NATO CYBER SECURITY SUPPORT SERVICES (AREA 4)
Herndon, VA – February 1, 2016. EMW, Inc., a global systems integrator, has been awarded a 3-year, $40 million (approximately) single-award IDIQ contract for the Support Service Contract for Area 4 Support to Cyber Defense (SSC/4) from the NATO Communications and Information Agency (NCI Agency).
The NCI Agency delivers secure, coherent, cost-effective and interoperable communications and information systems and services in support of consultation, command & control and enabling intelligence, surveillance and reconnaissance capabilities for NATO. NCI Agency headquarters is located in Brussels, Belgium, and the agency operates in over 30 locations throughout Europe, North America, and South-East Asia.
Under the contract, EMW will provide a wide range of services throughout the various NCI Agency directorates. The services or “competency areas” include all facets of Cyber Defense.
ANNEX A1 – LABOUR CATEGORY DESCRIPTIONS (SUPPORT AREA 4 – CYBER SECURITY)
Support Area 4 is a new addition to the Support Services Contract construct. In recognition of the growing importance of Cyber Security and an anticipated significant increase in work within this domain within NATO, we have introduced this new SSC area. Unlike areas 1-3, there are no specific competency areas within SSC Area 4 due to the narrow focus of the skillsets required. The entirety of Area 4 can be seen as a single Cyber Security competency. In general, staff that are recommended to fill the following labour categories below should have a NATO CTS clearance or national equivalent.
LEVEL 1: THE MOST SENIOR OR PRINCIPAL STAFF. INDIVIDUALS IN THIS CATEGORY POSSESS UNUSUAL AND UNIQUE TECHNICAL KNOWLEDGE AND EXPERIENCE IN THE GIVEN DISCIPLINE.
These individuals are normally the corporate experts on a subject. An advanced degree, normally a doctorate would be expected at this level. If a doctorate is not possessed, extensive and unique experience would be required. An individual at this level would be expected to have published literature in his field or have been a collaborator on published works.
LEVEL 2: INDIVIDUALS IN THIS CATEGORY ARE SENIOR STAFF THAT ARE EXPERTS IN THEIR DISCIPLINE WITH CONSIDERABLE EXPERIENCE.
Individuals at this level have normally been Lead Staff on large and complex projects within the company or been responsible for significant research work within the company. The individual would be expected to have a minimum of a Masters Degree, if not a doctorate. If such educational level has not been attained, extensive or unique knowledge or experience would be required.
LEVEL 3: INDIVIDUALS IN THIS CATEGORY ARE CONSIDERED JOURNEYMEN STAFF, PERSONNEL WITH EXCELLENT KNOWLEDGE AND SIGNIFICANT EXPERIENCE IN THEIR DISCIPLINE.
The individual would normally be expected to have a minimum of a Baccalaureate Degree but may compensate for a lack of formal education by extensive or unique experience. An individual at this level would be expected to have assisted senior staff on major projects in his field.
LEVEL 4: INDIVIDUALS IN THIS CATEGORY ARE CONSIDERED ASSISTING STAFF.
Individuals are expected to have a secondary school education with some university or specialized training in a relevant discipline, or equivalent combination of qualifications and experience. The individual is expected to have at least two years’ experience in employment with duties similar with that described in the Task Order Statement of Work. The individual is expected to take initiative and a flexible approach to be able to respond reliably and competently to the requirements of the job.
LEVEL 5: INDIVIDUALS IN THIS CATEGORY ARE CONSIDERED ADMINISTRATIVE ASSISTANT STAFF.
Individuals are expected to have a good general secondary education with some vocational training at a higher administration level in a relevant discipline or equivalent combination of qualifications and experience. The individual is expected to take initiative and possess a flexible approach to be able to respond reliably and competently to the requirements of the job.
4.1 IT/CYBER SECURITY ENGINEERS (SCAD)
Authorizes and monitors an access to IT facilities or infrastructure in accordance with established organisational policy. Includes investigation of unauthorised access, compliance with relevant legislation and the performance of other administrative duties relating to security management.
4.2 CYBER SECURITY TECHNICAL AUTHOR (INCA/SCTY)
Takes responsibility for the development, writing of technical guides or policy supporting CIS security across a large-sized organization. The technical author is able to communicate computer and network security requirements to a large and varying audience.
4.3 Cyber Security Concept Development
The work on concepts typically includes the analysis and evaluation of a current capability within cyber security, proposing effectiveness or efficiency improvements, and creating and validating new approaches. Work with high-level architectures and system designs typically ensures that cyber security is achieved in a coherent manner across system implementations. This work in general requires a broad understanding of cyber security including understanding of risk management and technical systems for prevention, detection, and mitigation of security issues.
4.4 Cyber Security Project Coordinator: (PROF / SCTY)
Takes responsibility for the provision of Project support services to small/medium scale projects. Uses and recommends project control solutions for planning, scheduling and tracking projects. Sets up and provides detailed guidance on project management software, procedures, processes, tools and techniques. Supports programme or project control boards, project assurance teams and quality review meetings. Provides basic guidance on individual project proposals. May be involved in aspects of supporting a programme by providing a cross programme view on risk, change, quality, finance or configuration management. Uses recommended project control solutions for planning, scheduling and tracking projects. Sets up project files, compiles and distributes reports.
4.5 Cyber Security Policy and Accreditation Specialist
4.6 CIS Security Auditors: (SCAD/TAUD)
The Agency needs the ability to identify, assess and manage CIS related risks by performing gap analysis in technology, policy, procedures and skills. Additionally, CIS Security Auditors must have the ability to assess both extent and planned controls to ensure that they achieve (or will achieve) the desired effect according to relevant policies.
4.7 Penetration Testers: (SCAD/TEST)
The purpose of penetration testing is to identify vulnerabilities of systems under the control of the Agency in order to reduce the risk of systems being compromised by external / internal threats. It also intends to assess the nature and impact of vulnerabilities and communicate this to relevant decision makers within NATO where corrective steps can be actioned.
4.8 Computer Forensic Specialists: (SCTY)
Computer Forensic Specialists perform forensics in order to preserve digital data using a wide-range of forensic tools. In addition to this, they will also be required to analyse and recover data from a variety of media or systems.
4.9 Cyber Security Events Analyst
Cyber Security Events Analysts have the ability to detect, identify and analyze cyber- related events across a number of sources, identifying possible threats and taking appropriate action.
4.10 Cyber Security Intelligence Analyst
Cyber Security Intelligence Analysts utilize a variety of sources of information to monitor emerging threat conditions and ensure that relevant communities are aware of these possible threats. The ability to collate information from across a variety of sources (e.g. social media, news media, feeds from the NATO and national intelligence communities, etc.) is required to identify possible threats to NATO and NATO nations.
4.11 Cyber Security Trainer
Having a thorough understanding of the capabilities and operation of cyber security tools is essential to a strong cyber security capability. This person has the ability to communicate / train the audience in generic cyber security topics to both non-technical and technical staffs. This trainer should also be able to provide training on a selection of tools related to cyber security.
4.12 PKI / Identity Management Specialists
The PKI / Identity Management Specialist must have a thorough understanding of PKI and identity management related concept / tools. In addition they must have the ability to develop, implement and configure these tools / concepts while adhering to relevant NATO policy and guidance.
4.13 IT Security Engineer
IT Security Engineering skills will be required by the Agency for the foreseeable future. This labor category is intentionally generic in nature but should support the implementation / configuration of controls ensuring compliance to relevant NATO policy as well as user requirements.