Senior Cybersecurity Researcher - DAI

DAI | United States

Description : Senior Cybersecurity Researcher. Company : DAI. Location : United States

Senior Cybersecurity Researcher

DIGITAL STRATEGY INITIATIVE TEAM

SCOPE OF WORK

NAME:


POSITION TITLE:


Senior Cybersecurity Researcher


TOTAL LEVEL OF EFFORT:


32 days



AGREEMENT NAME:


Digital Frontiers



Activities


Digital Strategy



AGREEMENT NO:


AID-OAA-A-17-00033



PERIOD OF PERFORMANCE:


June 30, 2023 – October 16 , 202 3



EVALUATOR:


Hank Nelson



BACKGROUND

Digital Frontiers is a $90 million buy-in mechanism available to USAID Bureaus and Missions from 2017 to 2024. DAI implements the Digital Frontiers project, which works closely with USAID’s Development, Democracy, and Innovation Bureau (DDI), the Innovation , Technology , and Research Hub’s Technology Unit (ITR/T), USAID missions, the private sector, and international and local development organizations to identify successful and sustainable digital development approaches and scale their impact globally .

USAID launched the Agency’s first ever Digital Strategy in April 2020, led by the ITR/T Division . It is the Agency-wide vision for development and humanitarian assistance in the world’s rapidly evolving digital landscape. The Digital Strategy implementation is divided into four tracks with 1 6 total initiatives. The Cybersecurity initiative is part of track two—Help Partners Navigate Risk and Reward—and is designed to weave cybersecurity through all aspects of USAID's technology programs to ensure digital sustainability and resiliency . Under USAID’s Digital Strategy, the Digital Ecosystem Country Assessment (DECA) initiative inform s the development, design, and implementation of USAID’s strategies, projects, and activities. Each DECA looks at three pillars of a nation’s digital ecosystem: (1) digital infrastructure and adoption; (2) digital society, rights, and governance; and (3) the digital economy. The DECA aims to inform how USAID Missions can understand, work with, and strengthen the country’s digital ecosystem. USAID and Digital Frontiers also developed a DECA Toolkit , which helps Missions plan and conduct their own DECAs without Digital Frontiers support. To date, USAID has completed or is in the progress of developing over 25 DECAs .

OBJECTIVE

USAID's Cybersecurity Team is building awareness and understanding of cybersecurity’s fast-growing importance for development throughout the Agency. One of the Cybersecurity Team’s roles is reviewing and providing technical inputs on the cybersecurity components of all DECAs and providing recommendations for the cybersecurity research described in the DECA Toolkit. With more Missions planning to use the DECA Toolkit to conduct their own assessments, ITR/T would like to determine what gaps might exist in the cybersecurity analysis. Based on the findings, ITR/T will develop an Addendum to the DECA Toolkit that helps Missions and DECA researchers improve their cybersecurity research .


The objective is to understand the cybersecurity gaps in current DECA reports , develop resources to bridge these gaps, and improve the cybersecurity analysis in future DECAs .

ILLUSTRATIVE TASKS & DELIVERABLES

Using the DECA Toolkit as a guide, the contractor will conduct a r apid analysis of completed internal DECAs to determine current gaps in cybersecurity assessments in these reports. Using this a nalysis, the consultant will collaborate closely with USAID and Digital Frontiers Cybersecurity Team staff to propose a list of recommendations and develop new tools and resources to be included in the DECA Toolkit as a “DECA Cybersecurity Addendum.”

Task 1: Pro duce a workplan for DECA Addendum development (2 days)

  • Consult with USAID and Digital Frontiers DECA and Cybersecurity team s to learn about USAID’s Cybersecurity Initiative, DECA initiative, DECA Toolkit, and the Digital Strategy.

  • Build a workplan that clearly lays out timelines for deliverables, key milestones, responsible parties, and other necessary resources. An illustrative timeline is included under the deliverables section below.

Task 2: Conduct rapid analysis of cybersecurity sections of existing DECAs (12 days)

  • Using DECA sections flagged by the DECA and Cybersecurity team’s-as well as targeted key informant interviews ( KIIs ) with DECA researchers and USAID staff-conduct a rapid analysis of the strengths and weaknesses in the current approach to covering cybersecurity in the DECAs. This review will encompass about 10 DECAs, the DECA Toolkit, the DECA Research Checklist, and KIIs with approximately 10 DECA stakeholders.

  • Develop a brief presentation deck on findings to present to USAID Cybersecurity and DECA teams.

  • Produce a short (1 page) proposed outline for the Cybersecurity Addendum.


Task 3: Draft Cybersecurity Addendum ( 10 days)

  • Based on the findings of the analysis, develop the draft DECA addendum ( ~10 pages). This addendum should be written to complement and supplement the cybersecurity material in the DECA Toolkit and Research Checklist. While the actual content of the addendum will depend on the results of the analysis, it might include:

  • Additional research options , including resources, for Missions wanting a deeper dive into cybersecurity.

  • Recommendations for identifying interviewees for KIIs.

  • An “Asking About Cybersecurity” guide that helps researchers ask the right questions to figure out cybersecurity gaps and strengths in a partner country. Complementing the cybersecurity questions already included in the Research Checklist, this guide might focus on how to ask sensitive cybersecurity questions; ways to approach cybersecurity questions differently with different stakeholders; and how t o navigate privacy concerns when speaking with companies and organizations about their cybersecurity capacities , standards, and potential risks.


Task 4: Finalize Cybersecurity Addendum (6 days)

  • Work with USAID and Digital Frontiers to collect technical feedback and revisions based on the USAID clearance and approvals process.

  • Based on consultations with USAID and Digital Frontiers staff, integrate feedback and finalize the DECA Cybersecurity Addendum.

Deliverables

The table below summarizes all project deliverables and estimated due dates. Due dates are subject to change depending on time needed to conduct KIIs during Task 2 and the USAID review period under Task 3. The contract length and LOE account s for these potential adjustments.

Deliverable


Estimated Deadline



Detailed Workplan (Word Document , Excel Sheet, PPT )


July 7, 2023



Rapid Analysis of Cybersecurity in DECAs


August 1 (draft PPT shared with DF);

August 15 (presentation to USAID)



DECA Cybersecurity Addendum Outline


August 15



Draft DECA Cybersecurity Addendum


September 14



Final DECA Cybersecurity Addendum


October 16


REPORTING
The consultant will report to Digital Frontiers Senior Cyber-Development Specialist and Digital Strategy Lead .

TIMEFRAME AND LOE

This scope of work is expected to run approximately 5 months from June 30 , 202 3 – October 16 , 20 2 3 and request roughly 32 days of LOE (level of effort) to complete the above deliverables.

Location: Flexible. The Senior Cybersecurity Researcher must be available to work Eastern Standard Time (EST) hours.