Cyber Security of Automotive Systems (W7701-166085/A)

New! CanadaBuys is here! Suppliers register today!

Register now to ensure you transition to doing business with the new Government of Canada procurement service. Click here to get started.

Tender Notice


Publishing status


Publication date
Amendment date
Date closing
2015/11/19 14:00 Eastern Daylight Time (EDT)


Reference number
Solicitation number
Region of delivery
Notice type
Notice of Proposed Procurement (NPP)
Trade agreement
  • Agreement on Internal Trade (AIT)
Tendering procedure
The bidder must supply Canadian goods and/or services
Procurement entity
Public Works and Government Services Canada
End user entity
Department of National Defence

Contact Information

Contact name
Piras, Gabriel
Contact phone
(418) 649-2870 ( )
Contact fax
(418) 648-2209
Contact address
601-1550, Avenue d'Estimauville
G1J 0C7


The following statistics are only for the English page and are provided in close to real time. To calculate the total activity for a tender notice, you will need to add the English and French statistics.

Page views
(English page)
Unique page views
(English page)
Tender notice updates
Get notifications for this tender notice:
RSS feed   Atom feed
For more information on notifications, visit the Follow Opportunities page.


Trade Agreement: Agreement on Internal Trade (AIT)
Tendering Procedures: The bidder must supply Canadian goods and/or services
Competitive Procurement Strategy: 
Comprehensive Land Claim Agreement: No
Nature of Requirements: 


1 Objective

Automotive vehicles like cars and trucks are pervasively computerized. 
A car produced in 2014 may include up to 100 computers (Electronic Control Units or ECUs) that run 60 million of lineof codes and manage 145 actuators and 75 sensors. These ECUs exchange up to 25 gigabytes of data

 every hour on the vehicle internal communication bus, usually the Controller Area Network (CAN) bus. Also, au-tomotive vehicles are more interconnectedthan ever, with many wired and wireless communication interfaces with elements outside the vehicle. In the last three years, the hacking community has demonstrated many times the possibility to compromise the cyber security of cars. Cyber-attacks on information technologies like personal computers and servers usually result mostly in immaterial damages like the loss, the alteration or the theft of information or money, and the disruption of operation. In the case of vehicular systems, cyber-attacks areamore important concern since the safety of their us

ers or the other users on the road might be at stake.

There is a need to study the security of automotive vehicles, including 

understanding their vulnerabilities and assessingthe 
potentialmitigation measures. The first need, understanding the pr
oblem, re
quires appropriate tools and methodologies. The second need, studying mitigation measures, implies testing existing technologies and studying up

coming regulations andguidelines. 

This work will exploit and extend software developed by DRDC 
Valcartier. This software, CANpy, exploit an open source software 
called SocketCAN (see AD1 below for more information). CANpy is developed in Python language and works on Linux.CANpy provides the following functionalities: data logging, interacting with the bus (sending CAN 2.0A and 2.0B messages, reacting to a message), ECU discovering, and visualizing message (basic). CAN messages can be filtered and multiple CANsockets canbe opened atthe same time. Protocols 
ISO 14229, ISO-TP/ISO-15765, J1939 message format and J1939 Broad Announce Message and Connection Module are supported. CANpy uses US
B2CAN devices for connecting to the CAN bus and can run on BeagleBone devices. 


his statement of work describes the work required for conducting such study.

The Work includes a firm portion and a portion to be performed on an 
"as and when requested basis" using a Task Authorization (TA).    

Firm portion of the Work : Conduct an assessment of the cyber security of automotive vehicles :
The Contractor must conduct an assessment of the cyber security of automotive vehicles with a focus on the intra vehicular communications elements. The firm portion of the Work isdivided as follows :
- Characterize an automotive vehicle  
 - Find vulnerabilities and security measures (Option 1 of 2)
 - Develop and demonstrate exploits (Option 2 of 2)

Portion of the Work to be performed on an "as and when requested basis" usin

g a Task Authorization 
Task 1, Characterize an automotive vehicle
Task 2, Find vulnerabilities and security measures
Task 3, Develop and demonstrate exploits
Task 4, Conduct Synthesis
Task 5, Identify potentialmitigationmeasuresthat could prevent the exploit of vulnerabilities on the vehicle
Task 6, Test mitigation measures
Task 7, Develop testbed of some vehicular functions for lab study
Task 8, Develop testing procedures and conduct field trials
Task 9,Assess vehicle security standards and protocols
Task 10, Develop cyber security standard testing procedures

2 Additional Information :

The organization for which the services are to be rendered is Defence Research and Development Canada - Valcartier (DRDC - Valcartier).

The period of theContract is from date of Contract to March 31st, 
2019, inclusive.
For the firm portion of the Work : 
- All the deliverables for the work described at Section 5.1.1 of the Statement of Work must be received on or before March 31, 2016.
- All the deliverables for the optional work described at Sections 5.
1.2 and 5.1.3 of the Statement of Work must be received no later than 3 

months after exercise of each option.

The work is divided into two portions, a firm portion and a portion to be performed on an "as and when requested basis" using a Task Authorization (TA).  

The estimated amount of available funding for the firm portion of the Work is $205,000.00, Applicable Taxes extra. The estimatedamount ofavailable funding forthe portion of the Workto be performed on an "as and wh

en requested basis" using a TA is $620,000.00, Applicable Taxes extra.

The Contract includes no obligation for Canada to have the TA portion 
of the Work performed.

A contract with Task Authorizations (TAs) is a method of supply for services under which all of the work or a portion of the work will be performed on an "as and when requested basis". Under contracts with TAs,

 the work to be carried out can be defined but theexact nature and timeframes of the required services, activities and deliverables will only be known as and when the service(s) will be required during the period of the contract. A TA is a structured administrativetool enabling the Crown to authorize work by a contractor on an"as and whenrequested" basis in accordance with the conditions of the contract. TAs are no

t individual contracts.

Defence Research and Development Canada - Valcartier has determined 
that any intellectualproperty rights arising from the performance of 
the Work under the resulting contract will belong to Canada.

Work must be executed at Defence Research and Development Canada, Valcartier Research Centre (2459, de la Bravoure Rd., Québec, QC, G3J 1X5, CANADA). Thereason is that the automotive vehicle(s)to be stud
ied is located in DRDC and is required for conducting most of the work. 

e vehicle must stay in DRDC because of the conditions of the loan to DRDC and the needfor DRDC employees to access the vehicle from time to ti

me.Tasks involving document reading, report writing, data analysis or vulnerability assessment on individual ECUs out of the vehicle context, fo

r which the vehicle is not required and no controlled goods are 
involved can be performed at Contractors location of preference.

There is a security requirement associated with this requirement.  For additional information, consult Part 6 - Security, Financial and Other Requirements, and Part 7 - Resulting ContractClauses.  Bidders should consult the "Security Requirements for PWGSC Bid Solicitations - Instructions for Bidders" ( document o

n the Departmental Standard Procurement Documents website.

Bidders must provide a list of names,or other related information as needed, pursuant to section 01 of Standard Instructions 2003. 

For services requirements, Bidders in receipt ofa pension or a lump 
sum payment must provide the required information as detailed in 
article 3 of Part2 of the bid solicitation.

The requirement is subject to the provisions of the Agreement on Internal Trade (AIT).

The requirement is limited to Canadian goods and/or services.

This procurement is subject to the Controlled Goods Program.
Delivery Date: Above-mentioned

The Crown retains the right to negotiate with suppliers on any procurement.

Documents may be submitted in either official language of Canada.

Access and terms of use

Government of Canada (GC) tender notices and awards, solicitation documents and tender attachments are available free of charge and without registration on, the authoritative location for GC tenders.

You may have received this tender notice or award through a third-party distributor. The Government of Canada is not responsible for any tender notices and/or related documents and attachments not accessed directly through

This Government of Canada tender notice or tender award carries an Open Government Licence - Canada that governs its use. Related solicitation documents and/or tender attachments are copyright protected. Please refer to the section about Commercial Reproduction in the Terms and Conditions for more information.

Solicitation Documents

Related Award Notices

Related Contract History