This EU public procurement with an indicative budget of 1.5 million EUR is primarily open to any management consulting firms, IT service providers and cyber security companies as individual entities or as part of a consortium. The successful tender of the call entitled “Connecting Europe Facility (CEF): Cybersecurity digital service infrastructure establishment of a core service platform cooperation mechanism for Information Sharing and Analysis Centres (ISACs) facilities manager” will sign a 3 years contract with the European Commission.

The increased cyber threat landscape and the heightened risk to the Digital Single Market from failure of our digitally enabled and 5G connected essential services requires us to dramatically improve cybersecurity operational cooperation. One key mechanism for empowering such cooperation is through Information Sharing and Analysis Centres (ISACs).

The successful tender of this call (tender reference number: SMART 2018/1022) will assist in resourcing the establishment and further development of European level sectoral ISACs covering all the sectors and subsectors identified by the NIS Directive (Annex II), such as in the health, water, digital infrastructure and transport sectors.

In particular, the selected company/organisation or consortium of companies/organisations will be contracted to provide to the European ISACs for a period of three years support such as:

  • Logistical support (e.g. organise meetings, event, workshops, etc.)
  • Advice (e.g. on EU competition law, GDPR, etc.)
  • Thematic analysis (e.g. cyber threat intelligence)
  • IT platform support
  • Subscription based services

This procurement arises from the Connecting Europe Facility (CEF) Telecom Work Programme 2018 which aims to support cybersecurity capacity building and operational cooperation for Operators of Essential Services (OES) and Digital Service Providers (DSPs) under the NIS Directive.

ENISA, the EU Agency for cybersecurity, will be a key partner in the process of establishing and further developping European level sectoral ISACs in accordance with its new strengthened and permanent mandate under the EU Cybersecurity Act.

Background information

The concept of Information Sharing and Analysis Centres (ISACs) has existed for over a decade in cybersecurity in Europe. They generally involve structured and voluntary secure information sharing between trusted colleagues from both suppliers and operators in a particular industrial sector. ISACs can assist with improved cybersecurity preparedness, situational awareness and coordinated vulnerability disclosure. 

In the Joint Communication to the European Parliament and the Council “Resilience, Deterrence and Defence: Building strong cybersecurity for the EU”, the role of ISACs was cited as particularly important in creating the necessary trust for sharing information between the private and public sector. The European Commission together with the support of ENISA is committed to this approach and in particular with regard to sectors providing essential services (OES) as identified in the NIS Directive. In Europe, there have already been efforts in establishing European level ISACs in the financial sector (FI-ISAC) and more recently in the energy sector (EE-ISAC).