EXTENSION OF CYBER INCIDENT RESPONSE TOOL

Trade Agreement: Agreement on Internal Trade (AIT)
Tendering Procedures: The bidder must supply Canadian goods
and/or services
Attachment: None
Competitive Procurement Strategy: Best Overall  Proposal
Comprehensive Land Claim Agreement: No
Nature of Requirements: 
	
EXTENSION OF CYBER INCIDENT RESPONSE TOOL
FOR
DEFENCE R&D CANADA, VALCARTIER

Objective : 
 
Add additional features to a tool for responding to cyber
incidents, in order to meet the needs of the Department of
National Defence (DND) R&D in this area.
 
Background / History :

Considerable effort is currently being put into developing a
process for responding to cyber incidents for DND. The
development of this process requires a cyber incident integrated
response tool to evaluate the feasibility of several proposed
approaches.

In recent years, tools for responding to cyber incidents have
reached the marketplace. A team of scientists from Defence R&D
Canada (DRDC) have evaluated several such tools. They concluded
that no existing tool has all the capabilities necessary to
support the development work for the process.

The development from scratch of an integrated tool to respond to
cyber incidents with all the desired capabilities would require
too much effort for the scope of the project. It is therefore
proposed to extend the capabilities of an existing tool for
responding to cyber incidents by adding additional features.

The mandatory requirements are as follows: 

1	The supplier must have the rights required to sell and modify
a cyber incident response tool that meets mandatory criteria 2
to 10 below.
2	The tool must fully function with Windows XP and Windows 7.
The tool must be able to analyze computers equipped with Windows
XP 32-bit, Windows 7 32-bit and Windows 7 64-bit operating
systems.
3	The tool must be capable of remotely checking whether a
computer is compromised using a software agent or other means.
4	The tool must be capable of checking the validity of computer
networks using a centralized management console. All incident
response features must be capable of being operated from this
console. Only the software agent installation process (or other
technique) can be performed using means other than the
centralized management console.
5	The tool must be capable of checking the integrity of a
process in memory, for example by comparing its memory dump to
that on the disk by simulating the module load in Windows.
6	The tool must be capable of verifying the integrity of a file
on the disk, for example by comparing the information gathered
by Windows APIs to that obtained via a direct read of data using
a driver.
7	The tool must be capable of verifying the integrity of the
Windows registry, for example by comparing the information
gathered by the Windows APIs to that obtained via a direct read
of data using a driver.
8	The tool must be capable of detecting floating code.
9	The tool must be capable of remotely extracting the content of
the memory associated with a process.
10	The tool must have the capability of detecting the following
hooks and identifying the originating process of the hook: (i)
Service table hooks (ii) Inline hooks (iii) IAT/EAT hooks (iv)
IDT hooks (v) SYSENTER hooks (vi) DKOM hooks
11	The supplier must be able to provide the services of an
intermediate developer with a minimum of 24 months of experience
in Windows driver development. (As specified at Section 3.2,
Part 4, of this document, the Bidder must provide the curriculum
vitae of each proposed resource.)
12	The supplier must be able to provide the services of an
intermediate developer with a minimum of 24 months of experience
in the development and/or integration of Windows malware
detection techniques. (As specified at Section 3.2, Part 4, of
this document, the Bidder must provide the curriculum vitae of
each proposed resource.)
13	The supplier must be able to provide the services of a
project manager. (As specified at Section 3.2, Part 4, of this
document, the Bidder must provide the curriculum vitae of each
proposed resource.)

The organization for which the services are to be rendered is
the Department of National Defence (the «client»).

The period of the Contract is from the date of contract award to
March 31, 2016, inclusive. The Contractor grants to Canada the
irrevocable option to extend the term of the Contract by up to 4
additional 1 year-periods under the same terms and conditions.  

The estimated value of the contract is $900,000.00, plus
GST/HST, for the portion of the work done on request via task
authorizations during the initial contract period (from the
start date of the contract until March 31, 2016, inclusive).

The contract will also include a sum (not disclosed) for the
purchase of a maximum of 100,000 additional and optional
licenses for the software that include maintenance and support.
The purchase of licenses is planned for the period between April
1, 2016, to March 31, 2020.

Pursuant to section 01 of Standard Instructions 2003, Bidders
must submit a complete list of names of all individuals who are
currently directors of the Bidder.  Furthermore, as determined
by the Special Investigations Directorate, Departmental
Oversight Branch, each individual named on the list may be
requested to complete a Consent to a Criminal Record
Verification form.

The requirement is subject to the provisions of the Agreement on
Internal Trade (AIT).

Delivery Date: Above-mentioned

The Crown retains the right to negotiate with suppliers on any
procurement.

Documents may be submitted in either official language of Canada.