Ministry of Justice

MOJ Cybersecurity scanning and open data intelligence platform

Incomplete applications

14
Incomplete applications
9 SME, 5 large

Completed applications

6
Completed applications
2 SME, 4 large
Important dates
Opportunity attribute name Opportunity attribute value
Published Wednesday 16 January 2019
Deadline for asking questions Wednesday 23 January 2019 at 11:59pm GMT
Closing date for applications Wednesday 30 January 2019 at 11:59pm GMT

Overview

Overview
Opportunity attribute name Opportunity attribute value
Summary of the work Jointly with the MOJ devise architecture and component set of the platform, and then autonomous implementation, documentation and quality assurance prior to joint user-acceptance-testing with the MOJ. This may involve a market assessment of open source / free open source intelligence (OSINT) and other public domain analytical tooling (such-as urlscan.io)
Latest start date Monday 18 February 2019
Expected contract length Total length of contract should not exceed 6 months
Location London
Organisation the work is for Ministry of Justice
Budget range

About the work

About the work
Opportunity attribute name Opportunity attribute value
Why the work is being done The Ministry of Justice (MOJ) has a diverse and sizeable technology estate which presents challenges for vertical and horizontal analysis for cybersecurity purposes such as technical security configuration, upstream supply chain analysis and other metrics.

The MOJ wish to create an platform that will gather technical indicators from a series of sources (Amazon Web Services Route53, Microsoft Azure DNS and so on) utilise scanning techniques (create localised scripts but also leverage urlscan.io and beyond) and import the data into an analytical toolset (for example, Elasticsearch/Logstash/Kibana) and provide the capability for searching, alerting (triggers) and otherwise analysis.
Problem to be solved "The Ministry of Justice (MOJ) is currently limited in its capability to understand the size of it's web operations presence and ascertain the cybersecurity posture of that estate - for example: how many public websites are based on *.justice.gov.uk and how many of those are configured with modern Transport Layer Security (TLS).

The MOJ through this work will be able to analyse technical security indicators across its known web presence in order to advise the wider MOJ on problematic areas that require, or may soon require, mitigation efforts and otherwise investment."
Who the users are and what they need to do As the MOJ Chief Information Security Officer and/or MOJ Senior Security Advisor, I need to know the size of MOJ's public technology estate and have a data-led approach to advise the MOJ Permanent Secretary and MOJ Executive Committee on where cybersecurity investment is required.

As a MOJ Cybersecurity analyst, I need to be able to analyse technical security and create alerts and reports.
Early market engagement None conducted.
Any work that’s already been done The MOJ Security & Privacy - 'Red team' has created a discardable Elasticsearch/Logstash/Kibana (ELK) environment in a Public Cloud provider, and has manually imported some data sources for experimental analysis.

(This environment can be enhanced and used, or discarded).
Existing team MOJ Digital & Technology - Security & Privacy Team
Current phase Alpha

Work setup

Work setup
Opportunity attribute name Opportunity attribute value
Address where the work will take place Supplier location(s) and 102 Petty France, London, SW1H 9AJ
Working arrangements "On site for an initial onboarding and discussion period (as mutually agreed) with the vast majority of delivery being completed from Supplier location(s)
Use agile working methods
Weekly progress reports
Use of on line collaboration tools such as Slack and Skype for remote working.
The Security & Privacy Team Project Manager to provide reviews, direction and clarification on progress on a required (but at least weekly) basis"
Security clearance Baseline Personnel Security Check (BPSS) as a minimum. See https://www.gov.uk/government/publications/government-baseline-personnel-security-standard for further guidance.

Additional information

Additional information
Opportunity attribute name Opportunity attribute value
Additional terms and conditions Standard Digital Outcomes and Specialist contract and MoJ's Travel and Subsistence policy.

Please see:
https://www.gov.uk/government/publications/digital-outcomes-and-specialists-2-call-off-contract

Skills and experience

Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.

Skills and experience
Opportunity attribute name Opportunity attribute value
Essential skills and experience
  • Provide recent and demonstrable experience in advising on technical security scanning solutions for large and diverse IT estates conducted in the last three years
  • Outline recent and demonstrable experience in implementation of technical security data analytical toolsets and platforms conducted in the last three years
  • Outline recent and demonstrable experience in open source intelligence and vulnerability information gathering (for public domains) conducted in the last three years
  • Outline recent and demonstrable experience in building modular scalable technical data analytical platforms conducted in the last three years
  • Provide recent and demonstrable experience in authoring code that performs analytical correlation functions conducted in the last three years
  • Provide recent and demonstrable experience in building modular scalable platforms using infrastructure as code principles in AWS conducted in the last three years
Nice-to-have skills and experience
  • Provide recent and demonstrable experience of Amazon Web Services' Kinesis Data Firehose conducted in the last three years
  • Provide recent and demonstrable experience of Amazon Web Services' Athena and/or ElasticSearch conducted in the last three years
  • Provide recent and demonstrable experience of Amazon Web Services' QuickSight conducted in the last three years
  • Provide recent and demonstrable experience of Amazon Web Services' Lambda & Lambda Layers conducted in the last three years
  • Provide recent and demonstrable experience of Python development
  • Provide recent and demonstrable experience of open source development (in particular, well-made and robust code development) and accompanying solution & code documentation conducted in the last three years
  • Provide recent and demonstrable experience of open source intelligence platforms and tools for the analysis of publicly accessible IP addresses, servers, domains and websites conducted in the last three years

How suppliers will be evaluated

How suppliers will be evaluated
Opportunity attribute name Opportunity attribute value
How many suppliers to evaluate 5
Proposal criteria
  • Describe the method you would propose to use, referencing your experience, on how you would architect a scanning and data analysis platform
  • Describe the method you would propose to use, referencing your experience, which data sources a cybersecurity analysis tool should be used
  • Describe the method you would propose to use, referencing your experience, how data should be analysed and metrics be created from underlying datasets
  • Describe the method you would propose to use, referencing your experience, how trigger levels should be created in a cybersecurity technical data system should be created
  • Describe how you will ensure a high quality 'production ready' repeatable platform will be provided through your approach and methodology.
  • Describe how you will ensure that the a developed platform will be flexible to ensure future expansion by any maintainer with sufficient capability
Cultural fit criteria
  • Recent and demonstrable experience of working in public sector or highly regulated environment conducted in the last three years
  • Explain how you’ll ensure collaboration at all levels of the project and programme delivery between users, team members and management. Give examples of where you have taken this approach.
  • Explain internal development team planning and quality assurance processes
Payment approach Time and materials
Assessment methods Written proposal
Evaluation weighting

Technical competence

65%

Cultural fit

10%

Price

25%

Questions asked by suppliers

Questions asked by suppliers
Supplier question Buyer answer
1. Please can you confirm the classification of material/data that the supplier will need to handle and process as part of this task. Official, but all information feeds are public.
2. Please can you confirm the level(s) of security clearance required to work on this task? BPSS
3. Are you looking for a single supplier to perform the architecture design, development, implementation, documentation, QA and UAT for the platform, or would you accept bids which only cover elements of this? We are looking for a single provider to perform the architecture design, development, implementation, documentation, QA and UAT for the platform to ensure the delivered solution is "production ready" and a viable "version 1.0".
4. Has the design and architecture been identified for the platform or does this work need to be done as part of this project? The design and architecture work will need to be done as part of this project
5. Is there requirement for using technologies such as Amazon QuickSart, Amazon Athena and Kinesis Data Firehose or are the assessment of these and alternatives technologies part of this project? There is no set requirement to use these technologies.  The ambition is that the solution can be deployed into the cloud and potentially on-prem as well, but MoJ will not pre-judge which technologies are used.
6. Will the supplier need to bring up its own instance of AWS environment or would access be provided to one already set up by the Ministry of Justice for this? Initially, it would be expected that the supplier use its own AWS tenant.
7. Have you evaluated any commercial security analysis tools and subsequently discarded them? Can you list which tools and why you've discarded them? No, the ambition is that the solution would be open-source.  Therefore commercial security analysis tools are not appropriate for the core of the system.
8. We have an open source tool for this purpose which can be installed on premise or in the cloud. We just give consultancy to configure/customise it according to your requirements. So the budget is completely dependant on how much customisation you will need..are you open to work per SoW basis during contract if we give you a rate card for our consultants. So we can work agile basis in which we can plan/estimate how much resource requires per feature. The bid response will be assessed on the requirements shared, so as long as the open source tool meets our requirements, the delivery approach will be agile and can be SoW based.
9. Would you object to us bidding as a consortium or subcontracting? There will be no objection to the provider bidding as a consortium or subcontracting the work. However the contract will only be awarded to a single supplier. If the Supplier chooses to use Subcontractors, this will be outlined in any bid along with the percentage of delivery allocated to each Subcontractor. The Supplier will take direct contractual responsibility and full accountability for delivering the services they provide using Subcontractors.