International Expert for Preparation of an Assessment Study for the Requirements for Preparation of a National Cyber Security Strategy


Location : Home-based with 5 days field mission to Skopje, Republic of North Macedonia
Application Deadline :05-Mar-14 (Midnight New York, USA)
Type of Contract :Individual Contract
Post Level :International Consultant
Languages Required :
 English  
Expected Duration of Assignment :Maximum 20 days, including 5 days of field work in the country

UNDP is committed to achieving workforce diversity in terms of gender, nationality and culture. Individuals from minority groups, indigenous groups and persons with disabilities are equally encouraged to apply. All applications will be treated with the strictest confidence.

UNDP does not tolerate sexual exploitation and abuse, any kind of harassment, including sexual harassment, and discrimination. All selected candidates will, therefore, undergo rigorous reference and background checks.


Background
In 2012, within the overall efforts to make progress in the accession process to the EU, a High Level Accession Dialogue (HLAD) was opened as a policy reform roadmap, mutually agreed between the Government and the EU Commission. The HLAD process managed to reinvigorate the national response to the EU accession agenda whereby authorities committed to demonstrate notable progress in five policy areas within a very short time frame.

Having in mind that developing national capacities to respond and effectively manage the EU accession agenda represent the overarching objective of the UNDP’s country programme along with the track record of UNDP’s work in some of the policy areas tackled with the HLAD process, upon request of the Secretariat for European Affairs (SEA), UNDP took this opportunity to assist the national institutions in this process.

The areas supported so far included also Chapters 23 and 24 whereby UNDP has facilitated exchange of knowledge with Croatia in the area of Judiciary, Fundamental Rights and Justice, Freedom, and Security, so that the Macedonian counterparts could share experiences with colleagues and peers about the most pertinent EU accession processes and issues at strategic and operational level.

The analysis made in the field of combating organized crime, with special emphasis on the cybercrime as a part of the national efforts under Chapter 24, has identified the need for development of a strategic document that will contribute to more effective fight against cybercrime, which will be synchronized with other relevant institutional efforts through application of a systematic and integrated approach. Furthermore, the adoption of the EU Cyber Security Strategy, where the combat against cybercrime is just one segment of the overall concept for cyber security, has also reinforced the need for designing and adopting a National Cyber Security Strategy for the country.

The necessity of adopting of such a National Cyber Security Strategy is primarily related to:
  • Providing an open, reliable and secure cyberspace for activities and social interactions  (including human rights); the economies and all national systems largely depend on application of information and communication technologies;
  • The rise in the use of the IT systems increases the risk of abuse and emergence of new more sophisticated types of cybercrime, which makes the cybercrime one of the more serious threats to national security;
  • Developing  a  cyber defence policy;
  • Establishing an integrated, multidisciplinary approach to secure closer cooperation and coordination between the defense department, institutions involved in the combat against crime, private sector, and other relevant stakeholders;
  • Strengthening the operational capacity, coordination and cooperation among the relevant institutions involved in the combat against cybercrime;
  • Establishing common standards, training, and education of all institutions involved in the development of cybersecurity;
  • Strengthening the national capacities for prevention and protection against cyber attacks, as well as implementing  a campaign to raise cyber attack awareness;
Based on previous analysis and observations, the National Cyber Security Strategy is tentatively planned to cover four segments:
  • Developing and promoting the cyber defense concept;
  • Measures and activities for cyber crime suppression;
  • Establishing and improving of the cyber attack prevention system;
  • Managing incidents caused by cyber crime;
The final goal of the National Cyber Security Strategy, and in line with the Cyber Security Strategy of the European Union, would be to ensure a safe, secure, trustworthy and resilient digital environment for the benefit of the citizens, businesses and public administration.

The process of preparation of the said Strategy will be coordinated/led by the Ministry of Interior and will include all relevant institutions and stakeholders, such as Ministry of Information Society and Administration, Ministry of Defense, and other institutions.

Given that the Strategy is envisaged to be rather comprehensive, inter-institutional and also cover different sectors, the Secretariat for European Affairs and the Ministry of Interior have approached UNDP to assist with commissioning an assessment study that would help assess the necessary parameters and factors related to the process of planning the preparation of this complex Strategy.   The assessment study is envisaged to be instrumental in analysis of all the relevant aspects for design and implementation of a fully-fledged National Cyber Security Strategy and a related Action Plan.

Objectives

The objectives of this assignment are broadly two-fold.

The first aim is to collect data on issues and state of affairs relevant for preparation and potential implementation of a cyber-security strategy: its extent, potential costs for development, implications as well as potential policy responses (especially in the areas of law enforcement….).

The second aim, in line with the EU accession goals, is to evaluate the preparedness and parameters for a fully-fledged Strategy in relation to a number of factors including institutional mandates, activities, resources, risks, coordination issues and potential impacts.

This overall process related to the preparation of an assessment study and the expected Strategy is expected to contribute to harmonization of the national legislation with the EU legislation and implementation of in-depth technical analysis of the European legislation in relation to Chapter 24 - Justice, Freedom and Security. The efforts around the consultations and preparations of the Strategy are also expected to contribute to creating better positioning of the country in terms of future negotiations with the EU and better planning of the fiscal implications of the activities related to cybersecurity. The Strategy will also help in strengthening the institutional and legal framework in the field of cybercrime and cyber security in general.

The overall process starting from the assessment study up to subsequent actual preparation of the Cyber Security Strategy will also contribute to better understanding of the EU acquis in the domain of cyber security, as well as in strengthening of the human and institutional capacities of the Ministry of Interior, Ministry of Information Society and Administration, Ministry of Defense and other national institutions identified by the strategy.


Duties and Responsibilities
Tasks (Scope of Work)

Based on the above-described objective of the assignment, the following tasks should be performed:
  • Preparatory desk work related to the assignment including analysis of best comparative practices;
  • Conducting a 5-day field mission to the country, to conduct interviews/meetings with main stakeholders to obtain information needed for the assessment study.  The focus of the interviews should be on some of the main elements expected to be part of the Strategy such as the existing legal framework, institutional and HR capacities and future priorities. The Strategy is also planned to be supported with an Action Plan for effective implementation of the strategy and will outline specific measures and activities, relevant institutions responsible for implementation, timeframe and financial implications. These aspects should also be taken into consideration in the preparation of the assessment study;
  • Providing a first draft of the assessment study for comments for the relevant institutions;
  • Finalization of the assessment study with clear recommendations on the next steps, including analysis of the national legislation (laws, bylaws, contracts, strategies, action plans, relevant to  the cybercrime);  the degree of harmonization of the national legislation with the EU legislation in the area of cybercrime or cybersecurity in general; assessment of the current state of affairs and the capacities of institutions to deal with the challenges of cybercrime and computer security at the national level;
Under the direct supervision of the Head of Governance Unit from UNDP, the expert will also work closely with representatives from the Ministry of Interior, the Secretariat for European Affairs and other relevant institutions as per the agenda for meetings to be suggested and prepared by the Ministry of Interior.

Deliverables

The consultant should deliver:
  • Draft assessment by 5th of Apri;
  • Final assessment study for preparation and implementation of a comprehensive Strategy on Cyber Security by end of April 2014;
The assessment study should contain, but not be limited to the following elements:
  • Executive summary;
  • Introduction;
  • Chapter 1: Policy background and objectives of the study;
  • Chapter 2: Analysis of institutional mandates, activities, resources, risks, coordination issues and potential impacts to be considered in a preparation of the Strategy;
  • Chapter 3: The role of stakeholders;
  • Chapter 4: Proposed options and steps to proceed with preparation (and prospective implementation) of a National Cyber Security Strategy and a related Action Plan;
  • Chapter 5: Analysis of the options and potential implementation risks;
  • Chapter 6: Cost estimates for the proposed scenarios for the next steps; 
  • Chapter 7: Roadmap for future steps.
Reference list

Annexes:
  • Interviewed organisations;
  • Methodology;
  • Comparative country examples/case studies;
  • Cost estimates.
The first draft of the assessment study should be completed approximately by 15 April 2014 whereas the final product should be delivered by 30 April 2014.

Duration of the assignment

The assignment should be completed in the period from 20 March to 30 April 2014. The overall duration of the tasks covered by this ToRs has been estimated to not exceed 20 days within this indicated period, including one mission to Skopje and related desk-work to pre-review documentation and finalize the study. 

The mission will take place in the period between 20 March and 30 April 2014. The field research and interviews with stakeholders will take place in that period.

Payment Schedule

First instalment: 50% upon successful completing of the first draft of the assessment study;
Second instalment: 50% upon approval of the completion of the assessment study as described above. 


Competencies
Competencies:
  • Excellent analytical and writing skills. All documents shall be prepared in the English language;
  • Excellent analytical and negotiation skills;
  • Excellent communications and facilitation skills.

Corporate Competencies:

  • Demonstrates integrity by modeling the UN’s values and ethical standards;
  • Promotes the vision, mission, and strategic goals of UNDP;
  • Displays cultural, gender, religion, race, nationality and age sensitivity and adaptability;
  • Treats all people fairly without favoritism.


Required Skills and Experience
Academic qualifications:
  •  Academic level or higher education (Master studies will be considered as an asset) in relevant areas, including business and public administration, IT expertise or equivalent;
  • Specific training/additional education relevant for the topic will be an asset;
Professional experience:
  • At least 7 years of relevant professional experience; including substantive and extensive experience specifically in issues related to the area of cybercrime or cybersecurity and designing and preparation of assessment and feasibility studies or national strategies in the area of cyber security;
  • Experience as a key expert in at least two projects/assignments in the domain of cyber security/related assessment/feasibility studies, with a list of reference assignments/projects , his/her role and the duration of the project/assignment;
  • Knowledge/experience with EU legislation/EU countries relevant for the assignment;
Language Requirements: 
  • Language proficiency in both written and oral English;
  • Knowledge of local languages will be an asset.
Application procedure:

The Consultant is expected to provide the following:
  • CV / United Nations Personnel History form (P-11);
  • Financial offer : The consultant is expected to provide a lump-sum financial offer based on his/her forecast of days, including the country mission. The financial offer shall include a breakdown of the lump sum amount (number of anticipated working days, consultancy fee, travel expenses to Skopje, per diems and any other possible costs);
  • Reference list of similar work/projects and contact details of the clients with their e-mail addresses;             
Evaluation of offers

Individual consultants can be evaluated based on the following methodology for Combined Scoring Method principle, which takes into account a combination of the applicants’ qualification and financial proposal (70% technical and 30 % financial offer). When using this weighted scoring method, the award of the contract should be made to the consultant whose offer has been evaluated and determined as:
  • Responsive/compliant/acceptable; and
  • Having received the highest score out of a pre-determined set of weighted technical and financial criteria specific to the solicitation;
Only the highest ranked candidates who would be found qualified for the job will be considered for the Financial Evaluation.

Shortlisted candidates will be invited for interview via Skype.

Technical Criteria - 70% of total evaluation – max. 70 points (see the qualifications):
  • Criteria A – At least 7 years of relevant professional experience; including substantive specific and extensive experience specifically in issues related to the area of cybercrime or cybersecurity and designing and preparation of assessment/feasibility studies or national strategies in the area of cyber security; -35 points max;
  • Criteria B –Experience as a key expert in at least two projects/assignments in the domain of cyber security/related assessment/feasibility studies, with a list of reference assignments/projects ,  his role and the duration of the project/assignment- 10 points max;
  • Criteria C – Knowledge/experience with EU legislation/EU countries on topics relevant for the assignment;-10 points max;
  • Criteria D- - Relevant education and training. 10 points max;
  • Criteria E –Language proficiency:  English.  Knowledge of local languages will be an asset-  max points: 5;
Financial Criteria - 30% of total evaluation.



If you are experiencing difficulties with online job applications, please contact the eRecruit Helpdesk.
Find Us On

© 2016 United Nations Development Programme