Awarded to NTT DATA UK Limited

Start date: Wednesday 12 December 2018
Value: £99,000
Company size: large

Department for Digital, Culture, Media & Sport (DCMS)

Architectural assessment of DCMS 5G testbed and trials (Digital Outcome)

8 Incomplete applications

6 SME, 2 large

6 Completed applications

3 SME, 3 large

• Published: Monday 22 October 2018
• Deadline for asking questions: Monday 29 October 2018 at 11:59pm GMT
• Closing date for applications: Monday 5 November 2018 at 11:59pm GMT

Overview

• Summary of the work: A novel piece of 5G technology analysis, summarising (in a report) 5G security aspects of existing 5GTT phase 1 projects and extrapolating into live deployment conditions (i.e through vertical markets), by creating a framework and investigating security challenges via architectural analyses (i.e. penetration testing of equipment not required).
• Latest start date: Monday 10 December 2018
• Expected contract length: 1 year
• Location: No specific location, eg they can work remotely
• Organisation the work is for: Department for Digital, Culture, Media & Sport (DCMS)
• Budget range: A budget of £40,000-£44,000 is available for the initial work package to deliver the analysis and report described. Further work packages may be available subject to agreement.

About the work

• Why the work is being done: The 5G Testbeds and Trials Programme (5GTT) is aiming to make the UK a world leader in 5G technology and ensure businesses can maximise 5G benefits.; ; There is a requirement for security analyses of the architecture developed by the 5GTT Phase 1 projects and to develop understanding of the vertical market sectors they operate in. This analysis and a summary report covering 5G security challenges of the projects are required to inform the ongoing development of 5G use cases.; ; The work must be completed by the end of February.
• Problem to be solved: The security challenge of 5G is becoming more apparent and will be significantly different to the considerations for previous generations of networks. 5G is expected to have transformative impacts across the UK economy. Therefore, it creates a broader attack surface, hence more opportunities to access personal and business data.; ; It will be absolutely vital to ensure that the networks supporting these applications and services are secure in order for people to adopt them.
• Who the users are and what they need to do: As a 5G user in given market sectors (whether architect, service provider or user of 5G networks) I need to be confident that 5G networks are secure, so that I can use, develop and implement new use cases and services to maximise the opportunities realisable with 5G technology.
• Early market engagement: Published literature on the security challenges of 5G exists, for example a paper published by Surrey University and also a 5G report by FCC (links provided).; ; https://www.surrey.ac.uk/sites/default/files/2018-04/5GIC-SSG-Security-Overview-WhitePaper-2017-08-02.pdf; ; https://www.fcc.gov/files/csric6wg3sept18report5gdocx-0
• Any work that’s already been done: Relevant architectural design details of the six 5GTT projects will be provided.
• Existing team: The supplier will primarily work with 5GTT. Some access will be provided to Phase 1 projects to discuss existing architecture, but time will be limited.
• Current phase: Not applicable

Work setup

• Address where the work will take place: The supplier can work remotely.
• Working arrangements: The supplier can work remotely, although some travel to DCMS office (100 Parliament Street, Westminster) will be required.
• Security clearance: BPSS (Baseline Personnel Security Standard)

Additional information

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

• Essential skills and experience:
  • Demonstrable experience, within the last 2 years, of working in network security.
  • Significant demonstrable experience, within the last 2 years, of working in application security.
  • Significant demonstrable experience, within the last 2 years, of working with 5G standards.
  • Significant demonstrable experience, within the last 2 years, of working with 5G vertical industries.
  • Demonstrable experience, within the last 2 years, of working in the IoT space.
  • Demonstrable experience, within the last 2 years, of working with Software Defined Networks (SDN).
  • Demonstrable experience, within the last 2 years, of working with Network Function Virtualisation (NFV).
  • Demonstrable experience, within the last 2 years, of working with network slicing.
  • Demonstrable experience, within the last 2 years, of working with Mobile Edge computing (MEC), including virtualisation.
  • Demonstrable experience, within the last 2 years, of working with open source software.
  • Demonstrable experience, within the last 2 years, of working with supply chain issues.
• Nice-to-have skills and experience:
  • Demonstrable experience, within the last 2 years, of formulating advice suitable for telecoms stakeholders, based on project outcomes.
  • Demonstrable experience, within the last 2 years, of successfully delivering high impact, visually engaging findings.
  • Demonstrable experience, within the last 2 years, of successfully communicating complex sets of results to both technical and non-technical audiences.
  • Demonstrable experience, within the last 2 years, of creating or defining 5G new technology-specific threat analysis frameworks or toolsets.

How suppliers will be evaluated

• How many suppliers to evaluate: 4
• Proposal criteria:
  • Demonstration of a clear understanding of the tasks.
  • Explanation of a suitable and comprehensive approach and methodology, with the flexibility to react to DCMS input.
  • Convincing description of how the proposed work will meet DCMS needs including reporting and how joint progress reviews will be handled.
  • Proposed Project Plan, including team structure that provides justification for each team member, an activity timeline, success criteria, and key deliverables.
  • Explain approach to identifying and mitigating risk within the project, supported by examples of recent experience within similar projects.
• Cultural fit criteria:
  • Provide an example, within the last 2 years, where you have worked collaboratively in a multi-disciplinary team with other organisations, e.g other government organisations.
  • Provide an example, within the last 2 years, where you were successful in quickly joining a team and providing technical advice to meet user needs.
  • Please provide examples of ways of working and cultural values you'd bring to the team.
• Payment approach: Capped time and materials
• Assessment methods:
  • Written proposal
  • Case study
  • Work history
  • Reference
  • Presentation
• Evaluation weighting:

  Technical competence

  65%

  Cultural fit

  5%

  Price

  30%

Questions asked by suppliers

• 1. We would like to bid for this using a team lead from the UK but also working with our colleagues in subsidiaries (such as India). Is this possible please?: The team structure proposed is acceptable, as long as the exchange of information between locations is secure and all team members have sufficient security clearance. This may require further information to the satisfaction of DCMS.
• 2. Please could you confirm whether it is the 3 'Before you Start' questions (below) that need to be completed by the 5th November deadline, or the full ITT/proposal?- give the date the team will be available to start work- say which skills and experience the team have- give evidence for all the skills and experience the team have: Yes, there is an initial shortlisting stage where suppliers must give evidence on skills and experience. The deadline for the shortlisting stage is 5th November. The four highest scoring bidders will be invited to submit a full proposal for evaluation by DCMS.