TERMS OF REFERENCE

As a Critical Information Infrastructure Protection Training Developer, the consultant will play a pivotal role in designing and developing a comprehensive curriculum and training materials focused on identifying and protecting Critical Information Infrastructure (CII) assets and services. The training program aims to enhance incident response and cybersecurity capabilities, ensuring the proper functioning of critical infrastructure services like energy supply, telecommunications, financial systems, drinking water, and governmental services, which are reliant on the proper functioning of Critical Information Infrastructures (CII).

Curriculum Development:

• Develop a well-structured and comprehensive training curriculum for the Critical Information Infrastructure Protection programme.
• Design and organize the content into chapters to facilitate effective learning and skills development.

The suggested structure for the Critical Information Infrastructure Protection training course:

Course Title: Critical Information Infrastructure Protection Training

Chapter 1: Introduction to Critical Information Infrastructure (CII)

• Understanding the significance of Critical Information Infrastructure (CII) in modern society.
• Interdependency with Critical Infrastructure (CI) services (e.g., energy supply, telecommunications, financial systems, etc.).
• Overview of various cyber threats and attacks that pose risks to Critical National Information Infrastructure (CNII).
• Real-world examples and case studies of cyber incidents targeting CII.
• Identifying and understanding challenges faced by governments and stakeholders in safeguarding CII. Strategies to overcome common challenges and enhance CII protection.

Chapter 2: Developing Critical Information Infrastructure Protection Plans

• Importance of robust Critical Information Infrastructure Protection (CIIP) plans.
• Risk assessment and mitigation strategies for safeguarding CII assets and services.
• Incident response plan for CII protection, role of national CIRT. 
• Monitoring and Continuous Improvement for CII Protection: Implementing effective monitoring mechanisms for potential threats and vulnerabilities.

Chapter 3: Use Cases and Good Practices from Different Countries

• Case studies showcasing successful CIIP initiatives and strategies from at least six different countries.
• Benchmark methodologies for identifying and classifying CII assets and services at the national level.
• Governance Structures for Critical National Information Infrastructure (CNII): Examples of governance structures utilized by countries for managing CIIP efforts.
• Roles and responsibilities of different stakeholders in protecting CNII.
• Example of Information Sharing Mechanisms for CII Protection.

Chapter 4: Tabletop Exercise (TTX): Identification and Classification of CII Assets and Services

• Design a tabletop exercise focused on the identification and classification of Critical Information Infrastructure (CII) assets and services.
• Use of best practices and real-world scenarios to test the participants' skills and knowledge.

Each chapter will be accompanied by interactive presentations, case studies, discussions, and hands-on exercises to engage participants and reinforce their understanding of Critical Information Infrastructure Protection concepts and strategies.

CONCRETE DELIVERABLES

1. A well-structured and comprehensive training curriculum for the Critical Information Infrastructure Protection course.
2. Interactive presentations and case studies for each chapter to engage participants effectively.
3. A tabletop exercise designed to challenge participants' skills in identifying and classifying CII assets and services.
4. Training materials and resources to support the curriculum, including slide decks, reference documents, and other relevant materials.

The copyright for all materials produced shall be vested with ITU.

COMPETENCIES

• Proven track record of leading and managing complex cybersecurity projects at the national level.
• In-depth knowledge of cybersecurity threats, risks, and best practices, as well as Critical Information Infrastructure Protection frameworks (CIIP), standards, and regulations.
• Ability to design and develop comprehensive and effective training curriculums that are engaging, interactive, and relevant to the target audience.
• Exhibits excellent communication, coordination, and editing skills, producing high-quality reports and documentation in English.

QUALIFICATIONS REQUIRED

Education: Advanced university degree in telecommunication, computer science, information technology or relevant field. 

Experience: At least five (5) years of progressively responsible experience in the field relevant to the Special Service Agreement (SSA). 

Strong knowledge of cybersecurity and CII concepts. 

Proven experience in developing cybersecurity training materials and curriculum, with a focus on Critical Information Infrastructure Protection.

Languages: Knowledge of English at advanced level.

REMUNERATION INFORMATION

250 USD per working day (a total of 12 000 USD)

ADDITIONAL INFORMATION

References:

• ITU training material and CIIP guidelines
• The Meridian process: https://www.meridianprocess.org/about/
• Global Forum on Cyber Expertise: https://thegfce.org/