Specifications include, but are not limited to: The Regional Water Resource Agency (RWRA) has issued this Request for Proposal (RFP) to solicit responses from qualified technology security consulting firms (BIDDER) offering proven Cyber Security Assessment services and the creation of Cyber Resilience Programs and Implementation Plans. RWRA seeks a qualified BIDDER who can demonstrate organizational, functional, and technical capabilities, as well as the experience, expertise, and qualifications necessary to fully audit and assess the security of RWRA’s current network and system environment, and then create a detailed Cyber Resilience Program (CRP) and Implementation Plan to strengthen our technology security and meet appropriate standards. RWRA’s goal is to have a comprehensive and detailed review of the current operating environment, and then the creation of a Cyber Resilience Program (CRP) as well as an implementation plan to improve our overall technology security posture. With this RFP, RWRA intends to hire a qualified consultant to analyze, review, assess and create recommendations for RWRA’s cybersecurity resilience. Inclusive of these services will be an exploration, detailedmapping and risk-assessment of RWRA’s networked Operational Technology (OT) systems including SCADA Controls, Telemetry, RWRA-managed networking devices and ancillary connections. In addition, RWRA seeks to identify and understand any vulnerabilities to RWRA’s systems from service connections to the City of Owensboro managed IT network and administrative computer equipment, as well as consideration of RWRA’s implementation of bring-your-own-device (BYOD) cellular device usage. This assessment and focus will acknowledge the City of Owensboro’s IT specific infrastructure that supports RWRA’s OT Networks, but will not focus on or make recommendations for the security of the City’s network, rather provide an assessment of risks and considerations for RWRA’s systems as they connect to that infrastructure as provided by the City of Owensboro. Finally, the consultant will be tasked with review of RWRA’s draft cybersecurity and incident response policies and make recommendations for finalization and implementation of these policies within the Agency. These consultant services are intended to be consolidated into a final report inclusive of discovery, assessments, initial recommendations and a roadmap for future capital upgrades to improve RWRA’s cybersecurity posture and resiliency.
