FROM: Robert Thompson, General Manager
Originator: Wally Ritchie, Director of Finance
SUBJECT:
title
INDUSTRIAL CONTROL SYSTEM PENETRATION TEST AND VULNERABILITY ASSESSMENT
end
GENERAL MANAGER'S RECOMMENDATION
recommendation
RECOMMENDATION:
A. Approve a Purchase Order Contract to Carahsoft Technology Corp for the purchase of an Industrial Control System Network Penetration Test and Vulnerability Assessment utilizing the cooperative OMNIA Software Solutions and Services Contract No. R240303, for a total amount not to exceed $210,750 (Includes Sales Tax); and
B. Approve a contingency in the amount of $21,075 (10%).
body
BACKGROUND
Orange County Sanitation District (OC San) is upgrading the existing Supervisory Control and Data Acquisition (SCADA) Systems for the treatment plants and pump stations as part of Project J-120 Process Control Systems Upgrades. The project will replace existing obsolete human-machine-interface systems, databases and software programs including trending, diagnostic data, monitoring, control, alarming and reporting.
RELEVANT STANDARDS
* Protect OC San assets
* Ensure the public's money is wisely spent
* 24/7/365 treatment plant reliability
* Maintain a culture of improving efficiency to reduce the cost to provide the
current service level or standard
PROBLEM
When new systems and applications are introduced, they can bring about various vulnerabilities and risks. This is primarily because these new technologies may not have been thoroughly tested in all possible scenarios, leading to unforeseen security gaps. They may also include unpatched or vulnerable third-party components, suffer from configuration errors or weak access controls, and create new integration points that expose data or systems to attack.
PROPOSED SOLUTION
An Industrial Control System (ICS) Network Penetration Test and Vulnerability Assessment can identify system and application vulnerabilities and weaknesses.
An ICS Ne...
Click here for full text