Job Specifications
Deadline Date: Friday 21 March 2025
Requirement: Support for Vigilence and Enhanced Vigilence Activities (VeVA) Project and ESOC WatchKeepers (24/7 Helpdesk Team of NATO Cybersecurity)
Location: Mons, BE
Full Time On-Site: Yes
Time On-Site: 100%
Period of Performance: 2025 BASE: 28th Apr 2025 (tentative) to 31st Dec 2025, with possibility to exercise the following options:
2026 Option: 1st January until 31st December 2026
2027 Option: 1st January until 31st December 2027
2028 Option: 1st January until 31st December 2028
Required Security Clearance: NATO SECRET
BACKGROUND
The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.
INTRODUCTION
The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC's role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.
The Cyber Security Operationalize Branch's mission is to monitor, detect, analyse and respond to cyber incidents and cyber threat activity. It acts as the NATO Computer Emergency Response Team (CERT) for NATO with a NATO-wide mandate. It is responsible for sharing information related to cyber security incidents with NATO Nations and NCIA industry partners
In order to execute this work, the NCI Agency requires support with the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security and cyber defence. This Statement of Work (SoW) specifies the required skillset and experience.
2.1 ARCHITECTURE FOR PROTECTING SECRET/TOP SECRET NETWORKS AND VEVA PROJECT
The primary (and currently, only) NCSC Cyber Security Operations Centre (CSOC), is located in S.H.A.P.E. (Mons, Belgium). This CSOC is responsible for the monitoring of all NCI Agency deployed networks (about 50 sites across multiple NATO Nations), at the UNCLASSIFIED, RESTRICTED and SECRET Level.
There are multiple cyber security solutions which include (but are not limited to) Network Intrusion Detection/Prevention Systems (NIPS), Full Packet Capture (FPC), Firewalls, Network Vulnerability Scanners, Online/Offline Computer Forensics, Network Discovery tools etc.
The central management of those solutions (called Tier 2) is in S.H.A.P.E., while the sensors are spread all across the protected sites (Tier 3 sites), and report back to Tier 2.
In the following years, the coverage of the CSOC will be expanded to include one (1) additional SECRET Network, and two (2) TOP SECRET networks, for all of which architecture work will be required. Due to the strict security and "need-to-know" requirements of those networks, not all existing security services are fit for use. It is the contractor's responsibility to review the relevant NATO Policy Directives and discuss with the relevant stakeholders, to identify and recommend the optimal security services (and their mechanism for delivery) for the protection of those networks.
PURPOSE
The Cyber Security Operationalize Branch performs comprehensive Support to Cyber Security, continually accessible advice and action to support the customer in the maintenance of efficient and compliant cyber security and cryptography that underpins the security of our communication and information.
This Statement of Work (SOW) outlines the services to be provided by the Supplier to NCI Agency Cyber Security Operationalize Branch for the implementation and management of a 24/7 cybersecurity helpdesk service related to VeVA Project.
OBJECTIVES
The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for a Service Provider that will provide effective, agile and resilient cyber defences in order to deliver the 24/7 monitoring of crypto devices, networks, websites and email traffic to detect and identify incidents and threats.
The services will be delivered in Sprints, and each sprint will have the duration of 1 (one) week.
During one sprint, the assigned resources will act as one of the key operational and technical experts while developing and demonstrating Monitoring and Detection reports and acting as Point of Contact with NATO Nations for any cyber security incident related issues, performing the following activities:
Information Assurance incident management;
24/7 helpdesk service management;
Management of Secure Management Centre's (SMC) including: key management, access control management, security monitoring, IP crypto configuration management, error location and recovery, data base back up, alarm handling;
Management of NATO Wide PKI user profiles, CA certificates, End-User certificates, other root CA domains certificates, CRLs and ARLs
Provide technical support and assistance to ACO wide and NATO Agencies and National MODs
Cyber Security 24/7 watch-keeping duties such as: receiving advisories from national and non-government CERTs, disseminating general incident related information to CIS operating authorities, providing technical support and assistance to NATO CIS operating authorities in respect to malicious code prevention, providing liaison with other CERTs, providing limited technical support and assistance to NATO CIS operating authorities in respect to intrusion detection, performing initial incident response, recovery, and reporting activities in support of operational NATO CIS, reporting incidents and vulnerabilities to the Cyber Security sections, coordinating the collection and processing of all cyber related information for NU, NR, MS and NS systems, providing centralized on line Vulnerability Assessment of remote networks and interfaces;
Support to incident response as the entry point for the reporting of cyber security incidents, direct support to detection activities, as well as ad-hoc requests;
Cyber Security Information Sharing Services - This Service provides the dissemination and/or production of different type of documents/updates such as: Cyber Security Daily news, Trend Micro Patterns, replication of Trend Micro Active Repository, McAfee updates, Juniper Signatures, ExtraDat, Cyber Defence SitRep Bulletins, NATO Identified Malware Black List (NIMBL);
Internet e-mail and Internet-Facing Web Sites monitoring Service - Internet Facing Email Content Monitoring: Checking of all Inbound/Outbound Internet e-mail to ensure compliance with NATO and applicable local Security Polices; such checks include malicious code, executable conte...