Embed Size (px)
Citation preview
23 August 2018
Page 1
NATIONAL CYBERSECURITY RESEARCH AND DEVELOPMENT (NCR)
PROGRAMME
In partnership with
NCR GRANT CALL 2018 CALL-FOR-PROPOSALS
(Version 2.0 - dated 23 Aug 2018)
NCR Directorate:
National Research Foundation 1 CREATE WAY, #12-02Create Tower Singapore 138602E-mail: [email protected]
23 August 2018
Page 2
1. INTRODUCTION
1.1. Jointly with Cyber Security Agency (CSA), National Security Coordination Secretariat (NSCS), Ministry of Home Affairs (MHA), Ministry of Defence (MINDEF), Government Technology Agency (GOVTECH), InfoComm Media & Development Authority (IMDA) and Economic Development Board (EDB) and in partnership with the Energy Market Authority (EMA), the National Research Foundation (NRF) announces this call for research proposals on Cybersecurity.
1.2. The NCR Grant Call 2018 will be launched on 31 August 2018, 2.30pm. This call seeks proposals on novel ideas and technologies to create or improve cyber tools and capabilities to meet the cybersecurity needs of the Public Service and Singapore. The call also welcomes proposals to develop novel cybersecurity technologies to create or improve business opportunities for Services and the Digital Economy, Health & Biomedical Sciences, Urban Solutions & Sustainability and Advanced Manufacturing & Engineering.
1.3. The NCR Grant Call 2018 is designed with contributions from multiple ministries and public agencies to highlight the cybersecurity capability opportunities and research and technology topic areas assessed to be relevant to address the specific national security and smart nation and critical information infrastructure needs. The emphasis of the grant call is on translational research and deployability of the research results into technologies, methodologies, tools & services.
1.4. To the best of our knowledge, the inputs contributed by the multiple ministries and public agencies in this call document are not addressed by today’s Commercial-Off-The-Shelf Cybersecurity products. With these inputs, the National Cybersecurity Research and Development Programme (NCR) aims to solicit proposals which would build capabilities beyond what Commercial-Off-The-Shelf Cybersecurity products can offer. With this, the programme hopes R&D performers would match research, development and business opportunities and mature R&D results into capabilities to create new products and business opportunities for Singapore registered companies. Annex A details the scope and topic descriptions of this call.
2. GRANT
2.1. This Grant Call provides funding support to companies and their Partner Institutes of Higher Learning or Research Institutes (IHLs/RIs) for joint cybersecurity research for a period up to two years , capped at a maximum grant quantum of S$2 million 1 per project. The proposals are to be submitted by the companies. Submissions of proposals directly from IHLs/ RIs will not be accepted.
1 maximum grant quantum of S$2 million will be shared between companies and their partner IHLs/RIs, at the NCR Programme’s discretion
23 August 2018
Page 3
2.2. Interested applicants have two options in seeking funding:
Option 1 Option 2Funding recipient
Companies and IHLs/RIs IHLs/RIs only
Grant quantum Capped at S$2 million on a reimbursement basisSupport rates Up to 100% of qualifying
costs for IHLs/RIs Up to 30% of company’s
total project costs for large local enterprises (LLEs)2 and foreign companies3
Up to 50% of qualifying costs for local small and medium enterprises (SMEs)4
Up to 100% of qualifying costs for IHLs/RIs
Qualifying cost categories
Could include cost items such as manpower costs, equipment and technical software related expenses, and other related operating costs. The cost items supported are subjected to the discretion of the funding agencies. Refer to Annex B for the list of Fundable and Non-Fundable Direct Cost Items.
2.3. Under option 1, the maximum grant quantum of S$2 million will be shared between companies and their partner IHLs/RIs, at the NCR Programme’s discretion. Companies will also be required to provide information on their plans to commercialise the technology resulting from this joint research project to qualify for funding.
Use of National Cybersecurity R&D Laboratory (NCL) and iTrust Laboratories
2.4. The NCL is a shared national infrastructure that provides computing resources, repeatable and controllable experimentation environments, as well as application services. The iTrust Laboratories is also a shared national infrastructure that provides physical testbeds for experimentations of cyber physical systems such as water treatment and distribution and power distribution systems.
2.5. Applicants are required to include the budget to use NCL and/or iTrust Laboratories in the proposal for experimentation or validate their R&D outcomes. If the applicants do not intend to use NCL or iTrust Laboratories, they must highlight in their proposals how the R&D outcomes will be validated. Requests for funding to acquire equipment or setup separate test facilities for the purpose of validating R&D outcomes will not be granted, unless such a scope of work is explicitly required by the problem statement.
2.6. For more information on NCL, please refer to www.ncl.sg or Contact: Dr Guo Charng Rang at [email protected]. For more information on iTrust Laboratories, please refer to itrust.sutd.edu.sg or Contact: Mr Ivan Lee at [email protected].
3. SELECTION PROCESS
2 LLEs are companies defined by revenue thresholds, subject to funding agencies’ discretion.3 Foreign companies are companies which global headquarter are not based in Singapore.4 SMEs are companies with (i) at least 30% local shareholding; AND (ii) group annual sales turnover of not more than $100 million OR group employment size of not more than 200 employees.
23 August 2018
Page 4
3.1. Proposals are selected through a one-stage evaluation process based on scientific excellence and merit, as well as an assessment of the commercialisation plan for the resultant technologies and capabilities. Applicants are required to submit full proposals which will be evaluated by the NCR-appointed Evaluation Panel.
3.2. The proposals will be evaluated based on:
a. Impact in meeting national needs through the technology areas highlighted in Annex A;
b. Quality of Collaboration between companies, IHLs/RIs and Government agencies;
c. Industry Contribution;d. Programme management, budget and translation strategy;e. Technical competencies of research team; andf. Quality of plan to sustain and commercialise the technology.
4. ELIGIBILITY CRITERIA
4.1. All Singapore-based companies and company-affiliated research laboratories/institutions (“companies”) are eligible to participate in the call.
4.2. Collaboration with researchers from institutions of higher learning (IHLs) or research institutions (RIs) (“Partner IHLs/RIs) is mandatory.
4.3. All research work must be done in Singapore, unless approved by the NRF.
4.4. R&D proposals already funded by other government agencies will not be considered for funding under this Grant Call. Companies and their partner IHLs/RIs will need to declare their other funding sources during the application.
4.5. Multi-disciplinary/organisational approach when forming technical research teams are encouraged, so that research projects can perform holistic and cross-disciplinary analysis. Examples of technical roles that are supported includes Artificial Intelligence (AI) expert, data scientist and blockchain analyst.
4.6. Grant applicants5 are strongly encouraged to collaborate with public agencies to develop innovative solutions that can address the call objectives and demonstrate strong potential for real-world application.
4.7. Companies must designate a Director of Research or equivalent (Executive Director role in the company) whose office will have the following responsibilities to the Programme Office and NRF, with respect to all grant applications or projects funded by the NCR Programme:
a. The company supports the grant application and has no objection to the project being undertaken in its premises if funded;
b. The company has the necessary resources and infrastructure to effectively administer operational processes such as fund disbursements progress reporting, inventory management, etc., if it receives the grant;
c. The proposed R&D team has the necessary competencies and track record to ensure successful completion of the proposed project.
5 Grant applicants refer to companies and their partner IHLs/RIs. Refer to points 4.1 and 4.2.
23 August 2018
Page 5
5. APPLICATION
5.1. All application must be submitted through the Integrated Grant Management System (IGMS6) system by the company. Applicants without an CorpPass7 account will need to register for one in order to submit applications.
5.2. It is mandatory for all application to be submitted via IGMS by 1 Nov 2018, 5pm. Late submissions or submissions without endorsement from the respective Research Support Office from IHLs/RIs and equivalent outfit in companies will not be entertained. Walk-in or email submissions will not be accepted.
5.3. Applicants are required to ensure that information submitted complies with NRF expectations. The following may be rejected without review:
a. Missing or wrong version of Application Forms;b. Inappropriate format (e.g. small font size and tight para spacing) or incomplete
applications (e.g. sections left blank, missing CVs etc.);c. Late submission or endorsement on IGMS by the respective companies;d. Revisions, made after closing date;e. Resubmitted Application Forms with minimal or no revision;f. Proposals outside the intent of National Cybersecurity R&D;g. Duplicates of proposals submitted to any other public funding agencies for
simultaneous consideration; andh. Ineligible applications.
5.4. Submissions which are incomplete, late or not endorsed (electronically by the corresponding R&D organisation) will not be considered. IHL/RI partners are required to get their Letter of Support from their respective Office of Research to be submitted as part of the submission.
5.5. The NCR Programme shall not be liable for the release of information concerning proposals to third parties by individuals involved in the evaluation process. Should circumstances arise, the NCR Programme reserves the right to modify the review process. Applicants will be notified of any relevant modification to the review procedure.
5.6. Applicants may refer to Annex A for the Grant Call 2018 topics and Annex C for instruction on submission of application.
6. PRE-REQUISITES FOR AWARD
6.1. Applicants must submit Letter of Support from their partner IHL/RI and collaborators as part of their proposal to indicate commitment for this project. Prior to accepting the award, please ensure the following conditions will be met:
Research Collaborative Agreements (RCA)
6.2. Company shall enter into the collaboration agreement within 6 months from the date of the Letter of Award (LOA) including IP arrangements with their Co-Principal Investigator (Co-PI) and as well as any public sector agency partners before commencing the collaboration in respect of any part of the Research.
6.3. All agreements and IP arrangements with Collaborators must conform to the
6 Application submission: https://researchgrant.gov.sg7 Registration for CorpPass account: https://www.corppass.gov.sg
23 August 2018
Page 6
Collaborator Guidelines specified in Annex D .
6.4. The Singapore Government and public sector agencies shall reserve a nonexclusive, non-transferable, perpetual, irrevocable, worldwide, royalty-free right and license to use, modify, reproduce and distribute the Foreground Intellectual Property (FIP) for non- commercial, R&D and/or educational purposes only.
Research Integrity Policy
6.5. Company and partner IHL/RI are responsible for establishing a research ethics and integrity policy and enforcing its compliance. In carrying out any Research, the Company and partner IHL/RI shall agree to:
a. Comply with the provisions of any relevant laws of the Republic of Singapore, statutes, regulations, by-laws, rules, guidelines and requirements applicable to it, as well as all applicable policies and procedures adopted by NRF as the same may be amended or varied from time to time;
b. Have in place a research integrity policy which sets out the principles for the responsible conduct of research and procedures for investigating and responding to accusations of misconduct;
c. Provide training in responsible conduct of researchers, for all researchers;
d. Be held responsible for the conduct of research and researchers; and
e. Ensure compliance with best practice, as well as the ethical, legal and professional standards relevant to the research.
6.6. All PIs must comply with the research ethics and integrity policy, and other approval requirements needed to carry out the research programme. Specifically, the PIs should undertake the following declaration:
a. In carrying out Research, agree to comply with the provisions of any relevant laws of the Republic of Singapore, statutes, regulations, bylaws, rules, guidelines and requirements applicable to it, as well as all applicable policies and procedures adopted by NRF as the same may be amended or varied from time to time; and
b. Agree to hold primary responsibility for the responsible conduct of research, and shall abide and comply with the ethical, legal and professional standards relevant to research, in accordance to the research integrity policy of the Host Institution.
7. PROGRAMME REVIEW AND MONITORING
7.1. Projects will be reviewed regularly, and research teams will be required to submit yearly summary reports that cover their progress toward stated deliverables and information on funding drawdown. Where possible, there should be at least a milestone every six months to facilitate review and monitoring.
7.2. The NCR Directorate and its appointed reviewers will oversee the progress of the funded projects, and will provide guidance over the research directions and intended deliverables.
23 August 2018
Page 7
8. CONTACTS
8.1. For further enquiries, please email NCR Programme Team at [email protected].
23 August 2018
Page 8
ANNEX A
1. OBJECTIVE AND SCOPE OF GRANT CALL 2018 FOR PROPOSALS
1.1. Grant Call 2018 is a two-year translational research grant given to deserving IHLs/RIs and companies to co-create or improve cyber tools and capabilities from research, to meet the cybersecurity needs of the Public Service and Singapore.
1.2. The proposal should specify the start and end Technology Readiness Level (TRL) of the proposed technology to be developed. As a guide, the research may start with a TRL 4 technology prototype and end with a TRL 7 demonstrator/and or Proof of Concept (PoC). See Appendix 1 for the TRL definitions. For reference, a list of cybersecurity research projects with Technology Readiness Level 4 results is provided in Appendix 2 to Annex A.
1.3. The proposal shall detail an implementation plan that covers how the research will be matured and developed into new or improved capabilities. The proposal shall also include a productisation and commercialisation plan. The proposal shall provide for half-yearly milestones for which deliverables must be specified and an independent user entity preferably public agency that would be committed to conduct the PoC (Note that funding will not be available to the user entity to conduct the POC).
2. Grant CALL 2018 TOPICS
A. Cybersecurity Forensics and Investigations
2.1. This programme seeks research capabilities to forensically acquire data, analyse and contextual evidence in the following target environments to help law enforcement and national security officers in their computer-related or cyberspace-related crime investigations:
2.2. Topic 1: IOT Forensics & Investigation Analysis . IoT devices come in various forms and operates on a variety of hardware and operating systems. One thing in common is they are connected to networks, including the internet and can be subjected to cyber-attacks and malware infection directly or through intermediaries such as computers or smartphones. With the lack of digital forensics software for IOT, such investigations rely heavily on human expertise.
2.3. This problem is further exacerbated by the fact that IoT devices are resource-constrained. They are unlike the case in Enterprise IT whereby digital forensic investigators have the benefit of triangulating from multiple rich sources of information such as endpoint logs, network logs, server logs, and user activity logs. The information logged in a IoT device will be much more limited, especially when deployed using the edge computing paradigm. The challenge will be to make sense with a much more limited set of information.
2.4. Two key concerns to address under this topic would be the investigation of memory resident malware and their interfaces across different types of IOT appliances & to preserve the digital evidence for investigation during live forensics, and to tackle anti-analysis in malware in order to analyse unknown code functions of malware. This topic seeks proposals to develop a highly automated solution & investigation process to support the digital and live forensics acquisition, investigation and malware analysis of different IOT devices.
2.5. Topic 2: Investigative Tools for Distributed Ledgers. Crypto-currencies e.g. bitcoin is a preferred currency used by cybercriminals to demand ransom as it provides a cloak of anonymity to help cybercriminals stay un-identified. A key area to address would be the automated attribution of cyber criminals and their intermediaries using crypto-currencies
23 August 2018
Page 9
addresses. This topic seeks proposals to conduct research on the extent of anonymity provided by crypto-currencies and to develop a solution cum framework to investigate the flow of money in crypto-currencies.
2.6. In addition to attribution of cyber criminals, it is worthwhile to explore the feasibility of studying the crypto-currency trails and using that information to triangulate with updates in the hacker forums and to curate intelligence on the transactions of cyber weapons, which acts as early warning.
2.7. Topic 3: Deeper Awareness and Machine Learning of Logs for Threat Intelligence, Risk Management and Investigations. Log analysis require extensive human expertise to ascertain the log formats, to establish the behavioural patterns of technology components (e.g. database servers) which generated the logs and to determine the environment contributing factors of logs from the connected technology components. Given that human correlation and analysis capabilities are limited, a key area to address in this topic would be the ability to automate voluminous log analysis from disparate sources to minimise the time and analysis effort for cyber incident responders and investigators. The data collection and feature engineering tools developed as part of this log analysis automation should include cyber attributes that have a reasonable probability of manipulation by bad actors. The software and algorithms developed as part the automation should also be able to extract artifacts from unstructured data, relationships from knowledge graphs to identify precursors to threat and automate detection of nefarious activities. The analytic outcomes should be able to provide contextual analysis as well as to differentiate malicious from anomalous events.
2.8. This topic seeks proposals to conduct research and technology development to simplify the task of analysing incident logs and automate the non-trivial laborious process of analysing thousands to millions of lines of computer generated log messages from multiple sources through machine learning to identify precursors to threats and automate the detection of nefarious activities in Financial Institutions and in Enterprise IT environments.
2.9. This topic also seeks to include data analytics with machine learning in order to create insights from both logs and threat intelligence such as tactics, techniques and procedures of threat actors specific to a particular sector such as government, banking, utility, etc.
B. Adaptive Network Security
2.10. Topic 4: Cyber Self Protection for Enterprise Network . Existing IT security solutions for enterprise networks place emphasis on prevention-- to improve IT security and incident response-- to respond to IT security threats in enterprises. These efforts are reactive and insufficient in the face of persistent and rapidly evolving threats and attacks which are adaptive in nature. Achieving continuous security and response to such threats requires in-depth understanding and analysis of adversarial behaviours and to generate responses which adapt to such behaviours. This topic seeks proposals to develop technologies to characterise, model and learn adversarial behaviours and devise continuous adaptive defence measures in this attack-defence process for Enterprise IT environment.
2.11. The project’s data collection and feature engineering tools should include cyber attributes that have a reasonable probability of manipulation by bad actors. The project’s software and algorithms should also be developed to automatically extract artifacts from unstructured data, relationships from knowledge graphs to characterize, model and learn adversarial behaviours.
2.12. Relevant research/technology areas that could contribute to develop these technologies to solve this problem include Machine Learning and human behaviour modelling, Adversarial machine learning, adversarial game theory & continuous adaptive defence.
23 August 2018
Page 10
C. Security Architectures and Composable Security Components for Smart Nation Applications
2.13. Topic 5: Security Architecture and Composable Security Components for Data Privacy & Protection in the Cloud. A typical application across government and financial institutions would involve micro-services and inter-bank payments and settlements. These records require strong controls over access (e.g. owner/owner-delegable controls) to prevent undesirable access and to prevent a person’s identifiable attributes from being connected with the transacted and stored information. This topic seeks proposals to design and develop software architectures and cloud services’ components that are modular and composable, robust and secure to allow many applications and records exchanges to cooperate and interoperate easily & accountably while supporting data analytics and search without associating a person’s identifiable attributes with the transacted or stored information. The proposal also has to address how critical components of the architectures can be protected and verified. The proposal also has to highlight the tools and techniques that can make a substantive practical impact (in terms of cost, time, and need of re-validation) on the verification of such systems and its composable security & data anonymisation cum protection components.
2.14. Relevant research/technology areas that could contribute to develop these architectures and security components are secure multi-party computations technology for privacy protection, privacy-preserving machine learning, verification of cryptographic protocols, verification of implementation of secure enclaves in COTs computer architectures, secure wrappers, Trusted Platform Modules, Hardware Security Modules, remote attestation of hardware and software, secure logging, secure boot, secure update, secure input and secure output, secure computation, verified common primitives and libraries.
D. Cyber Inoculation Against Human Incompetence and Frailties
2.15. Topic 6: Cyber Inoculation Against Human Incompetence and Frailties . While technical protection mechanisms in networks, operating systems and software have improved over the years, it has observed that the weakest link in humans remain. Many users continue to fall prey to phishing, social engineering attacks and other social media threat vectors e.g. online scams. While user education on cybersecurity awareness must still continue to be an essential part of any enterprise cybersecurity programme, but there is much more that can be done on the technology front to assist and advise users so that they’re better able to make informed decisions if something look dubious and should not be clicked.
2.16. The most common pitfalls of users in a phishing attack involves spoofed sender email-addresses and/or spoofed web-links in the email. Users are usually taught to “scrutinize carefully” before they click on anything; for example, URLs are “lookalike” a trusted entity e.g. government agency “lta.gov.sg” vs “1ta.gov.sg” or “lta.gov-sg”. Nonetheless, these are things that most people in their busy-ness or elderlies with failing eyesight may find it difficult to spot; so this is where technologies such as machine learning can really help to detect such “lookalike” and alert the user to take closer look. A holistic solution should also incorporate threat-intel as well (specifically covering e.g. domain name that is newly registered etc.).
2.17. This topic seeks proposals to design & validate a set of technical and human behavioural techniques to help humans learn not to fall prey to online scams and other cognitive/semantics attacks targeting users of mobile phones, computers and their online environments. The proposal has to identify and address the factors that make such cognitive/semantics attacks & social engineering attacks successful, and propose a robust manner to help humans learn (considering the speed which users learn from mistakes, how fast they forget) and if there are people who have difficulty learning from such mistakes, design measures that will help them improve.
23 August 2018
Page 11
2.18. Relevant research/technology areas that could contribute to this proposal are human factors studies of security attacks on users, the use of gamification to train risk perception and cognitive biases that affect decision making that leads to successful security attacks (e.g. training that could help users distinguish genuine online transactions from potential attacks & scams) and technology that allow users of computers, mobile phones and online applications to maintain the proper levels of cyber safety skills and abilities.
E. Enhanced Security Evaluation & Assurance
2.19. Topic 7: Enhanced Security Evaluation & Assurance of Autonomous Unmanned Vehicles (Land, Sea, Air) and Automation Assets. Autonomous Unmanned Vehicles (e.g. driverless cars, unmanned surface crafts and drones) and Automation Assets (e.g. autonomous clearance systems) provide huge benefits to reduce the manpower needed for moving people and goods; and for border control. The safety and security of such systems depend on computers, software and communications. This can be problematic due to potential hardware and software errors, integration errors, especially in the presence of malicious actors.
2.20. This topic seeks proposals to design and develop an evaluation methodology, techniques and tools to test, evaluate and confirm that a vehicle or an automation asset is adequately safe and secure. The proposal has to consider the cost-effectiveness of the “to-be” designed evaluation methodology and tools, the modular tools and techniques that can make a practical impact on achieving greater users’ confidence and the modular reusable verifiable components that can be used in the design and implementation of multiple make and models of Autonomous Unmanned Vehicles and Automation Assets.
2.21. Relevant research/technology areas that could contribute to this proposal are formal verification of hardware and software, binary testing, automated software testing, automated penetration testing, automated full system simulation and scenario testing, state estimation and verification and reliability estimation.
F. Cybersecurity for the Energy Sector
2.22. Topic 8: Innovative anomaly detection schemes that leverage on the unique physical processes within the power system. As the power system has unique physical processes (e.g. compared to water systems), there is a need for specialised knowledge of how cyber-initiated attacks would manifest themselves in the physical domain, and vice-versa. This creates opportunities for novel anomaly detection schemes that exploit established correlations between cyber and physical activity. Cutting-edge areas include real-time and continuous anomaly detection that aim to reduce false positive rates.
2.23. Topic 9: Secure system architecture and protocols that are both lightweight and scalable, for the power system. As the physical quantities that are important to grid stability (e.g. voltage, frequency) tend to change very quickly, the time-sensitive operations of control systems must not be perturbed by the proposed cybersecurity solution. In addition, as the grid expands to accommodate more generation sources, end-users, and metering infrastructure, proposed solutions should scale well to secure an ever-expanding attack surface. This is a broad topic that includes authentication, attestation, and command validation protocols that will comply with prevailing OT cybersecurity standards in Singapore.
2.24. Topic 10: Testing tools, infrastructure, or capabilities that enable the rigorous validation of new or existing cybersecurity solutions for the power system. Cybersecurity researchers are expected to validate their proposed solutions in high-fidelity test environments, while potential end-users often require demonstrated track records from the solution provider. Designing such tools (e.g. a physical or virtual test-bed, digital twin, or any components thereof) would provide researchers with an experimental platform for use during development, and allow solution providers to demonstrate any successes. In the long-run, such tools may contribute to
23 August 2018
Page 12
technology benchmarking for OT cybersecurity solutions for power systems.
G. Novel Implementation of Cybersecurity Technology
2.25. Topic 11: Novel Implementation of Cybersecurity Technology . This topic seeks innovative technology proposals on Cyber Security or its derived technology that would enable digitised applications in Health & Biomedical Sciences, Urban Solutions & Sustainability, and Advanced Manufacturing & Engineering. The proposal must highlight the novelty and practicality of at least one application use case, development plans and identify commercialisation pathways in the submission.
23 August 2018
Page 13
APPENDIX 1 to ANNEX A
TECHNOLOGY READINESS LEVEL (TRL) DEFINITIONS
TRL Description Remarks0 Idea Unproven concept, no testing has been
performed
1 Basic Research Basic principles postulated and observed but no experimental proof available
2 Applied Research Concept and application have been formulated
3 Critical Function First Laboratory test completed; proof of concept
4 Concept Validation Small Scale Prototype built in a laboratory environment, technology validated in laboratory
5 Validation of Integrated System Component and/or validation in a relevant environment
6 Verification of Integrated System System model or prototype tested in intended environment close to expected performance
7 Demonstration System Operating in operational environment at pre- commercial scale
8 System Completed and Qualified Manufacturing issues solved
9 Full commercial application Technology available for consumers
23 August 2018
Page 14
APPENDIX 2 TO ANNEX A
FOR REFERENCE: RESEARCH WITH TECHNOLOGY READINESS LEVEL 4 RESULTS
Research Project Technology Areas Institution Point of Contact
Secure Mobile Center Novel Authentication
Methods
o Liveliness
o Non Traditional
Inputs
Attribute Based
Encryption \ Identity
Privacy Preserving
data processing
Mobile Security
(Hardening
frameworks)
Secure Group Chats
Singapore Management University
Prof Robert Deng
TSUNAMI Binary Analysis
Static Code Analysis
Binary Hardening
Tools
Auto-Patch
Generation
Model based Fuzzing
National University of Singapore
Prof Abhik Roychoudhury
Securing Data on Cloud Storage through Dispersal
Secure Storage using
public infrastructure
Nanyang Polytechnic
Mr Mar Kheng Kok
SECURIFY Trusted Platform
Formal Methods in
Security Analysis
Security Verification
Security Verified
Execution Stack
Nanyang Technological University
Prof Thambipillai Srikanthan
SecUTS Train Cyber Physical
System
Institute for Infocomm Research
Dr Zhou Jian Ying
23 August 2018
Page 15
Cyber Forensics and Intelligence
Image Tempering
Forensics
Traceback Technics
Data Extraction from mobile
applications Image and
video Tampering Detection
Data Recovery
Institute for Infocomm Research
Dr Vrizlynn Thing
ASPIRE Cyber Physical System
Sensors
Attack, Detection and
Defence of Water Treatment\
Distribution Cybersecurity
Safety Assurance in Smart
Grid
Frameworks for Analysing
CPS systems
Singapore University of Design and Technology
Prof Aditya P Mathur [email protected]
BICSAF Bio-inspired agile cyber-
security assurance framework
Attack detection using
multiple networked agents
Nanyang Technological University and Ben Gurion University
Assoc Prof. Liu Yang (Program PI NTU)
Prof. Yuval Elovici (PI BGU)
National Cybersecurity R&D Laboratory
Reusable models of network
topology
Traffic generation agents
System agents for generating
online humans behaviours
Federation with wireless
networks
National University of Singapore
Assoc Prof Chang Ee-Chien (PI NUS)
Assoc Prof Laing Zhenkai (PI NUS)
23 August 2018
Page 16
ANNEX B1
FUNDABLE DIRECT COSTS
All fundable direct costs are subject to funding agencies’ discretion.
1. Manpower Related Expenses
Type of Expenses Allowable Costs
Salaries Basic salaries, and 13th month annual wage supplement (AWS) as well as employer’s contribution to CPF on basic salaries and AWS of supportable personnel. Supportable personnel are defined as those who are (i) technical personnel directly involved in the R&D project, (ii) full-time permanent employees of the companies/IHLs/RI and (iii) tax residents in Singapore.
Fractional charging for staff costs based on time commitment to the project must be practised. Grant should support EOM costs and related benefits (as per employment contract) as long as it is in line with the consistency applied IHLs/RIs’ HR policies.
All other costs related to manpower / remuneration are excluded.
2. Equipment and Technical Software Related Expenses
Type of Expenses Description
Equipment and software purchase
Only costs incurred in the purchase of new equipment approved by the NRF for the purpose of this grant can qualify.
All other costs will be excluded.
3. Other Operating Expenses (OOE) – related expenses and Overseas Travel Related expenses
Type of Expenses Description
Travel & COLA Travel and Cost of Living Allowance (COLA) for overseas conferences directly relevant to the research area outlined in the project and necessary to accomplish project objectives.
All travel must align to the existing and consistently applied Company or IHL/RI’s travel policies regardless of the source of funds.
All other costs will be excluded.
23 August 2018
Page 17
ANNEX B2
NON-FUNDABLE DIRECT COSTS
4. Expenditure of Manpower (EOM) Related Expenses
Type of Expenses Description
Principal Investigators/ Co- Investigators/ Programme Managers EOM Cost
Not allowable.
Staff Insurance Not allowable unless they are incurred under an established and consistently applied policy of the Company or IHL/RI. Company or IHL/RI may be requested to certify that such payments are in accordance with its established policy or on the same terms as the other staff.
Overtime Not allowable.
Unconsumed leave Provision for unconsumed leave is not allowable.
Student Assistants / Interns Not allowable for students who are recipients of existing awards (or stipends) or students who are not residents of Singapore.
For IHL/RI, only full-time students enrolled in local institutes of higher learning qualify to be supported as a student assistant/ intern.
5. Equipment Related Expenses
Type of Expenses Description
General Policy No purchase of equipment is allowed unless specifically provided for in the grant and approved by NRF.
The procurement of such equipment must be made according to the formal established and consistently applied policies of the Company or IHL/RI.
The invoices for all claims must be dated before the end of the Term.
23 August 2018
Page 18
Type of Expenses Description
Cost of capital works and general infrastructure, general purpose IT and communication equipment, office equipment, and furniture and fittings
Not allowable under direct costs, unless specifically provided for in the grant and approved by NRF.
Examples of such costs are computers, office productivity software, PDAs, mobile phones, photocopier machines, workstations, printers etc.
6. OOE Related Expenses
Type of Expenses Description
General Policy Not allowable for expenses that are not directly related to the Research.
All procurement of such items must be made according to the formal established and consistently applied policies of the Company or IHL/RI.
Visiting Professors/Experts Not allowable unless specifically provided for in the grant and approved by NRF. The visiting professor must be identified and his/her contribution to the project must be clearly defined and described in the proposal.
Audit Fees Not allowable. This includes both internal and external audit fees.
Entertainment & refreshment
Not allowable.
Fines and Penalties Not allowable.
Legal Fees Not allowable.
Overhead Expenses Not allowable unless specifically provided for in the grant and approved by NRF based on the nature of the research.
This includes rental, utilities, facilities management, telephone charges, internet charges, etc.
Patent Application Not allowable.
This includes patent application filing, maintenance and other related cost.
23 August 2018
Page 19
Type of Expenses Description
Professional Membership Fees
Not allowable.
This applies to PI and Co-Investigators as well as all research staff funded from the grant.
Software Not allowable under director cost unless specifically provided for in the grant and approved by NRF.
Professional Fees (including fees to consultants)
Not allowable unless specifically provided for in the grant and approved by NRF.
Staff retreat Not allowed.
23 August 2018
Page 20
NCR Grant Call 2018 Instructions for Submission of Application
ANNEX C
1. Full proposals are to be submitted via the Integrated Grant Management System (IGMS) from 24th Aug 2018, 2:30 P.M to 1st Nov 2018, 5:00 P.M. Hard-copy or email submissions are NOT accepted.
2. Full Proposals and supporting documents are only considered to be submitted to NRF if the IGMS Full Proposal application form with the relevant attachments are submitted and duly endorsed by the respective Research Support Office from IHLs/RIs and equivalent outfit in companies by the specified call deadline (1st Nov 2018, 5:00 P.M).
3. All relevant sections of the IGMS application form should be filled out completely as it will serve as the official summary of the programme being submitted for consideration. In addition to the basic information required in the IGMS application form, please note the following instructions on specific information to be provided in the relevant sections of the IGMS application form:-
i. Section 2 – Details of Research Proposal
The following attachments in PDF format should be uploaded at this section, abiding by the filenames as listed in bold:
a. Full Proposal (Name of Lead PI): a comprehensive case for support of no more than 20 pages in Arial font size 12-point with single line spacing. This is inclusive of the cover page (please refer to the template in Annex C1)
b. Annex A – NCR Grant Call 2018 Application Form (please use template provided in IGMS)
c. Annex B – Compilation of CVs: a compilation of all CVs of the PI, Co-PIs and collaborators of up to 2 pages each
d. Annex C – References: a listing of all references to citations listed in the 20- page Full Proposal, if any (no total page limit).
e. Annex D – Letters of Support: Letters of support must be included from all collaborators directly involved in supporting the work described in the application. Letters should provide full details of the intended intellectual and financial (if relevant) inputs. Letters which do not demonstrate direct involvement will be removed from the proposal.
f. Annex E – Proposed Budget: a compilation of the proposed budget items with strong justifications provided (please use the excel template provided in IGMS).
g. Annex F – Quad Chart: templates available on grant call website
The content in Annexes A, B, C, D and E will not count towards the limit of 20 pages for the Full Proposal.
As a guide, the Full Proposal and Annexes should address the following adapted Heilmeier’s questions (highlighted in blue) for each of the sections in the following table:
23 August 2018
Page 21
Sections Required
Information to be Provided
Research Objectives
What are you trying to do? What specific problems the proposal attempt to solve? What capabilities and/or technologies will be developed? Clearly state the problem to be addressed with neither jargon nor acronyms and explain why it is significant.
This section should articulate clearly the use-inspired objectives and expected outcomes of the programme and how it would contribute towards achieving the objectives of the NCR scheme.
Approach How is it done today, who are the leading researchers studying the problem, and what are the limitations of their current approaches? What is your approach and how does it differ from what others are working on? Why do you think your proposal will be successful?
This section should describe the synergies of projects within the programme towards achieving the overall programme objectives.
Details should be provided on the individual projects’ objectives, the scientific challenges they are meant to address and the proposed methodology/approach to solving these challenges.
Highlight in this section the importance of the problems being addressed, how their work would create new knowledge or advance existing understanding, the novelty of their proposed approach and the potential for this to produce breakthrough work.
This section should also be used to highlight the international competitiveness of the work being carried out in terms of scientific merit with mention of existing work being carried out by other teams around the world.
Program Plan How are financial and human resources organised to accomplish the objectives? What are the technical risks and how would these be mitigated? Outline the schedule for all phases of the proposed programme– a Gantt chart can be attached as an annex.
This section should provide an overview of the proposed programme management structure and plans to increase the likelihood of success, in terms of the programme achieving its objectives.
A Gantt chart depicting the estimated progress of the projects (Sub- project 1, Sub-project 2 etc) against the timeline (Year 1, Year 2 etc) of the programme can be included.
Please also highlight the international competitiveness of the overall programme being proposed here.
A summary of the overall programme budget should be provided in this section, broken down into broad categories of EOM, equipment and OOE. Justification for the proposed budget in each category should be clearly articulated here. Please provide accurate and reasonable budgets in the submissions. Please note that over- budgeting is strongly discouraged and that NRF may ask for revision to the requested budget before award if this is found to be the case.
The detailed budget breakdown by line item should be provided in
23 August 2018
Page 22
incur overheads (general overheads and support for IP protection and commercialisation) should be marked as such).
Role of Team Members
What are the roles and contributions of the co-PIs and collaborators? Why are you and your team members particularly qualified to do this? Briefly describe the plans for interaction among the team member(s) and with collaborators in achieving the research objectives.
The Lead PI and team members for each project should be provided in this section, highlighting any competitive advantages of individual PIs in terms of unique capabilities and/or experience relevant to the project’s scientific focus.
This section should highlight the relevant track record and capabilities of individual PIs in the team, their international standing and any unique competitive advantages that they bring to the team in achieving the programme’s objectives.
In each CV compiled in “Annex B – Compilation of CVs”, the following sections should be included to highlight key information relevant for the evaluation of the full proposal:-a. Nameb. Titlec. NRIC/Passport No.d. Office Mailing Addresse. Emailf. Contact Nog. Current Position (Please provide full details, e.g. primary
appointment, joint appointments; other academic appointments including those outside of Singapore; percentage of time spent in Singapore every year, if applicable)
h. Employment Historyi. Academic qualifications (Indicate institution’s name and year
degree awarded)j. Research interestsk. 5 most important publications in the last 5 years that pertains
to the proposed programmel. Patents filed (related to the project)m. Professional Awardsn. Half page summary of the most relevant research outcomes
from all previous grants [e.g. patents, awards, etc]. In this section please highlight any plans to leverage on
collaborations (local/international) and articulate the value of such collaborations to the programme.
PIs should mention in the proposal their working relationship with their collaborators, including details of past collaborations.
Outcomes & Deliverables
How do you propose the progress and impact of your research could be measured at mid-term review and at completion of the program? Please propose quantifiable and measurable outcomes to demonstrate the capabilities and technologies developed under the proposal. If successful, how would this generate value for Singapore?
A summary of the programme deliverables and outcomes should be provided in this section. The proposed deliverables should be linked
23 August 2018
Page 23
ii. Section 3 – Declaration of Other Funding Support
Details of all grants currently held or being applied for by the PI, Co-PIs or collaborators who are expected to receive funding from NRF under the proposed programme, in related areas of work, must be declared in this section. Failure to do so will be considered a breach of the undertaking required by all PIs and collaborators in Section 7 of the IGMS application form and may render the application invalid.
iii. Section 4 – Proposed Budget
The total requested budget should reflect a realistic estimation of the project needs and be fully justified. The overall level of the grant offered will be determined on the basis of the needs of the project and judged by the evaluation panel against the requested grant to the budget.
Applicants should fill in the detailed budget breakdown in this section of the form, broken down into the categories and sub-categories, mainly: (a) EOM, (b) Equipment,(c) OOE and (d) Exceptional Items (which should not be included in any of the above categories (a), (b) and (c)). Any additional information (e.g., equipment quotations for items with unit cost over $100,000, OOE details) should be uploaded as separate attachments. The information captured in this section should correspond with that in the Annex E – Proposed Budget document. Only details for the amount of NRF funding sought under NCR should be provided in this section; other sources of funding for the programme should be indicated in the summary of the overall programme budget under the “Programme Management and Budget” section of the full proposal attachment.
iv. Section 5 – Activities and Performance Indicators
PIs should provide full details of any relevant KPIs for their programme in this section. As the IGMS application form only provides a listing of possible KPIs for PIs to choose from, any additional relevant KPIs not listed should be included in a separate attachment in this section.
4. Full Proposals submitted should contain all relevant information required for a proper and complete evaluation of their merits without the need to go back to applicants for additional information. Relevant privileged or confidential information should be disclosed if necessary to help convey a better understanding of the proposed project. However, such information should be clearly marked in the proposal.
5. Full proposals will be evaluated based on the following criteria:
to the objectives of the programme and provide appropriate means of tracking/ measuring the success of the programme. Please refer to Annex C2 for a description of an impact statement.
PIs should also use this section to highlight and list up to five key scientific milestones that can be expected from the successful execution of the programme; and how these would be measured at the mid-term mark and programme completion mark.
The detailed listing of activities and deliverables should be provided in Section 5 of the IGMS application form.
23 August 2018
Page 24
a. Impact in meeting national needs through the technology areas;b. Quality of Collaboration between companies, IHLs/RIs and Government
agencies;c. Industry Contribution;d. Programme management, budget and translation strategy;e. Technical competencies of research team; andf. Quality of plan to sustain and commercialise the technology.
23 August 2018
Page 25
FULL PROPOSAL SUBMISSION TO NCR GRANT CALL 2018
ANNEX C1
Project Team Members (Please add/delete rows where necessary)
Role Name Designation Department Institution % of time
committed
on the
project
Lead PI
Co-PI (1)
Co-PI (2)
Co-PI (3)
Co-PI (4)
Co-PI (5)
Co-PI (6)
Collaborato
r (1)
Collaborato
r (2)
Collaborato
r (3)
Proposal ID: NRF201X_NCR00X_XXX (generated by IGMS)
Proposal Title: XX (Bold, Font 12)
Budget Requested (Excluding Indirect Costs): S$ XX
Period of Support: XX years Host Institution: XX
23 August 2018
Page 26
Impact StatementANNEX C2
8. An impact statement seeks to provide a clear articulation of the potential impact of the proposed NCR programme and proposed actions to help realise this impact. The purpose of an impact statement is to demonstrate to the NRF and its reviewers that the applicant has knowledge of the beneficiaries and users of their research, knows how to engage with and transfer knowledge to these beneficiaries and is committed to maximising the impact of the proposed programme and its research for the benefit of the Singapore’s economy and society.
9. Impact should not be confused with outputs and outcomes. Publications, discoveries, patents, students trained are seen as outputs. These outputs can become outcomes; fore.g. building competence, adding to the knowledge base for a particular research field or product development. Impact is described as the development of these outcomes into creation of new industry, improved health/well-being, innovative disruption to a process/product life-cycle etc.
10. The impact statement should be written in lay non-technical language, be as specific as possible and provide information that will help the NRF and external reviewers in assessing the potential impact of the proposed programme. Appropriate milestones and deliverables associated with the potential impact at mid-term and at the end of project should be clearly indicated.
11. Some examples of impact statements are listed below:a. Demonstrate optical transmission of 2x1014 bits per second by 2015 and 1015
bits per second by 2018.b. A new industry/business sector or activity has been created.c. An industry/business sector has adopted a new or significantly improved
technology or process, including through acquisition and/ or joint venture.d. The industry sector/ environment/ quality of life has been improved through the
introduction of new product(s), process(es) or service(s); the improvement of existing product(s), process(es) or service(s).
23 August 2018
Page 27
COLLABORATION GUIDELINESAnnex D
Each Company shall abide by the following guidelines when engaging in collaborations with any Collaborator pertaining to the Research.
1. Company may engage in research collaborations involving any part or the whole of the Research with local or overseas Collaborators. Such collaborations, particularly with local Collaborators, are encouraged if the same enhance the Research and the results of the same.
2. The work in connection with the Research performed pursuant to the collaboration with the Collaborators should, to the extent possible, be carried out in Singapore. Company and partner Institutions are not permitted to contract out the whole or a substantial part of the Research to Collaborators.
3. Where possible, the Collaborators’ staff should be resident in Singapore, or be re-located to Singapore to undertake the research, although it is recognized that this may not always be possible in the case of Collaborators based overseas. In particular, it is understood that where the Research (and consequently, the Funding) relate to a joint grant call with an overseas funding agency or organization, the Collaborators will be based overseas and the Collaborators’ scope of work under the Research will be undertaken overseas.
4. The Collaborators are not permitted to receive, directly or indirectly, any part of the Funding, whether in cash or in the form of Assets acquired using the Funding or otherwise. All Assets acquired using the Funding must be located in Singapore and maintained within the control of the Company or partner Institutions.
5. Collaborators accessing and using Assets acquired using the Funding may only do so pursuant to the terms of the research collaboration agreement that is put in place to govern the collaboration and must do so on terms which are not more favourable than that allowed to any other Singapore based organization (other than the Company and partner Institutions).
6. Company and partner Institutions shall negotiate and agree upon ownership, intellectual property protection, commercialization and revenue sharing rights in respect of the Intellectual Property arising from the Research undertaken in collaboration with the Collaborators in accordance with internationally accepted standards and in the best interests of the Institutions and Singapore. All such rights shall be negotiated, agreed upon and stipulated in a formal research collaboration agreement with each Collaborator, which shall be consistent with each Company’s and partner Institution’s obligations under this Contract.
23 August 2018
Page 28
7. Minimally, the Company and partner Institutions shall ensure that the Research IP shall be owned according to inventorship4 and that all revenues and other consideration derived from the use and commercial exploitation of the Research IP shall be shared between the Company, partner Institutions and the Collaborators in accordance with the overall contributions5 of the Company, partner Institutions and the Collaborators. Company and partner Institutions shall not cede complete ownership of the Research IP to the Collaborator where the Collaborator or its staff have no inventive contributions without the prior written consent of NRF; that is to say, in no event shall the Company and partner Institutions or any one of them give up ownership where the Company or partner Institutions’ staff, employees, students, agents or contractors are inventors or creators of the Research IP in question.
8. Company shall keep NRF informed of its negotiations with the Collaborators and the terms of the agreement and details of the same in a timely fashion.
9. Company and partner institutions must at all times reserve the right to use the Research IP for their own research and development purposes and to make the same available to the local research community at least for non-commercial research and development purposes.
4 If the Company’s or partner Institutions’ staff, students, employees or sub-contractors are named as the sole inventors/creators of the Intellectual Property, then such company or partner Institutions shall own all of such Intellectual Property and the Intellectual Property is jointly invented/created with the Collaborator’s staff, students, employees or sub-contractors then such Intellectual Property may be jointly owned by the Company, partner Institution concerned and the Collaborator as joint tenants.5 Contributions shall include inventive contributions, financial contributions as well as in-kind contributions, such as access to and use of background IP, equipment, plant and machinery, facilities, materials and other assets.
