Awarded to Security Alliance Limited

Start date: Tuesday 2 January 2018
Value: £49,200
Company size: SME

Department of Health and NHS Blood and Transplant

Threat Intelligence for Department of Health and NHS Blood and Transplant

3 Incomplete applications

1 SME, 2 large

5 Completed applications

2 SME, 3 large

• Published: Monday 30 October 2017
• Deadline for asking questions: Monday 6 November 2017 at 11:59pm GMT
• Closing date for applications: Monday 13 November 2017 at 11:59pm GMT

Overview

• Summary of the work: NHS Blood and Transplant is seeking a CBEST approved supplier to provide Threat Intelligence, ahead of Penetration Testing. The supplier is expected to collect, analyse and disseminate Critical Function-focused intelligence relating to:; • Targeting: potential attack surfaces across NHS BT.; • Threat Intelligence: relevant threat actors and probable threat scenarios.
• Latest start date: Friday 8 December 2017
• Expected contract length: Work to be completed by 31 March 2018.
• Location: No specific location, eg they can work remotely
• Organisation the work is for: Department of Health and NHS Blood and Transplant

About the work

• Why the work is being done: Government Departments must remain resilient to cyber-attacks. To help these departments achieve this goal, the Cabinet Office launched a pilot GBEST security assessment framework.; ; The pilot scheme promotes intelligence-led penetration testing that seeks to mimic the actions of cyber attackers intent on compromising an organisation’s Critical Functions and the technology assets and people supporting those functions.; ; The provision of Threat Intelligence will provide insight into the most secure way to manage two critical NHS Blood and Transplant systems.
• Problem to be solved: The key functions that would lead to compromise of confidentiality and integrity relate primarily to the blood services (Hematos and Pulse systems) and the organ transplant services (ODT system). These systems contain highly confidential data where, if compromised could result in severe clinical harm to many patients/donors.; ; The provider is expected to supply a summary of key threats to the functioning of these core functions, detailing the highest scoring threats to be prioritised by the Penetration Testers. ; ; Reports are expected to be the standard of CBEST, prioritising risks to address in Phase 3 Penetration Test.
• Who the users are and what they need to do: Government Departments need to ensure that they remain resilient to cyber attacks to ensure the safety of UK citizens. They need to be aware of any potential weaknesses and key threats so that these can be addressed and rectified.
• Existing team: Suppliers will be working with representatives from the Department of Health, NHS Digital, NHS Blood and Transplant, Cabinet Office and National Cyber Security Centre.
• Current phase: Not applicable

Work setup

• Address where the work will take place: Expected to be flexible and occasionally travel to NHS Blood and Transplant sites in England. Most work will be remote.
• Working arrangements: To be agreed at contract award but will include 3 weeks of Threat Intelligence to be done ahead of a Penetration Testing period conducted by a separate service provider. 1 week overlap of work with Penetration Test service providers. Some availability required during Penetration testing phase that will last 6 weeks to answer any relevant questions from the Penetration Tester.
• Security clearance: SC preferable with all those working on the project to have CTC as a minimum. Further details on security clearance can be found here: http://intranet.cabinetoffice.gov.uk/task/security-vetting/; Content is of a highly sensitive nature.

Additional information

• Additional terms and conditions: The provider must share information as laid out in the GBEST Implementation Guide and abide by the GBEST Principles. Any non-disclosure agreements must not hinder the delivery of the scheme, specifically, relevant information should be readily shared between the Threat Intelligence provider, the Penetration Tester and GDS. ; ; All expenses must be pre-agreed between the parties and must comply with the Cabinet Office Travel and Subsistence Policy.; ; All vendors are obliged to provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of GDPR and ensures the protection of the rights of data subjects.

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • Be CBEST approved, CREST certified Threat Intelligence Manager successfully assessed against CBEST criteria to supply CBEST Threat Intelligence Services
  • Have experience of assisting customers with Threat Modelling
• Nice-to-have skills and experience:
  • Previous experience of CBEST TI development.
  • Previous experience of CBEST application.

How suppliers will be evaluated

• How many suppliers to evaluate: 4
• Proposal criteria:
  • Project plan.
  • Previous experience.
  • Teams structure and CV's.
  • Value for Money.
• Cultural fit criteria:
  • Describe their approach for working with the Buyer (and alongside other suppliers) as part of an integrated, co-located effective and efficient delivery team.
  • Describe their experience of working with an organisation with the following characteristics: • Critical 24x7 Services • Healthcare Sector • Secure services
• Payment approach: Fixed price
• Assessment methods: Written proposal
• Evaluation weighting:

  Technical competence

  65%

  Cultural fit

  15%

  Price

  20%

Questions asked by suppliers

No questions have been answered yet