EU solidarity with Ukraine
Prozorro+: Ukrainian public procurement platform
Greece-Maroussi: Supporting Cybersecurity for Transport Sector Activities
Section I: Contracting authority
Section II: Object
Supporting Cybersecurity for Transport Sector Activities
ENISA seeks to contract the services of a minimum of 2 and maximum of 5 service providers per lot which can provide support in the area of Cybersecurity for the Transport sector. The two main areas are: LOT 1 - Cybersecurity for the Maritime sector and LOT 2 - Cybersecurity for the RAILWAYS sector.
The successful bidders should be able to demonstrate significant experience and skills in these areas, with emphasis on the aspects dealt with in the annual ENISA Work Programme.
Cybersecurity for the Maritime Sector
The services will generally be provided from the contractors own premises with the final deliverable presented to the ENISA office.
We expect tenderers to have expertise and knowledge on the following topics:
1) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Maritime cybersecurity at national, European and International (e.g. IMO) level;
2) Network and information security of Maritime infrastructures and services;
3) Working with maritime sector stakeholders/organisations such as, though not limited to, ports (including port authorities, port facilities, terminals etc.), shipping companies, vessel traffic services, national maritime authorities, classification societies etc.;
4) Risk management practices/methodologies, regulations, standards, guidelines, good practices specific to the maritime sector (e.g. ISPS);
5) ICS-SCADA security issues e.g. OT security, IT/OT convergence etc.;
6) Essential service (transport sector) operations and security practices and knowledge of the regulatory framework e.g. NIS Directive, the GDPR etc.;
7) CIIP and/or Maritime security good practice guidelines and standards e.g. ENISA good practice guides, IEC 62443, ISO 27001, ISO 27002, ISO 27019, BIMCO guidelines, NERC CIP standards, ANSI/ISA 99 etc.;
8) Network and information security issues e.g. internet and web security, cryptography, testing, security management etc.;
9) Infrastructure security and resilience and CIIP issues like Public Key Infrastructures (PKI) and core protocols e.g. BGP, DNS etc.
The ensuing Framework contract will be for an initial 12 month period, renewable on a yearly basis up to a maximum of 3 years.
Cybersecurity for the Railways Sector
1) Ecosystems of Rail sector namely of the operators of essential services (as described in Annex II) of the NIS Directive: railway undertakings and infrastructure managers;
2) Rail security issues e.g. OT security, IT/OT convergence, etc.;
3) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Railway cybersecurity at national and/or European level;
4) Essential service (transport sector) operations and security practices and knowledge of the regulatory framework e.g. NIS Directive, the GDPR, the EU Mobility Packages;
5) CIIP good practice guidelines and standards e.g. ENISA good practice guides, Shift2Rail activities, CEN CENELEC SC9X, ETSI TC CYBER, Directives on Safety and Interoperability for Rail etc.;
6) Network and information security of Railway infrastructures and services;
7) Policy and regulatory issues related to the resilience of critical infrastructures and services as well as Railway cybersecurity policies at national and/or European level;
9) Infrastructure security and resilience and CIIP issues like Public Key Infrastructures (PKI) and core protocols e.g. BGP, DNS etc.;
10) Internet operations in network and security management for large network providers and Internet Exchange Points.
Section III: Legal, economic, financial and technical information
As stated in the procurement documents
Section IV: Procedure
ENISA Athens office, Vasilissis Sofias Street 1, 151 24 Maroussi, Attiki, GREECE.
A maximum of 1 legal representative per participating tenderer may attend the opening session. Tenderers shall inform the Agency in writing of their intention to attend by e-mail to email@example.com at least 3 working days prior to the opening session. Failing that, the contracting authority reserves the right to refuse access to its premises.
Section VI: Complementary information