National Cyber Programme Fund – international call for bids: commercial cyber proliferation research
The National Cyber Fund is inviting project proposals by 30 September 2023 for its Global Leadership Pillar to deliver research on commercial cyber proliferation.
Documents
Details
The bidding deadline is 11:59pm British Summer Time (BST) on 30 September 2023.
The National Cyber Fund is inviting project proposals for its Global Leadership Pillar to deliver research on commercial cyber proliferation to help counter this emerging threat to UK interests and international security, and inform our international engagement.
Background
The UK aims to protect and promote our interests in and through cyberspace in support of national goals. It is vital that cyber actors use cyber capabilities in a way that is legal, responsible, and proportionate to ensure cyberspace remains a safe and prosperous place for everyone.
The UK is very concerned about the growing threat from the proliferation of commercial cyber capabilities and the irresponsible use of commercially-available advanced cyber capabilities. This rapidly-growing market encompasses a wide variety of products and services that allow anyone with the means to pay access to sophisticated capabilities, potentially for malicious use. It includes commercial spyware tools, system exploit brokers, hackers-for-hire offering bespoke hacking services, and a growing and diverse range of advanced capabilities available for purchase.
In a report released in April 2023, the UK’s National Cyber Security Centre (NCSC) assessed that the marketplace for these commercial cyber capabilities will almost certainly expand in the next 5years, leading to more cyber attacks and a more unpredictable threat landscape.
The UK is concerned about the transformative impact of this marketplace on the cyber threats faced by organisations and individuals in the UK and around the world, as well as the significant implications of the irresponsible use of these capabilities for our values.
Many of these tools have legitimate uses, but they must not be used in ways that threaten or undermine human rights and without appropriate safeguards and oversight in place. Ensuring all cyber capabilities, commercial or otherwise, are developed, sold and used in a way that is legal, responsible and proportionate is a policy priority for the UK.
As part of our commitment to take international action, the UK joined other likeminded nations at the Summit for Democracy in signing the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware. As announced at the UK-France Summit on 10 March 2023, the UK and France are also working together to take forward international action to tackle the threat posed by commercial cyber proliferation more broadly. We are working with international partners to better understand this growing issue and develop an appropriate international response.
Proposal
We are seeking proposals that will support the UK’s efforts to ensure that commercial cyber capabilities are developed, sold and used in a way that is legal, responsible and proportionate. Proposals should also support our work with international partners. Through this call for bids, we are looking to consider research focused on:
- mapping the ecosystem of commercially available advanced cyber capabilities – seeking to better understand the development, sale and use of advanced cyber capabilities (including spyware), and the role of prominent state and non-state actors across the ecosystem
- building a global view of perspectives on the development, facilitation and use of commercial cyber capabilities, including spyware – including the public perception and policy positions on commercial cyber tools and services across a broad range of countries around the world
- exploring potential policy and technical levers, and assessing their effectiveness – including which levers will assist in encouraging the responsible use of cyber tools, and understanding international willingness to implement these levers (or where they may already be in place)
- investigating what responsible behaviour could look like at each stage of the supply chain – including for vulnerability researchers, developers, brokers, companies, exporting countries, purchasers/using states
The outputs from this research will be used for informing UK foreign policy and work with international partners.
Guidance
The research will need to be completed by March 2024, with a mixture of quantitative and qualitative research, regular check-in points with FCDO and periodic reporting and publication (external publication can be explored) as projects progress (including a mid-way progress report).
We encourage potential bidders to consider how their work could cover different aspects of the research topics above sequentially or in parallel, what resource and skills could be needed to deliver it, and whether research partnerships may be required.
We expect proposals to have quantitative progress indicators and qualitative progress markers where relevant, alongside milestones to be met by researchers. These milestones, indicators and markers will be used by the implementer and the FCDO to assess effectiveness of proposed activity. Proposals should be aligned with and deliver measurable impact for the UK National Cyber Strategy, Pillar 4 (Global Leadership), objective 2: Shape global governance to promote a free, open, peaceful, and secure cyberspace.
Bidding
The budget for this research project is capped at £150,000. Prospective delivery partners and consortium leaders should provide tiered funding options for the research, outlining activity and outcomes within each option, for example, £50,000, £100,000 and £150,000.
Email proposals documents to Cyber.Events@fcdo.gov.uk by 11:59pm BST on 30 September 2023.
We will not consider proposals submitted after the deadline. All proposals must be in English and budgets must be in pound sterling (GBP)
Proposals must include:
- completed project proposal form (PPF)
- completed activity-based budget (ABB)
- staff daily rate card
- confirmation you are content to use the FCDO grant agreement or FCDO memorandum of understanding template
Who can bid
Bids are encouraged from academia, non-governmental organisations (NGOs), inter-governmental organisations and not-for-profit arms of commercial entities.
We welcome bids from consortiums led by non-for-profit organisations. Commercial organisations can join consortiums as part of a bidding team. The commercial element of the proposal, which can be sub-contracted by the not-for-profit organisation, should be proportionate.
Criteria for assessing proposals
Proposals will be assessed against:
- alignment with the requirements
- bidder’s previous experience, expertise, methodology, and project management approach
- project viability, including capacity and capability of bidder
- project design, including clear, achievable objectives/outputs/outcomes/impact
- good risk, issue and stakeholder management