Specifications include, but are not limited to: • The proposer shall provide all necessary hardware and software for a fully functional, on premise, OT cybersecurity monitoring tool. This includes, but is not limited to, server(s), software, hardware, sensors and other miscellaneous equipment. The platform shall meet the following minimum requirements: o Perform passive monitoring of OT networks using traffic obtained from the network. o Gather inventory assets and information such as: IP address, MAC address, equipment vendor, equipment type, operating system, model number, serial number, firmware version, and physical data (rack slots). o Identify asset to asset communication messaging that includes commands that the asset sends and receives, such as configuration, metadata, data acquisition, diagnosis, operation, authentication, alarms, and events. o Provide behavior based (anomaly) Intrusion Detection System. Thereby, determine a baseline for the Industrial Control Systems (ICS) environment of known good traffic patterns. o Monitoring infrastructure. o Detect security threats and high-risk operational changes, for example: • New or unauthorized assets in the network • Man in the middle attacks • Dos/DDoS attacks • Interruption in communication • Configuration upload/download • Firmware upgrades • PLC changes • Data/Broadcast storms o A centralized management console where the data from different monitoring locations can be consolidated and reviewed.
