My WebLink
|
Help
|
About
|
Sign Out
18
City of Pleasanton
>
CITY CLERK
>
AGENDA PACKETS
>
2020
>
012120
>
18
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/15/2020 5:30:58 PM
Creation date
1/15/2020 5:30:47 PM
Metadata
Fields
Template:
CITY CLERK
CITY CLERK - TYPE
AGENDA REPORT
DOCUMENT DATE
1/21/2020
DESTRUCT DATE
15Y
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
22
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Scope of Services for Preparation of tH, cIt• <br /> AWIA-Compliance Documents — <br /> egar <br /> City of Pleasanton pLEASANTON. <br /> Once critical assets are identified, the threats/hazards that could potentially impact each asset will <br /> be defined. During this portion of Workshop 1, the group will: <br /> • Agree on the insider/outsider physical and cyber malicious adversary attributes. <br /> • Determine relevant natural hazards to be analyzed further within the RRA. <br /> • Identify dependency and proximity hazards such as power, chemicals, key suppliers, <br /> critical employees, transportation, and proximity to dangerous neighboring sites. <br /> West Yost recommends the City engage local law enforcement and federal agencies to support <br /> threat characterization. While this can be an important step of the threat characterization process, <br /> engagement with these external stakeholders is not required. <br /> Task 5. Cyber-RRA <br /> Under this task, West Yost will evaluate the City's "electronic, computer, or other automated <br /> systems" as required by AWIA. This includes the billing system, business network, SCADA and <br /> access controls. <br /> The cyber-RRA requires a different set of stakeholders and engagement with those stakeholders. <br /> In addition,this task is focused on technology,which the City relies on,but relatively few staff are <br /> responsible for. To include all internal stakeholders in cyber-RRA discussions is likely an <br /> inefficient use of staff time. Therefore, this task includes task-specific stakeholder engagement, <br /> including meetings, site-visits, a workshop, and interviews. <br /> The AWWA Tool is the standard for cybersecurity in the sector and generates an easy-to-use <br /> output for building a cybersecurity improvement plan. This output will be integrated directly into <br /> Task 8 —Risk and Resilience Management Strategy Development. All of these efforts will build <br /> on recent cybersecurity assessment work the City has done. <br /> The City is currently upgrading its SCADA system and has requested that West Yost perform a <br /> cyber security review of the design. West Yost has structured this scope of work to align with the <br /> City's SCADA design schedule and will review the design submittals and conduct the AWWA <br /> Tool analysis on the proposed design technology as part of the design review. The Tool analysis <br /> on non-technology components will be completed concurrent with the overall RRA analysis. <br /> Task 5.1. Review Draft Design Submittals and Participate in Draft Design Submittal Workshop <br /> West Yost will review the draft System Architecture and Network communications design <br /> submittals prepared by Tesco. From the review, we will determine if the Priority 1 and Priority 2 <br /> technology controls output from the tool are addressed in the design. Additionally, we will assess <br /> against the NIST SP 800-82 Revision 2 framework. <br /> West Yost will participate in the City's Draft Design Submittal Workshop scheduled for November <br /> 19, 2019 to become familiar with the proposed technology design. West Yost will have one in- <br /> person participant and one participant by phone. <br /> WEST '(0 S T ASSOCIATES 5 City of Pleasanton <br /> November 2019 <br /> n\m\s\cityp\\2019 AWIA Scope and Budget <br />
The URL can be used to link to this page
Your browser does not support the video tag.