Active

Contract Opportunity

Procurement Technical Assistance Centers (PTACs) are an official government contracting resource for small businesses. Find your local PTAC (opens in new window) for free government expertise related to contract opportunities.

Expression of Interest

INL-23-012

Cybersecurity Skills Training for Energy Sector Workforce

I. scope

Battelle Energy Alliance, LLC (BEA), Management & Operating Contractor of the U.S. Department of Energy (DOE)-owned Idaho National Laboratory (INL), is seeking an Expression of Interest (EOI) from prospective offerors to provide CEU/CPE-accredited industrial control systems cybersecurity training and exercise support services that match the capabilities and descriptions below for up to 200 participants at each of six CONUS and two OCONUS locations on the dates specified below for the energy sector to address knowledge and skill gaps in personnel requiring hybrid skillsets across information technology (IT), operational technology (OT), cybersecurity, and operations.

BEA has determined that professional event management, advanced technologies, and in-depth expertise are needed to support each of these training events. Training will be in-person and conducted over three days. There will be no virtual options for this training. Days 1 and 2 will offer two concurrent tracks and participants can select one of the two tracks. Day 3 will have only one track which will be attended by all the participants.

Subcontractor will be required to perform the following tasks for the specified dates and locations below:

• On day one of each training event, the subcontractor shall teach a full-day training class on the fundamentals of industrial control systems cybersecurity. This course serves the purpose of introducing people into the field of industrial control systems (ICS) / operational technology (OT) and the cybersecurity considerations unique to securing these environments. These environments range from electric, water, and gas utilities and infrastructure to oil and gas, petrochemical, manufacturing, pharmaceutical, data centers, and even airports. Students should learn key terminology and fundamentals of industrial environments such as PLCs, DCS, SCADA, EWS, and HMIs, key industrial network protocols, and how ICS/OT and the physical process work together. They should also learn the five critical controls of ICS/OT and how to apply them to efficiently and effectively enhance the industrial cybersecurity of any modern industrial automation environment.


• On day two of each training event, the subcontractor shall teach four half-day courses/workshops covering the following topics and information geared toward energy asset owners and operators.
  
  
  
  • Practical Open Source Intelligence Techniques for Defense: This class will cover key open source intelligence (OSINT) skills that analysts can use to improve their situational awareness and insights and will cover operational security (OPSEC) considerations, Image Analysis, working with large datasets and Dark Web investigation.
  
  
  • Cyberthreat Intelligence: During this course, instructors will present the major threat trends observed during the past year and specifically related to the Ukraine/Russia conflict and discuss how cyber threat intelligence (CTI) teams can support operations and decision-making during such times of crisis.
  
  
  • Workshop - Defending Against State Sponsored Attackers: This shall be a hands-on workshop that provides at least four approaches to foil attackers in a repeatable and verifiable way. Participants should learn how to rapidly harden systems in a low risk, evidence-based approach.
  
  
  • ICS Security for Leaders and Managers: The course should empower leaders and managers responsible for securing critical infrastructure and OT/ICS environments. The main topics covered and discussed shall include managing the people, processes, and technologies necessary to create and sustain a lasting OT/ICS cybersecurity risk program while promoting a culture of collaboration and safety, and how to report security risks to stakeholders while maintaining the safety and reliability of engineering operations.
  
  
  
  


• On day three of each training event, the subcontractor shall provide a red team / blue team challenge competition for up to 200 participants. Participants shall be required to work through a series of interactive learning scenarios that enable OT security professionals to develop and master the real-world, in-depth skills they need to defend real-time systems. This day is designed as a challenge competition and shall be split into separate levels so that advanced players may quickly move through earlier levels based on their expertise. This event shall be themed for the electricity industry and the accompanying scenario provided shall be coordinated to align with industry exercise events. The scenario shall be designed around the complex nature of distributed wide-area control systems found in critical infrastructure sectors like electric system operations. Utilizing a variety of real-world technologies found in electrical generation and distribution systems, the challenges shall be themed to the power system scenario, though the technology, protocols, architectures, and lessons learned are applicable across numerous critical infrastructure sectors beyond the electric sector. Participants should be able to choose to compete as an individual or team up with peers and colleagues to work together as they would in a real-world event.
  
  
  
  • The contractor shall provide all the necessary back-end hardware and software including websites, coding, hosting, scoring, on-line monitoring analysis of transmitters for calibration verification, participant registration and accounts, and other technologies to design, construct, and deliver a real-time event that matches the description in the previous paragraph.
  
  
  
  


• The contractor shall provide event-management for each training events to include securing space, registration, and other event necessities. Tentatively, eight events are planned in FY2024 (October 2023 through September 2024) at different locations throughout the United States.

II. SUBMITTAL REQUIREMENTS

In response to this EOI, interested companies shall submit a qualifications package addressing the following criteria (note that all documented experience shall be within the past five (5) years):

• Company experience and expertise providing in-person training courses and exercises on ICS cybersecurity topics for the energy sector (past experience should be similar in size and complexity to the scope stated herein).


• Company experience and expertise deploying hands-on ICS cybersecurity challenge competitions, including all hardware/software and backend support systems.


• Company experience and expertise handling event management for up to 200 people.

III. Submittal INFORMATION

Interested companies shall submit a qualifications package via email to Dan Stout, Contract Specialist Supervisor (daniel.stout@inl.gov) by close-of business on Tuesday, September 5, 2023. The submittal must include sufficient information confirming the responder’s qualifications as a potential offeror under a possible future RFP. Note that qualification packages must be no more than five (5) pages in length.

Questions and/or comments regarding this EOI should be addressed to Dan Stout (daniel.stout@inl.gov). Please note that all questions must be submitted in writing via email.

Attachments/Links