Local authority launches comprehensive cyber defence upgrade
Integrated project combines detection tools, servers, storage and five-year support to strengthen cyber resilience across a municipal IT environment in the Czech Republic.
Integrated project combines detection tools, servers, storage and five-year support to strengthen cyber resilience across a municipal IT environment in the Czech Republic.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
The cybersecurity enhancement project at the Municipal Office of Prague 11 sets out to deliver a full stack of detection tools, servers, storage and five years of support, forming a structured package to harden local government information systems in the Czech capital.
The municipal district’s public procurement covers the delivery of software, hardware and related services to improve the cybersecurity of its information systems and the information they process. This first phase, tendered as Lot 0001, concentrates on core detection technologies and the infrastructure needed to run them.
The first group of tools combines Network Detection and Response (NDR), sandboxing and honeypots. NDR will monitor, analyse and respond to suspicious activity in network traffic, using techniques such as machine learning, behavioural analysis and traffic analysis to identify anomalies that may signal lateral movement, data exfiltration or communication with command-and-control servers.
The sandbox component provides a virtual or emulated environment in which suspicious files, programmes or links can run safely, separated from production systems. This allows detailed observation of whether a sample attempts to change system files, connect to remote servers or install malware before it ever reaches users.
Honeypots are described as intentionally unprotected or partially vulnerable systems that mimic real targets on the network. They are used to lure attackers, monitor their techniques and gather information about new attack methods, whether for research, early-stage attack detection or as part of an active defence strategy.
On endpoints, the project specifies an Endpoint Detection and Response (EDR) system covering workstations, servers and mobile devices. The EDR is expected to provide real-time monitoring of applications, processes and user behaviour, alerting security staff to anomalies or dangerous actions so they can identify new, unknown threats and take the steps needed to stop them.
Together, this toolset gives the municipal office continuous monitoring and response capabilities inside the network and on each device, alongside any existing perimeter controls.
To host these security platforms and other virtualised applications, the municipal office plans to acquire four new servers. The server hardware must provide sufficient performance for the systems it will run and offer resilience against hardware failure of individual nodes.
The storage layer is defined in more detail. The authority expects a modular, dual-controller, all-flash disk array in an active-active design, connected through Fibre Channel ports. The overall solution must operate as a cohesive unit with proven interoperability, covered by a single supported service-level agreement and one responsible integrator.
While a single-vendor approach is possible, the contracting authority is also open to multi-vendor solutions, provided suppliers can demonstrate compatibility and offer unified support. The disk array must include at least 64 GB of RAM, and the installed disk pool must deliver at least 24 TB of usable binary capacity with protection against single-disk failure, excluding any gains from deduplication, compression or other reduction mechanisms.
These storage systems will serve as repositories for individual virtual servers. The expected infrastructure is outlined as around 270 users, 400 e-mail accounts, 350 PCs and laptops, 100 mobile phones, 50 Windows virtual servers and two Linux virtual servers.
The emphasis on resilience, clear performance thresholds and unified support places stability and manageability of the new environment at the centre of the design.
Beyond supplying equipment and licences, the contractor will be responsible for transport, installation and initial configuration of all hardware and software at the contracting authority’s premises.
Documentation is a core part of the scope. The supplier must provide all product documentation for the hardware and software, together with a description of the implemented solution that includes screenshots confirming deployment of software tools and photographic evidence of installed hardware.
The final documentation set will also include:
Training for the contracting authority’s ICT administrators forms part of the delivery, with the extent defined in the contract. Once the solution is installed, the supplier will provide both basic and extended support, plus related operational services, for a period of 60 months from installation.
This five-year support period ties the supplier into ongoing maintenance across all hardware and software components and mirrors a pattern in other Czech public procurements that combine technology delivery with installation, training and continuing services.
Although the current contract focuses on Prague 11, it sits within a wider wave of cybersecurity projects in Czech local government and public institutions.
As early as January 2023, the city of Příbram launched a cybersecurity project centred on supplying and implementing technologies to increase the cybersecurity of its information and communication systems in line with cybersecurity standards, coupled with operational support once the delivery was fully in place.
In January 2025, the municipal district of Prague 10 issued a procurement for software, hardware and services to improve the cybersecurity of its authority’s information systems and data, echoing the integrated approach taken in Prague 11.
Around the same time, the statutory city of Mladá Boleslav went to market for a comprehensive information security management system tool to support continuous risk analysis, identify vulnerabilities and implement security measures while ensuring compliance with cybersecurity requirements, highlighting the role of formal management systems alongside technical controls.
Other municipal districts in the capital are also active. In May 2025, Prague 18 advertised a cybersecurity infrastructure enhancement contract covering hardware, software, installation, training, ongoing support and regular upgrades in line with the EU NIS2 Directive. In July 2025, Prague 4 sought to strengthen its cyber posture through a project to acquire a control security system, revitalise a backup data centre, enhance resilience at the primary data centre and implement an information security management system in compliance with the Cybersecurity Act.
Beyond the capital, regional and national bodies are following similar paths. In March 2025, Liberecký kraj issued a call for technologies to improve cybersecurity for its information and communication systems, including maintenance, support and training with an emphasis on cost efficiency. In June 2025, Karlovy Vary announced a programme to improve cybersecurity and comply with legal standards by implementing an information security management system, backed by new IT technologies.
The healthcare sector is also represented. In October 2025, the Psychiatric Hospital in Brno published a tender to improve the security of its ICT infrastructure through new network infrastructure, security applications and backup solutions with manufacturer support. A month earlier, in September 2025, the Czech Hydrometeorological Institute signalled plans to enhance the resilience of its critical information infrastructure in a prior information notice focused on hardware, software and server-room equipment for data archiving and database systems as part of selected technical cybersecurity measures.
Together, these notices point to a broad effort across municipalities, regions, hospitals and national institutes to modernise cybersecurity by combining technical defences, information security management systems and upgraded infrastructure with training and long-term support.
The current procurement for Prague 11 is explicitly labelled as Phase 1 of enhancing the cybersecurity of the municipal office’s information systems. By framing this lot as an initial phase and setting a five-year support horizon, the municipal office gives this contract a foundational role in its cybersecurity arrangements; future notices will show how that wider programme develops.
For suppliers, the detail around interoperability, documentation and support obligations offers a clear view of what Czech public authorities expect from cybersecurity projects: integrated solutions, evidence of proper deployment and a commitment to helping in-house teams operate the new tools over several years.
Observers of public-sector procurement will be watching how Prague 11’s project progresses and how it sits within the broader pattern of municipal and sectoral cybersecurity investments unfolding across the country.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.