This project aims to empower GoM with the knowledge through testing out the use cases demonstrations (‘use case demos’ or ‘pilots’); in the form of showcasing advanced tools to address cyber threats effectively. This activity is expected to be highly beneficial and essential to GOM in an era where cyber warfare can have far-reaching impacts on Mongolia’s national security and economic stability.

The necessity of this innovative grant stems from the escalating complexities and frequencies of cyber threats in today's interconnected digital world. Cybersecurity is a critical necessity, especially for government bodies responsible for safeguarding national security and sensitive data.

The consultant's objective is to aid the GoM’s national CIRT in developing use case demos for the use of AI for swift and effective mitigation of cyber-attacks, proactively identify and defend against emerging threats, enhance its incident response capabilities, and strengthen the nation's overall cybersecurity posture. Key use case demos include:

  i.         Advanced Threat Detection: AI-driven advanced threat detection will empower the CIRT to proactively identify sophisticated, evolving cyber threats that often elude traditional security measures. This capability will enable efficient, early detection of potential attacks, crucial for mitigating the impact of cyber incidents in an ever-changing threat landscape.

ii.         Real-Time Monitoring: AI-driven continuous monitoring will address the challenge of vast, fast-moving data in modern networks. By swiftly identifying unusual behavior and potential threats, this real-time vigilance will be crucial for preventing large-scale breaches. It will enable instant response, safeguarding sensitive government data and national security interests against significant data breaches and financial losses.

iii.         Automated Incident Triage: With the overwhelming volume of cyber incidents, AI-driven triage will automate the categorization and prioritization of threats. This will streamline response workflows, enabling efficient management of multiple simultaneous incidents. By ensuring swift attention to critical issues and optimal resource allocation, automated triage will significantly enhance overall incident response effectiveness.

The use case demos will help form the foundational knowledge basis for the relevant Mongolia entities and stakeholders supported by this grant to be more aware of cyberattacks, understand AI use for cybersecurity, and provide them the strategic roadmap and technical specifications to operationalize and achieve the country's cybersecurity goals and efforts.

1.      Scope of Work

The Consultant will work under the direction of the task team leaders (TTLs) of the Digital Development Global Practice to deliver the following activities listed below. An important aspect of this activity is engaging with and leveraging the expertise of institutions such as the Gates Foundation and the State Department. This activity will collaborate with the UN’s International Telecommunications Union (ITU) that is already providing technical advice to MDDIC for their national CIRT’s setup.

The World Bank team will help facilitate contact with these agencies and assist in refining the scope of collaboration. The Bank team will also recommend and facilitate regular meetings with MDDIC and help secure a focal point at the ministry. The task team suggests that the Consultant consider having a local presence or a team member who can coordinate its fieldwork. The local team member will be responsible for interpretation during the data/information gathering and analysis work. The World Bank task team will arrange for interpreters for the training.

Following is the activity plan for the consultant to execute AI-driven cybersecurity improvements for MDDIC:

a.      Planning

1.1.   Define project scope and objectives: The firm must consult the client to outline specific goals for each use case demo. The plan should be tailored to the client's system architecture, governance model, and participating stakeholders.

1.2.   Develop use case demos plan: The firm must develop the use case demos plan. The firm is permitted to propose suitable open source solutions for the use case demos, which must be included in the firm’s proposal with justifications.

b.   Use case demo #1 on threat detection

To showcase the first pilot, the firm shall reference the client’s objective and apply relevant synthetic data to showcase the identified AI-powered threat detection solution. It shall simulate the 1-2 use cases aligned with the objective.  Present the showcase to the client to raise awareness of the technical solution and address the client’s considerations for operational deployment. The use case demo needs to reflect how cybercriminals use AI for attacks and how the government can use AI for increased defense. From the use case demo exercise, the consultant should prepare a list of actionable recommendations tailored to the client's needs for operational deployment.

c.   Use case demo #2 on Real-Time Monitoring

To showcase the second pilot, the firm shall reference the client’s objective and apply relevant synthetic data to showcase the identified AI-powered real-time monitoring solution. It shall simulate the 1-2 use cases aligned with the objective. Present the showcase to the client to raise awareness of the technical solution and address the client’s considerations for operational deployment. The use case demo needs to reflect how cybercriminals use AI for attacks and how the government can use AI for increased defense. From the use case demo exercise, the consultant should prepare a list of actionable recommendations tailored to the client's needs for operational deployment.

d.   Use case demo #3 on Automated Incident Triage

To showcase the third pilot, the firm shall reference the client’s objective and apply relevant synthetic data to showcase the identified AI-powered automated incident triage solution. It shall simulate the 1-2 use cases aligned with the objective. Present the showcase to the client to raise awareness of the technical solution and address the client’s considerations for operational deployment. The use case demo needs to reflect how cybercriminals use AI for attacks and how the government can use AI for increased defense. From the use case demo exercise, the consultant should prepare a list of actionable recommendations tailored to the client's needs for operational deployment.

e.   Final Report

Summarize the use case demos’ outcomes, lessons learned, and recommendations

4        Deliverables, Tentative Timeline, and Fees

The consultancy will be programmed for approximately 3 months’ duration. The consultancy is anticipated to commence in April 15, 2025 and be completed by Sep 30, 2025. All deliverables should be electronically submitted to the TTLs, in English and the final versions will be translated into Mongolian, proofread, and well-formatted in Microsoft Office formats. 

SELECTION OF CONSULTING FIRMS BY THE WORLD BANK GROUP

REQUEST FOR EXPRESSION OF INTEREST (EOI)

Electronic Submissions through WBGeProcure RFx Now

ASSIGNMENT OVERVIEW

Assignment Title: Strengthening Cyber Security with AI for Mongolia

Assignment Countries:

• Mongolia

ASSIGNMENT DESCRIPTION

This projectaims to empower GoM with the knowledge through testing out the use casesdemonstrations (‘use case demos’ or ‘pilots’); in the form of showcasing advancedtools to address cyber threats effectively. This activity is expected to behighly beneficial and essential to GOM in an era where cyber warfare can havefar-reaching impacts on Mongolia’s national security and economic stability.

Thenecessity of this innovative grant stems from the escalating complexities andfrequencies of cyber threats in today's interconnected digital world.Cybersecurity is a critical necessity, especially for government bodiesresponsible for safeguarding national security and sensitive data.

The consultant'sobjective is to aid the GoM’s national CIRT in developing use case demos for theuse of AI for swift and effective mitigation of cyber-attacks, proactivelyidentify and defend against emerging threats, enhance its incident responsecapabilities, and strengthen the nation's overall cybersecurity posture. Key usecase demos include:

i.Advanced Threat Detection: AI-drivenadvanced threat detection will empower the CIRT to proactively identifysophisticated, evolving cyber threats that often elude traditional securitymeasures. This capability will enable efficient, early detection of potentialattacks, crucial for mitigating the impact of cyber incidents in anever-changing threat landscape.

ii.Real-Time Monitoring: AI-drivencontinuous monitoring will address the challenge of vast, fast-moving data inmodern networks. By swiftly identifying unusual behavior and potential threats,this real-time vigilance will be crucial for preventing large-scale breaches.It will enable instant response, safeguarding sensitive government data andnational security interests against significant data breaches and financiallosses.

iii.Automated Incident Triage: With theoverwhelming volume of cyber incidents, AI-driven triage will automate thecategorization and prioritization of threats. This will streamline responseworkflows, enabling efficient management of multiple simultaneous incidents. Byensuring swift attention to critical issues and optimal resource allocation,automated triage will significantly enhance overall incident responseeffectiveness.

The use case demos will help formthefoundational knowledge basis for the relevant Mongolia entities andstakeholders supported by this grant to be more aware of cyberattacks,understand AI use for cybersecurity, and provide them the strategic roadmap andtechnical specifications to operationalize and achieve the country'scybersecurity goals and efforts.

1.Scope of Work

The Consultant will work under thedirection of the task team leaders (TTLs) of the Digital Development GlobalPractice to deliver the following activities listed below. An important aspectof this activity is engaging with and leveraging the expertise of institutions suchas the Gates Foundation and the State Department. This activity will collaborate with the UN’sInternational Telecommunications Union (ITU) that is already providingtechnical advice to MDDIC for their national CIRT’s setup.

The World Bankteam will help facilitate contact with these agencies and assist in refiningthe scope of collaboration. The Bank team will also recommend and facilitateregular meetings with MDDIC and help secure a focal point at the ministry. Thetask team suggests that the Consultant consider having a local presence or ateam member who can coordinate its fieldwork. The local team member will beresponsible for interpretation during the data/information gathering andanalysis work. The World Bank task team will arrange for interpreters for thetraining.

Followingis the activity plan for the consultant to execute AI-driven cybersecurityimprovements for MDDIC:

a.Planning

1.1.Define project scope and objectives: The firm must consult the client to outlinespecific goals for each use case demo. The plan should be tailored to the client's systemarchitecture, governance model, and participating stakeholders.

1.2.Develop use case demos plan: The firm must develop the use case demos plan. Thefirm is permitted to propose suitable open source solutions for the use casedemos, which must be included in the firm’s proposal with justifications.

b. Use case demo #1 on threat detection

To showcasethe first pilot, the firm shall reference the client’s objective and applyrelevant synthetic data to showcase the identified AI-powered threat detectionsolution. It shall simulate the 1-2 use cases aligned with the objective. Present the showcase to the client to raiseawareness of the technical solution and address the client’s considerations foroperational deployment. The use case demo needs to reflect how cybercriminals use AI for attacksand how the government can use AI for increased defense. From theuse case demo exercise, theconsultant should prepare a list of actionable recommendations tailored to theclient's needs for operational deployment.

c. Use case demo #2 on Real-Time Monitoring

To showcase the second pilot, the firmshall reference the client’s objective and apply relevant synthetic data toshowcase the identified AI-powered real-time monitoring solution. It shallsimulate the 1-2 use cases aligned with the objective. Present the showcase tothe client to raise awareness of the technical solution and address theclient’s considerations for operational deployment. The use case demo needs to reflect how cybercriminalsuse AI for attacks and how the government can use AI for increased defense. From theuse case demo exercise, theconsultant should prepare a list of actionable recommendations tailored to theclient's needs for operational deployment.

d. Use case demo #3 on Automated Incident Triage

To showcase the third pilot, the firmshall reference the client’s objective and apply relevant synthetic data toshowcase the identified AI-powered automated incident triage solution. It shallsimulate the 1-2 use cases aligned with the objective. Present the showcase tothe client to raise awareness of the technical solution and address theclient’s considerations for operational deployment. The use case demo needs to reflect how cybercriminalsuse AI for attacks and how the government can use AI for increased defense. From theuse case demo exercise, theconsultant should prepare a list of actionable recommendations tailored to theclient's needs for operational deployment.

e. Final Report

Summarize the use case demos’ outcomes, lessonslearned, and recommendations

4Deliverables,Tentative Timeline, and Fees

The consultancy will beprogrammed for approximately 3 months’ duration. The consultancy is anticipatedto commence in April 15, 2025and be completed by Sep 30,2025. All deliverables should be electronically submitted to the TTLs,in English and the final versions will be translated into Mongolian, proofread,and well-formatted in Microsoft Office formats.

FUNDING SOURCE

The World Bank Group intends to finance the assignment / services described below under the following:

• BB: Bank Budget
• TF0C4638: DDP

ELIGIBILITY

Eligibility restrictions apply:

• [Please type list of restrictions]

SUBMISSION REQUIREMENTS

The World Bank Group invites eligible firms to indicate their interest in providing the services. Interested firms must provide information indicating that they are qualified to perform the services (brochures, description of similar assignments, experience in similar conditions, availability of appropriate skills among staff, etc. for firms; CV and cover letter for individuals). Please note that the total size of all attachments should be less than 5MB. Firms may associate to enhance their qualifications unless otherwise stated in the solicitation documents. Where a group of firms associate to submit an EOI, they must indicate which is the lead firm. If shortlisted, the firm identified in the EOI as the lead firm will be invited to the request for proposal (RFP) phase.

Expressions of Interest should be submitted, in English, electronically through WBGeProcure RFx Now

NOTES

Following this invitation for EOI, a shortlist of qualified firms will be formally invited to submit proposals. Shortlisting and selection will be subject to the availability of funding.

Only those firms which have been shortlisted will be invited to participate in the RFP phase. No notification or debrief will be provided to firms which have not been shortlisted.

If you encounter technical difficulties while uploading documents, please send an e-mail to the Help Desk at corporateprocurement@worldbank.org prior to the submission deadline.