SELECTION OF CONSULTING FIRMS BY THE WORLD BANK GROUP
REQUEST FOR EXPRESSION OF INTEREST (EOI)
Electronic Submissions through WBGeProcure RFx Now
ASSIGNMENT OVERVIEW
Assignment Title: Indonesia TA for Development of a National Cybersecurity Risk Assessment Toolkit for Critical Information Infrastructures
Assignment Countries:
ASSIGNMENT DESCRIPTION
The World Bank Digital Development Global Practice is working with the Government of Indonesia to enhance its National Cybersecurity Risk Assessment (NCRA) capacity, with the aim of bolstering resilience against cyber threats targeting critical services and infrastructures. This collaboration aims to support Indonesia’s National Cyber and Crypto Agency (BSSN) to scale up its NCRA capacity and to develop an assessment and mitigation toolkit for BSSN to develop its NCRA framework, methodologies, and tools, followed by conducting risk assessment of selected CIIs (not more than two) as a pilot.
The primary aim of the Assignment is to provide BSSN with the analysis, technical assessments and a toolkit to assist the Government of Indonesia in developing a holistic NCRA Framework, along with associated Methodologies and Tools, with the objectives of identifying threat scenarios, assessing risks and resilience, identifying gaps and key areas of improvement aimed at preventing and mitigating disruptions of critical services caused by malicious cyber threats.
Scope of Work: The consulting firm will be responsible for:
- Conducting research on global best practices and relevant frameworks
- Developing the NCRA Toolkit, including the Framework, Methodologies, and Tools
- Conducting interviews and engagements with key stakeholders
- Supporting BSSN in applying the Toolkit and conducting a pilot assessment on not more than two selected CIIs
- Providing training and knowledge transfer to BSSN, CII operators, and other stakeholders
- Revising and finalizing the Toolkit based on feedback, suggestions and lessons learned from the pilot.
Required Qualifications: The consulting firm/entity should have:
- Strong technical and analytical experience in ICT and cybersecurity risk assessment and resilience assessment, risk and resilience treatments, governance and legislations relating to national CII protection
- Knowledge of global best practices in cybersecurity
- Strong understanding of cybersecurity policy, strategy, and operations in a government context
- Previous experience in developing cybersecurity riskassessment frameworks and tools
- Having carried out atleast two (2) similar assignments globally
- Experience working with the public sector (preferably in a middle-income developing country context)
- Fluency in English (ability in Bahasa Indonesia is an advantage)
Timeline: The assignment is expected to begin in June 2024, with deliverables and activities scheduled over a period of 23 weeks.
FUNDING SOURCE
The World Bank Group intends to finance the assignment / services described below under the following:
- BB: Bank Budget
- TF0C3061: DDP
- TF0C1272: KWBP
ELIGIBILITY
Eligibility restrictions apply:
- [Please type list of restrictions]
SUBMISSION REQUIREMENTS
The World Bank Group invites eligible firms to indicate their interest in providing the services. Interested firms must provide information indicating that they are qualified to perform the services (brochures, description of similar assignments, experience in similar conditions, availability of appropriate skills among staff, etc. for firms; CV and cover letter for individuals). Please note that the total size of all attachments should be less than 5MB. Firms may associate to enhance their qualifications unless otherwise stated in the solicitation documents. Where a group of firms associate to submit an EOI, they must indicate which is the lead firm. If shortlisted, the firm identified in the EOI as the lead firm will be invited to the request for proposal (RFP) phase.
Expressions of Interest should be submitted, in English, electronically through WBGeProcure RFx Now
NOTES
Following this invitation for EOI, a shortlist of qualified firms will be formally invited to submit proposals. Shortlisting and selection will be subject to the availability of funding.
Only those firms which have been shortlisted will be invited to participate in the RFP phase. No notification or debrief will be provided to firms which have not been shortlisted.
If you encounter technical difficulties while uploading documents, please send an e-mail to the Help Desk at corporateprocurement@worldbank.org prior to the submission deadline.