The Special Telecommunications Service (STS) wants to acquire equipment, licenses and specialized cybersecurity solutions for the future private government cloud – an IT platform that will host the IT systems of central government agencies and provide electronic services to the public.

Servers in the data centerPhoto: Scanrail / Dreamstime.com
  • Government private cloud represents the largest investment in the digitization of the state for money from the PNRR, having funding more than 560 million euros (excluding VAT)The IT platform that will be managed by the Romanian Digitalization Authority (ADR) in cooperation with the Special Telecommunications Service (STS) and the Romanian Information Service (SRI).
  • 81 institutions and state bodies are migrating their IT systems in the future government cloud, according to the decision of the Government, adopted last week.

According to the Electronic State Procurement System, DTS recently launched an open tender for the procurement of cyber security solutions for 4 data centers that will house the state’s private cloud infrastructure.

The auction is divided into 5 lots, and the estimated value of the contracts is 124.5 million lei (excluding VAT).

  • “To implement this investment, in accordance with GEO 89/2022, this documentation is aimed at the purchase of STS equipment, licenses and specialized solutions necessary for the cyber security of the basic infrastructure, IaaS and PaaS, including installation, configuration, commissioning, commissioning and training to equip two primary data centers and two tier III/IV secondary data centers for the project that will host the government’s private cloud infrastructure through a supply contract for each lot.”, it is shown in the specifications.

The tender also provides for the acquisition of a solution for detecting and analyzing cyber security vulnerabilities and threats, including Advanced Persistent Threat (APT) cyber attacks, from a network of computer systems.

The term of the supply contract will be:

– for lots 1, lots 2 and 4: 28 months, but no later than 31.12.2025;

– for lots 3 and lots 5: 4 months.

The deadline for receiving proposals or applications for participation is May 29, 2023. On the same day, a meeting on the disclosure of proposals will be held.

The government cloud will operate in 4 data centers in Bucharest, Brasov, Sibiu and Timișoara / What costs are estimated by ADR, STS and SRI

The implementation of the Government Private Cloud, an IT platform that will host the IT systems of central government institutions and provide electronic services to the public, will operate in four data centers in Bucharest, Brasov, Sibiu and Timisoara, and IT infrastructure costs will exceed BGN 2.2 billion .

This is stated in the draft resolution of the Government on the approval of technical and economic indicators of the investment goal “Implementation of government cloud infrastructure”, published in open access on the website of the Ministry of Digital.

SEE DRAFT HG AND KEYNOTE

ADR, STS and SRI estimate costs of more than 2.2 billion lei in 3 years

Financing of this project will be carried out at the expense of non-refundable external funds through the National Recovery and Resilience Program (PNRR) and from the state budget through the budget of the Ministry of Research, Innovation and Digitalization, through the budget of the Special Telecommunications Service. (STS), through the budget of the Romanian Information Service (SRI), within the amounts approved annually for this purpose.

While ADR and SRI will be located in Bucharest, STS will have data centers hosting the government’s private cloud in Bucharest, Brasov, Sibiu and TimiÈ™oara.

The distribution of costs for 3 years of implementation shows that DTS will need the most funds – more than 1.5 billion lei, while ADR estimates costs of more than 474 million lei, and SRI – more than 237 million lei.

Where will the money for the government’s cloud IT infrastructure go?

The rationale states that the implementation of the Government Cloud will include at least the following stages:

  • creation of level IV data processing centers according to the project for two main centers and level III according to the project for two secondary centers;
  • provision of special communication infrastructure and information technologies (fiber-optic cables and high-performance communication equipment);
  • development/expansion of the power supply network for each individual data center in order to ensure redundancy and power demand;
  • implementation of a scalable and redundant air conditioning infrastructure, effective from an energy point of view;
  • installation of an inert gas detection and fire extinguishing system to ensure the protection of the entire infrastructure of each individual data center;
  • implementation of a physical security system (access control, video surveillance, hacking protection, etc.) for developed infrastructure;
  • implementation of infrastructure monitoring and management network within the completed facility;
  • creation of a scalable and highly available IT&C infrastructure (equipment for processing, storage, communication, virtualization software) in each separate data center;
  • purchase of licenses and specialized equipment for perimeter cyber security.
  • ensuring the cyber security of CPG at all stages of its development and operation, referring to confidentiality, integrity and availability of data;
  • acquisition of licenses and equipment with a high degree of technical complexity in order to ensure a high level of cyber security by preventing APT-type cyber attacks;
  • implementation of some mechanisms to protect stored or transmitted data from theft, respectively, from their modification;
  • implementation of mechanisms for detection and prevention of cyber attacks, referring to a level approach, in accordance with the concept of Defense in Depth;
  • implementation of identification and access management mechanisms;
  • implementation of specific technologies to ensure cyber security
  • implementation of specific technologies (for example: CSPM, CASB, CWPP).
  • functional testing and security testing.

Security of the core infrastructure perimeter and delivery of IaaS and PaaS service models will be ensured by the CPG infrastructure administrator (na Special service of telecommunications).

It is also possible to purchase specialized services with a high degree of technical complexity in order to ensure a high level of cyber security by preventing, in particular, cyber-attacks of the APT type (in the sphere that is within the competence of the DRI).

Photo source: Scanrail / Dreamstime.com