1. Dept. of Homeland Security Science & Technology Directorate
Obtaining Federal R&D Funding
Contracting and R&D Summit
McLean, VA
May 11, 2010
Douglas Maughan, Ph.D.
Branch Chief / Program Mgr.
douglas.maughan@dhs.gov
202-254-6145 / 202-360-3170
2. Agenda
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
3. Federal Cyber Research Community
Customers /
Agency / Org Research Agenda Researchers Consumers
National Science Broad range of cyber security Academics and Non- Basic Research - No
Foundation (NSF) topics; Several academic centers Profits specific customers
Defense Advanced Mostly classified; unclassified Few academics; large Mostly DOD; most
Research Projects topics are focused on MANET system integrators; solutions are GOTS, not
Agency (DARPA) solutions research and government COTS
labs
National Security Agency SELinux; Networking theory; Mostly in-house Intelligence community;
(NSA) CAEIAE centers some NSA internal; some
open source
Intelligence Advanced Accountable Information Flow Mostly research labs, Intelligence community
Research Projects (AIF); Large Scale System system integrators, and
Agency (IARPA) Defense (LSSD); Privacy national labs; Some
Protection Technologies (PPT) academics
Department of Homeland All unclassified; Secure Internet Blend of academics, DHS Components
Security (DHS) S&T Protocols; Process Control research and government (including NPPD, NCSC,
Systems (PCS), Emerging labs, non-profits, private USCG, FLETC and
Threats, Insider Threat, Cyber sector and small business USSS); CI/KR Sectors;
Forensics; Open Security USG and Internet
Technologies, Next Generation
Technologies
4. Increasing Your Success Rate
Understand your client
Federal agencies have distinctly different characters
Different missions
Different processes
Federal agencies are not charities
Money is appropriated to them for specific purposes
You will be more successful if you can explain why your
proposed R&D supports their mission
5. Federal R&D Programs
A program is led by a Program Manager (PM)
A program will have:
Specific Technology Objectives aligned with customer
needs that will have a significant operational impact
Plan to move from current level of technical maturity to a
higher level (e.g., DOD = Technology Readiness Levels)
An approach indicating how objectives will be achieved
A program structure indicating how the PM has deployed
resources (time, money, executors) to achieve objectives
Deliverables
Transition Strategy/Technology Development Path
6. Federal R&D Process
• Identify requirements
• Develop program plan and allocate resources
•Planning • Communicate plans and priorities to technical
community
• Posting Solicitations
•Solicitation • Solicitation Process – White Papers
• Submitting proposals
• Different programs demand
•Contract different contract vehicles
• Flexibility used to match mission
• Programs tailored to meet
unique conditions of
•Execution objectives
• Active interaction with
performers
7. Relationship with Program Manager
PM’s job is to manage technical and programmatic
risk and WANTS YOU TO SUCCEED
PM wants to leverage existing technology, others’
R&D investment and market pull
PM wants the intellectual property strategy aligned
with transition plan, but will usually negotiate
The PM is a resource for you in accomplishing the
R&D and in transitioning to the (government)
customer
8. Mechanics of Proposing R&D
Find agencies with closest mission match
Identify R&D element(s) within the agencies
Look for existing R&D solicitations (Money already
exists for these efforts!)
Do your homework (read website, workshop results,
any presentations on your target program solicitation)
Respond to solicitation carefully – meet all
administrative requirements and make sure your
R&D matches the stated program needs
If no solicitation, contact R&D PM. Explain
relevance to mission. Be patient. Be persistent.
9. Agenda
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
10. Contracting Vehicles
The Government has a range of contracting vehicles
to match programmatic needs and contractor
character
Grants
Contracts
Cooperative agreements
Other Transactions for Research or Prototypes
Only some agencies have authority for OTs
Allows government to deal with non-traditional contractors who
have desirable technologies, but do not want to keep “Government
books”
Must comply with “generally acceptable accounting principles”
11. R&D Proposals
Contract Types for R&D
Team approach (technical & business)
Consider hiring government contracting specialist
Cost realism - Cost or Price Analysis
Business Capabilities
Financial Audit
Proposal Costs
Accounting System
Estimating System
Financial Capabilities
Past Performance
12. The Normal Contract
Terms
Read & Understand Your Contract
Contract Line Items/Deliverables
Contract Clauses
Performance
Proposal - What did you say you would do?
Deliverables - Due Dates
Acceptance - How Accomplished
Payment
Invoicing Procedures and Certification
Prompt Payment Act
Limitation of Funds/Limitation of Cost
14. Agenda
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
15. Programs for U. S. Small Business
Small Business Innovation Research (SBIR)
2.5% Set-asideprogram for small business concerns to
engage in federal R&D -- with potential for
commercialization
Small Business Technology Transfer (STTR)
Set-aside program to facilitate cooperative R&D
.3%
between small business concerns and research
institutions -- with potential for commercialization
16. SBIR - A 3 Phase Program
•PHASE I
• Feasibility Study
• $100K (in general) and 6 month effort
•PHASE II
• Full Research/R&D
• $750K and 24 month effort
• Commercialization plan required
•PHASE III
• Commercialization Stage
• Use of non-SBIR Funds
17. Which Government Agencies?
Both SBIR/STTR
Defense
Health & Human Services
NASA
DOE
NSF
DHS
SBIR only
DOA
DOC
ED
EPA
DOT
NIH
18. Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
19. SBIR Program: Small Business
Concern Eligibility
Organized for-profit
placeof business located in the U.S.,
operates primarily with the U.S.,
or which makes significant contribution to the U.S.
economy through payment of taxes or use of American
products, materials or labor
Is in the legal form of an individual proprietorship,
partnership, limited liability company, corporation,
joint venture, association, trust or cooperative
except that where the form is a joint venture, there can be
no more than 49% participation by business entities in the
joint venture
20. SBIR Program: Small Business
Concern Eligibility (continued)
Fewer than 500 employees, including affiliates
Principal Investigator’s (PI) primary employment
must be with the small business concern at the time of
award and for the duration of the project period
21. Performance of R&D Activities
“All research/R&D must be performed in its entirety
in the U.S.”
Rare cases to conduct testing of specific patient
populations outside U.S. is allowable
Travel to scientific meeting in foreign country is allowable
Foreign consultants/collaborators allowable, but must
perform consulting in U.S.
22. Intellectual Property, Data Rights
and the SBIR Program
As with all contracts, pursuant to the Bayh-Dole Act,
an SBIR contractor can elect title to inventions
discovered under the SBIR contract (FAR 52.227-11)
The Small Business Act (15 U.S.C. 631(j)(2)(A))
provides for retention by an SBIR awardee of the
rights to data generated by the concern in the
performance of an SBIR award
Protection of SBIR data is intended to provide incentive for
further development or commercialization of technology by
the SBIR awardee
23. Intellectual Property, Data Rights
and the SBIR Program (continued)
The SBIR Program is an instance in which
government funds are be used to create data protected
from disclosure, and therefore, has its own rights in
data clause (FAR 52.227-20)
As a result, the government must protect from disclosure
and non-governmental use “SBIR data”, technical data, and
computer software first produced under a SBIR funding
agreement and properly marked
The period of protection under the FAR is four years from
delivery of the last deliverable under that agreement
Protections against disclosure of data from one phase may extend to
four years after subsequent SBIR awards if properly recognized in
subsequent awards
24. DHS S&T SBIR Evaluation Criteria
The soundness, technical merit, and innovation of the
proposed approach and its progress toward topic
solution
The qualifications of the proposed principal
investigators, supporting staff, and consultants
Qualifications include not only the ability to perform the
research and development but also the ability to
commercialize the results
The potential for commercial (government or private
sector) application and the benefits expected to accrue
from this commercialization
27. Added Bonus - Cost Match
Allows small businesses to seek additional funding
for Phase II projects from non-SBIR sources
Minimum of $100,000 to maximum of $500,000 of
outside funding
Matched by DHS SBIR up to $250,000 in a 1:2 ratio
Additional funds require additional scope – need to
either add R&D on SBIR contract or other
development and commercialization activities (or
some of both)
Cost match is a motivator for, and an indicator of,
commercial potential
28. The DoD IA Research Community
•Industry
NSA ONR AFRL ARL
National IA NRL AFOSR ARO
Research Lab •Academia
SBIRs are funded by DDR&E, DARPA, the Services and
Agencies
29. DDR&E Small Business Innovative
Research (SBIR) Program
Cyber Security awards since 2007 - present
123 Phase I awards Includes SBIR & STTR
39 Phase II awards
Roughly $11 M per year DDR&E awards
Annual SBIR Workshop (20-22 July 2010 at
WPAFB, OH)
Links government, SBIR researchers, prime contractors
145 participants
30. DOD DDR&E SBIR topics
OSD09-IA1 Real-time Adversarial Characterization
and Adaptive Software Protection Countermeasures
OSD09-IA2 Countermeasures to Covert Access
Methods to Reduce Attack Susceptibility and Ensure
Trust
OSD09-IA3 Software Protection to Fight through an
Attack
OSD09-IA4 Autonomic Knowledge Representation
Construction for Software Protection Systems
OSD09-IA5 Developing Cyber Situation Awareness
for Enterprise Health
31. Useful Web Sites and
SBIR Point of Contact
Useful Web Sites
Elissa (Lisa) Sobolewski
https://sbir.dhs.gov DHS SBIR Program Director
elissa.sobolewski@dhs.gov
www.dhs.gov
(202) 254-6768
www.dhs.gov/xopnbiz/
S&T SBIR Program Email:
www.fedbizopps.gov STSBIR.PROGRAM@dhs.gov
www.sbir.gov
32. Agenda
Understanding the Landscape
Contracting
Small Business Programs
Larger R&D Solicitations
Summary / Q&A
33. Broad Agency Announcements (BAAs)
http://baa.st.dhs.gov
R&D funding model that delivers both near-term and
medium-term solutions:
To develop new and enhanced technologies for the
detection of, prevention of, and response to cyber attacks
on the nation’s critical information infrastructure.
To perform research and development (R&D) aimed at
improving the security of existing deployed technologies
and to ensure the security of new emerging systems;
To facilitate the transfer of these technologies into the
national infrastructure as a matter of urgency.
34. Past Solicitations
http://baa.st.dhs.gov
Left hand side – Past Solicitations
Look for BAA 07-09 and BAA 04-17
Review BAA, any modifications or amendments,
presentations, etc.
35. BAA Program / Proposal Structure
Type I (New Technologies)
New technologies with an applied research phase, a
development phase, and a deployment phase (optional)
Funding not to exceed 36 months (including deployment phase)
Type II (Prototype Technologies)
More mature prototype technologies with a development
phase and a deployment phase (optional)
Funding not to exceed 24 months (including deployment phase)
Type III (Mature Technologies)
Mature technology with a deployment phase only.
Funding not to exceed 12 months
36. BAA 07-09 Technical Topic Areas
Botnets and Other Malware: Detection and Mitigation
Composable and Scalable Secure Systems
Cyber Security Metrics
Network Data Visualization for Information Assurance
Internet Tomography / Topography
Routing Security Management Tool
Process Control System Security
Secure and Reliable Wireless Communication for Control Systems
Real-Time Security Event Assessment and Mitigation
Data Anonymization Tools and Techniques
Insider Threat Detection and Mitigation
37. BAA 07-09 White Papers
Type I Type II Type III TOTALS
TTA 1 56 48 11 115
TTA 2 85 47 15 147
TTA 3 51 22 8 81
Registrations Received
TTA 4 36 29 10 75
TTA 5 21 12 4 37
TTA 6 10 8 5 23
TTA 7 43 31 13 87
TTA 8 22 16 4 42
TTA 9 49 30 15 94
TOTALS 373 243 85 701
36 months 24 months 12 months
Type I Type II Type III TOTALS
TTA 1 30 25 6 61
TTA 2 49 33 7 89
TTA 3 23 10 2 35
TTA 4 17 18 4 39
TTA 5 10 5 1 16
Submissions Received TTA 6 3 4 2 9
TTA 7 27 16 7 50
TTA 8 10 7 1 18
TTA 9 24 16 6 46
TOTALS 193 134 36 363
38. BAA 07-09 Full Proposal Statistics
FULL PROPOSALS
Type I Type II Type III TOTALS
TTA 1 5 4 3 12
AWARD
TTA 2 5 7 0 12
SUMMARY
TTA 3 2 3 1 6
Type I – 6
TTA 4 4 5 0 9 Type II – 9
TTA 5 3 0 0 3 Type III – 2
TTA 6 2 2 1 5
TTA 7 5 2 1 8 LEADS
TTA 8 1 1 0 2 Academic – 6
TTA 9 3 3 0 6 Industry – 10
TOTALS 30 27 6 63 Labs – 1
80 offerors were encouraged to submit Full Proposals based on
the White Paper reviews; 63 of those offerors submitted Full
Proposals.
39. Summary
Learn about the agencies, their missions, and meet the
Program Managers
Build your team to deliver – consider including
contracting personnel
Understand the opportunities – SBIR, STTR, BAA,
RFP
40. Douglas Maughan, Ph.D.
Program Manager, CID
douglas.maughan@dhs.gov
202-254-6145 / 202-360-3170
For more information, visit
http://www.cyber.st.dhs.gov
9-10 March 2010 40