The Department of Defense (DoD) has announced a funding opportunity for a pilot program to improve the cybersecurity of the semiconductor supply chain, authorized under Section 1513 of the FY24 National Defense Authorization Act (NDAA). The goal of this program is to strengthen the security of processes involved in the design, manufacturing, assembly, packaging, and testing of semiconductors, safeguarding them from cyber-driven disruptions and intellectual property theft. This effort aligns with U.S. national security interests and ongoing investments under the CHIPS Act, addressing rising cyber threats from both state and non-state actors.

This program targets organizations directly involved in U.S.-based semiconductor production or those providing components to the Department of Defense, national security systems, or the defense industrial base. A comprehensive mapping and assessment of the semiconductor supply chain will be conducted to identify vulnerabilities and explore potential policy solutions through case studies and scenario-based exercises. These exercises will examine various future risks, including ransomware attacks, equipment sabotage, and geopolitical tensions, with the aim of developing actionable recommendations.

The award is structured as a cooperative agreement, with a total anticipated funding amount not exceeding $3 million. The project’s performance period is expected to run from November 2024 to November 2025. Although the opportunity allows collaborations and sub-awards, the primary agreement will be negotiated exclusively with Cornell University, based on the eligibility criteria specified in the solicitation. Cost sharing is not required for participation.

Applications must be submitted through Grants.gov, and applicants must ensure compliance with registration and eligibility requirements through the System for Award Management (SAM). Key deliverables include a project narrative, detailed budget justification, and documentation of partnerships with sub-awardees or industry collaborators. The project will require regular performance and financial reporting, including quarterly Federal Financial Reports (SF-425) and an annual inventory report of acquired equipment.

The DoD emphasizes strict compliance with conflict-of-interest disclosures and federal cybersecurity regulations throughout the program. Any significant failure to meet these requirements could result in the termination of funding. Applicants are expected to collaborate closely with government officials, industry partners, and academic experts to ensure comprehensive coverage of cybersecurity challenges.

All questions regarding the program should be directed to the DoD points of contact, Michael J. Fanizzo and Diane Clarke, as listed in the announcement. Final funding decisions are anticipated to be announced via email, and the start date for the grant will be determined after pre-award requirements are completed.