Call for Proposals ---------------------- CERT Co-ordination Center (3C) ----------------------------------------- TERENA (The Trans-European Research and Educational Networking Association) is soliciting tenders for the operation of a European support unit for Computer Emergency Response Teams (CERTs). Operation of the unit will offer the successful bid the opportunity to contribute to the secure operation of the Internet in Europe. A number of CERTs have come into operation to deal with security incidents affecting a variety of user communities within Europe. Members of TERENA (primarily the national academic computer networks of Europe) are amongst those operating CERTs at present. As the number of CERTs grows, there is an increasing need for them to communicate with each other to resolve incidents and to disseminate information relating to the maintenance of network security to them. A TERENA Task Force (CERTs in Europe) has analyzed the requirements for co-ordination of European CERTs (their report is available from ftp.terena.nl/terena/working-groups/wg-sec/task- forces/CERT_TF_Final_Report_.ps). As a result of their recommendations, TERENA is now seeking organizations willing to bring a CERT co-ordination Center (3C) activity into operation. Project costs will be collected by TERENA and paid to the host organization on an agreed schedule. The co-ordination unit will neither duplicate nor usurp any of the functions of established CERTs, nor will it provide CERT facilities to organizations which have failed to establish first-level incident-handling facilities of their own. The Function ---------------- The contract will be to operate an Incident Support Unit (ISU). Incident Support encompasses a number of duties: Event Handling - The CERT co-ordination center should be notified of an event or suspected event when appropriate. At this time, the Unit will co- ordinate efforts of relevant CERTs, including initial analysis of the event, informing the relevant systems and people, and tackling the problem. Event Analysis - Analyzing security-related events, deciding upon proper course of action and relaying such information to the CERT community. Event Co-ordination - As explained in the Event Handling paragraph, co-ordination is a vital part of managing a security event. Once detected, a security event requires intelligent and accurate assessment of systems prone to attack, and alerting such systems. Prevention - Evaluating potential risks, general threats and global events. Maintaining ties with related forums, discussion groups and CERTs, the co-ordination center will assess any incoming information and evaluate whether it may constitute a threat and how it can be prevented, preferably by simple advance notice and reaction. Educational Role - Organization of regional workshops for the benefit of local CERT staff, with emphasis on prevention of security violations and help with setting up new local CERTs. Such activities will be self funding and should not be reflected in the costs of operation Documentation - maintain event history: technical specifications of security events and how they were handled (for future reference and educational purposes). Defining Policies - An important aspect of the CERT center activities includes providing the technical input (research/working groups/task forces/etc) for policy making, standard definitions, development and utilization of various results. Operating an information server (based on WWW, FTP and e-mail lists) for the dissemination of information of general interest to those responsible for dealing with security incidents Enabling secure (encrypted) communication between Incident Response Teams (IRT) by establishing a secure Key server and acting as a Certification Authority for signing authentication certificates Software Evaluation - 3C will assist in testing and evaluating various software packages, tools and utilities for the use of local CERTs. Contacts With Global Resources - Maintain a full-time, regular basis contact with CERTS and related groups world- wide. It is crucial that 3C be aware of the major security threats and be involved in discussion groups and forums. The Unit will assume responsibility for keeping informed of the various threats, so they can help dismantle and handle such events on a regular basis, as well as serve as an informative source for the European user community when the need arises. Profile of the Successful Candidate Organization ---------------------------------------------------------- The successful bidder should be a member of FIRST and have experience with procedures and principles for dealing with security incidents related to computer networks. The organization should have credibility and visibility in the academic and research networking environment, and be of sufficient size to provide the necessary administrative and computing support services. Minimum Conditions --------------------------- The mandatory functions of the unit are listed above. General enquiries should be possible by telephone during normal working hours throughout the period of the contract. Other functions can be planned to suit the requirements of the funding participants. Candidate organizations should define the total staff they estimate will be required to fulfil the conditions. The host organization must have a adequate networking infrastructure and computer equipment to provide the network-based services with a high level of availability and responsiveness. Desirable Enhancements ------------------------------ The TERENA Task Force identified a need for general education and information about the problems raised by computer security incidents and methods of dealing with them. Although general education is not within the minimum remit of the unit, it is considered desirable that conferences or on-line presentations should be used to spread the message about the control of unwelcome incidents. Any organization making a bid should indicate the extent to which they would be able to contribute in this area. Operation ------------- The report of the TERENA Task Force calls for full operation of the unit to provide a central point for communication between Incident Response Teams (IRTs) when incidents are in progress, to help co-ordinate the response to problems which arise on an international scale. This function would require that staff be on reachable around the clock. Any organization making a bid should indicate the extent to which they are able to provide a regular rota of duty officers outside of regular working hours who will be on call from home. Bidding Procedure ----------------------- Organizations wishing to bid should provide evidence that they meet the "Profile of the Successful Candidate Organization" and demonstrate their understanding of the requirements raised by the TERENA Task Force report "CERTs in Europe". Bidders should provide a short (approximately 6 sides of A4) proposal indicating how they would plan to execute the functions of the unit. Bids should also include the following information: 1. Annual cost of operating the unit 2. Earliest start date 3. Estimated staffing level required 4. Name of an administrative contact for contract negotiation 5. Name of a technical contact 6. Telephone numbers, addresses and e-mail addresses of the named contact Proposals should be sent by postal mail to: The Secretary General TERENA Singel 466-468 NL-1017AW Amsterdam Or via electronic submission to: secretariat@terena.nl All bids should be received by: 15/4/96 TERENA will award the contract to the bidder that, in its opinion, will best meet the eventual requirement to provide a full-scale service to its membership and to the European networking community in general. TERENA reserves the right not to accept any of the proposals submitted in response to this Call For Proposals. Further information and queries should be directed to: Dr. Ariel T. Sobelman ariel@terena.nl