7 minute read
The NCI Agency’s Not-For-Profit Framework
THE NCI AGENCY’S NOT-FOR-PROFIT
FRAMEWORK
A new Not-For-Profit contractual framework is helping to broaden NATO skillsets.
Jenny Beechener asks NCI Agency Senior
Contracting Assistant, Dace Skele Horvat, to explain what it is and how it will enhance NATO capabilities
73
74
Two research establishments became the first to secure contracts under the NCI Agency’s new Not-For-Profit Framework (NFPF) model in May 2022. Enacted in February 2022, the new cooperation model allows NATO, for the first time, to work directly with academic, scientific and research institutions from within NATO Nations.
Both contracts relate directly to emerging technologies: the NCI Agency retained Instituto de Telecomunicações in Aveiro, Portugal to study the military potential of 5G technologies; while Ingeniería de Sistemas para la Defensa de España (Isdefe,) Spain, is developing training for deployable communications. Two further procurements are already out to tender: one to develop a prototype transmission security (TRANSEC) layer for HF (high frequency) radio data communications; and a second addressing key artificial intelligence (AI) technologies.
NCI Agency Senior Contracting Assistant, Dace Skele Horvat, explains much of this knowledge does not lie with the Agency, or indeed with industry yet; and if it does – particularly on the industry side, their participation in the early stages of the capability development may require exclusion from the prospective implementation contracts. “We are looking at new capabilities and trends to find out what is deployable.” Among potential work areas, the Agency seeks support through technical studies and analysis, consultancy support, research and development, concept development and experimentation. A long list of target technology domains includes wireless and mobile communications, satellite communications, spectrum management and policy, incident management, information technology (IT) infrastructure, network and system architecture, cyber security, cloud computing and electronic warfare. “We want to start in the research phase – rather than capability delivery – with the NFP organizations and use the outcome of the work as inputs for subsequent implementation phases of projects.” In essence, the contractual model provides the Agency with access to external scientific support for technical projects within NATO, while NFP institutions gain exposure to NATO user requirements and the ability to support the Alliance.
HOW DOES IT WORK?
The NFPF cooperation model is a two-step contracting process. Applicant institutions first submit their application and agree to the NFPF Terms and Conditions, while the Agency seeks a Declaration of Eligibility endorsed by their country of origin – applying the same rigorous procedures as used in industrial contracts. Once this administrative activity is completed, the NFPs become eligible to bid for NFPF task orders in support of specific NCI Agency requirements. The framework complements existing cooperating and contracting processes with industry and is designed to extend across capability delivery.
The procurement process tends to be shorter than traditional industry partnerships. “The submission period may be as short as four weeks with the results of a tender announced within six to eight weeks, providing us with much faster access to these skills,” adds Dace Skele Horvat. This is due in part to smaller contract sizes, but also reflects a shift to off-the-shelf technologies and shorter development cycles.
In a two-way cooperation, successful NFP organizations and national defence laboratories gain access to funding for research and development activities and the opportunity to bring the NATO perspective into their day-to-day work.
WHAT DOES IT ACHIEVE?
“It provides a new sourcing method for acquiring pre-defined expertise and skills, in particular those aligned with the Skills Framework for the Information Age (SFIA),” explains Dace Skele Horvat. “It taps into nascent competencies within these institutions and areas that NATO has not been able to access before.” SFIA identifies the skills and competences needed in the digital world. Securing this pre-defined expertise supports the chartered mission of the NCI Agency, namely the delivery of Command, Control and Communications (C3) capabilities and Communication Information Systems (CIS) services. “The NFPF expands the Agency’s cooperation ecosystem and diversifies the NATO supply chain while at the same time contributing to wider engagement by nations in the Agency’s work.”
Most importantly, the NFPF model enables NATO to fill a gap within existing capabilities and to source future technology requirements. It helps to meet the challenge of bringing the best technologies and expertise into the Alliance while increasing the Agency’s capacity to deliver. And, it is a win-win solution on all fronts – for NATO, the NFPs and the NATO nations, with the Agency engaged in systemic and structured cooperation with the national academic, scientific and research institutions through a comprehensive and inclusive collaboration scheme.
75
INDUSTRY PERSPECTIVE
A new approach to cyber security
The Chief Security Strategist and VP for Global Threat Intelligence at Fortinet’s FortiGuard Labs highlights why organizations need a new approach to cyber security as the threat landscape becomes more complex and sophisticated
Derek Manky
Why do organizations undergoing a digital transformation need a new approach to cyber security?
With digital transformation, of course, comes change to architectures – hardware, software, people, process and procedures. That is a paradigm shift for defenders, as with digital transformation comes a more complex attack surface; an attack surface that is volatile and which needs to be monitored and tuned for agile response. Traditional approaches to cyber security can simply not keep up, so a new approach is needed that leverages automation, zero trust, AI-powered security operations and actionable threat intelligence. Defenders also need to start looking more to the left of the kill chain, as sophisticated targeted and destructive attacks are on the rise. That means counterintelligence solutions to combat reconnaissance efforts from the adversary, as well as deception environments to slow the adversary down.
Can you describe what the Fortinet cyber security mesh architecture is and how it helps defend networks and data?
As the attack surface continues to expand, the skills gap continues and the threat landscape continues to evolve, organizations need a new approach to secure their extended network. Fortinet provides organizations with a journey to integrate point products into a cyber security platform. The Fortinet Security Fabric or ‘cyber security mesh architecture’ spans the extended digital attack surface and enables self-healing security to protect devices, data and applications. It reduces complexity through integration and automation, enables faster time-to-prevention and detects threats. This integration and automation also bridges the skills gap that has to be filled in order to be able to respond to threats such as ransomware and destructive wipers.
What is Fortinet’s SASE (Secure Access Service Edge) offering and how does it differ from other available solutions?
FortiSASE delivers a comprehensive Secure Access Service Edge (SASE) solution that extends the convergence of networking and security from the edge to remote users. FortiSASE converges clouddelivered networking (SD-WAN – Software-Defined Wide Area Network) and cloud-delivered security (SSE (Security Service Edge)) comprised of secure web gateways, universal ZTNA (Zero Trust Network Access), CASB (Cloud Access Security Broker) and Firewall-as-a-Service - FWaaS). It enables customers to achieve a few vital things. For example, it enables the customer to overcome security gaps and minimize the attack surface. In addition, it is able to deliver superior user experience with intelligent steering and dynamic routing via SD-WAN. It also helps simplify operations with cloud-delivered management and enhanced security and networking analytics. Finally, FortiSASE enables a shift to an OPEX (Operating Expenses) business model with simple user- and device-based tiered licensing.
Can you describe how Fortinet embeds Artificial Intelligence (AI) into its cyber threat detection capabilities?
Fortinet has been a leader in AI and machine learning (ML) for over a decade. For example, the Fortinet Security Fabric includes ML and AI applied to areas where organizations will benefit the most, such as investigating web traffic, detecting malicious objects, tracking malicious web campaigns, zero-day detection, and more. Our network firewalls are ML-enabled, but we also provide a complete ML-enabled Security Fabric. This enables us to help customers use the technology to scale, enhance, predict and reduce time-to-detect. Fortinet also supports in-line sandboxing through ML for real-time protection of advanced persistent threats. Virtual analyst support is another way in
which Fortinet embeds and leverages AI through supervised learning approaches, allowing the end user to tune ML models.
What other technologies is Fortinet developing to deliver data and network security in the future?
For organizations today, operational complexity is slowing down digital initiatives. Applications are distributed in the data centre, in the cloud and as a service (aaS). Furthermore, users are in constant movement across home, office and travel. Complexity is a key challenge to take back control of environments. In addition, Chief Information Officer and Chief Information and Security Officer teams often operate in separate silos. This means that teams are often forced to choose between preserving user experience or properly securing their network. Organizations can overcome these challenges and improve operational efficiency by breaking down organizational silos and choosing solutions that converge networking and security. Fortinet has been a driving force in the evolution of cyber security, networking and security convergence since the company was founded and will continue to lead the convergence trend with a wide range of technologies.
