Services - 259890-2016

28/07/2016    S144

Germany-Cologne: Impact assessment of cybersecurity threats

2016/S 144-259890

Contract notice


Legal Basis:
Directive 2014/24/EU

Section I: Contracting authority

I.1)Name and addresses
Official name: European Aviation Safety Agency
Postal address: PO Box 10 12 53
Town: Cologne
NUTS code: DEA23 Köln
Postal code: 50452
Country: Germany
Telephone: +49 22189990000
Fax: +49 22189990999
Internet address(es):
Main address:
The procurement documents are available for unrestricted and full direct access, free of charge, at:
Additional information can be obtained from the abovementioned address
Tenders or requests to participate must be submitted to the abovementioned address
I.4)Type of the contracting authority
European institution/agency or international organisation
I.5)Main activity
Other activity: Aviation safety, environment.

Section II: Object

II.1)Scope of the procurement

Impact assessment of cybersecurity threats.

Reference number: EASA.2016.HVP.10.
II.1.2)Main CPV code
73210000 Research consultancy services
II.1.3)Type of contract
II.1.4)Short description:

Evaluation of the safety implications of cybersecurity threats to commercial transport aircraft and of the available mitigation measures.

II.1.5)Estimated total value
Value excluding VAT: 200 000.00 EUR
II.1.6)Information about lots
This contract is divided into lots: no
II.2.2)Additional CPV code(s)
73200000 Research and development consultancy services
73000000 Research and development services and related consultancy services
73100000 Research and experimental development services
73110000 Research services
71335000 Engineering studies
II.2.3)Place of performance
NUTS code: DEA23 Köln
Main site or place of performance:

EASA and contractor's premises.

II.2.4)Description of the procurement:

The projects aims at developing a comprehensive knowledge base for evaluating the safety impact of a number of potential threats to critical aircraft systems, consolidating the methods and techniques used, as well as to enable the EU harmonisation of the associated risk management process.

The scope of the project encompasses the preliminary risk assessment at system and aircraft levels for potential cyber-attacks to the following commercial transport aircraft (CAT) aircraft systems: flight management system (FMS), global navigation satellite system (GNSS) receiver, including GBAS and SBAS augmentations.

The project's expected output consists in a series of comprehensive guidelines for aircraft/system development to support the preliminary security risk assessment process along Eurocae ED-202A airworthiness security process specification standard.

The key activities of the project are defined below:

— evaluation of the safety impact generated by the total loss of FMS during different phases of flight,

— evaluation of the safety impact generated by the corruption of FMS data (flight plans) in different phases of flight (take off, climb, cruise, descent, approach) and different navigation context (navigation sensors, approach types, ATM environment),

— evaluation of the safety impact generated by the spoofing of GPS, GBAS and SBAS during different phases of flight.

II.2.5)Award criteria
Criteria below
Quality criterion - Name: Technical quality / Weighting: 60
Price - Weighting: 40
II.2.6)Estimated value
Value excluding VAT: 200 000.00 EUR
II.2.7)Duration of the contract, framework agreement or dynamic purchasing system
Duration in months: 11
This contract is subject to renewal: no
II.2.10)Information about variants
Variants will be accepted: no
II.2.11)Information about options
Options: no
II.2.13)Information about European Union funds
The procurement is related to a project and/or programme financed by European Union funds: no
II.2.14)Additional information

Section III: Legal, economic, financial and technical information

III.1)Conditions for participation
III.1.2)Economic and financial standing
Selection criteria as stated in the procurement documents
III.1.3)Technical and professional ability
Selection criteria as stated in the procurement documents
III.2)Conditions related to the contract
III.2.3)Information about staff responsible for the performance of the contract
Obligation to indicate the names and professional qualifications of the staff assigned to performing the contract

Section IV: Procedure

IV.1.1)Type of procedure
Open procedure
IV.1.3)Information about a framework agreement or a dynamic purchasing system
IV.1.8)Information about the Government Procurement Agreement (GPA)
The procurement is covered by the Government Procurement Agreement: no
IV.2)Administrative information
IV.2.2)Time limit for receipt of tenders or requests to participate
Date: 12/09/2016
Local time: 17:00
IV.2.3)Estimated date of dispatch of invitations to tender or to participate to selected candidates
IV.2.4)Languages in which tenders or requests to participate may be submitted:
IV.2.6)Minimum time frame during which the tenderer must maintain the tender
Tender must be valid until: 11/12/2016
IV.2.7)Conditions for opening of tenders
Date: 19/09/2016
Local time: 10:00

EASA's premises, Cologne, Germany.

Information about authorised persons and opening procedure:

Maximum 1 legal representative per participating tenderer may attend the opening session. Tenderers shall inform the Agency of their intention to attend at least 5 days prior to the opening session.

Section VI: Complementary information

VI.1)Information about recurrence
This is a recurrent procurement: no
VI.3)Additional information:
VI.4)Procedures for review
VI.4.1)Review body
Official name: General Court of the European Union
Postal address: rue du Fort Niedergrünewald
Town: Luxembourg
Postal code: 2925
Country: Luxembourg
Telephone: +352 4303-1
Fax: +352 4303-2100
Internet address:
VI.5)Date of dispatch of this notice: