Centres for Doctoral Training in Cyber Security Call type: Invitation for proposals Closing date: 08 November 2012

Summary Reflecting the aims of the National Cyber Security programme, the UK Government and its delivery partners are working to enhance the nation’s academic capability in all fields of cyber security. Together BIS, EPSRC, GCHQ and the Office of Cyber Security and Information Assurance (OCSIA) have developed a joint approach and strategy for reaching this goal. As part of that strategy EPSRC wishes to support two Centres for Doctoral Training (CDTs) in cyber security. The Centres will call on a wide range of expertise to deliver multidisciplinary training and so help to provide the breadth of skills needed to underpin the work of the UK’s next generation of doctorallevel cyber security experts. Cyber security is a broad area of research which encompasses a range of challenges and to which many academic disciplines can contribute. To ensure adequate coverage of the key issues by the CDTs in combination, we are inviting proposals to focus all or most of their effort one of two research Domains which are described in the call. These CDTs will be expected to graduate at least eight students from each of three successive annual cohorts, giving a minimum of 24 students produced by each CDT over its lifetime. Efficient use of the sponsors’ funding and/or contributions from other sources may augment this number. The students’ doctoral training will last for four years. It will comprise a mixture of masters-level education in a range of subjects addressing key areas of relevance to cyber security and a related challenging and original research project. The first cohort of students in each CDT is expected to start around October/November 2013. Given the maturity of the CDT model and the well-defined scope of the call we are inviting full proposals from the outset, with no initial outline stage. However all potential applicants should contact EPSRC before developing a proposal. Proposals will be assessed directly by an expert panel with decisions expected in February 2013.

Background Although each year many excellent graduates with experience of cyber security are trained in EPSRC’s current CDTs or through other mechanisms of support there is not currently a Centre which is wholly dedicated to addressing issues related to cyber security. Page 1 of 20

The new CDTs will add to existing programmes, providing broad training with an exclusive focus on cyber security matters. They will represent an enhancement to UK capability in this area and will sit alongside current cyber security research initiatives such as the joint EPSRC-GCHQ Research Institutes and the RCUK CEReS call. They complement other doctoral-level training initiatives (in which EPSRC is not directly involved) which are driven by the National Cyber Security Programme. The majority of the funding for these centres has been provided by central Government but the resulting CDTs will be managed by EPSRC.

Funding available Subject to proposals of sufficient quality being received we expect to support two CDTs as a result of this call, one in each of the Domains identified below. Based on past experience and current practice in existing EPSRC CDTs, each is expected to request resources in the range £3-4M to deliver at least 24 doctoral graduates. An intake of eight students per year is the minimum that the sponsors of this activity feel is necessary to make a significant change in the provision of doctoral-level cyber security training in the UK. Proposals which set out credible plans to produce more graduates without exceeding an upper limit of £4M of EPSRC grant funding – for example by contributing additional university resources or perhaps by attracting support from industry or other users – are welcome. But a ‘race to the bottom’ in terms of, for example, minimal PhD stipends which ultimately harm the long-term prospects of the CDT will count strongly against any proposal. While value for money is a criterion for the call, the quality and viability of the CDT are paramount.

The EPSRC Centres for Doctoral Training model The EPSRC CDT model is based on the concept of a cohort of students who follow a four-year doctoral programme which features significant shared elements and experiences. In the initial stages of this programme the students receive advanced training through taught courses delivered by experts in relevant fields and covering a broad range of issues. In the remainder of the programme the students focus on a specific research project which is significant, challenging and makes an original contribution to knowledge or understanding of key research issues in the scope of the CDT. The training through taught courses should: •

comprise an assessable programme of taught courses broadly equivalent to a postgraduate Masters in level and content (although the structure of the training may be quite different and we do not expect strict adherence to a formal ‘1 + 3’ model for the CDT programme)

•

comprise around 25% of the programme

•

develop and enhance students’ technical knowledge across all areas of cyber security (that is, both Domains A and B explained below) to exploit the unique opportunity that a CDT offers in providing an inter- or multidisciplinary training experience

•

be innovative in its approach to delivering the coursework and integrating it with the students’ research activity, for example by using student placements, invited lectures or master-classes Page 2 of 20

•

demonstrate continuing relevance to business requirements

•

make efficient use of currently available training materials or courses where possible and appropriate, provided that the needs of the CDT shape the courses rather than the availability of the material defining the activity of the CDT

•

expose students to other activities within the wider research of the Centre and provide training in transferable skills, including public engagement

•

provide means by which students funded through other routes can benefit from the training experience offered by the Centre

•

not stop at the end of the first year, allowing students access to new material and developments, refresher courses or additional learning which is useful in their developing research project.

The specific research project should •

be appropriate for the award of a doctoral degree at its conclusion

•

reflect the scope and ethos of the CDT and draw directly on the knowledge gained in the taught course elements

•

connect at some level with other CDT doctoral projects, ongoing or planned, in a way that reinforces the concept of the cohort and helps the students genuinely to feel part of a CDT

•

be an integral part of a strategy for addressing the scope of the CDT across its cohorts (i.e. research project topics and allocations should not be a matter of happenstance, turn-taking, predetermined allocations, unreasoned short-term responses to external change or invocations of seniority or special privilege)

•

continue to draw on taught elements as appropriate

•

reflect the expertise of the academic members of the CDT and not represent an unreasonable departure from their key interests which might be to the detriment of the student experience

•

contribute to the multi- or interdisciplinary flavour of the CDT, either as a result of the project itself being multi- or interdisciplinary or by virtue of its interactions with other projects

•

address the understanding, needs and viewpoints of those outside the academic environment – users of research or practitioners – as to the direction and priorities for research (a good means of ensuring this is via some kind of steering group – see below)

•

be completed, to the point at which a thesis has been submitted, within the timeframe of the CDT to ensure that no students are left in an unsupported writing-up period

Hosting a CDT

Page 3 of 20

Novel approaches to hosting a CDT are welcomed in this call. These may include bids which benefit from bringing together strong groups from more than one institution who have related research interests. In multi-partner bids: •

the student cohort, while not necessarily all physically based at the same site, should still benefit from the culture of interactivity and critical mass which creates the added value of the cohort approach

•

there must be an undivided focus for the centre which avoids creating fiefdoms under the control of a single partner organisation

•

particular attention must be paid to establishing and maintaining the cohesion and dynamic of the student cohort (see the first bullet above)

•

the CDT should be primarily managed from a single site, defined by the location of the Director (who should be named as Principal Investigator)

•

geographical considerations and practicality should be taken into account, and a history of effective collaboration between the partners should be demonstrated. Marriages of convenience are not likely to be sustainable or persuasive.

CDTs are long-term investments. The requirement that all students have submitted their theses before the CDT grant ends implies a grant duration of nearly seven years. A ‘Host Organisation Statement’ in the form of a letter from a senior representative of the applicant institution (or in the case of a joint proposal a single, unified letter representing the views of the partners) is required to provide assurance of the necessary commitment to hosting the CDT.

Scope of the CDTs in cyber security One of the main challenges facing those with an interest in the provision of highquality cyber security research and training is the sheer breadth of the subject. It draws on mathematics, ICT, social science and other areas of study, with knowledge of each being a necessary but not sufficient condition for understanding of the whole problem space. Doctoral graduates in cyber security should ideally have experience and knowledge of the full breadth of the field. Their training should address human, organisational, economic and social science elements as well as the more established technological matters. It must also allow them to develop a practical understanding of the resultant complexity and the interdependency of the issues faced by cyber security practitioners. Evidence gathered by the funders of this initiative (for example through the recent Academic Centres of Excellence exercise) suggests that, although clearly strong in many ways, research coverage of key cyber security areas in the UK is somewhat patchy and that the associated training landscape is similarly unevenly populated. Furthermore, a strong inter- or multidisciplinary flavour is not often present in much current effort. No UK Higher Education Institution is currently believed by the sponsors to be both active and leading in all, or even most, areas of relevance to cyber security research. This implies that an unstructured call would tend to concentrate funding on areas which are already active, to the detriment of others which are currently not being adequately investigated. Page 4 of 20

To ensure adequate coverage of all areas relevant to cyber security this call is asking applicants to identify one of two research Domains (the ‘lead Domain’) as being the sole or major focus of the research component of their proposed CDT. Research project coverage of the lead Domain of a proposal should be as complete and uniform as possible, not omitting significant issues or focusing on a particular sub-area to the detriment of the others. These Domains, shown in both tabular and pictorial form below, are based on the cyber security research areas in the 2011 Academic Centres of Excellence exercise. Neither representation is intended to be definitive. Some leeway in their interpretation is acceptable in order to allow applicants to construct cohesive, optimised proposals. While the list may appear to be technology dominated adequate consideration of ‘the human element’ of cyber security – behaviour, people and processes – will be essential for the success of these CDTs.

Research Domains for this call Domain A Cryptography, Key Management and Related Protocols

•

Cryptographic Research

•

Quantum Cryptography

•

Key Management

•

Applied Cryptography

•

Authentication Protocols

•

Provable Security

Systems Engineering and Security Analysis

•

Research into methodologies for engineering end to end systems

•

High Assurance Software

•

Access Control

•

Electromagnetic Security

•

Side Channel Attacks and Countermeasures

•

Embedded Security

•

System on Chip, FPGA and ASIC design of cryptographic algorithms

•

Anti-tamper

•

Reverse Engineering

•

Secure Sanitisation

•

Hardware Development Techniques - for example, the use of COTS in secure products Page 5 of 20

Research into the Security of Strategic Technologies and Products

•

•

Computing platforms, for example: o

Virtualisation and Trusted Platforms

o

Sandboxing and Kernel/User Interaction

o

Secure Architectures

Communications Technologies and Architectures, for example: o

Security of Mobile Devices

o

Cloud Security

o

Security of Smart Grid and Smart Metering

•

Data and Service Architectures

•

Databases and Information Stores

•

Infrastructure Components and Protocols

•

Web Technologies

•

Identity Management

•

Steganalysis

Building Trusted and Trustworthy Systems

•

Rigorous, formal methods for the development of secure systems

•

Development of systems that are dependable/resilient/survivable in the presence of cyber threats/attacks

•

Privacy and trust issues in networked distributed systems

Domain B Operational Assurance Techniques

•

Vulnerability Discovery Techniques

•

Intrusion Analysis Techniques

•

Active Mitigation

•

Forensics

•

Malware Analysis

•

Real-time situational awareness

•

Converting situational awareness or attack information into an assessment of the impact on the business

•

Vulnerability Analysis

•

Intrusion Tolerance Techniques Page 6 of 20

•

Incident Handling and Response

•

Detection and Prevention of e-Crime

•

Threat Mitigation

Information Risk Management

•

Technical Threat Assessment

•

Information Risk Assessment and Analysis Methods

•

Asset Valuation and Business Impact

•

Information Risk Reduction and Mitigation

•

Managing Information Risk and Governance

Science of Cyber Security

•

Security Measurement and Economics

•

Risk Decision Making

•

Analysing Attacks

•

Security Design

•

Human Factors - developing techniques to allow proper risk management of human factors within the enterprise

Information Assurance Methodologies

•

Techniques for gaining confidence in software/hardware implementations of security controls

•

Measuring the effectiveness of combining different security controls in a system

•

Large-scale analysis of complex systems for design and implementation faults

•

Static and dynamic analysis of products and systems

•

Combining and targeting assurance techniques to make risk decisions

•

Translating assurance outputs into risk management decisions

Page 7 of 20

Our understanding is that Domain A is currently more adequately addressed in the UK than is Domain B. Our premise is that one CDT with A as its lead Domain and one with B as its lead Domain will be funded, helping to ensure more even coverage of the landscape as a whole. We believe that any multi-institutional CDT which could in theory train students across the full breadth of both Domains would in reality be too unwieldy to manage effectively. Applications which propose to offer research projects in all or most of the areas in both Domains A and B will not be accepted. Proposals which have a small research project footprint outside their lead Domain are acceptable provided that the additional areas covered are broadly contiguous with those in the lead Domain and that their inclusion is wellreasoned. They must not simply reflect the composition of the proposal team. The centre of gravity of research must be located clearly in the lead Domain. Recognising the need for breadth in education of cyber security issues, and the interconnected nature of many of the challenges, the scope of the taught course elements of a CDT will need to be broader than its research project elements and should cover the totality of Domains A and B. No single CDT will on its own be able to cover all taught elements to the same degree so some focus on particular areas of expertise/interest is permissible. We expect that, once identified, the two CDTs will be open to drawing on each other’s expertise and materials to deliver an efficient and comprehensive taught programme. Page 8 of 20

How to apply Eligibility Proposals will be accepted only from UK universities in receipt of an EPSRC Doctoral Training Grant in the academic year 2012/13. See http://www.epsrc.ac.uk/funding/students/dta/Pages/grants.aspx for a complete list. Other UK universities may be included as partners on applications but may not lead or offer a candidate for Director. CDT students will need to meet the eligibility criteria applied to EPSRC Doctoral Training Grant funding. See http://www.epsrc.ac.uk/funding/students/Pages/eligibility.aspx. For information on the eligibility of organisations and individuals to receive EPSRC funding, see the EPSRC Funding Guide: http://www.epsrc.ac.uk/funding/apprev/basics/Pages/fundingguide.aspx

Submitting an application You should prepare and submit your proposal using the Research Councils’ Joint electronic Submission (Je-S) System (https://je-s.rcuk.ac.uk/). When adding a new proposal, you should select: •

Council ‘EPSRC’

•

Document type ‘Training Centre’

•

Scheme ‘Training Centre’

•

On the Project Details page you should select the ‘Centres for Doctoral Training in Cyber Security’ call.

Details of which research organisations have registered to use Je-S are available from http://www.so.stfc.ac.uk/jes/jes1/RODetails(Web).pdf. Note that clicking ‘submit document’ on your proposal form in Je-S initially submits the proposal to your host organisation’s administration, not to EPSRC. Please allow sufficient time for your organisation’s submission process between submitting your proposal to them and the call closing date. EPSRC must receive your application by 16:00 on 08 November 2012. Guidance on the types of support that may be sought and advice on the completion of the proposal are given on the EPSRC website (http://www.epsrc.ac.uk/funding/apprev/Pages/default.aspx) which should be consulted when preparing all proposals. Costing the CDT and completing the Je-S application There are many potential components to the costs of a CDT. These components, the accompanying headings to be used on Je-S when applying for the CDT, and the relationships between them are summarised in the ‘Financial Appendix’ at the end of this call. CDT grants will not be awarded under the full economic costing model. EPSRC will pay the direct costs only of a CDT, but at a 100% level. Page 9 of 20

The headings 1 – 3 below should be used to summarise the costs requested in the ‘Case for Support’ (briefly), the ‘Financial Appendix’ and the ‘Justification of Resources’ (NB these headings are not the same as those found in the Je-S application itself – see further below for these): 1. Direct student costs These comprise the students’ stipends and fees, and any costs associated with their individual research programmes. These associated costs could include equipment, IT costs, travel, conference fees or anything else associated with the students as individuals which scales roughly linearly with the number of students in the CDT. Provision should be included to cover the students’ general travel requirements, including attendance at a minimum of one scientific meeting per annum. 2. Delivery of training costs These comprise the costs associated with developing and delivering the taught components of the CDT programme. Investigator time in support of either activity is eligible, as are the costs of buying in training from external providers (probably, but not necessarily, from other academic institutions). Funding for transferable skills training can be sought for CDT students. 3. Coordination and management costs These could include: costs of refurbishment of office space, central IT support through the lifetime of the CDT, costs associated with the role of Director, administrative support, publicity (for example for recruitment of students), dissemination and networking activities as a means of enhancing the skills or employability of the students and other applicant time devoted to the running of the CDT. Costs associated with time spent supervising students can not be included in the costs of the CDT. We do not expect to fund significant items of capital or single items of equipment over £10k through this call. Funding for delivery of training, coordination and management activities (i.e. items 2 and 3 above) should comprise the minority of the cost of a CDT. The purpose of a CDT is to produce high-quality doctoral graduates and most resources should be dedicated specifically to this end. When completing the online Je-S application costs for the CDT should be requested under the following headings: ‘Total/Estimated Stipend Value’ This heading should be used to request the total stipend costs necessary to pay for the EPSRC-funded students in the CDT. Doctoral students with skills in cyber security are in great demand. As a result, these CDTs will face significant competition when trying to attract individuals of sufficient quality. CDTs are expected to draw on a pool of potential applicants from a wide range of backgrounds and life-histories: for example, students with a variety of undergraduate degrees (psychology, law, management, engineering, design…) or those who have Page 10 of 20

previously been employed in industry and who wish to return to academic study. To reflect this situation and its likely effect on recruitment/retention we will not specify the stipends offered by these CDTs other than that they should not be below the RCUK minimum value. The relevant figures for 2012/13 and advice on subsequent years can be found at http://www.rcuk.ac.uk/ResearchCareers/postgrad/Pages/home.aspx. Enhanced stipends will of course need to be highlighted in the ‘Case for Support’ and explained in the ‘Justification of Resources’. ‘Total/Estimated Fees Value’ This heading should be used to request the total fees incurred by the EPSRC-funded students in the CDT. Tuition fees cover the costs associated with the supervision of students and should be costed at the rate normally applicable for RCUK-supported students in the relevant academic year. Please see the link above for the most recent figure and guidance on future years. ‘Other Costs’ This heading should be used to request funding for all other elements of the CDT’s programme, i.e.: a) support of the research training programme b) delivery of the training c) coordination and management of the CDT d) costs associated with the ‘Pathways to Impact’

Guidance on producing the CDT application Some potentially useful observations from the panel which conducted a review of current EPSRC CDTs may be found here: http://www.epsrc.ac.uk/newsevents/news/2012/Pages/cdtoutcomes.aspx For general advice on writing proposals see: http://www.epsrc.ac.uk/funding/apprev/preparing/Pages/default.aspx A CDT application for this call requires the following supporting documents in addition to the completed Je-S form: 1. Case for Support (up to 12 pages) 2. Pathways to Impact (up to two pages) 3. Justification of Resources (up to two pages) 4. Host Organisation Statement (no page limit; note that joint applications will need to provide a single statement which reflects the authority of all institutions)

Page 11 of 20

5. Letter of Support (optional, no page limit and no restriction on the number which may be submitted) 6. Other Document (based on the ‘Financial Appendix’ at the end of this call document, up to two pages) Specific guidance on each attachment is given below.

1. Case for Support Up to 12 pages in length. This should address at least the points given below to make the case for funding. It is not essential that the exact structure shown is used and it may be that additional information could usefully be added. The ‘Case for Support’ should be written in a way that makes it as easy as possible for its assessors to evaluate it against the assessment criteria. Evidence may be combined in whatever way necessary to present the most coherent and compelling argument for a CDT. Scope of the proposed CDT •

Describe the full scope of the CDT. Indicate the lead Domain to be addressed and any particular areas of emphasis/strength within that Domain if appropriate. Additional, careful, justification will be needed if aspects outside the lead Domain are addressed to any significant extent

•

Highlight the inter- or multidisciplinary aspects of the chosen scope and how, as a result, it presents a shift in current norms of research/training in the UK

•

Explain why the scope is coherent and how it represents something more than a composite of the available institutional capabilities

•

For multi-institution applications, provide evidence of previous successful joint working

Strategy and alignment •

Summarise the strategy of the CDT

•

Describe how the centre aligns with UK national needs (including those of industry)

•

Describe how it complements existing support from EPSRC and other funders of research and training within this general area

•

Explain how the bid aligns with the strategy and research priorities of the host institution(s)

•

Outline the recruitment scope for the CDT, in terms of the student academic backgrounds/disciplines likely to be suitable or to add the greatest value

•

If possible, provide evidence of the need for the numbers of doctoral students that the centre will produce, including industrial demand for such Page 12 of 20

researchers (note that this may draw on evidence contained in ‘Letters of Support’) International standing •

Provide evidence of the relevant experience and international standing of the applicants in both research and training

•

Provide evidence of previous particular success in the provision of masters- and/or doctoral-level training, for example successful established courses, student employment in areas relevant to the research element or prizes won for doctoral work

Doctoral programme – taught course element •

Describe the curriculum of masters-level training to be provided by the CDT, including an indication of the state of readiness of the material, e.g. currently available, deployable from existing resources but requiring some further development, or yet to be developed.

•

Highlight and explain any external training provision (i.e. that provided on a more or less contractual basis by an organisation not named on the application form)

•

Provide evidence of past success on the part the CDT team in delivering training of this kind, for example in the form of completion rates or student source/destination data for comparable programmes

•

If appropriate, provide an indication of a ‘core’ (compulsory for all students) programme and any optional elements

•

Describe plans for non-technical or generic transferable skills development

•

Explain how the training and research will be integrated

Doctoral programme – research element •

Describe the approach to generating thesis topics: processes to be used for generating potential thesis topics at a high-level, for matching projects to students and supervisors, and/or for developing topics ‘from the bottom up’ i.e. driven by the student themselves. Particular attention should be paid to ensuring that the outcomes of these processes will contribute to the aims of the CDT as a whole

•

Describe supervisory arrangements, including any use of external supervisors and plans to manage co-supervision

•

Describe plans for aligning other sources of support for doctoral level training with the proposed CDT

Engagement with industry and users •

Outline the Centre’s approach to engagement with industry and other users of its outputs

•

Noting the requirement that the Centre develop a more detailed ‘User engagement strategy’ in the first six months (see the section on ‘Pathways Page 13 of 20

to Impact) and that some form of independent oversight is required, describe additional structures or activities which will help to ensure that the CDT is of value to non-academic users of its outputs. For example, in the use of secondments or guest lectures •

Describe plans for dissemination and outreach of the centre, taking care not to duplicate the ‘Pathways to impact’ document unnecessarily

Management and delivery •

Nominate a Director for the CDT and outline the role and responsibilities

•

Map key academic staff in the CDT to its areas of research and its taughtcourse elements, to indicate the degree of coverage of the Domain

•

Describe the management structure for the CDT. This is expected to require multiple elements to ensure adequate governance, including: o

A management function to make day-to-day decisions and support the operation of the CDT

o

An oversight function in the form of an independent advisory panel or steering group able to help define the general direction, scope and nature of the CDT

o

A means by which student views can be represented in the operation of the CDT

•

Outline plans/processes to ensure that external factors, drivers and information are suitably able to influence the progress of the CDT

•

Describe processes for ongoing review of the CDT and ways in which it can learn from experience, both internal and external

•

Describe plans to maintain the group dynamic within the student cohort, for example through events or organised shared activities of value to the CDT. These are especially important if the cohort is not physically colocated

•

Describe infrastructure and resources required for management and delivery, in particular those necessary in support of the cohort approach, for example dedicated office spaces

Resources •

For ease of reference the ‘Case for Support’ should include a table summarising the basic costs of the CDT and the assumptions which underpin them (e.g. the particular level of student stipend if it is above the RCUK minimum.) This should be structured under the three headings given earlier: o

Direct student costs

o

Delivery of training costs

o

Start-up, coordination and management costs Page 14 of 20

•

Describe additional funding to be secured or already attracted in support of the CDT

•

Refer to the ‘Justification of Resources’ and ‘Financial Appendix’ documents as appropriate in order to make efficient use of the pages available

•

Remember to request funds necessary in support of the plans outlined in the ‘Pathways to Impact’

2. Pathways to impact ‘Plans for industrial/user engagement and impact’ are one of the assessment criteria for this call. The ‘Pathways to Impact’ document and its associated resource request forms an integral part of the case for funding Specific guidance on preparing the Pathways document can be found at http://www.rcuk.ac.uk/kei/impacts/Pages/Guidance.aspx.

User Engagement Strategy As part of their ‘Pathways to Impact’ successful applicants will be required to develop (within six months of the start of the grant) and execute a strategy for engaging with potential users of the research funded in the project. Any resources required for this should be included and justified in the application although the details of their exact use need not be provided at this stage. The strategy should cover: •

how and when potential users have been / will be identified;

•

what form the engagement will take;

•

what steps will be taken to ensure that outputs of the training are made available to potential users;

•

suitable metrics for determining the success of the strategy in delivering value to users.

This strategy should be reviewed and updated regularly as part of the formal management of the grant.

3. Justification of Resources General guidance on producing a Justification of Resources can be found at http://www.epsrc.ac.uk/funding/apprev/preparing/Pages/jor.aspx. The ‘Justification of Resources’ and the ‘Financial Appendix’ should be written in a way which allows them to be read easily in tandem. They will together explain and justify the costs of the CDT. The ‘Justification of Resources’ need not contain a detailed financial table describing the costs of the CDT as this will be contained in the ‘Financial Appendix’, but it should be easy to match items in the ‘Justification of Resources’ to items in the Appendix. Clear, consistent terminology should be used throughout the documentation provided. Page 15 of 20

Note that time spent supervising students can not be included in the costs of the CDT.

4. Host Organisation Statement No page limit. This should be in the form of a letter from a senior representative of the applicant institution(s) confirming commitment to the proposal. If additional resources for the CDT are being provided by the institution(s) they should be explained here to help free-up space in other parts of the proposal.

5. Letter(s) of Support No page limit, and no limit to how many may be submitted. General guidance on Letters of Support can be found at: http://www.epsrc.ac.uk/funding/calls/2010/ppestarter/applicationform/Pages/pa rtners.aspx. Letters of support should be used to describe and confirm commitments of external partners to the CDT programme, not simply to provide generic statements of goodwill.

6. Other attachment (a ‘Financial Appendix’ of up to three pages) The tables in the appendix attached to this call, or slightly modified versions of them, should be completed and returned with the application as an ‘Other attachment’.

Assessment Assessment process Proposals will be assessed directly by a panel comprising experts from academia and research/training users. Membership will include representation from individuals with experience of running an EPSRC CDT as well as those with direct knowledge of cyber security issues.

Assessment criteria Proposals will be assessed against the following criteria: •

Fit to call, coherence and value of proposed CDT scope We are looking for CDTs which address the challenges outlined in the call, which are coherent entities and which make full use of the opportunities offered by the CDT cohort approach

•

Quality, standing and ability to deliver of the team We want to support the best students and this will derive in part from supporting the best researchers with proven track records of attracting, educating and supervising students at the cutting-edge of research

•

Credibility, coherence and value of the doctoral programme We want the training components of the programme to be compelling and comprehensive, appealing to students and addressing issues which will resonate outside the CDT to add value to the doctoral degrees awarded. Page 16 of 20

The research project components should maximise opportunities for new inter- or multidisciplinary thought and results which represent a departure from the current norm. As a result of the cohort approach, and their integration with the taught elements, projects should add to the current stock of knowledge synergistically rather than offering piecemeal accumulation of unconnected results. •

Plans for industrial/user engagement and impact We want to ensure that the CDT programme represents the current and future realities of cyber security, delivering graduates who are highly employable as a result of the instantly recognisable value derived from their experience in the CDT.

•

Plans for management and delivery As a result of the cohort approach, we want the CDTs to represent more than a block award of individual studentships and for the students themselves to benefit from the CDT structure and opportunities offered by it. These should be delivered professionally and efficiently, maximising the number of graduates without detriment to their quality.

•

Appropriateness of resources and value for money We want to ensure that the funds allocated to this call are spent wisely, with a clear purpose in mind and that they ultimately deliver significant added value for the UK, helping to ensure our future security and prosperity

Key dates Activity

Date

Call closes

08 November 2012

Panel Meeting

January 2013

Grants announced

February 2013

First student starts

Oct-Nov 2013

Contacts For all enquiries relating to this call please contact Alex Hulkes EPSRC Polaris House North Star Avenue Swindon SN2 1ET [email protected] Page 17 of 20

Financial Appendix Each CDT application should be accompanied by detailed tabular summary of its budget, in the form of a two page ‘Financial Appendix’ submitted as an ‘Other attachment’ through Je-S, along with the rest of the application. The Appendix should include two tables, one to record the detailed budget requested from EPSRC (i.e. the cost to EPSRC) and one to give a total cost of the CDT. This second table should incorporate additional expenditure not supported by the EPSRC grant and record contributions to this from other sources. The format for these two tables is given later in this Appendix. The ‘Justification of Resources’ document should not completely duplicate the information in the Financial Appendix and should be written to be read in tandem with it. The two documents between them should clearly describe and justify the support requested. While some elements of a CDT’s finances are probably universal – for instance the fees and stipend – the detailed headings used by a particular institution may vary. The elements which might go into each of the headings used in the call document are outlined below. Some variation from these in the final version of the Appendix submitted is allowed at the applicants’ discretion as long as the meaning of all headings used is clearly explained in the ‘Justification of Resources’ document. Additional rows may be added to the first table below, and the headings themselves may also be changed, as long as it is clear to what they refer and that they remain easy to interpret. Where appropriate please pro rata costs across the cohorts, explaining where this is done. Note that the costs associated with the Je-S headings on the right hand side of the diagram must map exactly as shown below.

Page 18 of 20

‘Cost to EPSRC’ table. Additional rows may be added as required. Heading

Of which…

Direct student costs

Student stipends

Cohort 1

Cohort 2

Cohort 3

Total

Student fees Student support User engagement

Delivery of training costs

Taught course delivery Taught course development Transferable/’soft’ skills development

Coordination and management costs

User engagement Director Management and coordination Not readily applicable to Cohort costs. Please give overall totals only Hosting Publicity and dissemination …

Total

1

1

This must be the same as the cost requested through Je-S

Page 19 of 20

Financial Appendix table for total costs of CDT and the contributions to this cost from all sources Heading

Of which…

Direct student costs

Student stipends

Total cost incurred by CDT

Total requested from EPSRC

Contribution from university

Contribution from other sources

Student fees Student support User engagement

Delivery of training costs

Taught course delivery Taught course development Transferable/’soft’ skills development

Coordination and management costs

User engagement Director Management and coordination Hosting …

Costs not directly mapped onto one of the headings above 2

Total

3

4

5

2 To cover contributions offered generically rather than towards a specific activity. If desired these may be explained in the ‘Case for Support’ 3 No entry allowed as all costs to EPSRC must be specified and explained in the table and the Case for Support/Justification of Resources 4 This is the total cost of the CDT to all parties and should be the sum of the costs to EPSRC, university and other sources 5 This is the total requested through Je-S

Page 20 of 20