The World Bank Digital Development Global Practice is working with the Government of Indonesia to enhance its National Cybersecurity Risk Assessment (NCRA) capacity; with the aim of bolstering resilience against cyber threats targeting critical services and infrastructures. This collaboration aims to support Indonesia’s National Cyber and Crypto Agency (BSSN) to scale up its NCRA capacity and to develop an assessment and mitigation toolkit for BSSN to develop its NCRA framework; methodologies; and tools; followed by conducting risk assessment of selected CIIs (not more than two) as a pilot. The primary aim of the Assignment is to provide BSSN with the analysis; technical assessments and a toolkit to assist the Government of Indonesia in developing a holistic NCRA Framework; along with associated Methodologies and Tools; with the objectives of identifying threat scenarios; assessing risks and resilience; identifying gaps and key areas of improvement aimed at preventing and mitigating disruptions of critical services caused by malicious cyber threats. Scope of Work: The consulting firm will be responsible for:*Conducting research on global best practices and relevant frameworks*Developing the NCRA Toolkit; including the Framework; Methodologies; and Tools*Conducting interviews and engagements with key stakeholders*Supporting BSSN in applying the Toolkit and conducting a pilot assessment on not more than two selected CIIs*Providing training and knowledge transfer to BSSN; CII operators; and other stakeholders*Revising and finalizing the Toolkit based on feedback; suggestions and lessons learned from the pilot. Required Qualifications: The consulting firm/entity should have:*Strong technical and analytical experience in ICT and cybersecurity risk assessment and resilience assessment; risk and resilience treatments; governance and legislations relating to national CII protection*Knowledge of global best practices in cybersecurity*Strong understanding of cybersecurity policy; strategy; and operations in a government context*Previous experience in developing cybersecurity risk assessment frameworks and tools*Having carried out at least two (2) similar assignments globally*Experience working with the public sector (preferably in a middle-income developing country context)*Fluency in English (ability in Bahasa Indonesia is an advantage) Timeline: The assignment is expected to begin in June 2024; with deliverables and activities scheduled over a period of 23 weeks.