Consultancy for the establishment of a Cyber Security Operations Centre (Government CSOC) and Framework for Government Agencies & Critical National Infrastructure (CNI).
Country: The Republic of The Gambia
Project Name: Digital Transformation for Africa / Western Africa Regional Digital Integration Program (DTfA/WARDIP SOP1)
Project ID: P176932
Reference: WARDIP/C3.2.1/2024/CQS002
Assignment Tittle: Consultancy for the establishment of a Cyber Security Operations Centre (Government CSOC) and Framework for Government Agencies & Critical National Infrastructure (CNI).
Duration of the assignment: Twelve (12) months
Deadline of submission: 27th September 2024, 12:00pm (Gambian Time)
Selection Method: Consultant Qualification Selection
Background
The Government of The Gambia has secured support from the International Development Association (IDA) (hereinafter ‘the Bank’) for the Digital Transformation for Africa – Western Africa Regional Digital Integration Program (WARDIP) Series of Projects (SOP)-1 in the amount of USD 50 million. The overall objective of the DTfA/WARDIP-SOP1 is to increase access and usage of broadband and to strengthen the foundations for Digital Financial Services (DFS) and selected digital public services towards a Single Digital Market in Western Africa. This project will ensure that national digital development objectives are met more effectively and rapidly while also taking regional digital transformation objectives into account. National policies, regulations and implementation of strategic programs would need to be improved further while addressing barriers to cross-border connectivity, data flows and digital services for a seamless and competitive national and regional digital ecosystem to emerge. This would result in a self-perpetuating cycle of economic growth, investment, innovation, job creation and improved service delivery at the national and regional levels. To achieve this objective, the project will consist of three interlinked technical components, in addition to the Project Implementation and Coordination Component, and a Contingent Emergency Response Component (CERC) to address the key binding constraints for the development and attainment of a digital economy.
In view of the above, DTfA/WARDIP, through the Ministry of Communications and Digital Economy (MOCDE), seeks to recruit qualified Consultancy firm to develop a “Project Name: Establishment of a Cybersecurity Operations Centre (Government SOC) and Framework for Government Agencies & Critical National Infrastructure (CNI)” for The Gambia.
Objectives of the assignment:
Establish the Cybersecurity Special Operations Unit (SOC):
- Develop and implement comprehensive processes and an operational framework for the SOC, ensuring alignment with international best practices and standards.
- Strengthen and enhance the SOC’s capabilities by incorporating advanced threat detection, incident response, and mitigation strategies to respond effectively to sophisticated cyber threats.
- Enhance Government Network and IT Security:
- Implement measures to improve the security of government networks and IT systems.
- Develop and enforce stringent cybersecurity policies and practices to safeguard critical infrastructure against a broad spectrum of cyber risks
- Formalize National Infrastructure Management:
- Establish a formalized management system for national infrastructure, incorporating comprehensive documentation of processes, roles, responsibilities, and redundancy protocols to ensure operational continuity and resilience for formally managing national infrastructure.
- Coordinate Redundancy Efforts:
- Establish coordination mechanisms to ensure effective communication of redundancy efforts.
- Actively engage relevant stakeholders, including public and private sector entities, in detailed redundancy planning and collaboration initiatives.
- Educate on Redundant Communications Protocols:
- Develop outreach education programs on redundant communications protocols.
- Clearly define and communicate the roles and responsibilities of each organization in emergency response planning, ensuring preparedness and coordinated action during incidents.
- Deploy Communication Channels:
- Implement communication channels across emergency response functions.
- Cover geographic areas of responsibility, involve public and private responders, and maintain command authority.
Expected Outcomes and Deliverables with Timelines:
TIMELINE OF EXPECTED DELIVERABLES:
Deliverables | Time Frame |
Cross – cutting Phase |
|
Submission of Inception Report and Comprehensive Workplan indicating every step of every week’s activities in a Gantt Chart format. | Week 1 |
Situational Analysis | Week 2 |
Consultative Workshops | Week 3 |
Submission of Consultative Workshop Report | Week 3-4 |
Submission of Situational Analysis Assessment Report | Week 4-5 |
Submission of Zero and Final Drafts | Week 5 zero and week 45 final |
Phase 1: |
|
Updated and validated Policy and legal documents that sufficiently catered for SOC provisions | T0 + 2 Months |
Cooperation Agreement with the CII Identification Consultancy firm | T0 + 1 Months |
Government SOC Design, Processes and operational framework | T0 + 3 Months |
Validation Workshop for phase I documents | T0 + 3 Months |
Delivery of SOC Equipment and applications | T0 + 4 Months |
Setup of the Government SOC | T0 + 5 Months |
Phase 2 |
|
Consultative workshop with MDAs, SOEs and CNIs | T0 + 6 Months |
Government Information Technology Security Policy (GITSP): | T0 + 6 Months |
Training of SOC, ICT Cadre, SOE, MDAs ICT Staff on Network and Systems Security including SOC systems and applications | T0 + 6 Months |
Phase 3 |
|
Assessment report of exiting national infrastructure systems | T0 + 7 Months |
Established Secure Database and Portal with Dashboard and API integration capabilities. | T0 + 8 Months |
Formulate a Document for formal processes, roles and responsibilities, and | T0 + 8 Months |
|
|
Deliverables | Time Frame |
Redundancy of CNIs, MDAs, SOC |
|
Validation Workshop of all Phase 3 deliverables | T0 + 8 Months |
Phase 4 |
|
Organize a roundtable discussion with table-top exercises with stakeholders | T0 + 9 Months |
Update the Formal Document in Phase 3, Stage 3 | T0 + 9 Months |
Phase 5 |
|
List Identifying organizations in the Emergency Response Plan | T0 + 10 Months |
Emergency Response Plan on redundant communications protocols including stakeholder roles and responsibilities and organize a validation workshop | T0 + 10 Months |
Training of Identified organization in the Emergency Response Plan on redundant communications protocols including their roles and responsibilities | T0 + 11 Months |
Phase 6: |
|
Identification and Development of communication channels | T0 + 11 Months |
Deployment of communication channels across emergency response functions | T0 + 12 Months |
Organize exercises/drills on roles and responsibilities of geographic areas, public and private responders, and command authority | T0 + 12 Months |
Final Project Report | T0 + 12 Months |
Qualification and Experience of the Firm:
A project award letter and certificate of successful completion among other documentation e.g. project reports, client testimonials must be tendered in the submission as proof for all the following required firm experience:
- The firm must have a minimum of 10 years’ experience in project management and implementation, with a strong background in Project Management. Specifically, they should have at least 5 years of managing similar projects.
- Experience in conducting similar exercises for government entities is a requirement.
- The firm must possess all necessary documentation in accordance with WARDIP procurement procedures or requirements.
- Local or regional experience is crucial (added advantage) to ensure the applicability of proposed solutions.
- An interdisciplinary skill set within the team is a requirement (MUST), including expertise in developing software solutions for Security Operations Centers (SOCs) and deploying enterprise SOCs.
- Proven submissions (documentation) of at least two similar assignments related to the design and establishment of SOCs for government entities, which are verified to be in working or functional order.
- Demonstrated evidence (documentation) of experience in drafting Bills and reforming policies.
- A minimum of 2 years of experience in developing Emergency Response Plans for organizations, including deployment of communication and redundancy channels and protocols.
The attention of interested firms is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the World Bank’s “Procurement Regulations for IPF Borrowers” (July 1st, 2016, revised in November 2017, August 2018 and September 2023) (“A Candidate will be selected in accordance with the Consultant Qualify Selection (CQS) method set out in the Procurement Regulations.
Further information and the full TOR can be obtained from the email addresses below during office hours from 08:00 to 16:00 GMT on Mondays to Thursdays and from 0800 to 12:30 GMT on Fridays.
Expressions of interest together with relevant documents must be delivered in a written form or via email addresses below not later than 12:00pm 27th September 2024. Submissions should be in hard, and soft copy marked as Expression of Interest for the Consultancy for the establishment of a Cyber Security Operations Centre (Government CSOC) and Framework for Government Agencies & Critical National Infrastructure (CNI) in accordance with Procurement Regulations, setting forth the World Bank’s policy on conflict of interest.
All interested firms are urged to send their expression of interest letters with attached documents to the following email addresses:
- Sent to the Project Coordinator: slowe@wardip.gm
- Attention to the Project Procurement Specialist: adanso@wardip.gm and abdouliedanso64@gmail.com
- Copy the Director of Cyber Security: sdrammeh@mocde.gov.gm
Physical Address of the Project:
Digital Transformation for Africa –
Western Africa Regional Digital Integration Program
C/O Ministry of Communications and Digital Economy
Bertil Harding Highway, Stadium Junction, Bakau, The Gambia, West Africa.
Digital Address (Google Maps): F889+WWH