Guidance

Remote Monitoring of Sensitive Sites Phase 2: Security and Resilience – FAQs

Updated 31 January 2024

1. Frequently Asked Questions (FAQs)

Q: How is the competition structured? Are you looking for three integrated systems or one system with 3 component parts?

A: We are looking to fund three different proposals (three integrated systems), with each proposal providing a full solution.

Q: There is an emphasis on collaboration, if you had to pick an ideal consortium, what would it involve?

A: It would answer the competition criteria and deliver against the competition document. Likelihood to be funded is based on how you answer the competition criteria.

If you do not have a solution that is viable on its own, we are looking for you to collaborate with others to deliver what we are looking for.

Q: Is SAPIENT a requirement?

A: It is not a requirement but it is the preferred platform. Would be interested in other platforms too. SAPIENT is mentioned due to the future exploitation of your product; the Nuclear Decommissioning Authority does not need SAPIENT but MoD and Home Office do.

It will be our responsibility to acquire permissions for any interface that has regulatory requirements.  

Q: We are thinking about a system that would integrate to SAPIENT. Are the Nuclear Decommissioning Authority flexible in the utility of the system?

A: We are looking for a replacement platform for existing security measures. We are open to seeing what is proposed. If it reached the market, we would need to ensure you are compliant with cyber security standards. If there is further capability for development in the future (with further time and funding), we advise you outline it within your proposal.

Q: Are there specific user requirements or preferences which would lead us to integrate with other mission management tool?

A: No, The Nuclear Decommissioning Authority do not have any specific needs. There are no plans to integrate this with existing security systems, the idea is to replace them.

Q: Is there a priority on interdiction or interest in slowing down the entities?

A: The priority is on interdiction, slowing down would be added value.

Q: During deployment, what is the magnitude of operating hours?

A: For 12 month deployment phase, we would like a solution that can run 24/7 for the full 12 month period.

Q: Are there any penalties if our system breaks down or needs repairing?

A: The 12 months are a test and evaluation phase. We are expecting a baseline capability that will develop over time. There will be time to test, adjust the solution and rectify any problems during this phase.

Q: Will feedback be provided during the 12 month test and evaluation phase?

A: There will be active feedback provided. Monthly meetings will be held so you can provide data and operators of the system can give feedback. The development of the system will be discussed with the operators. The frequency of these meetings can be adjusted as required. 

Q: Is there training required for users? Do we assume they are unfamiliar with equipment?

A: Yes, training for operators is included. The safety case will need your input and you will receive input from users on site. There will also be lessons learnt meetings to discuss feedback from those on site.

Q: How will the three systems funded be de-conflicted?

A: We cannot provide that detail as we do not know what proposals will be submitted or funded. Under safety cases, we will determine how it will be developed. The area we will use is sufficient enough to have significant gaps between each other.

Q: What is the size of the area?

A: We are awaiting confirmation on the size of the area. You do not need the full perimeter, only a sufficient amount to prove your system.

We are not expecting a full perimeter to be in place but will require a full deployment of your sensors/systems etc. This can be down to you to determine, and can be linear with sufficient deployment to prove systems. Scenarios will be completed against the system set-up, as if it were a full perimeter.

Q: What distances do we need to detect out to? Do systems that detect out to further distances have an advantage?

For the tests we want to see detection at the designated boundary point (fence or agreed demarcation point between the protective boundary and the asset we are protecting). Whilst greater range is a nice to have, it is not what we are asking for in this competition – additional capabilities beyond the ask should however be highlighted as value adding elements to the overall system.

Q: Is equipment covered by your insurances whilst on your site?

A: Yes, we would be responsible once the systems are in our control. This will be worked out when safety cases are produced.

Q: Would we be at a disadvantage if we provided a fully SAPIENT compliant system?

A: No, you would not be at a disadvantage. The Nuclear Decommissioning Authority do not need SAPIENT for this requirement but you may want to consider your solution being SAPIENT compatible.

Q: Can you provide more information on your priorities e.g. is threat detection preferred over autonomy?

A: The priority is a holistic system that can detect, interdict, track and send information to control room. Systems beyond that are of added value.

Q: From contracting perspective, could more money be made available?

A: We will not be able to provide additional funding. We will assess your bid based on what is in the proposal.

Q: System redundancy is mentioned in the competition document, is that a hard requirement for you?

A: We would like you demonstrate that it is a capability you can achieve.

Q: Will we be penalised if we do not submit a collaborative bid?

A: No, you will not be at a disadvantage if you do not submit a collaborative bid.

Q: What connectivity is there on site?

A: We will provide connectivity such as power and Wi-Fi. Further details will be provided to successful bidders. We are expecting data to be transferred elsewhere on site but the distance could be any.  

Q: At what point do you want the proposed system to identify friend or foe?

A: For test and evaluation phase, just the perimeter. We are asking for the proposed solution to detect, interdict, track then make assessment. Anything extra would be added value. We are also interested in seeing what other capabilities can be added within the budget.

Q: Is the ability to discriminate between unauthorised or authorised entities valued?

A: It is valued, we would like to be able to identify all entities on site, even those conducting routine business. The insider threat is a concern, hence we need to see everyone, and ideally interpret what they are doing to determine any potential malicious activities.

Q: Do the number of individuals on site fluctuate?  

A: Yes, the number of individuals on site will vary depending on the time of year, including sites that are unstaffed. You will be testing and evaluating on a live site with a number of individuals present.

Q: In Phase 1, what did you feel was not fulfilled?

A: The systems did not provide a whole holistic system which is why we have suggested collaboration for Phase 2.

Q: Will further One to One sessions become available?

A: No, for further advice and guidance we recommend contacting your local Innovation Partner or the DASA Help Centre.

Q: We have a solution that could be used intermittently throughout the year, is that suitable?  

A: We are look for a system that is robust and reliable a hundred percent of the time. If it is an integral part of your system, it must be on site 24/7.

Q: Will there be opportunities to enhance the system throughout the 12 month period?

A: Yes, the system can be developed and adapted once it is deployed, if it is within the scope of the original bid. You will not be able to completely replace your system.

Q: Must all solutions be UK sovereign capability, or can we use non-UK systems?

A: We are not opposed to it being a non-UK system but we can see the advantages of it being a UK based system.

Q: In terms of triggering the alarm, is there anything we should be aware of?

A: We use Perimeter Intrusion Detection Systems (PIDS) alarms. We would like to be able to detect the entity at the point it meets the demarcation line. If the entity can be detected earlier, that is value added.

Q: Do you require the system to track an entity for 60 minutes?

A: Yes, we would like the capability to maintain eyes on the entity for 60 minutes but this does not need to be done by one system.

Q: What object or collision avoidance will be needed?

A: As part of the initial 6 month development stage, you will acquire information about the test and evaluation site, including the no fly zones that need to be mapped into your system. Please note, failsafe mechanisms on drones result in them taking the most direct flight path, which may conflict with no fly zones.

Q: Are you looking for a system to make a decision on the action that should be taken?

A: We need real time information to be sent to the security control room, anything further would be value add.

Q: Should the system require minimal human interaction?

A: Yes, minimal to no human interaction. We need to know of every individual that is on the site, due to the insider threat. We would like a human to be able to take over and manage the system if necessary. 

Q: What data can be shared by the system? Are you looking for a Cloud based solution?

A: Until we understand your proposals we are unable to confirm what you will be allowed to do, however we will work with each successful bidder to determine what and how data is shared. Noting if working on our information in your own offices and ICT you will need to gain accreditation based on the sensitivity of that information – List-N and Cyber Essentials Plus for sensitive information.

Cloud based solutions are in scope but security checks would be required to identify what data is being exfiltrated from the system and where the data is going. We use Microsoft Cloud but not for all levels of communication.

Ideally this should be on-site and in a standalone system. Use of the cloud or other remote data capture will need to be assessed against the proposal on a case-by-case basis.

Q: Do I need to cost for the development of safety cases and permissions for deployment of our systems?

A: It is the site’s responsibility to gain permissions and develop safety cases, this will be done in consultation with you to ensure all the concerns aspects of your systems are catered for.

Q: Can systems with RF frequencies be used?

A: Any systems used will be reviewed to check for any issues that may affect the deployment site or surrounding area’s infrastructure and BAU (incorporated into safety cases). As the site does not operate an active nuclear plant, this is not anticipated to be a major concern

Q: Are you looking for references to real world scenarios?

A: No, the test and evaluation phase at a Nuclear Decommissioning Authority site will provide this environment. We are responsible for running the scenarios, so there should be no outlay to you – the system tests should be set-up to provide 24/7 coverage – so we can probe and test at any time in the 12-month deployment.