Laserfiche WebLink
Attachment D <br />WORK PLAN <br />FY 2023 State and Local Cybersecurity Grant Program <br />PROJECT #1 TITLE Advanced network monitoring for IT & OT networks <br />PROJECT DESCRIPTION <br />This project will implement technical solutions allowing City of Everett to monitor internal network traffic ("East- <br />West"), also known as lateral traffic. This new solution will expand Everett's ability to detect & defend from malicious <br />activity within the city's networks, including both IT and OT networks. This will involve using a vendor's services to <br />ingest network traffic, filter for abnormal events and provide alerting to the city's IT and Security teams. This is a <br />multi -year commitment and will require either future grant funding to sustain this effort or future budget <br />commitments from the city. <br />GAP BEING ADDRESSED <br />This project will address the following gap: the City of Everett IT department does not have visibility to its internal <br />network traffic. This gap was highlighted by completing the NCSR as well as from audit findings from the State <br />Auditor's Office (SAO) audit, conducted in 2022. The project will provide visibility into east -west traffic on both the IT <br />and OT networks and allow alerts to be generated and acted upon, regarding suspicious traffic on the IT or OT <br />network, as well as the ability to better track and record event timeline. <br />IMPACT <br />This project will increase our maturity scores for NIST categories DE.AE-1, DE.CM-1, and DE.CM-7 from our NCSR <br />assessment performed in 2022. Including the ability to monitor east west traffic within our networks will greatly <br />increase our security posture. Should an event occur, we will be able to produce a more detailed timeline of events as <br />well. <br />OUTCOME <br />Adding capability to monitor east -west traffic within our OT & IT networks will address a known security gap, which <br />was identified in our previous assessments. Addressing this gap with a monitoring solution will allow the city to detect <br />unauthorized devices and lateral movement within our networks. This will improve our maturity in the following NIST <br />categories: DE.AE-1, and DE.CM-7. <br />PROJECT #2 TITLE Next Generation Firewalls for OT <br />PROJECT DESCRIPTION <br />This project implements strategic and technical elements of the City of Everett's security and compliance roadmap. It <br />will improve Everett's scores on the following NIST CSF function: PR.PT-4. Assessments, such as the NCSR, and third - <br />party audits, have identified the need to separate the ICS securely from the IT networks. To close this gap, we have <br />planned to create a DMZ between the IT network and OT networks for the water and wastewater utilities. Improving <br />our perimeter security has been identified as one of the most impactful steps towards improving our security posture. <br />Staff is ready to implement, but we do not have the funds budgeted for the firewalls to create the DMZ between ICS <br />and Enterprise networks. <br />GAP BEING ADDRESSED <br />• <br />The city has assessed its water and wastewater industrial control systems using vendors who completed security <br />assessments, as well as self -assessments of our infrastructure. The assessments identified the following gap: OT <br />networks operating water and wastewater utilities are not sufficiently separated from the city's IT network. Thus, a <br />threat actor who breached our enterprise perimeter security would find it relatively simple to move laterally to the OT <br />network. Installing firewalls to build a DMZ between the IT and OT networks follows best practices with regard to <br />DHS-FEMA-SLCGP-FY23 <br />Page 35 of 39 Everett, E24-268 <br />