ESA Open Invitation to Tender AO10442
Open Date: 30/09/2020
Closing Date: 11/11/2020 13:00:00

Status: ISSUED
Reference Nr.: 20.178.05
Prog. Ref.: SCOE
Budget Ref.: E/0648-01 – SCOE
Special Prov.: AT+BE+CH+CZ+DE+DK+EE+ES+FI+FR+GB+GR+HU+IE+IT+LU+NL+NO+PL+PT+RO+SE+SI+CA
Tender Type: C
Price Range: > 500 KEURO
Products: Satellites & Probes / System Engineering Software / System Modelling & Simulation / Other / Ground Segment / Mission Operations / Mission Control / Satellite and Ground Segment Simulators (e.g. simsat, eurosim, etc.)
Technology Domains: Space System Software / Advanced Software Technologies / Advanced Software Development Methods and Tools / System Design & Verification / System Analysis and Design / Design and Simulation
Establishment: ESRIN
Directorate: Director General’s Services
Division: ESA Security Office
Contract Officer: Leone, Elia
Industrial Policy Measure: N/A – Not apply
Last Update Date: 30/09/2020
Update Reason: Modified a Clarification(English version) 1

ESA has defined a set of Cyber security initiatives that focus on the development of advanced and integrated capabilities necessaryto approach the new complex and sophisticated cyber threats. The SCCoE will be one of the key instruments used to increase the cyber resilience of ESA in line with the ESA Security Framework. Together with other tools and services, and in particular the Cyber Security Operational Center (C-SOC). These two cyber facilities shall work in synergy together and with the other cyber tools and facilities already in place in ESA.The main objective of the procurement is the design, development, deployment and operation of the SCCoE System over a period of 5 years having a checkpoint after 3 years. The SCCoE can be considered a Multi-Platform Synthetic environment having the below main elements:- The ESA Cyber awareness and training centre, (CAT) based on the experience and lessons learned from the existing Cyber range functionalities and modules, it will develop additional training and methodologies capabilities for ESA Staff, Contractors, operators, engineers and managers. This module includes computer and live instructions based training,training awareness catalogue, operations and maintenance of ESEC Cyber training facility.- Security Validation Functionalities (SVF), will provide an emulation environment for the step-by-step validation process of specific security operational procedure (e.g. SECOPS) within Cyber threat scenarios. This element of the SCCoE includes mainly security emulation Scenario, demonstration and validation of procedures (e.g. SECOPS), workflow management reproducible validation procedures for the effectiveness assessment, compliance tracking and Interconnection with external components and subsystem.- The SCCoE Security Test and Vulnerability Assessment (STAVA) functionality, will have the capability to emulate a Space programme basic functionalities, interconnect with a critical element (HW/SW) of the real space System, generate a synthetic customisable cyber security scenarios, and provide a test report of the element under evaluation. This capability determines the adequacy and effectiveness of the security measures for complex or critical system, including the identification of the security deficiencies, compliance to pre-defined policies and assessment versus risk and vulnerabilities. The module has to provide vulnerability assessment, penetration testing, forensic analysis, threat intelligence feeds and information sharing, automated testing validation capabilities to assist security certification and accreditation , and portable capabilities for deployment to external systems (e.g. forensics).- The SCOE Space related Threat and Security Information Sharing Platform (STISP) is a collaboration portal that facilitate a multi-disciplinary online collaboration for sharing of information related to the latest security threats, vulnerabilities and incidents. This element of the SCCoE contains threat/vulnerability/ incidents Sharing exchanges, incident handling and report sharing facilities, alerts, Reports and Knowledgebase, web client portal and API support, and different level of service/access (subscription and authorisation model)..