UNGM logo

Provision of Cyber Education Platform (CEP)

Provision of Cyber Education Platform (CEP) Request for proposal

Reference: RFP/2020/13755
Beneficiary country(ies): Serbia, Republic of
Registration level: Basic
Published on: 24-Feb-2020
Deadline on: 07-Apr-2020 10:00 0.00

Tender description: Provision of Cyber range platform
IMPORTANT NOTE: Interested vendors must respond to this tender using the UNOPS eSourcing system, via the UNGM portal. In order to access the full UNOPS tender details, request clarifications on the tender, and submit a vendor response to a tender using the system, vendors need to be registered as a UNOPS vendor at the UNGM portal and be logged into UNGM. For guidance on how to register on UNGM and submit responses to UNOPS tenders in the UNOPS eSourcing system, please refer to the user guide and other resources available at: https://esourcing.unops.org/#/Help/Guides

This tender has been posted through the UNOPS eSourcing system. / Cet avis a été publié au moyen du système eSourcing de l'UNOPS. / Esta licitación ha sido publicada usando el sistema eSourcing de UNOPS. Vendor Guide / Guide pour Fournisseurs / Guíra para Proveedores: https://esourcing.unops.org/#/Help/Guides
First name: N/A
Surname: N/A
This tender integrates considerations for one or a few sustainability indicators but does not meet the requirements to be considered as sustainable
Climate change mitigation and adaptation Environmental

The tender contains sustainability considerations for preventing or minimizing damage associated with climate change.


Energy efficiency, greenhouse gas reporting and emission offsetting

Gender issues Social

The tender contains sustainability considerations addressing gender equality and women's empowerment.


Gender mainstreaming, targeted employment of women, promotion of women-owned businesses

Sustainable resource use Environmental

The tender contains sustainability considerations promoting the sustainable use of resources.


Energy-saving measures, recycling, take-back programmes and responsible end-of-life management

G  -  Business, Communication & Technology Equipment & Supplies
43000000  -  Information Technology Broadcasting and Telecommunications
43230000  -  Software
43232500  -  Educational or reference software
43232502  -  Computer based training software
New clarification added: After the evaluation of the new developments regarding the Covid-19 outbreak, UNOPS decided to extend the deadline for the submission of proposals for two additional weeks. All other terms and conditions of the Request for proposals remained the same.

Changed/edited on: 17-Mar-2020 12:10
Changed/edited by: webservice@unops.org
New amendment added #1: Following the new developments regarding the COVID 19 virus, the deadline for submission of project proposals is extended for an additional two weeks, until 07 April 2020.

Changed/edited on: 17-Mar-2020 08:51
Changed/edited by: webservice@unops.org
New clarification added: Please find the answers below: RequirementThe CEP must provide multiple exploits scenarios, at least information theft, web crawling, SQL injection, port scanning, ping sweep, password brute force, backdoor scripting, website spoofing, spear phishing, DNS Poisoning.The CEP must provide attack scenarios with a high tangible effect on the network as: stop domain services (DOS), information theft, deface a website.Q: Are these scenarios part of the 10 scenarios of the licensing section?A: Yes, if supported by the offered platform out-of-the-box (i.e. available at the moment of offer submission), then these scenarios are counted towards the minimum number of scenarios.Q: Can you list what you need to illustrate in each of the 10 scenarios?A: Each scenario needs to be realistic, not outdated and to provide tangible learning outcomes to the trainees. Scenarios should be described as part of the CEP documentation - the descriptions should include at least the following: short description, (scenario) system architecture, additional technical information, references to real-life attacks/possible attacks. 4. CEP management environmentRequirementThe network shall include "detectors" which detect student activity and send feedback to the trainer application.Q: Can you list all required "detectors"?A: The offered CEP solution should be automated and be able to detect the activities of the trainees. The trainees must not be asked to manually submit flags or similar results of their activities. The automated detection mechanism of the CEP must allow the trainer(s) to follow the progress of the students from the training management interface.4.2 Trainee interface RequirementThe CEP must provide for the trainees via the training interface thefollowing: tools of control, detection and investigation as SIEM, Firewall, station logs, server logs, Putty and Wireshark, which the trainees will use for security analysis.Q: Do we need to provide a SIEM and firewall license for each trainee?A: The relevant tools and software included as part of the offered, complete platform need to be licensed with perpetual licenses. The licenses must not expire or need to be renewed at the cost of the Beneficiary. In addition, Vendor support and subscriptions should be included for at least a 3-year term.Best regards

Changed/edited on: 03-Mar-2020 12:00
Changed/edited by: webservice@unops.org
New clarification added: Please find the answers below:3.1  General requirements for the Cyber Exercise Platform (CEP) RequirementThe CEP must be a hybrid type, combining physical (Hardware) and virtual(Software) solutions. QuestionsQ: Is a full virtual solution acceptable?A: No. The Offeror should provide a full solution with hardware, software, COTS licenses, and technical support. The optional SCADA/ICS components need to be integral parts of the offered solution and contain physical ICS equipment (e.g. PLCs).Q: If not, can you provide an architecture to account for the level of hybridization?A: The system architecture is designed by the Offeror.Q: In the hybrid case, what graphical representation of the HW components is required on the CEP control view? A: The CEP control view needs to be integrated. It is expected that the control view shows both the virtual and physical components in a unified interface.  3.2 ExtendibilityRequirementThe CEP must be extendable to simulate ICS/OT/SCADA attacks.Q: ICS protocols and standards are many. Can you define what protocols need to be addressed?A: It is necessary to address at least well-known, open protocols, e.g. Modbus.  3.4 Training infrastructure RequirementThe CEP must provide simulations of multiple automatic and repeatable cyber-attack scenarios QuestionQ: Can you clarify this sentence and illustrate what is sought compared to "at least 10 scenarios" of the licensing section?A: Quote from the Tech.spec: "The license for the CEP must allow at least 10 different out-of-the-box “blue team”-oriented scenarios. Scenarios must simulate complex real-world infrastructure and processes which include multiple machines and appliances. Exercises like cyber challenges within just one or two virtual elements (virtual machines) would not be considered as a scenario." Example scenarios: ransomware, DDoS SYN flood, DB dump via network service exploit, web defacement, SIEM disables, VPN attack on SCADA/ICS, SCADA/ICS process environment attack (Fieldbus protocol, Intelligent Electronic Devices). RequirementThe CEP must simulate real-life ICT environments, which include over 30 components (FW, Servers, endpoints, SIEM, etc.)Q:          Can you list the 30 required components?A:          Scenarios should include complex real-world IT environments with segmented networks, including components like web server, DB server, router, switch, firewall, IDS/IPS, email server, Linux workstation, Windows workstation, SCADA/ICS server, SCADA/ICS HMI. These can reside in multiple LANs. A WAN link might separate the LANs.Q:          Are Debian Linux and Kali Linux two components?A:          If Debian is a Linux workstation and Kali is the attacker box, then yes. 

Changed/edited on: 03-Mar-2020 11:55
Changed/edited by: webservice@unops.org
New clarification added: Please give a clarification regarding the JV / Consortium/ Association Information form.We as a partner (supplier) company intend to deliver the goods and services with the vendor of the solution (the vendor should be also a part of the team), do we need to figure as a JV / Consortium/ Association or not ?We already have a partnership agreement. Answer:In the event of any joint work (e.g. a portion of the project implementation is being implemented by the partner, team members that are not contracted by the bidder itself, but by the partner), Form A Join Venture Partner Information Form should be submitted and signed by all parties. Any additional partnership agreement can be submitted as a supporting document, if it is added value to the project proposal. This form is not obligatory for the presentation of a subcontractor/s. Best regards

Changed/edited on: 28-Feb-2020 11:40
Changed/edited by: webservice@unops.org