2022-0095 Contractor Support for Cyber E-Learning Dev - THU 29 Sep

Deadline Date: Thursday 29 September 2022

Requirement: Contractor Support for development of Cyber E-learning

Location: Off-Site

NATO Grade: A3/52,100

Total Scope of the request: Up to 50 days

Required Start Date: 18 October 2022 (or earlier, if possible)

End Contract Date: 20 December 2022

Duties & Role:

STATEMENT OF WORK (SoW)

Contractor Support for development of Cyber E-learning

Table of Contents

1. INTRODUCTION

2. SCOPE OF WORK

3. SCHEDULE AND PRACTICAL ARRANGEMENTS

4. REQUIRED PERSONNEL QUALIFICATIONS

References

A. BiSC Directive 75-7, “Education and Individual Training (E&IT)”. September

2015 (NU)

1. INTRODUCTION

1.1 The NATO Communications and Information Academy (NCI Academy) consolidates all Education and Training services provided by the NCI Agency. The NCI Academy provides NATO with a world-class training capability to maintain its technological advantage. The NCI Academy provides training on both static and deployed NATO communication and information systems (CIS), Air Command and Control (AirC2), cyber security and cyber defence. In addition, it plays a pivotal role in designing and developing new learning solutions for our customers, by conducting a thorough analysis of training needs and leveraging the latest learning technology.

1.2 For a number of new projects, the NCI Academy will develop multiple E-learning modules in the Cybersecurity domain, targeting specific NATO audiences. To enhance the NCI Academy’s in-house development team, we are looking for an expert contractor to support the design and development activities, leading to the delivery of two new modules, and the uplift of an existing module.

1.3 The new modules will be hosted on the NATO e-learning platform (JADL), and managed by the Learning Design and Development Branch (LDDB), within the NCI Academy.

1.4 The activities pertain to two modules:

- Develop new E-learning module ‘Generic Cyber security considerations for CIS’

- Uplift existing ‘NATO Cyber Hygiene E-learning module’ (ADL 355)

Chapter 2 will further elaborate on the content and expected outcomes of these two Work Packages (WPs).

2. SCOPE OF WORK

This Statement of Work pertains to multiple Work Packages (WPs). The expert contractor team shall carry out the specific tasks, as described in paragraph 2.1 - 2.2 below:

2.1 Work Package 1: Development E-learning module ‘Generic Cyber security considerations for CIS’

2.1.1 Background

Over the last decades, the NCI Academy has trained hundreds of Communications and Information Systems (CIS) technicians in a broad range of systems, from SATCOM and Deployable CIS, Functional Services and Command and Control Systems, to Crypto administration and engineering. To this day, as often observed by the NCI Academy instructors, many students demonstrate a lack of awareness on areas such as cybersecurity best practices, incident handling, risk management and knowledge of cyber threats affecting the CIS they operate and maintain, which constitutes a large risk. In the NCI Academy catalogue, there is a large number of CIS related courses for which an additional cybersecurity (CS) module will have a benefit, e.g. SATCOM and Deployable CIS, Functional Services and Systems, C2, Crypto admin and engineering. At present, the following course families are in scope of this effort, totaling 63 courses:

- User/Operator courses: 31

- System Administrator courses: 20

- CIS Hardware Maintainers: 12

For each of these courses families, the Academy aims to develop an additional cybersecurity module, targeting technical, operational and/or managerial staff associated with the respective family. The additional cybersecurity module will consist of three components, each with an average learning time of 30 minutes:

Submodule A: Cybersecurity generic content (in scope of this SoW): this submodule will explain the core areas of cybersecurity and provide general cybersecurity awareness regarding adversaries and threats that may affect NATO in cyberspace. This submodule will be identical across all course families and may be reused as a stand-alone module for other target audiences, therefore promoting the use of a shared, homogenized taxonomy across all audiences, and enabling

coherency when addressing cybersecurity in NATO communities

Submodule B: family specific content (not in scope of this SoW): comprises three submodules that will align to the respective target audience family: End Users and Operators, System Administrators and CIS Hardware Maintainers. This targeted approach to the different target audiences will allow these sub-modules to align to specific threats that are associated with these audiences. For example, system administrators, because of the level of access they have in the systems under their responsibility, will need to adopt different risk management controls than an end user.

Submodule C: course specific content (not in scope of this SoW): this content will cover the specific cybersecurity considerations that are relevant and unique for each of the courses. By analyzing the existing course control documentation, the most relevant and applicable knowledge and skills will be tailored to address the cybersecurity risks associated with the systems covered by that parent course.

This SoW, to be finalized in 2022, only pertains to submodule A: Cybersecurity generic content. Submodule B and C will be developed in 2023 under a separate contract.

The intent is to add these cybersecurity modules to the various courses, without altering the overall structure and training program, by developing them as fully self-paced online modules. They can therefore be consumed by the students before attending the respective instructor-led course in the NCI Academy in Portugal. Students will be able to access the additional module from their own location and devices, at a time of their choosing. By completing the generic cybersecurity module (in addition to the parent course to which it is linked), the student will receive an additional completion certificate.

2.1.2 Tasks

The Contractor shall perform the following tasks:

Task 1 - Following guidance and initial Training Needs Analysis already conducted by NCI Academy Cyber instructors, propose generic Cybersecurity themes to be included in submodule A

Task 2 - Develop new Performance Objectives (POs) and Enabling Learning Objectives (ELOs) to account for the new content

Task 3 - Develop storyboards and interaction design for a SCORM compliant e-learning module

Task 4 - Develop all interactive content, e.g. video, animations, multiple choice test items etc.

Task 5 - Develop full e-learning module with a max duration of 30 minutes, covering all topics as defined in the Training Needs Analysis (see point 1), to be hosted on the NATO Learning Management System (JADL)

Note: the contractor is explicitly invited to propose an innovative approach to E-learning. Traditional ‘page turners’ with low interaction (and therefore limited learning effect) should be avoided. The NCI Academy is mainly looking for fresh approaches to e-learning in which learners are actually engaged, and are not forced to work through content they have already mastered, just to get a ‘check in the box’ (adaptive learning where possible)

2.2 Work Package 2: Uplift existing Cyber Hygiene e-learning module (ADL355)

2.2.1 Background

Over the last years, there have been various initiatives in NATO to increase enterprise wide awareness of Cyber Hygiene. One example pertains to the e-learning module ADL355 Cyber hygiene (approximate training time of 50 minutes), which was developed as a joint initiative between the Ministries of Defence of Estonia and Latvia. It was selected by the NATO Office of Security (NOS) for use as an awareness raising course for NATO HQ and has been added to the JADL portal for all NATO HQ staff. As the content is outdated in some areas, the NCI Academy aims to refresh / uplift the content as well the design where needed. After the uplift, the module should be fit for use for the entire NATO Enterprise.

2.2.2 Tasks

Task 1 - Following guidance and initial Training Needs Analysis already conducted by NCI Academy Cyber instructors, identify the content in the existing Cyber Hygiene module that need to be updated

Task 2 - Develop new Performance Objectives (POs) and Enabling Learning Objectives (ELOs) to account for the new content

Task 3 - Develop storyboards for the updated content

Task 4 - Create instructional design and develop all interactive assets for the updated content, e.g. video, animations, test items etc.

Task 5 - Integrate all updated content in the existing Cyber hygiene e-learning module, to be hosted on the NATO Learning Management System (JADL)

Note: the contractor is explicitly invited to propose an innovative approach to

E-learning. Traditional ‘page turners’ with low interaction (and therefore

limited learning effect) should be avoided. The NCI Academy is mainly

looking for fresh approaches to e-learning in which learners are actually

engaged, and are not forced to work through content they have already

mastered, just to get a ‘check in the box’ (adaptive learning where possible)

2.3 Roles and responsibilities

The work will be conducted in close collaboration between the contractor and the NCI Academy, as described in table 2-3, and will be based on the NATO standards (Ref A):

NCIA – NCI Academy:

• Managing Authority
• NCIA Project Management
• Learning Design and Development (LDD) Lead
• Cyber Training Branch Head
• Provider of direction and guidance for training needs analysis

Contractor:

• Design and develop the respective e-learning materials

3. SCHEDULE AND PRACTICAL ARRANGEMENTS

3.1 This is a deliverable based contract

3.2 Services will be provided 100% offsite but with occasional travel to the NATO offices in Brussels and/or Mons if needed (up to 2 trips). Travel requires the prior coordination with and approval of the NCIA Project Manager.

3.3 All travel and per diem costs shall be included in the Firm Fixed Price of this Contract, together with cost of lodging and subsistence costs for all individuals. There shall be no separate re-imbursement for travel and accommodation.

3.4 Services will be provided from 18 October 2022 (at the latest) to 20 December 2022.

3.5 The final deliverables (fully functioning e-learning modules, in accordance with the agreed on performance objectives) will need to be agreed with the Branch Head Cyber Training and the Branch Head Learning Design and Development in the NCI Academy.

3.7 Schedule of payments

Invoices shall be submitted and payment will be made after Purchaser’s written acceptance of the Delivery Acceptance Sheet (DAS) (Annex B), for the following deliverables:

Deliverable 1: Functioning E-learning module ‘Generic Cyber security considerations for CIS’ (Para.2.1.2 Tasks)

Delivery Date: 20 Dec 2022

Payment Amount: 50% of the total contract value

Deliverable 2: Functioning E-learning module ‘NATO Cyber Hygiene (uplift existing course ADL 335) (Para.2.2.2 Tasks)

Delivery Date: 20 Dec 2022

Payment Amount: 50% of the total contract value

Invoice to include the dully signed DAS and the EBA Receipt number shall be submitted to

Purchaser for payment in accordance with the Contractual Terms and Conditions.

Requirements

4. REQUIRED PERSONNEL QUALIFICATIONS

4.1 Contractor Course Development – MANDATORY Requirements

• Experience with Cybersecurity
• Experience with instructional design
• Experience with development of engaging online and blended learning technologies:
• Experience with working in an international environment comprising both military and civilian elements.
• Strong project management skills
• Experience with NCI Agency and NATO
• Knowledge of / practical user experience in the field of Cybersecurity

4.2 Contractor TNA – DESIRED Requirements

• Experience with NATO Global Programming and the Systems Approach to Training
• Experience in providing instruction on technical subjects to both non-technical personnel as well as technical specialists

Language Proficiency:

• Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).