Cybersecurity for Critical Infrastructure (CCI) Program is sponsored by Department of Energy (DOE). Funds projects that enhance the cybersecurity of critical infrastructure, including AI-driven systems.

Critical Infrastructure Cybersecurity Program Submission Period Closed Oct. 6, 2025 Closed,CFP 2025,Past CFP 2025 Critical Infrastructure Cybersecurity Program | CCI | Virginia Tech Critical Infrastructure Cybersecurity Program Submission Period Closed Oct.

6, 2025 A CCI team led by CCI Associate Professor Feras Batarseh collaborated with DC Water to develop advanced AI models and data science to protect against cyber threats, predict water flows and levels, and optimize energy efficiency and environmental safety. The team won the national 2022 Intelligent Water Systems Challenge.

CCI seeks proposals for seed research grants that advance the state of the art of critical infrastructure cybersecurity. We welcome applications from all researchers, including those researchers and institutions who have yet to engage with CCI or each other. Applications from all eligible people in the commonwealth will be equally considered for funding.

Presidential Policy Directive 21 defines critical infrastructure sectors as: Commercial Facilities (e.g., NFL stadiums) Defense Industrial Base, including research universities doing Department of Defense (DoD) research Government Services & Facilities, including local and state government Healthcare & Public Health Nuclear Reactors, Materials, & Waste Water & Wastewater Systems Over 80 percent of the United States’ critical infrastructure is privately owned and operated.

In rural areas, it is common for small cooperatives to provide critical infrastructure services such as electricity distribution. These enterprises rarely have the capacity to staff a security operation center 24x7, evaluate cybersecurity posture, evaluate cybersecurity products, and so on.

At the other end of the spectrum, large municipalities such as Fairfax County may have the resources to staff a large cyber fusion center but are also the target of well-funded nation state actors and criminal gangs. Topics for this call include but are not limited to advancing the state-of-the-art in: AI-informed cybersecurity operations for small- and medium-sized critical infrastructure providers.

Broad, generally applicable horizontal solutions that protect most critical infrastructure sectors.

Tailored, vertical solutions that protect specific critical infrastructure segments because of the specialized nature of the sector or leverage or address unique characteristics of a sector, such as limited, intermittent connectivity, 30-year equipment lifetimes, legacy installed base, or public policies that inhibit the deployment of modern cybersecurity solutions.

Objectives of this call include: To produce seminal contributions to critical infrastructure cybersecurity, targeting the expansion of this research through competitive grants from the federal government, private sector, philanthropic foundations, and other sources. To foster interdisciplinary collaboration to produce high-quality research with strong domain knowledge resulting in a high likelihood of future extramural funding.

To produce research contributions that translate into benefits to Virginia companies. To explore opportunities for innovation (commercialization, entrepreneurship, etc.) in critical infrastructure cybersecurity. Who Can Serve as Principal Investigator (PI): Researchers and faculty members at public institutions in CCI who are deemed eligible by their home institution to serve as a PI on an external grant are eligible to apply.

Limit on Number of Proposals per Institution: There are no restrictions or limits. Limit on Number of Proposals per Investigator: An eligible researcher can participate in one proposal. Other Requirements: Proposals: Maximum Award Amount: $100,000 per proposal.

Proposals must involve multiple CCI institutions. CCI cannot award grants to private institutions. Thus, the proposal must include at least two public CCI institutions.

Private institutions may participate but cannot be funded by this proposal. Award Conditions: Successful applicants are expected to participate fully in CCI activities. Researchers must meet specific conditions by: Providing materials needed for reports.

Participating in CCI meetings. Acting as a reviewer for future CCI calls for proposals. Responding to data collection requests by CCI relating to the grant.

Acknowledging CCI support in all publications and presentations resulting from the grant. The PI is responsible for a final technical report and a final financial report 30 and 60 days following the end of the period of performance. 1.

Title page (one page): Title of the proposed project, name, affiliation, and contact information for the Principal Investigator (PI) and co-Principal Investigators (co-PIs), if any. Find an example of the title page format at the bottom of this page. 2.

Proposed Research Project (up to four pages): Project description. Rationale: Discussion of the technical background and engineering/scientific justification. This should include project objectives and the intellectual merit of the proposed work.

Relevance to CCI and this call: A brief paragraph describing how the project will advance the state of the art in cybersecurity, particularly cybersecurity for critical infrastructure. Include an explanation of how the proposed research will address one or more critical infrastructure sectors. Research plan: What exactly will you do?

How will you meet the objectives? What are the motivations, methods, likely outcomes, milestones, and future directions? If you’ll leverage existing CCI assets and equipment to support the research, describe the equipment/assets and how you'll use them.

Deliverables: Describe the expected deliverables for the project (publications, demonstrations, intellectual property, etc.). 3. Plan for Additional Funding and Impact on the Commonwealth (up to one page): Identify one or more specific opportunities for additional funding to expand the proposed research.

Outline a plan to pursue this funding. See the Requirements section above for more details. Address the potential for commercialization and economic development and impact from this work.

4. References (not included in the page count) A detailed budget and one-page justification must be included. Confirm your ability to utilize all potentially awarded funds by Dec.

31, 2026. Travel should be included to support the PI’s and team members’ attendance at the annual CCI Symposium and other CCI events. The next Symposium is expected to take place in April 2026 in Richmond, Va.

Indirect costs are not allowed. 6. Biographical sketches: Up to three pages for each investigator, using NSF format .

7. Current and pending support for each investigator: Title of the project, status (current, pending, submission planned, etc.), source of the support, period of performance, total award amount, and the portion of the award attributed to the investigator. Investigators can use a current NSF Current & Pending Support document that contains this information.

The submission period closed on Oct. 6, 2025. Proposals and budgets should go through the appropriate approval process at the PI’s institution.

For example, many universities require researchers to include a proposal and budget approved in the standard Office of Sponsored Programs (or your institution’s equivalent) pre-award procedure. Consult the PI’s node director to confirm the process. Contact information of CCI node directors: Central Virginia: Erdem Topsakal at etopsakal@vcu.

edu Coastal Virginia: Daniel Takabi at takabi@odu. edu Northern Virginia: Liza Wilson Durant at ldurant2@gmu. edu Southwest Virginia: Gretchen Matthews at gmatthews@vt.

edu A committee will review the proposals and make funding recommendations. Evaluation criteria include: Substantial intellectual merit related to cybersecurity. Relevance to the focus of the call on cybersecurity for critical infrastructure.

A clear plan for obtaining future funding from the government, the private sector, philanthropy, etc., and the likelihood of being competitive for the programs identified by the PI. Substantial broader impacts related to CCI’s mission lines of innovation and workforce development, as well as in diversifying the cyber workforce.

Refer to the Frequently Asked Questions section below for general questions concerning this call for proposals. Specific questions and the requirements herein should be directed in writing to CCI Research Director Eric Burger at ewburger@vt. edu .

Call for Proposal Announced Jan. 1, 2026, to Dec. 31, 2026 Title Page Format Example CCI Request for Proposals: Cybersecurity for Critical Infrastructure Project Abstract (up to 250 words): Requested Amount per Institution: Name, Title, and Mailing Address for Primary Contact at Each Institution Requesting Funding: Download a template of the title page document .

Frequently Asked Questions For this call, how many institutions of higher education need to collaborate on a project? At least two public institutions in CCI must be funded by the proposal. Private institutions may be a part of the proposal, but they cannot receive funding from this call, either directly or indirectly via a subcontract.

Is there a limit to the number of collaborators on a project? There is no limit. However, the maximum budget request is $100,000.

Is there a limit to the number of proposals I can be a part of? You can only request funding as a Principal Investigator (PI), co-PI, or funded researcher on a single proposal. You may collaborate on any number of proposals without requesting funding.

If researchers have other support, they can be listed on a second (or more) proposal, but they cannot request funding on those proposals. What does it mean to identify a future funding opportunity? You can directly identify a funding opportunity.

For example, if you have a proposal for the NSF CISE Future CoRe, reference it, including what submission date you are targeting. Please be realistic with the submission date: a proposal for a year-long seed project with a submission deadline two months from the proposal submission date is not realistic. What if my target future funding opportunity has a close-in submission date?

If the program typically has annual submission dates but the current program solicitation does not list them, say so. Back up the claim with evidence. What do you mean when you say a proposal needs to lead to significant future funding?

What is significant? Any program with a minimum of $1,000,000 over four years counts. This is a minimum: over time, several CCI collaborative extramural awards are in excess of $10,000,000.

Do I need to focus on a single grant opportunity? There is a balance of credibility and credibility. If you say your project will lead to submissions to several different funding programs, you need to explain how those disparate funding agencies will all see the value in the work funded by CCI.

Conversely, if you focus on a single grant opportunity, the first thing reviewers will ask themselves is What if that opportunity fails? You should have an explanation for that, as well. What is critical infrastructure?

See Presidential Policy Directive 21 and CISA guidance . You may be surprised at what counts as critical infrastructure. Does my project have to address critical infrastructure security?

How can I show my project addresses critical infrastructure security? If the project is tailored to a critical infrastructure sector, addressing cybersecurity, then it is a critical infrastructure cybersecurity project. We call this addressing a critical infrastructure vertical .

Examples would be cybersecurity for wastewater treatment, cybersecurity for aviation, cybersecurity for elections, etc. Do I have to identify the specific critical infrastructure sectors my project proposes to address? If you are proposing basic algorithm or systems projects, they are not likely to get funded by this call.

However, if you are proposing basic cybersecurity science or technology with a direct application to critical infrastructure, that might be eligible for funding from this CCI call. Would not any cybersecurity project address critical infrastructure, too? Not necessarily.

You need to explain in your proposal how the project addresses the unique needs of the various critical infrastructure sectors. For example, one of the aspects of the Critical Manufacturing Sector is the expectation that equipment, including software embedded in that equipment, has a service life of decades. Another example would be the Transportations Systems Sector.

A recent article noted the German National Railway was looking for a Windows 3. 11 Administrator. Many applications in the Energy Sector require millisecond response times.

The Financial Services Sector and the Healthcare & Public Health Sector have strict privacy regulations. Articulating how your project addresses the needs of one or more sectors will help reviewers understand the relevance of your proposal to critical infrastructure cybersecurity. 2026: Experiential Learning Program CCI Tech Transfer Support Fund 2026 2025 2024 2023 2022 2021 2020