The Vendor is required to provide wide range of industrial control system technology (ICST) equipment, which often are older and rely on unique or outdated code/technology, as well as sought a tool that could be easily integrated into the inventory of operational technology (OT) splunk instance.
- Platform include:
• The ICST platform shall provide a comprehensive view of devices and support enhanced security for compliance needs across the OT network.
• The ICST platform shall be an on premise solution and shall offer flexible deployment options for both physical and virtualized environments.
• The ICST platform shall be designed to integrate with existing security tools, SCADA systems, and ICS networks.
• This will allow ae to enhance our ICS security posture without disrupting operations.
• The ICST platform shall provide threat detection capabilities tailored to identify threats and anomalies that are specific to industrial control systems.
• The ICST platform shall assist with compliance efforts by providing strong documentation, monitoring, and reporting functionalities.
• The ICST platform shall enable ongoing monitoring of ICS environments and provide ongoing protection against evolving threats.
• The ICS platform shall allow for the configuration of role-based and access control (RBAC) to ensure that sensitive features are accessible only to authorized personnel.
• The ICS platform shall investigate any unidentified or unknown devices flagged by the system, as these may indicate rogue devices or network misconfigurations.
• The ICS platform shall effectively capture normal network behavior to facilitate anomaly detection and minimize false positives.
• It shall support both industrial OT/ICS and information technology (IT) protocols, identify early signs of anomalous behavior and enable thorough investigation to determine whether these instances represent genuine threats.
• The ICS platform shall be able to produce actionable alerts that deliver detailed information about detected threats and affected systems, with the capability to fine-tune detection thresholds and adjust rules for specific protocols.
• The ICS platform shall be capable of evaluating the effectiveness of both signature based and heuristic-based detection mechanisms to ensure it captures known and emerging threats and ensuring that all activities are securely logged for auditing purposes.
• The ICS platform solution shall implement an integrated environment to support efficient operations, provide critical insights into agency security posture and enhance incident response capabilities.
• The platform shall accommodate implementation of ICST equipment (server(s) and sensors) at 80+ ae substations within agency substation infrastructure.
• The solution shall remove baselined devices after a user-selectable set time of no activity.
• The deployed technology shall automatically assign assets to their role for OT (i.e. master, HMI, plc, historian, etc.) and it profile (i.e. NTP, web server, DNS, database, etc.).
• The solution shall be able to add custom attributes such as location, asset owner, and criticality to operations.
• The solution shall be able to bulk update of asset attributes.
• The solution shall allow manual import of assets into the inventory.
• The solution shall allow export asset inventory into a csv file.
• Optional: provide a containerized traffic forwarding solution, where the collector operates on edge switches and routers to provide data collection for space constrained locations deep within the OT environment.
• It shall capture and process critical data, ensuring that even the most remote assets are monitored effectively with minimal impact on operations. • The deployed solution shall log key OT activity codes for monitored protocols.
• The deployed solution shall monitor, visualize & alert on function codes for monitored protocols.
• The deployed solution shall provide the ability for the product to monitor, visualize and alert layer 2 and 3, including ipv4 and traffic for all connected and observable devices.
• The deployed solution shall automatically correlate multiple events/alerts triggered or related to a single case, to facilitate the analysis and troubleshooting.
• Collected data shall be exposed, searchable, and exportable in common formats to allow further analysis with external tools.
• Capability for the platform to export data for analysis with external tools.
- Contract Period/Term: 1 year
- Pre-Offer Conference Date: May 2, 2025
- Questions/Inquires Deadline: May 13, 2025