Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF DECEMBER 13, 2012 FBO #4037
SOURCES SOUGHT

D -- Secure the Navy's Facilities Industrial Control Systems (ICS

Notice Date
12/11/2012
 
Notice Type
Sources Sought
 
NAICS
541512 — Computer Systems Design Services
 
Contracting Office
N62470 NAVFAC Atlantic Headquarters, Facilities Support Contracts 6506 Hampton Blvd Code AQ12 Norfolk, VA
 
ZIP Code
00000
 
Solicitation Number
N6247013R6004
 
Response Due
1/11/2013
 
Archive Date
2/10/2013
 
Point of Contact
Rochelle Lee 757-322-4182
 
E-Mail Address
rochelle.lee@navy.mil
(rochelle.lee@navy.mil)
 
Small Business Set-Aside
N/A
 
Description
This is a market research tool to determine industry capability and whether to set-aside an acquisition for services for Small Business (SB), Historically Underutilized Business Zone (HUBZone), Service-Disabled Veteran-Owned Small Business or 8(a) concerns only. This announcement is for information and planning purposes only and is not to be construed as a commitment by the Naval Facilities Engineering Command, Atlantic (NAVFAC), implied or otherwise, to issue a solicitation or ultimately award a contract. An award will not be made on information received in response to this notice. The Government is not responsible for the cost associated with any effort expended in responding to this notice. Upon review of industry response to this Sources Sought Synopsis, the Government will determine whether a set-aside acquisition in lieu of full and open competition is in the Government's best interest. The NAICS code for this proposed procurement is 541512 (size standard is $25.5 Mil). The Navy intends to issue a Request for Proposal at some future time with central focus on securing the Navy ™s facilities Industrial Control Systems (ICS). ICS is the overarching term that encompasses the ICS Infrastructure and the following types of facilities control systems: Utility Control Systems (UCS), also called Supervisory Control and Data Acquisition (SCADA) systems (and other terms), are used for monitoring, controlling and/or regulating utility systems in real time, and measuring, collecting and analyzing energy usage. These systems are integrated into individual utility plants and are in most cases a component of individual utility facilities. Advanced Metering Infrastructure (AMI) meters are part of the UCS. Building Control Systems (BCS), also called Direct Digital Control (DDC) systems (and other terms), are used for monitoring, controlling and/or regulating building systems in real time. These components are integrated into building systems such as HVAC, irrigation and lighting, and are also in most cases components of individual facility buildings. The Navy is seeking industry ™s feedback on capabilities, experience, and approaches to secure ICS. The Navy is interested in industry methodologies that architect, implement, and secure these specialized Industrial Control Systems. The results of this Request for Information may be used to develop a Request for Proposals (RFP) to be issued at a later date. This RFI is not a Request for Proposal. Should a RFP process ensue, detailed information will be made available. Among the Navy ™s primary objectives are: Ensure operation of Navy utility systems is reliable, cyber-secure and efficient. Deploy a secure network infrastructure solution to host facilities Industrial Control Systems, including, but not limited to, Advanced Metering Infrastructure (AMI), Supervisory Control and Data Acquisition (SCADA), and Energy Management Systems Direct Digital Controls (EMS-DDC) at Naval bases. (NAVFAC expects to have a complete and type-accredited Platform Network design when these implementation services are required, and Platform Network components may be government furnished equipment). This will implement and integrate a defense-in-depth strategy to secure facilities ICS Navy-wide. Leverage ICS cyber security best practices as required by the Department of Defense and recommended by organizations such as the Department of Homeland Security, the National Institute of Standards and Technology, and the National Security Agency. Implement a Navy Public Works ™ ICS Common Architecture, which integrates disparate legacy ICS, provides a structured to establish new ICS and upgrade legacy ICS, integrated with AMI, across the Navy Enterprise, and using Commander, Navy Installations Command ™s Public Safety Network (PSNet) for secure transport of information. (Common Architecture does not imply single solution of materials or configuration). Achieve validated accreditation and certification of the regional Platform Network implementations from the Navy Operational Designated Accrediting Authority, Fleet Cyber Command, U.S. Navy Tenth Fleet. Meet CNIC N6 requirements as required in order to connect to PSNet. Support Navy Smart Energy. Navy Public Works defines Smart Energy as the integration of the Navy ™s shore facility and utility infrastructure with energy efficient strategies to assure energy security by reducing energy consumption, minimizing our reliance on over-the-fence energy providers, addressing energy waste in real-time, and fully supporting the mission of the Navy. ICS operational technology is a key enabler of Smart Energy In order to meet these objectives, the Navy will consider the following opportunities: ICS security engineering and Platform Network implementation services with an approach that integrates the capabilities of personnel, operations, and technology. Support Platform Risk Assessment (PRA) certification and accreditation for facilities ICS, ensuring acceptable risk, as defined by U.S. Navy Tenth Fleet, Fleet Cyber Command. This involves application of approximately 130+ Information Assurance Controls. Conduct security testing and document test results for each Platform Network instance. Provide a combination of technical and non-technical approaches/methods that will best support achieving the objectives. Formulate and document configuration details for hardware and software components of the Platform Network design. Pre-configure equipment for Platform Network implementation. Create standard images for implementation of each regional instance. Train government Information Assurance personnel and network/system administrators on Platform Network setup, operations, and maintenance. This will involve producing an ICS Platform Network Security Manual, including but not limited to incident response procedures, and documenting Standard Operating Procedures. Provide facilities ICS security incident response services. Provide Operational Technology project management services for ICS-related projects. A combination of the above. This RFI concerns the following Naval Facilities Engineering Command (NAVFAC) component commands: NAVFAC Midwest, Great Lakes IL, for the Navy region Midwest NAVFAC Hawaii, Pearl Harbor HI, for the Navy region Hawaii NAVFAC Southwest, San Diego CA, for the Navy region Southwest NAVFAC Southeast, Jacksonville FL, for the Navy region Southeast NAVFAC Midlant, Norfolk VA, for the Navy region Mid-Atlantic NAVFAC EURAFSWA, Naples IT, for the Navy region Europe, Africa, and Southwest Asia NAVFAC Far East, Yokosuka JP, for the Navy region Far East NAVFAC Marianas GU, for the Navy region Marianas NAVFAC Northwest, for the Navy region Northwest NAVFAC Washington, for the Naval District Washington The need is for ICS security services to implement the security solution for two regions in parallel, for a total of ten regions world-wide over a period of approximately three years. The priority objective during this period is to integrate and protect AMI. This will involve approximately 145 connections of AMI to the Platform Network. This will provide a scalable platform for the eventual integration and protection of 800+ Navy ICS. Department of Defense, Department of Navy, and other federal guidance/law that these efforts must comply with include: DON Platform IT Governance and Guidance NIST Special Publication 800-82 Guide to Industrial Control Systems (ICS) ICS Security OPNAVINST 5239.1C, Navy Information Assurance Program Federal Information Systems Management Act (FISMA) DoDI 8510.01, DoD Information Assurance Certification and Accreditation DODI 8500.01E, Information Assurance DODI 8500.02, Information Assurance Implementation DON CIO Memo 02-10, Information Assurance Update for Platform Information Technology (PIT) (Encl.2 requires Platform Network for Defense in Depth of PIT) Defense Security Technical Information Guidance (STIG) Guidance and law are continually evolving, growing, and becoming more rigorous. Technologies involved in implementation include sensors, actuators, controllers, Human-Machine Interface (HMI) devices, encryption, authentication, Host-Based Security System, security forensics, the Niagara Framework, security scanning and vulnerability remediation, server virtualization, VLANs, and wireless technology. The specific information the Navy seeks at this time: 1)Name/full address and brief description of company and services. 2)Indicate if the firm is registered in the System for Award Management (SAM) database, include DUNS Number and CAGE Code; 3)Methodology that addresses a secure environment for Industrial Control Systems operations in terms of configuration, implementation, and training, across multiple regions. If industry has such a method, sharing both the technical aspects as well as the management aspects of the methodology is sought out, to include, but not limited to the following: a)Describe the types of roles necessitated by your method, as well as the certifications/credentials need for each role. (For example, Database Administrator certified in Oracle 10g) b)Describe the implementation cycle and an approximation of length of time to implement using your methodology. c)Describe aspects of your methodology that address duplication of effort or lack of duplication of effort across multiple sites. Please include any collaboration or information sharing aspects of your methodology relevant to implementation of a single solution across multiple sites. d)Articulate industry best practices “ industry ™s best approaches to address concerns/issues unique to a standard approach for securing ICS across multiple locations. e)Address the risk and opportunities of described methodology. f)Discuss the aspects of your methodology that test and secure the solution. g)Discuss the cost categories associated with the solution. h)Government ownership of solution. 4)Indicate which technologies present the best opportunity for implementation with a brief discussion of why. 5)Indicate your organization ™s thoughts on economies of scale in pursuing implementation of solution at more than one Navy component. 6)What, if any contractual arrangements would be beneficial for this project. 7)Describe your experience in certification and accreditation of ICS. 8)Provide samples of up to three similar projects your organization has successfully accomplished and the lessons-learned from your experience in securing Industrial Control Systems. At a minimum provide: The contract number and title, a brief description of the work performed, the period of performance, the name/number of the client POC, the dollar value of the contract and the dollar value of the work your company performed. 9)Indicate any additional information that you feel may be helpful to secure ICS. Identify risks and opportunities associated with shared methods, approaches, and solutions. 10)The government is interested in obtaining the financial scale and scope required to implement this security project for planning purposes only. It is NOT necessary or required for responders to provide proprietary detailed cost information. 11)Indicate training your organization has provided for Information Assurance personnel and network/system administrators on Platform Network setup, operations, and maintenance. Including development of an ICS Platform Network Security Manual, explaining incident response procedures, and documenting Standard Operating Procedures. All information submitted will be reviewed and analyzed by the Navy, and will be considered proprietary and confidential with respect to other responders and to future contract actions taken by the Navy. It is not mandatory to submit a response to this RFI to participate in a formal request for proposal process that may take place in the future. The desired goal for the Navy for this RFI is to solicit maximum industry participation, which will allow the Navy to formulate an acquisition process in a concise and timely manner. This request for information shall not be construed as a Request for Proposal or as an obligation on the part of the Government. The Government does not intend to award a contract on the basis of this request or otherwise pay for the requested information. The Government does not anticipate answering questions regarding this Request for Information. Responses to this RFI must be complete and sufficiently detailed to allow for a determination the firm ™s qualifications to perform the defined work. Responses must be on 8 by 11-inch standard paper, single spaced, 12 point font minimum and is limited to 25 single sided pages. The response to this RFI is due 11 JAN 2013. The point of contact for the Navy is Rochelle Lee, Rochelle.lee@navy.mil..
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/DON/NAVFAC/N62470FSC/N6247013R6004/listing.html)
 
Place of Performance
Address: 1322 Patterson Avenue,
Zip Code: SE, Washington DC,
 
Record
SN02946586-W 20121213/121211234631-18e31b1f4a486403d4867f373e8623a4 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.