Cyber Threat Intelligence Platform

The Vendor is required to provide a Managed Security Services Provider (MSSP) to support its cybersecurity operations, including the provision of cyber threat intelligence (CTI).
- Provide to procure a Threat Intelligence Platform (TIP), enabling direct access to threat data and collaborative intelligence workflows, obviating the need for an MSSP.
- Objectives
• Advance the province’s leadership in cybersecurity by enabling a more autonomous and mature threat intelligence function, thus supporting the most recent agency cybersecurity strategy’s goal of becoming a global leader in cybersecurity by 2028.
• Empower the CTI team to deliver targeted and actionable intelligence to internal stakeholders and to the broader agency, thereby supporting ‘shield one’ of the most recent agency cybersecurity strategy: “stand in the way of the threat and equip state public and private organizations, to better recognize and respond to cyber threats.”
• Encourage real-time threat intelligence sharing and collaboration between the agency and the
• Agency, fostering a more resilient and informed cybersecurity ecosystem across state. This supports ‘shield two’ of the strategy: “the [agency] facilitates the development and distribution of real-time cyber threat information and related advice to all state stakeholders.”
- Provide a web-based TIP that is fully accessible and functional through current and commonly used desktop browsers (e.g., Microsoft Edge, Mozilla Firefox, and Google Chrome). The proposed TIP should support concurrent access for all authorized users. Initially, up to five users will require access; however, the solution must allow for scalable user licensing to accommodate future team growth or reduction.
- This includes visibility into both the dark web and clear web, defined as persistent monitoring of cybercriminal forums, marketplaces, and social media platforms.
- Threat actor profiles for cybercrime and state-aligned threat actors with insights into motivations, target sectors, target regions, affiliations with other threat actors, past campaigns or incidents, and developments in attack chains or TTPs.
- Sector-based reporting providing insight into recent or ongoing cyberattacks, as well as broader threat landscape assessments, with a primary focus on the government sector.
- Analysis of new malware families, phishing campaigns, botnets, etc. or any evolutions of these threats
- Data Collection and Free-Text Search
• Cybercriminal forums such as XSS, BreachForums, LeakBase, Dread, or RAMP
• Encrypted or closed channels such as Telegram, Signal, or Tox
• Social media platforms such as X, Facebook, TikTok, or BlueSky.