IMPORTANT
To avoid last minute technical difficulties that could delay your submission, please send your request to open an epost Connect conversation as soon as possible, following the epost Connect instructions listed in Part 2 - Bidder Instructions of the CFP.
--------------------------------------------------------
UPDATES
November 23, 2020
Attachment 3 has been added. The document contains questions and answers related to the Challenge.
November 10, 2020
The previous update was made in error. There is currently no Questions and Answers attachment pertaining to this Challenge.
November 9, 2020
Attachment 3 has been added. The document contains questions and answers related to the Challenge.
--------------------------------------------------------
INTRODUCTION
This Challenge notice is issued under the Innovation for Defence Excellence and Security (IDEaS) Program Call for Proposals (CFP) Call 004 (W7714-207317).
--------------------------------------------------------
HOW TO APPLY
Please refer to the main solicitation documents which contain the process for submitting a proposal.
Step 1: Prepare for Proposal Submission
Read the
Call for Proposals documents
and Challenge tender notice in their entirety.
Step 2: Download and Complete Attachment 1 – Electronic Proposal Submission Form
Attachment 1 – Electronic Proposal Submission Form
can be found at the bottom of each Challenge tender notice page on Buy and Sell.
If you have technical difficulties downloading and opening the form, please follow the instructions in
Attachment 2 – Technical Instructions , found at the bottom of the Challenge tender notice page on Buy and Sell.
The security warning on the form is for DND internal information only. The use of epost Connect enables submission of the form through an encrypted delivery platform for secure electronic delivery of Protected B documents.
Step 3: Follow the submission instructions listed in Part 2 – Bidder Instructions of the CFP
Please allow sufficient time to register and submit the completed form before the Challenge closing date and time.
Additional attachments or documentation (technical drawings, CVs, diagrams, etc.) must not be submitted and will not constitute part of the Bidder’s proposal.
Only one proposal is permitted per epost Connect conversation. For multiple submissions, this process must be followed for each proposal submitted.
--------------------------------------------------------
MAXIMUM FUNDING AND PERFORMANCE PERIOD
Multiple contracts could result from this Challenge.
The individual maximum contract funding available under Component 1a is up to $200,000 CAD (excluding applicable taxes) for a maximum performance period of up to 6 months.
This disclosure is made in good faith and does not commit Canada to contract for the total approximate funding.
--------------------------------------------------------
CHALLENGE DETAILS
Challenge Title
Knot vulnerable - Locking Down Cybersecurity on Naval Vessels
Challenge Statement
The Royal Canadian Navy (RCN) is seeking innovative solutions to identify risk, protect naval assets, and detect, respond and recover from cyber security incidents in Her Majesty’s Canadian (HMC) platforms to ensure the safety and security of ships, boats and crew and to ensure the RCN is able to execute full spectrum operations within a contested cyber environment.
Background and Context
The execution of naval operations rely on capabilities provided by Operational Technologies (OT) and Platform Technologies (PT). These technologies include machinery and weapons control systems and the communications networks through which these systems operate. These systems often require closed proprietary protocols and software which often limits the use of Enterprise Information Technology (IT) products in support of cybersecurity. As the RCN Future Fleet comes online, some integration of IT, OT and PT systems is inevitable and an integrated cybersecurity solution will be required to protect and defend HMC platforms and crew.
A significant concern for the Navy is that ship OT and PT systems used to automate ship electromechanical processes were not engineered to meet modern cybersecurity standards required of Enterprise IT systems, nor do these standards always make sense for non-Enterprise IT systems. Many Enterprise IT cybersecurity products are simply not designed to address cybersecurity concerns of OT and PT systems in maritime platforms, either military or civilian. When assessed against modern cybersecurity standards and threats, legacy systems should be hardened further, however few commercial options are available to address the gap.
Desired Outcomes
The Royal Canadian Navy is looking for innovative research, tools and/or technologies that address, but are not limited to, the following:
Network Discovery: the ability to maintain a current and accurate picture of known cyber-physical assets, including the hardware, firmware, software, versioning, protocols, logical and physical locations, as well as any unknown devices connected to those systems;
Vulnerability Assessment: the ability to conduct automated vulnerability scanning of ship OT/PT systems, and to assess whether cyber-physical assets are vulnerable by comparing them to unclassified and classified common vulnerabilities and exposures (CVE), or similar databases;
Decision support workflows to support risk decisions associated with the prioritization and remediation of vulnerabilities; and
System Monitoring: the ability to monitor an OT/PT system for anomalous activity and categorize/prioritize any abnormal activity based on severity and frequency.
--------------------------------------------------------
ENQUIRIES
All Challenge-related enquiries must be submitted in writing to:
TPSGC.PAIDEES-APIDEAS.PWGSC@tpsgc-pwgsc.gc.ca
Enquiries must be submitted no later than 10 calendar days before the Challenge notice closing date. Enquiries received after that time may not be answered.
For more information about the IDEaS program, Bidders can visit the IDEaS website .
