Remote Online Cyber Threat Intelligence Tools And Feeds Management en Spektrum

Spektrum supports apex purchasers (NATO, UN, EU, and National Government and Defence) and their Tier 1 supplier ecosystem with a wide range of specialist services. We provide our clients with professional services, specialised aerospace and defence sales, delivery, and operational subject matter expertise. We are looking for personnel to join our team and support key client projects.

Who we are supporting 

The NATO Communication and Information Agency (NCIA) is responsible for providing secure and effective communications and information technology (IT) services to NATO's member countries and its partners. The agency was established in 2012 and is headquartered in Brussels, Belgium.

The NCIA provides a wide range of services, including:

• Cyber Security: The NCIA provides advanced cybersecurity solutions to protect NATO's communication networks and information systems against cyber threats.
• Command and Control Systems: The NCIA develops and maintains the systems used by NATO's military commanders to plan and execute operations.
• Satellite Communications: The NCIA provides satellite communications services to enable secure and reliable communications between NATO forces.
• Electronic Warfare: The NCIA provides electronic warfare services to support NATO's mission to detect, deny, and defeat threats to its communication networks.
• Information Management: The NCIA manages NATO's information technology infrastructure, including its databases, applications, and servers.

Overall, the NCIA plays a critical role in ensuring the security and effectiveness of NATO's communication and information technology capabilities.

The program

Assistance and Advisory Service (AAS)

The NATO Communications and Information Agency (NCI Agency) is NATO’s principal C3 capability deliverer and CIS service provider. It provides, maintains and defends the NATO enterprise-wide information technology infrastructure to enable Allies to consult together under Article IV, and, when required, stand together in the face of attack under Article V.

To provide these critical services, in the modern evolving dynamic environment the NCI Agency needs to build and maintain high performance-engaged workforce. The NCI Agency workforce strategically consists of three major categorise's: NATO International Civilians (NIC)'s, Military (Mil), and Interim Workforce Consultants (IWC)'s. The IWCs are a critical part of the overall NCI Agency workforce and make up approximately 15 percent of the total workforce.

Role Background

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).

In order to execute this work, the NCI Agency is seeking additional labour through contracted resources (or consulting) to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. This Statement of Work (SoW) specifies the required skillset and experience.

The NCSC is responsible to defend NATO networks on a 24/7 basis and to share relevant cyber information with all its stakeholders. As such, NCSC is the global purchaser and maintainer of a wide-range of cyber security and cyber threat intelligence (CTI) tools and feeds – hereby referred as “feed” or “feeds” in the subsequent portion of this Statement of Work (SoW).

The Incumbent shall be the interface between these feeds and the user community (NATO-wide), managing the “Terms of Use” for each of the associated feed, capturing the usage statistics and other Key Performance Indicators (KPIs) for each of the feed, managing user lifecycle directly in the feed’s interface or liaising with the feed vendor if such interface does not exist.

Deliverables

The following functions are to be delivered:

D1. The Incumbent shall create and maintain a list of users and stakeholders with their respective point of contact, in the NCSC tools. The NCSC Tools are composed of

• Atlassian Confluence, including any plugins installed on the instance
• Atlassian JIRA, including any plugins installed on the instance
• Microsoft Powerpoint
• Microsoft Word
• Microsoft OneNote
• Microsoft Outlook
• Microsoft Sharepoint
• NCIA ITSM tool

The wording “tool” or “tools” has to be understood in the subsequent part of this SoW as one or a combination of the list above, on one or several standalone NATO classified network, as directed by NCSC.

Expert advice on how to use the non-Microsoft tools will be provided by NCSC.

D1 Outcome

The list of users and stakeholders, completed and accurate, using the template delivered by NCSC and in the NCSC tool.

D2. For each of the feed, the Incumbent shall identify the relevant Key Performance Indicator(s), based on user inputs, feasibility of measurement delivered by the feed, and ultimately approval by NCSC. The Incumbent shall be responsible to measure the KPIs.

• There will be a maximum of 20 feeds to manage/measure.
• There will be a maximum of 4 KPIs per feed to manage/measure and report on.

For each of the feed, the Incumbent shall capture usage statistics, per user, in NCSC tools.

D2 Outcome

For each of the feed, the identified KPIs and the method for measurement have been identified and approved.

D3. For each of the feed, the Incumbent shall redact and maintain, based on user inputs, an associated Terms of Use (ToU), using NCSC-provided template,which aims at clarifying the “do and don’t” when using a feed. The ToU will ultimately be approved by NCSC and be part of the user management process.

D3 Outcome

For each of the feed, the Terms of Use has been approved by NCSC

D4. For each of the feed, the Incumbent shall put in place a user management process, which will meet the following criteria:

• The process shall respect the confidentiality of Personally Identifiable Information (PII). Ideally, the information will be hosted on NCIA or NCSC-managed network(s).
• The process shall include the approval by the end-user of the ToU
• The process shall manage the creation, revision, password/credentials reset, disabling, and deletion of a user.
• Each request will be acknowledged by a message which will reach the end user and NCSC within 30 minutes (during working hours) of the request being submitted by the end Working hours are 08:30-17:30 on weekdays, Brussels time.
• Each request shall be processed, if all conditions are met, within 4 working hours.
• When a user request implies going above a set maximum number of users, the Incumbent shall proactively provide a recommendation for user replacement based on usage statistics. The process shall be executed under approval of NCSC.
• The implemented process shall be fully auditable by the NATO Security Authorities or any delegated authorities as approved by the Chief

D4 Outcome

The User Management Process has been approved by NCSC and implemented.

D5. The  shall manage and make available to each user the documentation and training available for the feed. The training/documentation is provided either by the vendor or NCSC, on a case by case basis.

D6. On a monthly basis, the  shall organize a meeting with the users of the feeds or their representative – hereby called “stakeholders” in any subsequent portion if this statement of work, as directed by NCSC, to:

• define the actions to contribute to Continuous Service Improvement (CSI) from an ITIL version 4 terminology;
• capture the Use Cases of the feed for each respective community in a NCSC approved format; and
• present the usage statistics and KPIs, per feed, to the

The meeting shall happen in person in SHAPE, Mons, Belgium or in NATO HQ, Brussels, Belgium, at NATO RESTRICTED level.

Meeting minutes, using NCSC-provided templates and captured in NCSC Tool will be delivered by the incumbent, first as draft for the stakeholders for review, then for final approval by NCSC. The meeting minutes shall:

• Identify the participants, based on Para 2 point 1,
• Deliver the key points of discussion, identified actions, conditions, expected outcomes and timelines to achieve these actions to all participants - referred to in any subsequent text as the “draft meeting minutes”, using NCSC tool.

The NCSC shall be the final approver of the draft meeting minutes.

Each deliverable of D2, D3, D4, D5, D6 shall meet the following requirements:

• Language: the product shall be written in English, meeting the NATO STANAG 6001 Level 3 “Professional Proficiency”.
• Intended Audience: the product shall be intended for Cyber Security
• Accuracy: the product shall accurately reflect what was discussed, decided, and action items assigned during the meeting.
• Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language.
• Objectivity: the content shall be impartial and objective, presenting information without bias or personal interpretation.
• Timeliness: the product shall be prepared and distributed promptly after the meeting, ensuring that information is fresh and actionable.
• Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the NCSC.
• Confidentiality: Sensitive information discussed prior, during and after meetings shall be handled in accordance with the NATO policy on Information

In addition must conduct the following reviews:

• A bi-weekly ‘touch point’ between NCSC – Head of Inform Branch, or any other NCSC personnel designated by NCSC.

 Essential Skills and Experience

• Experience in user management support IT Service Delivery (ITIL).
• Experience in engaging with highly technical cyber security
• Experience in summarizing discussions, identifying relevant points and action
• Accuracy and attention to
• A previous experience in using Cyber Threat Intelligence tools and feeds is an

Language

• Language proficiency for all interaction with users and stakeholders shall happen in English and meet or exceed the NATO STANAG 6001 Level 3 “Professional Proficiency”.

Working Location

• Offsite
• First 3 weeks onsite in Mons, Belgium

Working Policy

• Off-Site

Travel

• A physical meeting once per week in Mons, Belgium
• Some travel to other NATO sites may be required

Security Clearance

• Valid National or NATO Secret personal security clearance