Trade Agreement: Agreement on Internal Trade (AIT) Tendering Procedures: The bidder must supply Canadian goods and/or services Attachment: None Competitive Procurement Strategy: Best Overall
Proposal Comprehensive Land Claim Agreement: No Nature of Requirements:
EXTENSION OF CYBER INCIDENT RESPONSE TOOL FOR DEFENCE R&D CANADA, VALCARTIER
Objective :
Add additional features to a tool for responding to cyber incidents, in order to meet the needs of the Department of National Defence (DND) R&D in this area.
Background / History :
Considerable effort is currently being put into developing a process for responding to cyber incidents for DND. The development of this process requires a cyber incident integrated response tool to evaluate the feasibility of several proposed approaches.
In recent years, tools for responding to cyber incidents have reached the marketplace. A team of scientists from Defence R&D Canada (DRDC) have evaluated several such tools. They concluded that no existing tool has all the capabilities necessary to support the development work for the process.
The development from scratch of an integrated tool to respond to cyber incidents with all the desired capabilities would require too much effort for the scope of the project. It is therefore proposed to extend the capabilities of an existing tool for responding to cyber incidents by adding additional features.
The mandatory requirements are as follows:
1 The supplier must have the rights required to sell and modify a cyber incident response tool that meets mandatory criteria 2 to 10 below. 2 The tool must fully function with Windows XP and Windows 7. The tool must be able to analyze computers equipped with Windows XP 32-bit, Windows 7 32-bit and Windows 7 64-bit operating systems. 3 The tool must be capable of remotely checking whether a computer is compromised using a software agent or other means. 4 The tool must be capable of checking the validity of computer networks using a centralized management console. All incident response features must be capable of being operated from this console. Only the software agent installation process (or other technique) can be performed using means other than the centralized management console. 5 The tool must be capable of checking the integrity of a process in memory, for example by comparing its memory dump to that on the disk by simulating the module load in Windows. 6 The tool must be capable of verifying the integrity of a file on the disk, for example by comparing the information gathered by Windows APIs to that obtained via a direct read of data using a driver. 7 The tool must be capable of verifying the integrity of the Windows registry, for example by comparing the information gathered by the Windows APIs to that obtained via a direct read of data using a driver. 8 The tool must be capable of detecting floating code. 9 The tool must be capable of remotely extracting the content of the memory associated with a process. 10 The tool must have the capability of detecting the following hooks and identifying the originating process of the hook: (i) Service table hooks (ii) Inline hooks (iii) IAT/EAT hooks (iv) IDT hooks (v) SYSENTER hooks (vi) DKOM hooks 11 The supplier must be able to provide the services of an intermediate developer with a minimum of 24 months of experience in Windows driver development. (As specified at Section 3.2, Part 4, of this document, the Bidder must provide the curriculum vitae of each proposed resource.) 12 The supplier must be able to provide the services of an intermediate developer with a minimum of 24 months of experience in the development and/or integration of Windows malware detection techniques. (As specified at Section 3.2, Part 4, of this document, the Bidder must provide the curriculum vitae of each proposed resource.) 13 The supplier must be able to provide the services of a project manager. (As specified at Section 3.2, Part 4, of this document, the Bidder must provide the curriculum vitae of each proposed resource.)
The organization for which the services are to be rendered is the Department of National Defence (the «client»).
The period of the Contract is from the date of contract award to March 31, 2016, inclusive. The Contractor grants to Canada the irrevocable option to extend the term of the Contract by up to 4 additional 1 year-periods under the same terms and conditions.
The estimated value of the contract is $900,000.00, plus GST/HST, for the portion of the work done on request via task authorizations during the initial contract period (from the start date of the contract until March 31, 2016, inclusive).
The contract will also include a sum (not disclosed) for the purchase of a maximum of 100,000 additional and optional licenses for the software that include maintenance and support. The purchase of licenses is planned for the period between April 1, 2016, to March 31, 2020.
Pursuant to section 01 of Standard Instructions 2003, Bidders must submit a complete list of names of all individuals who are currently directors of the Bidder.
Furthermore, as determined by the Special Investigations Directorate, Departmental Oversight Branch, each individual named on the list may be requested to complete a Consent to a Criminal Record Verification form.
The requirement is subject to the provisions of the Agreement on Internal Trade (AIT).
Delivery Date: Above-mentioned
The Crown retains the right to negotiate with suppliers on any procurement.
Documents may be submitted in either official language of Canada.