Request for Input (RFI)-National Cyber Leap Year, 9110-9112 [E9-4321]
Download as PDF
<![CDATA[
9110
Federal Register / Vol. 74, No. 39 / Monday, March 2, 2009 / Notices
Council will review and vote on
applications and guidelines, and the
meeting will conclude with a general
discussion.
If, in the course of the open session
discussion, it becomes necessary for the
Council to discuss non-public
commercial or financial information of
intrinsic value, the Council will go into
closed session pursuant to subsection
(c)(4) of the Government in the
Sunshine Act, 5 U.S.C. 552b.
Additionally, discussion concerning
purely personal information about
individuals, submitted with grant
applications, such as personal
biographical and salary data or medical
information, may be conducted by the
Council in closed session in accordance
with subsection (c)(6) of 5 U.S.C. 552b.
Any interested persons may attend, as
observers, Council discussions and
reviews that are open to the public. If
you need special accommodations due
to a disability, please contact the Office
of AccessAbility, National Endowment
for the Arts, 1100 Pennsylvania Avenue,
NW., Washington, DC 20506, 202/682–
5532, TTY–TDD 202/682–5429, at least
seven (7) days prior to the meeting.
Further information with reference to
this meeting can be obtained from the
Office of Communications, National
Endowment for the Arts, Washington,
DC 20506, at 202/682–5570.
Dated: February 25, 2009.
Kathy Plowitz-Worden,
Panel Coordinator, Office of Guidelines and
Panel Operations.
[FR Doc. E9–4327 Filed 2–27–09; 8:45 am]
BILLING CODE 7537–01–P
NATIONAL SCIENCE FOUNDATION
Request for Input (RFI)—National
Cyber Leap Year
erowe on PROD1PC63 with NOTICES
AGENCY: The National Coordination
Office (NCO) for Networking
Information Technology Research and
Development (NITRD), NSF.
ACTION: Request for Input (RFI).
FOR FURTHER INFORMATION CONTACT:
Tomas Vagoun at Vagoun@nitrd.gov or
(703) 292–4873. Individuals who use a
telecommunications device for the deaf
(TDD) may call the Federal Information
Relay Service (FIRS) at 1–800–877–8339
between 8 a.m. and 8 p.m., Eastern time,
Monday through Friday.
DATES: To be considered, submissions
must be received by April, 15, 2009.
Overview: This Request for Input No.
3 (RFI–3) is the third issued under the
Comprehensive National Cybersecurity
Initiative (CNCI), established within
VerDate Nov<24>2008
12:24 Feb 27, 2009
Jkt 217001
Homeland Security Presidential
Directive (HSPD)–23. RFI–3 was
developed by the Networking and
Information Technology Research and
Development (NITRD) Program Senior
Steering Group (SSG) for Cybersecurity
to invite participation in a National
Cyber Leap Year whose goal is an
integrated national approach to make
cyberspace safe for the American way of
life. Over 160 responses were submitted
to the first RFI issued by the NITRD SSG
(October 14, 2008), indicating a strong
desire by the technical community to
participate. RFI–2 (issued on December
30, 2008) expanded the opportunity for
participation by permitting submitters
to designate parts of submissions as
proprietary. RFI–3 presents prospective
cyber security categories derived from
responses to RFI–1 for further
consideration.
Background: We are a cyber nation.
The U.S. information infrastructure—
including telecommunications and
computer networks and systems and the
data that reside on them—is critical to
virtually every aspect of modern life.
This information infrastructure is
increasingly vulnerable to exploitation,
disruption, and destruction by a
growing array of adversaries. The
President’s CNCI plan calls for leapahead research and technology to
reduce vulnerabilities to asymmetric
attack in cyberspace. Unlike many
research agenda that aim for steady
progress in the advancement of science,
the leap-ahead effort seeks just a few
revolutionary ideas with the potential to
reshape the landscape. These gamechanging technologies (or non-technical
mechanisms that are made possible
through technology), developed and
deployed over the next decade, will
fundamentally change the cyber game
into one where the good guys have an
advantage. Leap-ahead technologies are
so-called because they enable us to leap
over the obstacles preventing us from
being where we want to be. These
advances may require years of concerted
research and development to be fully
realized; good ideas often do. However,
the intent is to start now and gain
momentum as intermediate results
emerge.
Objective: The National Cyber Leap
Year has two main goals: (1)
Constructing a national research and
technology agenda that both identifies
the most promising ideas and describes
the strategy that brings those ideas to
fruition; and (2) jumpstarting gamechanging, multi-disciplinary
development efforts. The Leap Year will
run during fiscal year 2009, and will
comprise two stages: Prospecting and
focusing.
PO 00000
Frm 00035
Fmt 4703
Sfmt 4703
Stage One canvasses the cybersecurity
community for ideas. Our aim is to hear
from all those who wish to help.
The heart of Stage Two, which begins
March 1, 2009, is a series of workshops
to explore the best ideas from Stage
One. As the year progresses, we will
publish four types of findings: (1) Gamechangers—descriptions of the paradigmbusters that technology will make
possible; (2) Technical Strategy—as
specifically as possible, the invention
and/or research that needs to be done;
(3) Productization/Implementation—
how the capability will be packaged,
delivered, and used, and by whom; and
(4) Recommendations—prescriptions for
success, to include funding, policies,
authorities, tasking—whatever would
smooth the way to realization of the
game-changing capability.
Deadline for Submission under this
RFI–3: The third, and final round of the
Stage One cycle is covered by this RFI–
3 and will close April 15, 2009.
Stage One Description
What We are Looking for:
Contributors may submit up to 3 leapahead technology concepts.
Multidisciplinary contributions from
organizations with cybersecurity
interests are especially encouraged.
Cognizant of the limits of conventional
studies and reports, we have given
substantial thought to what framework
and methodology might render the
community’s best ideas understandable,
compelling, and actionable to those who
need to support them, fund them, and
adopt them. Since our search is for
game-changing concepts, we ask that
submitters explain their ideas in terms
of a game. Many ideas will fall into the
following three categories. Ideas that:
Morph the Gameboard (Change the
defensive terrain [permanently or
adaptively] to make it harder for the
attacker to maneuver and achieve his
goals.)
Example: Non-persistent virtual
machines—every time the enemy takes
a hill, the hill goes away.
Change the Rules (Lay the foundation
for cyber civilization by changing
network protocols and norms to favor
our society’s values.)
Example: The no-call list—direct
marketers have to ‘‘attack’’ on customer
terms now.
Raise the Stakes (Make the cost to
play less advantageous to the attacker by
raising risk, lowering value, etc.)
Example: Charging for email—making
the SPAMmer ante up means a lot more
fish have to bite for SPAM to pay.
Ideas that change the game in some
other dimension are also welcome; just
be sure to explain how. The rationale for
E:\FR\FM\02MRN1.SGM
02MRN1
erowe on PROD1PC63 with NOTICES
Federal Register / Vol. 74, No. 39 / Monday, March 2, 2009 / Notices
why the idea is game-changing should
be the central focus of each submission.
Submitters are encouraged to explore
the following categories, which were
derived by the NITRD SSG from the
review of RFI–1 submissions. These
categories encompass promising
concepts identified by compelling
submissions and may be fruitful themes
for additional game-changing insights:
Attribution—Technologies and
methods to establish that a particular
entity (person, host, event) is the
originator of an object (e.g. data) or the
cause of an effect.
Cyber Economics—Security decisionmaking frameworks that incorporate
economic insights; understanding and
altering economic value-chains to make
cyber security exploits increasingly
expensive for attackers.
Disaster Recovery—Recovery in the
event of a large-scale disruption of
national cyber assets.
Network Ecology—Incorporating endto-end network management techniques
to control access to and allocation of
network resources; modeling of
acceptable host and network activities.
Policy-based Configuration/
Implementation—Standards-based
security policy definitions and
enforcement frameworks; architectures
and techniques for implementing finecoarse access and permission controls.
Randomization/Moving Target—
Software diversity that randomizes code
structure; virtualization techniques that
hide, obscure, move, and alter;
randomizing and obfuscating network
resources, IP addresses, and the
operating system; time-varying, cryptobased identities to identify services,
hosts, interfaces, networks and users.
Secure Data—Building provenance
and access controls into the fabric of
digital data.
Software Assurance—Securityfocused system assurance programming
languages.
Virtualization—Cloud-based virtual
desktops for stateless thin clients; highsecurity hypervisors; least-authority
execution via adaptive sandboxes.
Submissions in areas outside these
categories will also be considered.
Who can Participate: This RFI–3 is
open to all and we especially encourage
public- and private-sector groups (e.g.,
universities, government laboratories,
companies, non-profit groups, user
groups) with cybersecurity interests to
participate. Collaborative,
multidisciplinary efforts are also highly
encouraged. Participants in Stage One
must be willing to participate in Stage
Two should one of their ideas be
selected. Excluding proprietary
information, participants must also be
VerDate Nov<24>2008
12:24 Feb 27, 2009
Jkt 217001
willing to have their ideas posted for
discussion on a public Web site and/or
included in our final report.
How We Will Use It: The best ideas
from Stage One will go on to Stage Two.
Non-proprietary elements of Stage One
submissions may be posted on our Web
site for elaboration and improvement, as
a key goal of the Leap Year is to engage
diverse sectors (e.g., government,
academia, commercial, international) in
identifying multidimensional strategies
and, where it makes sense, in rolling up
their sleeves and starting to work.
Submissions crafted with that larger
community in mind will be the most
compelling and influential.
Leap Year interim results and
emerging guidance will be posted at:
https://www.nitrd.gov/leapyear/.
Questions and submissions should be
addressed to: leapyear@nitrd.gov.
In accordance with FAR 15.202(3),
responses to this notice are not offers
and cannot be accepted by the
Government to form a binding contract.
Responders are solely responsible for all
expenses associated with responding to
this RFI–3, including any subsequent
requests for proposals.
All responses must be no more than
two pages long (12 pt font, 1″ margins)
and in this form:
RFI Name: RFI–3—National Cyber
Leap Year.
Title of Concept
RFI Focus Area (Morph the
gameboard, Change the rules, Raise the
stakes.)
Submitter’s Contact Information—
Name, Organization, Address,
Telephone number, E-mail address.
Summary of Who You are—
Credentials, group membership.
Concept—What is the idea? Explain
why it would change the game.
Introducing a good idea alone is not
sufficient; you must explain how it
changes the game.
Vision—Make us believe in your idea.
(What would the world look like if this
were in place? How would people get it,
use it? What makes you think this is
possible? What needs to happen for this
to become real? Which parts already
exist; which parts need to be invented?)
Method—What process did you use to
formulate and refine your concept?
What assumptions or dependencies
underlie your analysis?
Dream Team—Who are the people
you’d need to have on your team to
make this real? If you just know
disciplines that’s okay. If you have
names, explain what those people do. If
your idea is selected for further
consideration, we will do our best to
bring these people together for a Stage
Two workshop.
PO 00000
Frm 00036
Fmt 4703
Sfmt 4703
9111
Labeling of Proprietary Information—
Clearly label any part of the submission
designated as proprietary. The
proprietary information will be
restricted to government use only. If the
submission is selected for Stage Two,
we will work with the submitter to
determine exactly what information
warrants proprietary protection and to
establish appropriate controls for
managing, protecting, and negotiating as
appropriate the relevant intellectual
property rights.
Responses must be submitted via
https://www.nitrd.gov/leapyear/ or
e-mailed to leapyear@nitrd.gov, and
must be received by April 15, 2009.
Appendix A contains a sample
submission and review considerations.
Appendix A—Sample Submission
Who You Are—https://
quieteveningathome.org—We are a
501c3 group with 50,000 members
dedicated to the preservation of the
dinner hour as the core of American
civilization.
Game-changing Dimension—Change
the rules.
Concept—Telemarketers are using our
resources and time to market their
products. They can call and interrupt
our dinners and use our own telephones
to reach us. What if we changed the
rules to ‘‘don’t call us, we’ll call you?’’
Changing this rule changes the game to
one where we decide which marketers
to contact and when, returning control
of the dinner hour to us.
Vision—The vision is a national donot-call register. People should be able
to go to https://donotcall.gov and register
their phone number. It would be illegal
for telemarketers who have not been
given permission to call someone. If a
telemarketer makes an illegal call, the
recipient should be able to report them
to a government agency and they should
be fined. The technology to do this is
easy, we are not sure about the laws and
policies. Courts have ruled differently
on this issue at different times. We think
the political climate is friendly today for
Federal legislation.
Method—We announced our search
for ideas on our website and
submissions were made there. We also
publicized through restaurant and
catering associations with whom we
often partner, who offered interruptionfree free meals for brainstorming
sessions. Participation was not limited
to members, but could not be
anonymous, since it was our intention
to follow up with submitters. The Board
of Directors of QEAH enlisted the aid of
Prandia University to work with the
submitters of the best ideas to develop
them into even better ideas. The Board
E:\FR\FM\02MRN1.SGM
02MRN1
9112
Federal Register / Vol. 74, No. 39 / Monday, March 2, 2009 / Notices
ensured all the aspects described in the
Leap Year RFI were addressed in our
final submissions.
Dream Team—Federal Trade
Commission, Federal Communications
Commission, constitutional lawyer,
Telemarketers’ Association, Consumers
Union, Oracle or other database
company.
Review Considerations
Submissions will be reviewed by the
NITRD Senior Steering Group for
Cybersecurity using the following
considerations:
Would it change the game?
How clear is the way forward?
What heights are the hurdles that may
be found in the way forward?
Submitted by the National Science
Foundation for the National
Coordination Office (NCO) for
Networking and Information
Technology Research and Development
(NITRD) on February 25, 2009.
Dated: February 25, 2009.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science
Foundation.
[FR Doc. E9–4321 Filed 2–27–09; 8:45 am]
BILLING CODE 7555–01–P
NUCLEAR REGULATORY
COMMISSION
[NRC–2009–0054]
Agency Information Collection
Activities: Proposed Collection;
Comment Request
erowe on PROD1PC63 with NOTICES
AGENCY: U.S. Nuclear Regulatory
Commission (NRC).
ACTION: Notice of pending NRC action to
submit an information collection
request to the Office of Management and
Budget (OMB) and solicitation of public
comment.
SUMMARY: The NRC invites public
comment about our intention to request
the OMB’s approval for renewal of an
existing information collection that is
summarized below. We are required to
publish this notice in the Federal
Register under the provisions of the
Paperwork Reduction Act of 1995 (44
U.S.C. Chapter 35).
Information pertaining to the
requirement to be submitted:
1. The title of the information
collection: 10 CFR Part 140, ‘‘Financial
Protection Requirements and Indemnity
Agreements.
2. Current OMB approval number:
3150–0039.
3. How often the collection is
required: As necessary in order for NRC
VerDate Nov<24>2008
12:24 Feb 27, 2009
Jkt 217001
to meet its responsibilities called for in
Sections 170 and 193 of the Atomic
Energy Act of 1954, as amended (the
Act).
4. Who is required or asked to report:
Licensees authorized to operate reactor
facilities in accordance with 10 CFR
Part 50 and licensees authorized to
construct and operate a uranium
enrichment facility in accordance with
10 CFR Parts 40 and 70.
5. The number of annual respondents:
91.
6. The number of hours needed
annually to complete the requirement or
request: 1307.
7. Abstract: 10 CFR Part 140 of the
NRC’s regulations specifies information
to be submitted by licensees to enable
the NRC to assess (a) the financial
protection required of licensees and for
the indemnification and limitation of
liability of certain licensees and other
persons pursuant to Section 170 of the
Atomic Energy Act of 1954, as amended,
and (b) the liability insurance required
of uranium enrichment facility licensees
pursuant to Section 193 of the Atomic
Energy Act of 1954, as amended.
Submit, by May 1, 2009, comments
that address the following questions:
1. Is the proposed collection of
information necessary for the NRC to
properly perform its functions? Does the
information have practical utility?
2. Is the burden estimate accurate?
3. Is there a way to enhance the
quality, utility, and clarity of the
information to be collected?
4. How can the burden of the
information collection be minimized,
including the use of automated
collection techniques or other forms of
information technology?
A copy of the draft supporting
statement may be viewed free of charge
at the NRC Public Document Room, One
White Flint North, 11555 Rockville
Pike, Room O–1 F21, Rockville, MD
20852. OMB clearance requests are
available at the NRC worldwide Web
site: https://www.nrc.gov/public-involve/
doc-comment/omb/. The
document will be available on the NRC
home page site for 60 days after the
signature date of this notice. Comments
submitted in writing or in electronic
form will be made available for public
inspection. Because your comments will
not be edited to remove any identifying
or contact information, the NRC
cautions you against including any
information in your submission that you
do not want to be publicly disclosed.
Comments submitted should reference
Docket No. NRC–2009–0054. You may
submit your comments by any of the
following methods. Electronic
comments: Go to https://
PO 00000
Frm 00037
Fmt 4703
Sfmt 4703
www.regulations.gov and search for
Docket No. NRC–2009–0054. Mail
comments to NRC Clearance Officer,
Gregory Trussell (T–5 F53), U.S.
Nuclear Regulatory Commission,
Washington, DC 20555–0001. Questions
about the information collection
requirements may be directed to the
NRC Clearance Officer, Gregory Trussell
(T–5 F53), U.S. Nuclear Regulatory
Commission, Washington, DC 20555–
0001, by telephone at 301–415–6445, or
by e-mail to
INFOCOLLECTS.Resource@NRC.GOV.
Dated at Rockville, Maryland, this 23rd day
of February 2009.
For the Nuclear Regulatory Commission,
Gregory Trussell
NRC Clearance Officer, Office of Information
Services.
[FR Doc. E9–4334 Filed 2–27–09; 8:45 am]
BILLING CODE 7590–01–P
NUCLEAR REGULATORY
COMMISSION
[Docket Nos. 52–027 and 52–028; NRC–
2008–0441]
South Carolina Electric and Gas
Company Acting for Itself and as
Agent for the South Carolina Public
Service Company (Also Refered to as
Santee Cooper) Virgil C. Summer
Nuclear Station Units 2 and 3
Combined License Application; Notice
of an Extension to the Environmental
Scoping Period
South Carolina Electric and Gas
Company (SCE&G) acting for itself and
as an agent for South Carolina Public
Service Company (also referred to as
Santee Cooper) has submitted an
application for combined licenses
(COLs) to build Units 2 and 3 at its
Virgil C. Summer Nuclear Station
(VCSNS) site, located on approximately
3,600 acres in Fairfield County, South
Carolina, on the Broad River,
approximately 15 miles west of the
county seat of Winnsboro and 26 miles
northwest of Columbia, South Carolina.
The application for the COLs was
submitted to the U.S. Nuclear
Regulatory Commission (NRC) on March
27, 2008, pursuant to Title 10 of the
Code of Federal Regulations (10 CFR)
Part 52.
A notice of intent to prepare an
environmental impact statement (EIS)
and conduct scoping was published in
the Federal Register on January 5, 2009
(74 FR 323–324) and scoping meetings
were held in Winnsboro and Blair,
South Carolina on January 27 and 28,
2009, respectively. After the meetings,
Mayor Gregrey Ginyard of Jenkinsville,
E:\FR\FM\02MRN1.SGM
02MRN1
]]>Agencies
[Federal Register Volume 74, Number 39 (Monday, March 2, 2009)]
[Notices]
[Pages 9110-9112]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-4321]
=======================================================================
-----------------------------------------------------------------------
NATIONAL SCIENCE FOUNDATION
Request for Input (RFI)--National Cyber Leap Year
AGENCY: The National Coordination Office (NCO) for Networking
Information Technology Research and Development (NITRD), NSF.
ACTION: Request for Input (RFI).
-----------------------------------------------------------------------
FOR FURTHER INFORMATION CONTACT: Tomas Vagoun at Vagoun@nitrd.gov or
(703) 292-4873. Individuals who use a telecommunications device for the
deaf (TDD) may call the Federal Information Relay Service (FIRS) at 1-
800-877-8339 between 8 a.m. and 8 p.m., Eastern time, Monday through
Friday.
DATES: To be considered, submissions must be received by April, 15,
2009.
Overview: This Request for Input No. 3 (RFI-3) is the third issued
under the Comprehensive National Cybersecurity Initiative (CNCI),
established within Homeland Security Presidential Directive (HSPD)-23.
RFI-3 was developed by the Networking and Information Technology
Research and Development (NITRD) Program Senior Steering Group (SSG)
for Cybersecurity to invite participation in a National Cyber Leap Year
whose goal is an integrated national approach to make cyberspace safe
for the American way of life. Over 160 responses were submitted to the
first RFI issued by the NITRD SSG (October 14, 2008), indicating a
strong desire by the technical community to participate. RFI-2 (issued
on December 30, 2008) expanded the opportunity for participation by
permitting submitters to designate parts of submissions as proprietary.
RFI-3 presents prospective cyber security categories derived from
responses to RFI-1 for further consideration.
Background: We are a cyber nation. The U.S. information
infrastructure--including telecommunications and computer networks and
systems and the data that reside on them--is critical to virtually
every aspect of modern life. This information infrastructure is
increasingly vulnerable to exploitation, disruption, and destruction by
a growing array of adversaries. The President's CNCI plan calls for
leap-ahead research and technology to reduce vulnerabilities to
asymmetric attack in cyberspace. Unlike many research agenda that aim
for steady progress in the advancement of science, the leap-ahead
effort seeks just a few revolutionary ideas with the potential to
reshape the landscape. These game-changing technologies (or non-
technical mechanisms that are made possible through technology),
developed and deployed over the next decade, will fundamentally change
the cyber game into one where the good guys have an advantage. Leap-
ahead technologies are so-called because they enable us to leap over
the obstacles preventing us from being where we want to be. These
advances may require years of concerted research and development to be
fully realized; good ideas often do. However, the intent is to start
now and gain momentum as intermediate results emerge.
Objective: The National Cyber Leap Year has two main goals: (1)
Constructing a national research and technology agenda that both
identifies the most promising ideas and describes the strategy that
brings those ideas to fruition; and (2) jumpstarting game-changing,
multi-disciplinary development efforts. The Leap Year will run during
fiscal year 2009, and will comprise two stages: Prospecting and
focusing.
Stage One canvasses the cybersecurity community for ideas. Our aim
is to hear from all those who wish to help.
The heart of Stage Two, which begins March 1, 2009, is a series of
workshops to explore the best ideas from Stage One. As the year
progresses, we will publish four types of findings: (1) Game-changers--
descriptions of the paradigm-busters that technology will make
possible; (2) Technical Strategy--as specifically as possible, the
invention and/or research that needs to be done; (3) Productization/
Implementation--how the capability will be packaged, delivered, and
used, and by whom; and (4) Recommendations--prescriptions for success,
to include funding, policies, authorities, tasking--whatever would
smooth the way to realization of the game-changing capability.
Deadline for Submission under this RFI-3: The third, and final
round of the Stage One cycle is covered by this RFI-3 and will close
April 15, 2009.
Stage One Description
What We are Looking for: Contributors may submit up to 3 leap-ahead
technology concepts. Multidisciplinary contributions from organizations
with cybersecurity interests are especially encouraged. Cognizant of
the limits of conventional studies and reports, we have given
substantial thought to what framework and methodology might render the
community's best ideas understandable, compelling, and actionable to
those who need to support them, fund them, and adopt them. Since our
search is for game-changing concepts, we ask that submitters explain
their ideas in terms of a game. Many ideas will fall into the following
three categories. Ideas that:
Morph the Gameboard (Change the defensive terrain [permanently or
adaptively] to make it harder for the attacker to maneuver and achieve
his goals.)
Example: Non-persistent virtual machines--every time the enemy
takes a hill, the hill goes away.
Change the Rules (Lay the foundation for cyber civilization by
changing network protocols and norms to favor our society's values.)
Example: The no-call list--direct marketers have to ``attack'' on
customer terms now.
Raise the Stakes (Make the cost to play less advantageous to the
attacker by raising risk, lowering value, etc.)
Example: Charging for email--making the SPAMmer ante up means a lot
more fish have to bite for SPAM to pay.
Ideas that change the game in some other dimension are also
welcome; just be sure to explain how. The rationale for
[[Page 9111]]
why the idea is game-changing should be the central focus of each
submission.
Submitters are encouraged to explore the following categories,
which were derived by the NITRD SSG from the review of RFI-1
submissions. These categories encompass promising concepts identified
by compelling submissions and may be fruitful themes for additional
game-changing insights:
Attribution--Technologies and methods to establish that a
particular entity (person, host, event) is the originator of an object
(e.g. data) or the cause of an effect.
Cyber Economics--Security decision-making frameworks that
incorporate economic insights; understanding and altering economic
value-chains to make cyber security exploits increasingly expensive for
attackers.
Disaster Recovery--Recovery in the event of a large-scale
disruption of national cyber assets.
Network Ecology--Incorporating end-to-end network management
techniques to control access to and allocation of network resources;
modeling of acceptable host and network activities.
Policy-based Configuration/Implementation--Standards-based security
policy definitions and enforcement frameworks; architectures and
techniques for implementing fine-coarse access and permission controls.
Randomization/Moving Target--Software diversity that randomizes
code structure; virtualization techniques that hide, obscure, move, and
alter; randomizing and obfuscating network resources, IP addresses, and
the operating system; time-varying, crypto-based identities to identify
services, hosts, interfaces, networks and users.
Secure Data--Building provenance and access controls into the
fabric of digital data.
Software Assurance--Security-focused system assurance programming
languages.
Virtualization--Cloud-based virtual desktops for stateless thin
clients; high-security hypervisors; least-authority execution via
adaptive sandboxes.
Submissions in areas outside these categories will also be
considered.
Who can Participate: This RFI-3 is open to all and we especially
encourage public- and private-sector groups (e.g., universities,
government laboratories, companies, non-profit groups, user groups)
with cybersecurity interests to participate. Collaborative,
multidisciplinary efforts are also highly encouraged. Participants in
Stage One must be willing to participate in Stage Two should one of
their ideas be selected. Excluding proprietary information,
participants must also be willing to have their ideas posted for
discussion on a public Web site and/or included in our final report.
How We Will Use It: The best ideas from Stage One will go on to
Stage Two. Non-proprietary elements of Stage One submissions may be
posted on our Web site for elaboration and improvement, as a key goal
of the Leap Year is to engage diverse sectors (e.g., government,
academia, commercial, international) in identifying multidimensional
strategies and, where it makes sense, in rolling up their sleeves and
starting to work. Submissions crafted with that larger community in
mind will be the most compelling and influential.
Leap Year interim results and emerging guidance will be posted at:
https://www.nitrd.gov/leapyear/.
Questions and submissions should be addressed to:
leapyear@nitrd.gov.
In accordance with FAR 15.202(3), responses to this notice are not
offers and cannot be accepted by the Government to form a binding
contract. Responders are solely responsible for all expenses associated
with responding to this RFI-3, including any subsequent requests for
proposals.
All responses must be no more than two pages long (12 pt font, 1''
margins) and in this form:
RFI Name: RFI-3--National Cyber Leap Year.
Title of Concept
RFI Focus Area (Morph the gameboard, Change the rules, Raise the
stakes.)
Submitter's Contact Information--Name, Organization, Address,
Telephone number, E-mail address.
Summary of Who You are--Credentials, group membership.
Concept--What is the idea? Explain why it would change the game.
Introducing a good idea alone is not sufficient; you must explain how
it changes the game.
Vision--Make us believe in your idea. (What would the world look
like if this were in place? How would people get it, use it? What makes
you think this is possible? What needs to happen for this to become
real? Which parts already exist; which parts need to be invented?)
Method--What process did you use to formulate and refine your
concept? What assumptions or dependencies underlie your analysis?
Dream Team--Who are the people you'd need to have on your team to
make this real? If you just know disciplines that's okay. If you have
names, explain what those people do. If your idea is selected for
further consideration, we will do our best to bring these people
together for a Stage Two workshop.
Labeling of Proprietary Information--Clearly label any part of the
submission designated as proprietary. The proprietary information will
be restricted to government use only. If the submission is selected for
Stage Two, we will work with the submitter to determine exactly what
information warrants proprietary protection and to establish
appropriate controls for managing, protecting, and negotiating as
appropriate the relevant intellectual property rights.
Responses must be submitted via https://www.nitrd.gov/leapyear/ or
e-mailed to leapyear@nitrd.gov, and must be received by April 15, 2009.
Appendix A contains a sample submission and review considerations.
Appendix A--Sample Submission
Who You Are--https://quieteveningathome.org--We are a 501c3 group
with 50,000 members dedicated to the preservation of the dinner hour as
the core of American civilization.
Game-changing Dimension--Change the rules.
Concept--Telemarketers are using our resources and time to market
their products. They can call and interrupt our dinners and use our own
telephones to reach us. What if we changed the rules to ``don't call
us, we'll call you?'' Changing this rule changes the game to one where
we decide which marketers to contact and when, returning control of the
dinner hour to us.
Vision--The vision is a national do-not-call register. People
should be able to go to https://donotcall.gov and register their phone
number. It would be illegal for telemarketers who have not been given
permission to call someone. If a telemarketer makes an illegal call,
the recipient should be able to report them to a government agency and
they should be fined. The technology to do this is easy, we are not
sure about the laws and policies. Courts have ruled differently on this
issue at different times. We think the political climate is friendly
today for Federal legislation.
Method--We announced our search for ideas on our website and
submissions were made there. We also publicized through restaurant and
catering associations with whom we often partner, who offered
interruption-free free meals for brainstorming sessions. Participation
was not limited to members, but could not be anonymous, since it was
our intention to follow up with submitters. The Board of Directors of
QEAH enlisted the aid of Prandia University to work with the submitters
of the best ideas to develop them into even better ideas. The Board
[[Page 9112]]
ensured all the aspects described in the Leap Year RFI were addressed
in our final submissions.
Dream Team--Federal Trade Commission, Federal Communications
Commission, constitutional lawyer, Telemarketers' Association,
Consumers Union, Oracle or other database company.
Review Considerations
Submissions will be reviewed by the NITRD Senior Steering Group for
Cybersecurity using the following considerations:
Would it change the game?
How clear is the way forward?
What heights are the hurdles that may be found in the way forward?
Submitted by the National Science Foundation for the National
Coordination Office (NCO) for Networking and Information Technology
Research and Development (NITRD) on February 25, 2009.
Dated: February 25, 2009.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. E9-4321 Filed 2-27-09; 8:45 am]
BILLING CODE 7555-01-P
