Alerting Industry to €30 million of Potential Opportunities
NATO’s Communications and Information (NCI) Agency is looking for up to three industry partners to support its cyber-security operations across multiple alliance locations.
A media release issued 18 November makes public a Notification of Intent (NoI) dated 2 August, in which it sets out the proposed terms for a partnership framework that would allow the alliance to call on industrial suppliers to back-fill cyber-security capability as required over a two-year period. Two base years, followed by two further one-year options, will characterise the contract, for which some €30 million is currently allocated – a sum that could rise if services delivered hit that threshold within the first two years. But the contracting model – indefinite duration indefinite quantity (IDIQ), with competition between the three successful bidders apparently baked in – means it is possible a company could become one of the three suppliers yet never see any work from the contract.
“When the Agency has a requirement for cyber security services, a Statement of Work (SoW) will be developed and a Delivery Order competition will be run among the three suppliers on the IDIQ,” the NoI states in its summary of requirements. “The resulting lowest-priced, technically compliant offer would be awarded the resulting Task Order to complete the work detailed in the SoW. There is no guarantee of any work through the IDIQ framework.”
The NoI also sets out a “non-exhaustive list of potential core services” the framework could be used to procure. These include extending existing NATO Cyber Security Centre (NCSC) services, including extending its NCIRC (NATO Computer Incident Response Capability) to a number of remote locations; the provision of online computer forensics, online vulnerability assessment, and subject matter expertise on firewall integration.
A formal request for quotes is due to be released imminently. The NoI includes a list of 87 companies which already have a business relationship with NATO to whom the opportunity has already been communicated. The Agency intends to notify chosen suppliers next year.
“The flexible services brought by this framework are essential to NATO to ensure that cyber security remains an integral part of every capability and service delivery,” stated Frederic Jordan, NCSC’s head of cyber security programme delivery branch. “This framework will give the Agency the flexibility and efficiency to work with trusted industry partners to address its needs in a timely manner. The Agency will retain the same level of control on these activities as before but less internal resources will be required to support them. This will allow NCSC staff to concentrate on their primary mission of defending NATO’s networks.”