Mary Ellen Seale National Protection and Programs Directorate May 16, 2012

Transcription

1 Finding & Integrating CyberTech in the U.S. Government Mary Ellen Seale National Protection and Programs Directorate May 16, 2012

2 Obtaining Federal Funding Understanding the Landscape Contracting Small Business Programs Larger R&D Solicitations Summary / Q&A Presenter s Name June 17,

3 Federal Research Community Agency/Org Research Agenda Researchers Customers National Science Foundation (NSF) Broad range of cybersecurity topics; several academic centers Academics and Non-Profits Basic Research no specific customers Defense Advanced Research Projects Agency (DARPA) Mostly classified; unclassified are focused on MANET solutions Few academics; large system integrators; research and government labs Mostly DoD; most solutions are GOTS, not COTS National Security Agency (NSA) SE Linux; Networking theory; CAEIAE centers Mostly in-house Intelligence community; some NSA internal, some open source Intelligence Advanced Research Projects Agency (IARPA) Accountable Information Flow; Large Scale System Defense; Privacy Protection Technologies Mostly research labs, system integrators, national labs; some academics Intelligence community Department of Homeland Security (DHS) All unclassified; secure Internet protocols; process control systems, Emerging Threats; Insider Threats; Cyber Forensics; Open Security Technologies; Next Generation Technologies Blend of academics, research & government labs, non-profits, private sector and small business DHS Components (including NPPD, USCG, FLETC, USSS); CI/KR Sectors; USG and Internet Presenter s Name June 17,

4 Increasing your success rate Understand your client Federal agencies have distinctly different characteristics and structure Different missions Different processes Federal agencies are not charities Money is appropriated to them for specific purposes You will be more successful if you can explain why your proposed technology supports their mission Presenter s Name June 17,

5 Federal R&D/Tech Insertion Process Planning Identify requirements Develop program plan and allocate resources Communicate plans and priorities to technical community Solicitation Posting Solicitations Solicitation Process White Papers. RFIs, RFPs, SOOs, SOWs, Submitting proposals Contract Different programs demand different contract vehicles Flexibility used to match mission Execution Programs tailored to meet unique conditions or objectives Active interaction with performers Presenter s Name June 17,

6 Mechanics of Proposing Technology Solutions Find agencies with closest mission match Identify R&D and operational element(s) within agencies Look for existing solicitations (Money already exists for these efforts!) Do your homework (LOOK AT PREVIOUS SOLICITATIONS, read websites, attend workshops; network with other successful solicitors and obtain presentations on your target program solicitation) Respond to solicitation carefully meet all administrative requirements and make sure your proposal matches the stated program needs If no solicitation, contact the R&D program manager, contracting office, small business office. Explain relevance of your techology solution to the organization s mission. Be patient. Be persistent. Presenter s Name June 17,

7 Contracting Vehicles The Government has a range of vehicles to match programmatic needs Grants Contracts Cooperative research agreements (CRADAs) Partnership Intermediary Agreements (PIAs) National Lab networks Other Transactions for Research or Prototypes Allows government to deal with non-traditional contractors who have desirable technologies, but do not want to keep Government books Must comply with GAAP - generally acceptable accounting principles Presenter s Name June 17,

8 R&D and Tech Insertion Proposals Defined business case/use case a good place to start Develop and present a team approach (technical and business) Solicit advice from a former government contracting expert who can help with FAR etc. Cost realism Cost or Price Analysis Different Contract types Presenter s Name June 17,

9 Cost or Price Analysis Level of Complexity will vary Contract type Dollar value Proposal Basis Be prepared to provide back up data Define indirect cost structure Financial Audit* Proposal Costs Accounting System Estimating System Financial Capabilities * If you ve never had a government contract, consider talking with DCAA (Defense Contract Audit Agency) Past Performance Presenter s Name June 17,

10 The Normal Contract (things you should know) Terms Read and understand the contract Contract Line Items/Deliverables Contract Clauses Performance Proposal what did you say you would do? Deliverables due dates Acceptance How Accomplished Payment Invoicing Procedures and Certification Prompt Payment Act Limitation of Funds/Limitation of Cost Presenter s Name June 17,

11 Helpful Contracting Websites Presenter s Name June 17,

12 Programs for U.S. Small Business Small Business Innovation Research (SBIR) - 2.5% Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization Small Business Technology Transfer (STTR) -.3% Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization SBIR 3 Phases PHASE I - Feasibility Study - $100K/approx 6 month effort PHASE II - Full Research/R&D - $750K/approx 24 month effort; Commercialization plan required PHASE III - Commercialization Stage - Use of non-sbir Funds Presenter s Name June 17,

13 SBIR Small Business Eligibility Organized for profit Place of business located in the U.S. Operates primarily within the U.S. Or which makes significant contribution to the U.S. economy through payment of taxes or use of American products, materials or labor Is a legal entity - individual proprietorship, partnership, limited liability company, corporation, joint venture, association, trust or cooperative Fewer than 500 employees Principle Investigatro (PI) must be an employee with the small business concern at the time of award Presenter s Name June 17,

14 Useful Websites for SBIRs Presenter s Name June 17,

15 Broad Area Announcements R&D funding model that delivers both near-term and mediumterm solutions: To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation s critical information infrastructure. To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency. Presenter s Name June 17,

16 BAA Program / Proposal Structure Type I (New Technologies) New technologies with an applied research phase, a development phase, and a deployment phase (optional) Funding not to exceed 36 months (including deployment phase) Type II (Prototype Technologies) More mature prototype technologies with a development phase and a deployment phase (optional) Funding not to exceed 24 months (including deployment phase) Type III (Mature Technologies) Mature technology with a deployment phase only. Funding not to exceed 12 months Presenter s Name June 17,

17 Technical Topic Areas (DHS) (11-02) Software Assurance Enterprise-Level Security Metrics Usable Security Insider Threat Resilient Systems and Networks Modeling of Internet Attacks Network Mapping and Measurement Incident Response Communities Cyber Economics Digital Provenance Hardware-Enabled Trust Moving Target Defense Nature-Inspired Cyber Health Software Assurance MarketPlace (SWAMP) Presenter s Name June 17,

18 A Roadmap for Cybersecurity Research Scalable Trustworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical Systems Situational Understanding and Attack Attribution Information Provenance Privacy-Aware Security Usable Security Presenter s Name June 17,

19 Federal Cybersecurity R&D Strategic Plan Research Themes Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12) Science of Cyber Security Transition to Practice Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services Presenter s Name June 17,

20 Points of Contact: Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) / Mary Ellen Seale Chief Technologist for Technology Transition - cyber National Preparedness and Protection Directorate, (NPPD) maryellen.seale@dhs.gov / For more information, visit Presenter s Name June 17,

21