Cyber Security of Automotive Systems (W7701-166085/A)
- Publishing status
- Publication date
- Amendment date
- Date closing
- 2015/11/19 14:00 Eastern Daylight Time (EDT)
- Reference number
- Solicitation number
- Region of delivery
- Notice type
- Notice of Proposed Procurement (NPP)
- Trade agreement
- Agreement on Internal Trade (AIT)
- Tendering procedure
- The bidder must supply Canadian goods and/or services
- Procurement entity
- Public Works and Government Services Canada
- End user entity
- Department of National Defence
- Contact name
- Piras, Gabriel
- Contact phone
- (418) 649-2870 ( )
- Contact fax
- (418) 648-2209
- Contact address
601-1550, Avenue d'Estimauville Québec Québec G1J 0C7
The following statistics are only for the English page and are provided in close to real time. To calculate the total activity for a tender notice, you will need to add the English and French statistics.
- Page views
- Unique page views
- Tender notice updates
- Get notifications for this tender notice:
For more information on notifications, visit the Follow Opportunities page.
Trade Agreement: Agreement on Internal Trade (AIT) Tendering Procedures: The bidder must supply Canadian goods and/or services Competitive Procurement Strategy: Comprehensive Land Claim Agreement: No Nature of Requirements: TITLE : CYBER SECURITY OF AUTOMOTIVE SYSTEMS 1 Objective Automotive vehicles like cars and trucks are pervasively computerized. A car produced in 2014 may include up to 100 computers (Electronic Control Units or ECUs) that run 60 million of lineof codes and manage 145 actuators and 75 sensors. These ECUs exchange up to 25 gigabytes of data every hour on the vehicle internal communication bus, usually the Controller Area Network (CAN) bus. Also, au-tomotive vehicles are more interconnectedthan ever, with many wired and wireless communication interfaces with elements outside the vehicle. In the last three years, the hacking community has demonstrated many times the possibility to compromise the cyber security of cars. Cyber-attacks on information technologies like personal computers and servers usually result mostly in immaterial damages like the loss, the alteration or the theft of information or money, and the disruption of operation. In the case of vehicular systems, cyber-attacks areamore important concern since the safety of their us ers or the other users on the road might be at stake. There is a need to study the security of automotive vehicles, including understanding their vulnerabilities and assessingthe potentialmitigation measures. The first need, understanding the pr oblem, re quires appropriate tools and methodologies. The second need, studying mitigation measures, implies testing existing technologies and studying up coming regulations andguidelines. This work will exploit and extend software developed by DRDC Valcartier. This software, CANpy, exploit an open source software called SocketCAN (see AD1 below for more information). CANpy is developed in Python language and works on Linux.CANpy provides the following functionalities: data logging, interacting with the bus (sending CAN 2.0A and 2.0B messages, reacting to a message), ECU discovering, and visualizing message (basic). CAN messages can be filtered and multiple CANsockets canbe opened atthe same time. Protocols ISO 14229, ISO-TP/ISO-15765, J1939 message format and J1939 Broad Announce Message and Connection Module are supported. CANpy uses US B2CAN devices for connecting to the CAN bus and can run on BeagleBone devices. T his statement of work describes the work required for conducting such study. The Work includes a firm portion and a portion to be performed on an "as and when requested basis" using a Task Authorization (TA). Firm portion of the Work : Conduct an assessment of the cyber security of automotive vehicles : The Contractor must conduct an assessment of the cyber security of automotive vehicles with a focus on the intra vehicular communications elements. The firm portion of the Work isdivided as follows : - Characterize an automotive vehicle - Find vulnerabilities and security measures (Option 1 of 2) - Develop and demonstrate exploits (Option 2 of 2) Portion of the Work to be performed on an "as and when requested basis" usin g a Task Authorization Task 1, Characterize an automotive vehicle Task 2, Find vulnerabilities and security measures Task 3, Develop and demonstrate exploits Task 4, Conduct Synthesis Task 5, Identify potentialmitigationmeasuresthat could prevent the exploit of vulnerabilities on the vehicle Task 6, Test mitigation measures Task 7, Develop testbed of some vehicular functions for lab study Task 8, Develop testing procedures and conduct field trials Task 9,Assess vehicle security standards and protocols Task 10, Develop cyber security standard testing procedures 2 Additional Information : The organization for which the services are to be rendered is Defence Research and Development Canada - Valcartier (DRDC - Valcartier). The period of theContract is from date of Contract to March 31st, 2019, inclusive. For the firm portion of the Work : - All the deliverables for the work described at Section 5.1.1 of the Statement of Work must be received on or before March 31, 2016. - All the deliverables for the optional work described at Sections 5. 1.2 and 5.1.3 of the Statement of Work must be received no later than 3 months after exercise of each option. The work is divided into two portions, a firm portion and a portion to be performed on an "as and when requested basis" using a Task Authorization (TA). The estimated amount of available funding for the firm portion of the Work is $205,000.00, Applicable Taxes extra. The estimatedamount ofavailable funding forthe portion of the Workto be performed on an "as and wh en requested basis" using a TA is $620,000.00, Applicable Taxes extra. The Contract includes no obligation for Canada to have the TA portion of the Work performed. A contract with Task Authorizations (TAs) is a method of supply for services under which all of the work or a portion of the work will be performed on an "as and when requested basis". Under contracts with TAs, the work to be carried out can be defined but theexact nature and timeframes of the required services, activities and deliverables will only be known as and when the service(s) will be required during the period of the contract. A TA is a structured administrativetool enabling the Crown to authorize work by a contractor on an"as and whenrequested" basis in accordance with the conditions of the contract. TAs are no t individual contracts. Defence Research and Development Canada - Valcartier has determined that any intellectualproperty rights arising from the performance of the Work under the resulting contract will belong to Canada. Work must be executed at Defence Research and Development Canada, Valcartier Research Centre (2459, de la Bravoure Rd., Québec, QC, G3J 1X5, CANADA). Thereason is that the automotive vehicle(s)to be stud ied is located in DRDC and is required for conducting most of the work. Th e vehicle must stay in DRDC because of the conditions of the loan to DRDC and the needfor DRDC employees to access the vehicle from time to ti me.Tasks involving document reading, report writing, data analysis or vulnerability assessment on individual ECUs out of the vehicle context, fo r which the vehicle is not required and no controlled goods are involved can be performed at Contractors location of preference. There is a security requirement associated with this requirement. For additional information, consult Part 6 - Security, Financial and Other Requirements, and Part 7 - Resulting ContractClauses. Bidders should consult the "Security Requirements for PWGSC Bid Solicitations - Instructions for Bidders" (http://www.tpsgc-pwgsc.gc.ca/app-acq/lc-pl/lc-pl-eng.html#a31) document o n the Departmental Standard Procurement Documents website. Bidders must provide a list of names,or other related information as needed, pursuant to section 01 of Standard Instructions 2003. For services requirements, Bidders in receipt ofa pension or a lump sum payment must provide the required information as detailed in article 3 of Part2 of the bid solicitation. The requirement is subject to the provisions of the Agreement on Internal Trade (AIT). The requirement is limited to Canadian goods and/or services. This procurement is subject to the Controlled Goods Program. Delivery Date: Above-mentioned The Crown retains the right to negotiate with suppliers on any procurement. Documents may be submitted in either official language of Canada.
Government of Canada (GC) tender notices and awards, solicitation documents and tender attachments are available free of charge and without registration on Buyandsell.gc.ca/tenders, the authoritative location for GC tenders.
You may have received this tender notice or award through a third-party distributor. The Government of Canada is not responsible for any tender notices and/or related documents and attachments not accessed directly through Buyandsell.gc.ca/tenders.
This Government of Canada tender notice or tender award carries an Open Government Licence - Canada that governs its use. Related solicitation documents and/or tender attachments are copyright protected. Please refer to the section about Commercial Reproduction in the Buyandsell.gc.ca Terms and Conditions for more information.