Public Sector CII Cybersecurity Assessment and CIIs Protection Roadmap

*The deadline for this tender has passed.

Tender Organisation:

INTERNATIONAL BANK FOR RECONSTRUCTION AND DEVELOPMENT (IBRD)

Tender Sector:

IT-Software Tenders

Tender Service:

Worldwide

Tender Region:

Asian

Tender Country:

Mongolia

Tender CPV:

48730000 : Security software package

Tender Document Type:

Tender Notice

Tender Description:

Tenders are invited for Public Sector CII Cybersecurity Assessment and CIIs Protection Roadmap for Mongolia. Consultancy for “Public Sector Critical Information Infrastructures (CIIs) Cybersecurity Assessment and CIIs Protection Roadmap for Mongolia (utilizing a Risk Management Framework)”BACKGROUNDThe Digital Development Global Practice of the World Bank Group has initiated an activity “Public Sector Critical Information Infrastructures (CIIs) Cybersecurity Assessment and CIIs Protection Roadmap for Mongolia (utilizing Risk Management Framework (RMF))” and seeks a consulting firm (“Consultant”) to support the activity.The World Bank is currently assisting the Government of Mongolia (GOM) to prepare a World Bank Investment Project Financing (IPF) project called the Mongolia Smart Government II Project1. The development objective of this project is to improve the usability and efficiency of online public services to citizens and businesses, and to increase digital skills and digital-enabled jobs.Cybersecurity is one of the Smart Government II Project’s key subcomponents. The identified priority areas related to cybersecurity include (i) strengthening the enabling environment (i.e. policies, laws, regulations, and standards) in relation to cybersecurity, cybercrime, and data protection; (ii) setting up the national Cybersecurity Incident Response Team (CIRT); (iii) developing digital service standard that incorporates compliance information on cybersecurity; and (iv) improving cybersecurity awareness and cyber hygiene among civil servants.Developing countries like Mongolia are subject to new cybersecurity vulnerabilities and challenges due to the evolving nature of cyber threats. Mongolia ranks 120 out of 194 countries in the International Telecommunication Union’s 2020 Global Cybersecurity Index and 22 out of 37 countries in the Asia-Pacific region. The score is derived from weighted indicators measured across five pillars (Legal Measures, Technical Measures, Cooperative Measures, Organizational and Capacity Development). Among the five pillars Mongolia scores high in legal measures but poorly in capacity development. The information security objectives of the National Information Security Program, 2010-2015, have been implemented at a low level, less than 50 percent.In Mongolia, targeted attacks on the National Data Center (NDC) have intensified since 2013, with an average of around 4 billion cases considered to be potential cyber-attack2. According to the Electronic Information Security Risk Assessment conducted by the Information Security Department of the General Intelligence Agency in 2013-2017, the information security risk level of government organizations had been rated either “high” or “very high” whereas organizations with critical infrastructure in the energy sector fall into the “high risk” category. Furthermore, the current state of digital governance in Mongolia inhibits the digital economy as companies do not have secured access to opportunities in the digital economy, such as using electronic signatures.Mongolia recently enacted the Law on Cybersecurity in 2021 with cybersecurity risk management requirements for organizations but lacks guidance for compliance. Article 8 of the Cybersecurity Law stipulates that (a) cybersecurity risk assessment should be carried out by a legal entity; (b) the procedure and methodology for cybersecurity risk assessment shall be approved by said agency in cooperation with intelligence agencies; and (c) cybersecurity risk assessment of organizations connected with critical information infrastructure shall be carried out while retaining strict confidentiality.GoM released their National Cybersecurity Strategy in January 2023 and the strategy document envisions, among other objectives, (a) development of a cyber attack defense plan based on cybersecurity risk assessments; (b) strengthening of independent, external and professional activities based on the cybersecurity risk assessment; and (c) introduction of risk management system in public and private organizations with critical information infrastructures (CIIs).OBJECTIVETo aid the GoM in fulfilling the mandate of its cybersecurity law and realize the vision laid out for the use of risk assessment and risk management of CIIs in its National Cybersecurity Strategy, the Consultant will support:• the utilization of a lifecycle-based- RMF34 to assess the capacity of MDDC to conduct risk assessment, prevention, and mitigation of CIIs and assess MDDC’s capacity to manage cyber risks in public sector CIIs in Mongolia.• identify cybersecurity gaps, and• develop a roadmap to address CIIs’ risk management gaps and achieve the CIIs risk management-related objectives and indicators laid out in the National Cybersecurity Strategy. The roadmap will suggest a national workplan for MDDC to employ risk management for protection of CIIs.The proposed assessment and roadmap should also address the costs, benefits, and enabling environment in relation to GoM identifying, adopting, and maintaining a risk management framework, and implementing risk management processes for protection of CIIs within public sector organizations.Please refer to the attached ToR for further information. Issue Date and Time: Mar 30,2023 04:00 Closing Date and Time: Apr 14,2023 03:59

Tender Bidding Type:

Click here for more details

Tender Notice No:

Click here for more details

Tender Document:

• 1 week to go
• 15 Days to go
• More than 15 days to go