology Development Path
Mechanics of Proposing R&D
1. Find agencies with closest mission match
2. Identify R&D element(s) within the agencies
3. Look for existing R&D solicitations (Money already
exists for these efforts!)
4. Do your homework (LOOK AT PREVIOUS
SOLICITATIONS, read websites, workshop results, and
any presentations on your target program solicitation)
5. Respond to solicitation carefully – meet all
administrative requirements and make sure your R&D
matches the stated program needs
6. If no solicitation, contact R&D PM. Explain relevance to
his/her mission. Be patient. Be persistent.
Contracting Vehicles
The Government has a range of contracting
vehicles to match programmatic needs and
contractor character.
1. Grants
2. Contracts
3. Cooperative agreements
4. Other Transactions for Research or Prototypes
Allows government to deal with non-traditional contractors who have
desirable technologies, but do not want to keep “Government books”
Must comply with “generally acceptable accounting principles”
R&D Proposals
Team approach (technical & business)
Consider hiring government contracting specialist
Cost Realism / Price Analysis
Past Performance
Contract Types for R&D
Sticking Point: Financial Audit
If you’ve never had a government contract, consider talking with
DCAA sooner rather than later.
DCAA = Defense Contract Audit Agency
Helpful Contracting Websites
http://www.dcaa.mil/dcaap7641.90.pdf
http://www.sba.gov/services/contractingopportunities
http://farsite.hill.af.mil
http://acquisition.gov/far/index.html
Programs for U. S. Small Business
Small Business Innovation Research
(SBIR)
2.5%
Set-aside program for small business concerns to engage in
federal R&D -- with potential for commercialization
Small Business Technology Transfer
(STTR)
Set-aside program to facilitate cooperative R&D between
small business concerns and research institutions -- with
potential for commercialization
.3%
SBIR - A 3 Phase Program
PHASE I
• Feasibility Study
• $100K (in general) and 6 month effort (amounts are changing)
PHASE II
• Full Research/R&D
• $750K and 24 month effort (amounts are changing)
• Commercialization plan required
PHASE III
• Commercialization Stage
• Use of non-SBIR Funds
Which Government Agencies?
Both SBIR/STTR
1.
2.
3.
4.
5.
Defense
Health & Human Services
NASA
DOE
NSF
SBIR only
1.
2.
3.
4.
5.
6.
7.
DHS
DOA
DOC
ED
EPA
DOT
NIH
Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
Agency Differences
ALWAYS CHECK WITH
AGENCIES
Added Bonus - Cost Match
Allows small businesses to seek additional funding for Phase II
projects from non-SBIR sources
Minimum of $100,000 to maximum of $500,000 of outside funding
Matched by DHS SBIR up to $250,000 in a 1:2 ratio
Additional funds require additional scope – need to either add R&D on
SBIR contract or other development and commercialization
activities (or some of both)
Cost match is a motivator for, and an indicator of, commercial
potential
DHS SBIR Phase I
Data from 14 Competitions through FY10.2*
WA
51/12
MT
9/2
OR
22/5
ID
8/0
WY
2/0
NV
17/1
CA
535/104
UT
28/7
AZ
46/10
ND
1/0
MN
41/7
IA
4/0
KS
6/1
OK
10/3
NM
42/7
TX
140/23
AK
3/1
WI
13/2
SD
2/0
NE
7/1
CO
68/10
VT
10/1
MO
19/2
AR
3/0
NY
101/28
MI
70/9
IN
IL
49/6 35/3
OH
49/1
PA 63/8
MA 269/55
RI 7/1
CT 47/8
NJ 69/6
WV
10/1 VA
239/35
KY 10/1
NC 32/5
TN 19/1
SC
8/1
GA
AL
MS
39/3
5/0 48/7
DE 9/0
MD 169/23
DC 6/0
LA
19/2
FL
93/11
HI
17/3
NH
25/6 ME
11/0
Total Phase I
Submissions/Awards
2,608/423
* Includes STTR data
PR 3/0
Small Business Innovative Research (SBIR)
Important program for creating new innovation and
accelerating transition into the marketplace
Since 2004, DHS S&T Cyber Security has had:
63 Phase I efforts
28 Phase II efforts
5 Phase II efforts currently in progress
9 commercial/open source products available
Four acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008
Endeavor Systems (VA) acquired by McAfee in January 2009
Solidcore (CA) acquired by McAfee in June 2009
HBGary (CA) acquired by ManTech in February 2012
Useful Web Sites and
DHS S&T Directorate SBIR Point of Contact
Useful Web Sites
 https://sbir.dhs.gov
 www.baa.st.dhs.gov
 www.dhs.gov
 www.dhs.gov/xopnbiz/
 www.fedbizopps.gov
 www.sbir.gov
Elissa (Lisa) Sobolewski
DHS SBIR Program Director
[email protected]
(202) 254-6768
S&T SBIR Program Email:
[email protected]
Broad Agency Announcement (BAA)
https://baa2.st.dhs.gov
Delivers both near-term and medium-term solutions
1. To develop new and enhanced technologies for the detection of,
prevention of, and response to cyber attacks on the nation’s critical
information infrastructure, based on customer requirements
2. To perform research and development (R&D) aimed at improving the
security of existing deployed technologies and to ensure the security of
new emerging cybersecurity systems;
3. To facilitate the transfer of these technologies into operational
environments.
Proposals Received According to 3 Levels of Technology Maturity
Type I (New Technologies)
 Applied Research Phase
 Development Phase
 Demo in Op Environ.
 Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies)
 More Mature Prototypes
 Development Phase
 Demo in Op Environ.
 Funding ≤ $2M & 24 mos.
Type III (Mature Technologies)
 Mature Technology
 Demo Only in Op Environ.
 Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test,
Evaluation, and Pilot deployment in
DHS “customer” environments
BAA 11-02 Technical Topic Areas (TTAs)
TTA-1
Software Assurance
DHS, FSSCC
TTA-2
Enterprise-Level Security Metrics
DHS, FSSCC
TTA-3
Usable Security
DHS, FSSCC
TTA-4
Insider Threat
DHS, FSSCC
TTA-5
Resilient Systems and Networks
DHS, FSSCC
TTA-6
Modeling of Internet Attacks
DHS
TTA-7
Network Mapping and Measurement
DHS
TTA-8
Incident Response Communities
DHS
TTA-9
Cyber Economics
CNCI
TTA-10
Digital Provenance
CNCI
TTA-11
Hardware-Enabled Trust
CNCI
TTA-12
Moving Target Defense
CNCI
TTA-13
Nature-Inspired Cyber Health
CNCI
TTA-14
Software Assurance MarketPlace (SWAMP)
S&T
 1003 White Papers
 224 Full Proposals encouraged
 Expected awards in Aug 2012
DHS S&T Long Range
Broad Agency Announcement (LRBAA) 12-07
S&T seeks R&D projects for revolutionary, evolving, and maturing
technologies that demonstrate the potential for significant
improvement in homeland security missions and operations
Offerors can submit a pre-submission inquiry prior to White Paper
submission that is reviewed by an S&T Program Manager
CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE
LRBAA 12-07 Closes on 12/31/12 at 11:59 PM
S&T BAA Website: https://baa2.st.dhs.gov
Additional information can be found on the Federal Business
Opportunities website (www.fbo.gov) (Solicitation #:DHSSTLRBAA12-07)
LRBAA Summary Listing
CSD.01 – Comprehensive National
Cybersecurity Initiative and Federal
R&D Strategic Plan topics
CSD.09 – Cyber security
competitions and education and
curriculum development.
CSD.02 – Internet Infrastructure
Security
CSD.10 – Process Control Systems
and Critical Infrastructure Security
CSD.03 – National Research
Infrastructure
CSD.11 – Internet Measurement and
Attack Modeling
CSD.04 –Homeland Open Security
Technology
CSD.12 – Securing the mobile
workforce
CSD.05 – Forensics support to law
enforcement
CSD.13 - Security in cloud based
systems
CSD.06 – Identity Management
CSD.14 – Experiments –
Technologies developed through
federally funded research requiring
test and evaluation in experimental
operational environments to
facilitate transition.
CSD.07 – Data Privacy and
Information Flow technologies
CSD.08 – Software Assurance
A Roadmap for Cybersecurity Research
http://www.cyber.st.dhs.gov
1.
2.
3.
4.
5.
6.
7.
8.
Scalable Trustworthy Systems
Enterprise Level Metrics
System Evaluation Lifecycle
Combatting Insider Threats
Combatting Malware and Botnets
Global-Scale Identity Management
Survivability of Time-Critical Systems
Situational Understanding and Attack
Attribution
9. Information Provenance
10. Privacy-Aware Security
11. Usable Security
Summary
Learn about the agencies, their missions,
and meet the Program Managers
Build your team to deliver – consider
including contracting personnel
Understand the opportunities – SBIR, STTR,
BAA, CNCI R&D, RFP (not discussed in this
presentation)
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
[email protected]
202-254-6145 / 202-360-3170
For more information, visit
http://www.cyber.st.dhs.gov

similar documents