Defence Science and Technology Laboratory

Prototype for Automated Network Defence Actions (PANDA)

Incomplete applications

16
Incomplete applications
11 SME, 5 large

Completed application

1
Completed application
1 SME, 0 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 9 October 2019
Deadline for asking questions Wednesday 16 October 2019 at 11:59pm GMT
Closing date for applications Wednesday 23 October 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work This SOR is for software development resources to support continued development of PANDA. The desired outcome is to mature PANDA into a Technology Readiness Level (TRL) 4 capability to support internal research projects and international collaboration.
Latest start date Saturday 30 November 2019
Expected contract length 12 Months
Location No specific location, eg they can work remotely
Organisation the work is for Defence Science and Technology Laboratory
Budget range £500-600k for the initial requirement (without extensions), spread over FY19/20 and FY20/21.

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The UK MOD along with the commercial sector is heavily reliant on strategic and enterprise systems in both fixed and deployable contexts. Such systems can contain hundreds or thousands of endpoints across multiple locations, potentially in different countries and with varying levels of communication bandwidth and stability. These systems of systems are becoming highly dynamic and complex, which requires highly skilled operators to respond and recover from an ever increasing variety (in terms of sophistication and methods of operation) of threats.
Problem to be solved Currently response and recovery processes that are predominately mandraulic, with the ever increasing complexity placing a larger cognitive burden on a limited resource. Moreover, in increasingly federated/coalition mission environments, boundaries of system ownership and management authority are more porous. In these environments, response and recovery actions must be coordinated across operating authorities. Existing security orchestration products are ill suited to these situations.
Who the users are and what they need to do To address these challenges, Dstl is currently conducting research to raise the technological readiness level of automated network defence capabilities. To support this research, Dstl has developed the Prototype for Automated Network Defence Actions (PANDA). PANDA, which is written in Python 3, provides a proof of concept implementation that is capable of responding to incidents on networks automatically. It has also been designed to allow new components and concepts to be integrated quickly. This SOR is for software development resources to support continued development of PANDA.
Early market engagement
Any work that’s already been done During FY 14/15, Dstl ran an industry call through the Defence and Security Accelerator (DASA) to research and develop techniques to support the planning and orchestration of automated responses to protect networks facing complex multi vector attacks. Follow-on work in 2015/16 specifically examined automated Course of Action (CoA) analysis. In FY18/19, Dstl selected one of these concepts to form the basis of PANDA. Through two phases of development activity, PANDA has been matured from a high level conceptual design into a proof of concept software implementation.
Existing team The supplier will be working with a dedicated technical partner from Dstl for day to day interaction. Alongside this will be a small team from the project, who will contribute new concepts and components to PANDA. This team will act as hosts, when or should the need to work on the software on our site arises. This team operates out of their own laboratory space which is equipped to support software integration and development.
Current phase Alpha

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place We would expect the majority of the work to be conducted at the suppliers own address, but there maybe times when both formal meetings and development work will take place at our Salisbury Site.
Working arrangements To ensure that new capabilities can be readily integrated into PANDA as the concept develops and evolves, the project will utilise an iterative and incremental approach to delivery. The supplier must adopt an Agile system engineering approach (e.g. Scrum) and work closely with the Authority throughout the development process to realise the project’s aims. It is expected that this work will require significant dialogue between the Authority and the supplier throughout the contract period; the Authority will make staff available to support this.
Security clearance Able to handle OFFICIAL material only.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions DEFCON 76 (EDN 12/06); DEFCON 501 (EDN 05/17) – (NOTE ONLY TO BE USED WHEN INTERPRETING THE DEFCONS); DEFCON 531 (EDN 11/14); DEFCON 608 (EDN 10/14) ;DEFCON 611 (EDN 02/16); DEFCON 649 (EDN 12/16); DEFCON 659A (EDN 02/17); DEFCON 703 (EDN 08/13).FULL TEXT VERSIONS OF THE DEFCONS CAN BE FOUND VIA KNOWLEDGE IN DEFENCE (KID) https://www.gov.uk/guidance/knowledge-in-defence-kid

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Demonstrate with evidence the ability to deliver without authority funded capability enhancements (for example, procurement of additional ICT to support development activities).
  • Demonstrate, with evidence the ability to conduct agile software development in-house, without support from subcontractors.
  • Demonstrate with evidence the ability to continue and evolve software development from a complex inherited codebase.
  • Demonstrate experience creating software using Python 3 to run on Debian-based Linux operating systems (>= Ubuntu 18.04 LTS) without reliance on closed-source, proprietary, software dependencies.
  • Demonstrate expertise and experience of developing software that utilises machine learning techniques to realise complex data analytics.
  • Demonstrate experience developing cyber security or system management software (preferably for high threat and government organisations).
  • Demonstrate, with evidence, experience of third party technology integration.
  • Demonstrate, with evidence, the ability to produce appropriate levels of documentation, and conduct verification and validation of software.
  • Demonstrate experience using the Git Source Code Management (SCM) system and broader collaborative development tool suites.
  • Provide examples of how you have provided customers with access to developmental and release versions of software source code, and engaged them in the development process.
Nice-to-have skills and experience

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 5
Proposal criteria
  • Demonstrate experience of developing robust, high quality software solutions in demanding timeframes, within the quoted budget.
  • Demonstrate expertise and experience of developing software that utilises machine learning techniques to realise complex data analytics.
  • Demonstrate experience developing cyber security or system management software (preferably for high threat and government organisations).
  • Demonstrate with evidence the ability to continue and evolve software development from a complex inherited codebase.
  • Provide a breakdown of the team structure (please include CVs of the team members doing the work).
  • Provide estimated timeframes for the work (include a Gannt chart with approximate sprint timeframes).
  • Detail and explain identified risks and dependencies. Provide details of offered approaches to manage these risks (include a Risk Register).
  • Provide a detailed breakdown of costs and include information against the following: Hours and rates (including hours allocated to each team member); Cost of materials; and Travel and Subsistence.
Cultural fit criteria
  • Demonstrate with evidence ability to follow industry best practice throughout the whole software development lifecycle from requirements gathering to documentation, testing, verification and validation (including examples of tool chains used).
  • Demonstrate consistent cultural commitment to agile software development practices, including embracing and responding to an evolving customer requirement
  • Provide a summary of the suppliers work ethos and working environment.
  • Demonstrate ability to successfully deliver within the UK Defence landscape.
  • Show evidence of an internal culture of knowledge and experience sharing.
  • Show evidence of being transparent and collaborative both internally and with the customer when making decisions.
Payment approach Capped time and materials
Additional assessment methods
Evaluation weighting

Technical competence

60%

Cultural fit

20%

Price

20%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Is this solution hosted on public Cloud or on-prem? “PANDA is a research prototype rather than a solution. The iterative development of it will be conducted by the supplier utilising an appropriately secured infrastructure, which may be public cloud based. Dstl will host PANDA using an on-premises research network. The PANDA code base includes a set of scripts to automate the containerized (using Docker) deployment of PANDA on Dstl's research network.”
2. How many stuff the supplier need to provide? It is down to the supplier to propose a solution to the outcome this would including the number of staff they requires to deliver the outcome.
3. Is it iside IR35 or outside? As per the CCS guidance Services to be delivered by suppliers under any lots of DOS 4 should be outside the scope of IR35.
4. Can you explain a bit more "Demonstrate with evidence the ability to deliver without authority funded capability enhancements (for example, procurement of additional ICT to support development activities)." please?
Are you gonna give us an environment where we can do our developments or you expect us to have some sort of hardware capacity for the project?
Dstl will not be providing an environment for suppliers to use for development. Dstl operates an internal test bed that will be accessible, as required, for demonstration and knowledge transfer purposes. However, for development and testing purposes, we expect the supplier to use their own development environment. Funding for PANDA should not be used to purchase additional ICT (including hardware and software) for the supplier’s development environment.
The deadline for asking questions about this opportunity was Wednesday 16 October 2019.