ENISA Thematic Threat Landscape 2016

Negotiated procedure - maximum budget for Lot 1 - €25.000 and Lot 2 - €25.000

ENISA aims at procuring services concerning ‘Thematic Threat Landscapes’ in the context of ENISA 2016 Work Programme; Work Package 1.2, Deliverable 2 – “NIS Threats Landscape Analysis”. This project will therefore be tendered with 2 separate Lots.

LOT 1 - Ad-hoc and sensor networking for M2M communications Threat Landscape and good practice guide.

The first thematic threat landscape concerns Adhoc and sensor networking focusing on Machine to Machine (M2M) Communications. Adhoc networks are decentralized networks that do not need to rely on pre-existing architecture, they consists of a number of nodes spread across an area which can establish "On-the fly", self-configuring networks between the peers. Examples of Adhoc network protocols and implementations are; mobile ad hoc network (MANET), Vehicular ad hoc networks (VANETs), Smartphone ad hoc networks (SPANs) or Military / Tactical MANETs. The architectural framework of Adhoc networks together with the M2M communication model is steadily growing as they are being used in different emerging sectors and technologies such as; Industry (Industrial Internet or Industry 4.0), Internet of Things (IoT), Smart cities (including smart transportation) and healthcare. The focus of this project is to analyse the evolving threat environment, both from the stakeholder and EU policy makers’ perspective by identifying evolving threats, risks and challenges.

LOT 2 - Embedded Systems and Hardware Programming.

A second thematic threat landscape concerns the area of ‘Embedded Systems and Hardware Programming’. With this thematic area ENISA would like to cover all threats that run “under the radar” of most security defences, by attacking components that are close to the physical layer of hardware devices. Such incidents have impacted the cyber-security community because they add a new quality to cyber-attacks: they are very difficult to detect and survive operating system re-installation. In other words, the most efficient remediation of this attack would be to replace affected devices. Though not new, this family of threats has been assessed to be on an increasing trend and has gained importance as one of the successful, yet difficult to defend attack vectors. In this thematic landscape, relevant assets will be identified and their exposure will be assessed. Examples of such assets are micro-kernel OSs, firmware architectures and their low level code, memory sub-systems, standard device interfaces, hardware programming, graphic cards, etc. The structure of the work to be conducted and the expected content will be identical to the previous thematic landscapes developed by ENISA - see Big Data report. and SDN report

Submit your interest for one or both Lots by 9th March 2016 to be invited.