Meeting_Body
OPERATIONS, SAFETY, AND CUSTOMER EXPERIENCE COMMITTEE
SEPTEMBER 15, 2022
Subject
SUBJECT: AGENCY ENTERPRISE SECURITY ARCHITECTURE ASSESSMENT
Action
ACTION: APPROVE CONTRACT AWARD
Heading
RECOMMENDATION
Title
AUTHORIZE the Chief Executive Officer to award a professional service firm-fixed price Contract No. PS77693-3000 to Regents & Park, in the amount of $1,259,400, subject to resolution of protest(s), if any.
Issue
ISSUE
High-profile cyberattacks on public and private infrastructures such as the recent intrusion of the New York MTA, the ransomware attack on the Colonial Pipeline operation, and the breach of the JBS meat-packing plants highlight the vulnerable nature of critical infrastructure and the emerging threat profile of public and investor-owned systems. Further, the organizations' true economic and public-trust reputation suffered because of these financially motivated malicious criminal activities.
Entities or groups that attempt to breach computer security, including foreign governments that sponsor or condone activities to access data/intelligence to target governments, organizations, or individuals (aka nation-state actors), have become more sophisticated over time while private and public sector organizations struggle to keep up with new threats introduced by advancing technology and the need to support these vital systems.
Background
BACKGROUND
Metro must continually review and improve its information security posture to manage the current and evolving risk and threat landscape. While Metro is actively implementing recommendations and remediations from other completed security reviews, it is evident Metro must concurrently engage and contract with a well-qualified information security consulting firm in assessing modern Agency IT, IoT/ Industrial Internet of Things (IIoT) systems and SCADA/ICS asset risks.
Keeping with the agency-wide goal of providing safe, secure, private, efficient, and high-quality servic...
Click here for full text