Topics: IT Services; Labour Hire; Cybersecurity; ICT Strategy; Fed.
The Australian Signals Directorate (ASD) is continuing its procurement spree in the months since the release of the 2016 Cyber Security Strategy, this time calling for a long-term industry partner to provide IT support services, as it ramps up its cybersecurity efforts.
Prior to the release of a Request for Tender, the Department of Defence has issued an Invitation to Register (ITR) to shortlist potential service providers that will assist ASD by “supporting, building, and fielding capabilities” in the UNCLASSIFIED and PROTECTED domains, which are currently provided in-house. A total term of seven years is being proposed by the department.
“The cyber security mission requires a capacity for technical users to conduct cyber security activities from an accredited, audited, corporately sustained environment at the UNCLASSIFIED and PROTECTED security levels”, tender documents state.
“This procurement process is intended to address appropriate security cleared personnel, ICT service support and ICT development limitations currently being experienced by the Cyber Program within ASD.”
The Service Provider will be expected to possess the following capabilities:
- Service support/management framework, including service desk, access management and security operations management;
- capture and analysis requirements;
- systems design, development, integration, test and implementation;
- systems security policy, architecture, and accreditation;
- complex ICT systems development, including hybrid cloud solutions at the UNCLASSIFIED and PROTECTED level, development of ICT infrastructure solutions, automated management of complex ICT systems and integration of ICT systems across multiple security domains;
- transition of deployed systems into the Service Support capacity; and
- remediation and support of legacy ICT environments delivering Cyber capability at the UNCLASSIFIED and PROTECTED levels.
While the service provider will initially be expected to support approximately three PROTECTED level environments on ASD premises, tender documents advise that this will increase to around 15 PROTECTED and UNCLASSIFIED environments over the course of three years, as a result of an iterative delivery of capability.
“Technical users require the ability to rapidly spin-up and deploy new capabilities to meet operational requirements in short time frames – agility, adaptability, ease of deployment (including over the internet), and scalability are key attributes in a secure, corporately supported environment.”
“Current standing offer, procurement and service support mechanisms adopted by the SP&I Group [Defence’s Strategic Policy and Intelligence Group] are not seen as being scalable to meet projected Cyber Program requirements.”
Service providers must also have access to secure/accredited service support and capability development facilities and information systems, as ASD doesn’t have the available space to house all personnel.
Speaking at the inaugural SINET61 Conference in Sydney on Tuesday, ASD Deputy Director Clive Lines said that ASD was looking to change its classification model to account for the growth from both the Defence White Paper and the Cyber Security Strategy.
“At the moment everything’s pretty much highly classified, but we’re looking at how much we can push down to a much lower classification, which will actually increase the opportunity to bring in academia and industry. That work is ongoing now and we’ll have it done well and truly in advance of [the Australian Cyber Security Centre] moving to a new location”, he said.
This is the second procurement focused on preparing ASD for an increasing cybersecurity workload since the release of the 2016 Cyber Security Strategy, which recommended that ASD improve its “capacity to identify new and emerging cyber threats” and “intrusion analysis capabilities”, as well as “expand the number of cyber security services it offers to a wider range of organisations.”
Defence has already approached the market to establish the Technical Support Services Panel, which will supply ASD with Top Secret Positive Vetted personnel to support its ICT operations and capability development.
ASD is Australia’s principal information security agency and is responsible for collecting and analysing foreign signals intelligence. It also supports the Australian Cyber Security Centre through the provision of high-powered computing resources.
Submissions to the ITR close 14 October.