2650 Support for VeVA and ESOC WatchKeepers

Conteúdo do emprego

• BACKGROUND The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defense functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
• INTRODUCTION The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programs and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Cyber Security Operationalize Branch’s mission is to monitor, detect, analyze and respond to cyber incidents and cyber threat activity. It acts as the NATO Computer Emergency Response Team (CERT) for NATO with a NATO-wide mandate. It is responsible for sharing information related to cyber security incidents with NATO Nations and NCIA industry partners In order to execute this work, the NCI Agency requires support with the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security and cyber defense. This Statement of Work (SoW) specifies the required skillset and experience.
  
  

2.1 ARCHITECTURE FOR PROTECTING SECRET/TOP SECRET NETWORKS AND VEVA PROJECT

The primary (and currently, only) NCSC Cyber Security Operations Centre (CSOC), is located in S.H.A.P.E. (Mons, Belgium). This CSOC is responsible for the monitoring of all NCI Agency deployed networks (about 50 sites across multiple NATO Nations), at the UNCLASSIFIED, RESTRICTED and SECRET Level.

There are multiple cyber security solutions which include (but are not limited to) Network Intrusion Detection/Prevention Systems (NIPS), Full Packet Capture (FPC), Firewalls, Network Vulnerability Scanners, Online/Offline Computer Forensics, Network Discovery tools etc.

The central management of those solutions (called Tier 2) is in S.H.A.P.E., while the sensors are spread all across the protected sites (Tier 3 sites), and report back to Tier 2.

In the following years, the coverage of the CSOC will be expanded to include one (1) additional SECRET Network, and two (2) TOP SECRET networks, for all of which architecture work will be required. Due to the strict security and “need-to-know” requirements of those networks, not all existing security services are fit for use. It is the contractor’s responsibility to review the relevant NATO Policy Directives and discuss with the relevant stakeholders, to identify and recommend the optimal security services (and their mechanism for delivery) for the protection of those networks.

• PURPOSE The Cyber Security Operationalize Branch performs comprehensive Support to Cyber Security, continually accessible advice and action to support the customer in the maintenance of efficient and compliant cyber security and cryptography that underpins the security of our communication and information. This Statement of Work (SOW) outlines the services to be provided by the Supplier to NCI Agency Cyber Security Operationalize Branch for the implementation and management of a 24/7 cybersecurity helpdesk service related to VeVA Project.
• OBJECTIVES The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for a Service Provider that will provide effective, agile and resilient cyber defenses in order to deliver the 24/7 monitoring of crypto devices, networks, websites and email traffic to detect and identify incidents and threats. The services will be delivered in Sprints, and each sprint will have the duration of 1 (one) week.
  
  

During One Sprint, The Assigned Resources Will Act As One Of The Key Operational And Technical Experts While Developing And Demonstrating Monitoring And Detection Reports And Acting As Point Of Contact With NATO Nations For Any Cyber Security Incident Related Issues, Performing The Following Activities:

• Information Assurance incident management;
• 24/7 helpdesk service management;
• Management of Secure Management Centre’s (SMC) including: key management, access control management, security monitoring, IP crypto configuration management, error location and recovery, data base back up, alarm handling;
• Management of NATO Wide PKI user profiles, CA certificates, End-User certificates, other root CA domains certificates, CRLs and ARLs
• Provide technical support and assistance to ACO wide and NATO Agencies and National MODs
• Cyber Security 24/7 watch-keeping duties such as: receiving advisories from national and non-government CERTs, disseminating general incident related information to CIS operating authorities, providing technical support and assistance to NATO CIS operating authorities in respect to malicious code prevention, providing liaison with other CERTs, providing limited technical support and assistance to NATO CIS operating authorities in respect to intrusion detection, performing initial incident response, recovery, and reporting activities in support of operational NATO CIS, reporting incidents and vulnerabilities to the Cyber Security sections, coordinating the collection and processing of all cyber related information for NU, NR, MS and NS systems, providing centralized on line Vulnerability Assessment of remote networks and interfaces;
• Support to incident response as the entry point for the reporting of cyber security incidents, direct support to detection activities, as well as ad-hoc requests;
• Cyber Security Information Sharing Services - This Service provides the dissemination and/or production of different type of documents/updates such as: Cyber Security Daily news, Trend Micro Patterns, replication of Trend Micro Active Repository, McAfee updates, Juniper Signatures, ExtraDat, Cyber Defense SitRep Bulletins, NATO Identified Malware Black List (NIMBL);
• Internet e-mail and Internet-Facing Web Sites monitoring Service - Internet Facing Email Content Monitoring: Checking of all Inbound/Outbound Internet e-mail to ensure compliance with NATO and applicable local Security Polices; such checks include malicious code, executable content, encrypted content, SPAM, and Classified Data content;
• Internet Web Site monitoring - The ability to centrally monitor customer’s Internet-facing Web Sites for unauthorized changes and to take appropriate reporting/remedial actions
  
  

The content and scope of each sprint will be agreed during the sprint-planning meeting, in writing, based on the activities mentioned above.

• SERVICE DETAILS Helpdesk Operations
  
  

The Service Provider Will:

• Support the dedicated 24/7 helpdesk team of cybersecurity
• Implement multi-channel support (phone, email, internal chat) for incident reporting and user assistance
• Develop and maintain a knowledge base for common security issues and their resolutions
• Provide regular reporting on helpdesk performance and security incidents
  
  

Incident Response and Incident Management

The Service Provider Will:

• Respond to all security alerts within 5 minutes of receipt
• Perform initial triage of cyber security incidents
• Escalate critical incidents to appropriate personnel within 30 minutes
• Provide regular status updates to Project Manager / Service Manager during ongoing incidents
• Implement a robust incident detection and classification system
  
  

User Support

The Service Provider Will Assist Users With:

• Password resets and account lockouts
• VPN and remote access issues
• Suspicious email and phishing attempts
• Security software queries and troubleshooting
  
  

Management of Secure Management Centre (SMC)

The Service Provider Will:

• Provide real-time monitoring and analysis of security events across the Client’s networks
• Manage and update security policies and rules across network devices
• Provide secure remote access solutions for authorized personnel
• Ensure compliance with relevant security standards and regulations
• Conduct regular security audits and assessments of the SMC
• COORDINATION AND REPORTING Due to the AGILE approach of this project, there is a need to define a set of specific arrangements between the NCI Agency and the contractor that specifically defines the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning, execution and review processes.
• WORK EXECUTION The services will be 100% executed onsite (NCIA S.H.A.P.E. premises in Mons, Belgium). NCIA IT equipment will be provided (one REACH laptop will be provided). Results of the work to be stored on NCI Agency NATO RESTRICTED SharePoint portal and checked on a weekly basis to the assigned Point of Contact (Annex A - Weekly progress report). All the documentation provided under this statement of work will be based on NCI Agency templates and/or agreed with the NCIA service manager. All support, maintenance, documentation will be stored under configuration management and/or in the provided NCI Agency tools. All developed solutions will be property of the NCI Agency.
• SECURITY AND NON-DISCLOSURE AGREEMENT Any proposed resource providing services under this SOW must be in possession of a security clearance NATO SECRET or above. The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.
• REQUIREMENTS
• Required skillset of the proposed resource is extensive knowledge and experience (more than 5 years). Moreover, demonstrated experience in IP Crypto devices are a must.
  
  

Services under current SOW are to be delivered ONE resource that must meet the following requirements:

• Experience with Information Systems Engineering and Maintenance - Information Security Implementation Computer Security;
• A good knowledge of Computer Security principles and procedures. Proficiency with Cryptography Technology. Knowledge of Internet Protocol based networks and components (routers and switches);
• Working knowledge of Router configuration;
• A good knowledge of public key infrastructure technology;
• Working knowledge of Crypto systems and techniques;
• A high level of knowledge of network, system and application level troubleshooting techniques;
• Extensive experience in the analysis of risk and in the implementation and integration of Information Security protective measures;
• Red Hat certified and/or Linux professional certified;
• Specific experience: Must be familiar with the detailed and complex NATO standards for the operation of CRYPTO and the associated equipment that process and secure NATO classified information;
• Experience in development and implementation of computer security policies;
• Experience in evaluation and accreditation of telecommunications and information systems;
• Experience in security requirements analysis.
• Hold one or more of the following IT security qualifications/certifications: CCNA; ITIL foundation in IT Service Management; TCE 621 Operator Course THALES Norway; TCE 671 Operator Course THALES Norway
• Prior experience of working in an international mission environment comprising both military and civilian elements;
• Knowledge of NATO responsibilities and organization, including ACO and ACT.