Cybersecurity Research Efforts in NITRD’s FY 2024 Funding Plans

The National Information Technology Research and Development (NITRD) program has been the primary source of federally funded IT research and development (R&D) since its inception in 1991, coordinating these efforts among federal departments and agencies.

In late November, NITRD released its Supplement to the President’s FY 2024 Budget Request, detailing its key R&D programs and coordination activities planned for the current fiscal year. Since the FY 2019 budget cycle NITRD has released its budget supplement in August or September before the coming fiscal year begins. However, the last three years these supplements have come late in the calendar year, after the beginning of the new fiscal year.

NITRD Cybersecurity-related Efforts

NITRD coordinates and supports R&D in computing, networking, and software to address multi-technology and multisector challenges, including cybersecurity. NITRD’s efforts and supporting budgets are organized into Program Component Areas (PCAs), categories of technical R&D focus supported by NITRD member agency investments. Under each PCA, NITRD and its member agencies coordinate their research activities through Interagency Working Groups (IWG).

Cybersecurity PCAs and their related IWGs include:

• Cyber Security and Privacy (CSP) - Conducts R&D to advance the security and privacy of computing, communication, and information technologies, including R&D on how human behavior and usability interact with technical aspects of cybersecurity and privacy.
  CSP IWGs:
  • Cyber Security and Information Assurance (CSIA)
  • Privacy R&D (Privacy)
• Computing-Enabled Networked Physical Systems (CNPS) - Involves R&D for IT-enabled systems that integrate the cyber/information, physical, and human worlds, including R&D of cyber-physical systems (CPS) and Internet of Things (IoT).

CNPS IWGs:

• Computing-Enabled Networked Physical Systems (CNPS)

NITRD Budgets for Cybersecurity-Related PCAs

The FY 2024 budget requests for the CSP and CNPS are $751M and $238M respectively, for a combined $989M. This represents a $77M increase over FY 2023 and a $111M jump from the FY 2022 level. (See chart below.)

This $989M for FY 2024 is spread across ten departments and agencies. (See chart below.)

Key Cyber R&D Programs

The budget dollars highlighted above support broad R&D efforts across numerous programs and agencies among these two cyber-centric PCAs.

Key cyber programs (and participant agencies) under CSP include:

• Cyber Security and Information Assurance (CSIA) – Developing effective capabilities and technologies to deter, protect, detect and respond to cyber threats.
  • Deter – Automated, autonomous, and agile cyber defense. ARL, NSA, NSF
  • Protect – Application, data, network, mobile, and hardware security. AFRL, ARL, C5ISR, DARPA, DHS, DOE/CESER, NIH, NIST, NSA, NSF, ONR, OUSD(R&E)
  • Detect – Cyber situational awareness. ARL, C5ISR, DARPA, DHS, DOE/CESER, DOD/HPCMP, NSA, ONR, OUSD(R&E)
  • Respond – Countering cyber-attacks: DHS, NIST, NSF
• Priority areas for research under CSP also include Artificial Intelligence (AI); Quantum Information Science (QIS); Trustworthy Distributed Digital Infrastructure; Privacy; Secure Hardware and Software; and Education and Workforce Development. Each area has numerous research programs underway.

Key cyber programs under CNPS include:

• Cyber-Physical Systems (CPS) – Develop the core research needed to engineer complex CPS, some of which may also require dependable, high-confidence, or provable behaviors, such as control, data analytics, and machine learning including real-time learning for control, autonomy, design, Internet of Things (IoT), mixed initiatives including human-in- or human-on-the-loop, networking, privacy, real-time systems, safety, security, and verification. DHS, DOT, NIFA, NIH, NSF
• Secure and Resilient CPS: Ensure CPS, such as ships and drones, are secure against cyber-attacks and resilient against failures of hardware and software. ONR
• Automated Vulnerability Identification Prioritization for Embedded Resources: Develop semi-automated software assurance toolchain that will identify vulnerabilities in source and executable software. AFRL
• Autonomy: Conduct research on autonomous systems, which will enable us to effectively operate while protecting our personnel. ONR
• Operational Technology (OT) Security: Expand industrial control systems cybersecurity guidance to OT security and resilience, and development of Cybersecurity for OT testbed(s) for R&D to support critical infrastructure sectors. NIST

Sustained Opportunities

The wide array of cyber programs noted above indicate the broad scope and inherent urgency to address the cybersecurity challenges agencies and industry continue to face. NITRD provides detailed program information in the FY 2023 Federal Cybersecurity R&D Strategic Plan Implementation Roadmap that accompanied the release of their budget information. Many of these initiatives have sustained opportunities for solutions-minded researchers to participate in these federally funded programs.