Industrial Control HW and SW Cybersecurity Assessment

Michigan State University

Buyer is seeking proposals for a cybersecurity assessment of SCADA systems in their Infrastructure, Planning and Facilities network domain. The assessment includes the closed loop domain controlling the MSU Power Plant operational technology. Buyer requires a comprehensive evaluation of vulnerabilities, compliance with relevant standards, and actionable recommendations to enhance cybersecurity controls. The assessment will cover multiple network domains and segments, with a focus on operational technology security.

• 8/19/2024 - RFP Issue Date
• 8/30/2024 - Deadline for Respondent Questions
• 9/27/2024 - Proposal Due Date
• 11/11/2024 - Estimated Contract Award

• Vendor must have OT/ICS experience in dealing with sensitive equipment
• Vendor must understand NIST/CSF requirements along with other cybersecurity requirements

• Perform cybersecurity assessment of SCADA systems in Infrastructure, Planning and Facilities network domain
• Assess closed loop domain controlling MSU Power Plant operational technology
• Conduct Compromise Assessment, Architecture Review, and OT Cybersecurity Assessment
• Provide prioritized recommendations to address identified vulnerabilities
• Deliver compliance report for relevant standards and regulations
• Create comprehensive assessment report documenting findings across multiple network domains
• Evaluate and test sensitive equipment that does not respond well to testing
• Assess compliance with NIST/CSF requirements and other cybersecurity standards