REPUBLIC OF THE PHILIPPINES

CYBERCRIME INVESTIGATION AND COORDINATING CENTER

#49 Don A. Roces Ave., Brgy. Paligsahan, Quezon City

www.cicc.gov.ph. 

REQUEST FOR INFORMATION

(19 February 2021) 

The Cybercrime Investigation and Coordinating Center (CICC) through the Office of the Executive Director (OED) is seeking information from the industry to assist with the Development and Planning of a new Information Systems Strategic Plan (ISSP). The ISSP of CICC shall contain the Agency’s overall strategy, which involves medium-term planning for its Information and Communications Technology (ICT) thrusts, strategies, and programs.

THIS IS A REQUEST FOR INFORMATION (RFI) NOTICE ONLY. THIS IS NOT A REQUEST FOR PROPOSALS (RFP). NO SOLICITATION IS AVAILABLE AT THIS TIME.

  • Overview/ Purpose/ Description:

The CICC-OED is exploring the use of current and emerging technologies in the fight against cybercrime.

The advent of the Internet and cyberspace has greatly benefitted humanity but it was also utilized by both lone offenders and organized crime groups to boost their lawless activities resulting in cybercrime. In one aspect, cybercrime against individuals and organizations regardless of time and space highlights the decaying moral fibers of families and communities as indicated by the alarming surge of online sexual exploitation of children (OSEC), illegal online gambling, online trade of prohibited drugs, and the like.

Likewise, cybercrime has become the fastest-growing socio-economic crime. The government aims to shield and safeguard the Philippines “from computer-generated attacks that could cause massive crises in our economy, banking and financial institutions, communications and other critical infrastructure.” Every year, the specter of “cyberattacks,” especially on the capital markets loom larger (fake investment scams, insider trading by hacking confidential information, the dissemination of false financial information influencing the share price of a listed company by creating “fake” websites or fake rumors on social media, the manipulation of financial instrument prices by hacking trading terminals, etc.).

A study by the research firm Frost & Sullivan in June projected that the Philippines could suffer US$3.5 billion of potential economic losses from cybersecurity crimes, equivalent to 1.1% of the country’s $305 billion gross domestic product in 2019; hence, calling for a national response.

Thus, it is the role of the government, with the support of the public and citizenry, to enforce the full force of the law, especially against hardened cybercriminals. To be able to perform the mandate to monitor, prevent, investigate, and suppress cybercrime, CICC needs essential capabilities in terms of integrated technologies, systems, processes, tools, and most importantly, the right professional skills and competencies.

2.0 Scope of Effort:

2.1 Components

This RFI looks for potential sources of technology infrastructure, systems, services, and integrated solutions or combinations thereof from concerned stakeholder groups or institutions that can provide a commercial or government off-the-shelf or bespoke solution to provide:

  • Cybercrime Investigative Case and Records Management;
  • Jointly underwritten cybercrime research policy and practices;
  • Jointly underwritten national priorities and strategies with the private sector on critical infrastructure protection;
  • Continuous monitoring of cybercrime risks, threats, and cases in compliance to the law (“Cybercrime Prevention Act of 2012” [R.A. 10175]);
  • Security measures and incident reporting obligations for Internet Content Host and Service Providers, as well as attributing factors/ subscriber data;
  • Cybercrime prevention through CICC policy and program implementation monitoring;
  • Classified Cyberthreat Intelligence gathering, sharing, and partnering particularly on Modus Operandi, including tools, techniques, and procedures;
  • Electronic Crime Scene Investigation/ Cyber Forensic Field Triage Process;
  • Deployment of (real-time) Security and Cybercrime Intelligence technologies and analytics;
  • Digital Evidence Forensic Investigation Infrastructure from acquisition to analysis;
  • Cyber Enforcement Actions;
  • Joint cybersecurity exercises;
  • Technical cybercrime prevention and detection measures;
  • Inter-operability capability and demonstration;
  • Formal Capacity Building on cybercrime prevention and suppression;
  • Cybercrime awareness raising (Cybercrime Index);
  • Formal international cooperation mechanisms;
  • Datasets for Analysis of Cybercrime;
  • Cybercrime Surveillance and Reporting Mechanisms

Providing actionable information/ complaints, which can be the basis for investigations and prosecutions, which include the following:

  • Identification of cybercrime threats on citizens and organizations;
  • Understanding and measuring trends;
  • Establishing a channel of communication between citizens (victims and witnesses of cybercrime) and the authorities or initiatives-in-charge;
  • Coordination between law enforcement and public authorities
  • Other collaboration services
  • Technical Characteristics:
  • Supports up to 25,000+ concurrent users before needing to scale to another increment of capacity;
  • Controls access to information based on information, user, facility, and system classification labels/ level, handling caveats, and control markings;
  • Based on a programs security classification guide, automatically suggests compliant content classification labels, handling caveats, and control markings;
  • Provides users a tool to properly mark information following classification and special handling requirements;
  • Establishes trusted connections with other organizations to allow for the sharing of classified information across organizational boundaries;
  • Monitors and logs:
    • Who is accessing the information
    • From where is the information being accessed
    • From what system the information is being accessed
    • Changes made to the information
    • Others
  • Automatic redaction of data elements and content;
  • Automatically controls distribution (allow, block, delete, redact) of information to individuals, facilities, or systems;
  • Highly scalable with easy synchronization of new information and/or users;
  • Role-based system (administrator, privileged user, );
  • Intuitive User Interface with modern design standards;
  • Open architecture to ensure future enhancements
  • Special Requirements
  • CICC is requesting a commercial or government off-the-shelf solution. Capability should be device agnostic, can deliver capabilities to authorized users in disconnected and tactical environments, and requires minimal additional
  • The system should work and coordinate with/in an Enterprise Environment across multiple organizations. In a multiple organization environment, CICC must still be able to account for the integrity of the information and the extent of its distribution;
  • The solution must be able to understand the contents of the cybercrime information (e.g., intelligence, traces, evidence) and classifies it according to various programs’ security classification guide (SCG) and then label the information according to document marking requirements.
  • Moreover, the solution makes real-time decisions to grant or deny access to the information based on the individual’s ability or clearance level to access, change, delete, receive, or forward the information based on its classification, the credentials/ clearance level of the sending and/or receiving individual, facility, and system accreditation.
  • Requested Information

3.1 Architecture Information

  • From a high level, what approach would you take to provide capability?
  • Summarize the architectural environment of each possible alternative and provide a          drawing or system overview.
  • Required back-end physical and virtual servers to support at least 25,000

3.2 Capability Delivery

  • How would you propose delivering such a capability?
  • Describe the infrastructure and software used to build the capability and the timelines required to implement it.
  • What type of usage monitoring and metrics, such as a dashboard, would be available to the user?

3.3 Access and Security Information

  • Describe the security posture and how you control access to the

3.4 Contract/Pricing Information

  • Provide your proposed business model in order to maintain your
  • What is an estimated price for a one-year of capability/ service? If the price is based on data volume and/or usage, please provide pricing.
  • Detail any proposed catalog pricing for licenses, subscriptions, storage, usage, and processing.
  • Please include a Rough Order of Magnitude (ROM) for planning

4.0 Response Guidelines

 Interested parties are requested to respond to this RFI with a white paper. Submissions cannot exceed fifteen pages, single-spaced, 12-point type with at least one-inch margins on “A4” page size. The response should not exceed a 20MB e-mail limit for all items associated with the RFI response. Responses must specifically describe the contractor’s capability to meet the requirements outlined in this RFI. Oral communications are not permissible. CICC will be the sole repository for all information related to this RFI.

Companies and/or institutions who wish to respond to this RFI should send responses via email no later than March 05, 2021 to exedir1@cicc.gov.ph.

5.0 Industry Discussions

CICC representatives may choose to meet with potential offerors and hold one-on-one discussions. Such discussions would be intended to obtain clarification of potential capability to meet the CICC requirements, including any development and certification risks.

6.0 Questions

Questions regarding this announcement shall be submitted in writing by e-mail to exedir1@cicc.gov.ph. Verbal questions will NOT be accepted. Answers to questions will be posted on the CICC website https://cicc.gov.ph. The Government does not guarantee that questions received after March 05, 2021 will be answered. The Government will not reimburse companies for any costs associated with the submissions of their responses.

7.0 Disclaimer

This RFI is not a Request for Proposal (RFP) and is not to be construed as a commitment by the Government to issue a solicitation or award a contract. Responses are not considered as proposals nor will any award be made out of this synopsis.

All information contained in the RFI is preliminary as well as subject to modification and is in no way binding on the Government. The Government does not intend to pay for information received in response to this RFI. Responders to this invitation are solely responsible for all expenses associated with responding to this RFI. This RFI will be the basis for collecting information on capabilities available. This RFI is issued solely for information and planning purposes. Responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received in this RFI that is marked “Proprietary” will be handled accordingly. All submissions become Government property and will not be returned nor will receipt be confirmed.

 

CEZAR O. MANCAO II

Executive Director