Laserfiche WebLink
DHS-FEMA-SLCGP-FY22 Page 34 of 36 City of Everett, E24-156 <br />Attachment D <br />WORK PLAN <br />FY 2022 State and Local Cybersecurity Grant Program <br /> <br />PROJECT #1 TITLE Cyber Supply Chain Risk Assessment <br />PROJECT DESCRIPTION <br />This project will assess our current environments in order to create a plan for improving security of our public <br />infrastructure systems--namely water utility and waste water treatment facility, which is a combined waste water <br />and storm water system in some parts of the city. This will involve using a vendor's services to assess the OT/ICS <br />Network of our Water Filtration Plant (WFP) and our Water Pollution Control Facility (WPCP) to obtain a Risk and <br />Vulnerability report. <br /> <br />GAP BEING ADDRESSED <br />This project will close the following gap: the City of Everett IT department currently monitors and tracks CVEs <br />against City's IT and OT devices and will allow us to more closely follow currently unknown supply chain risks by <br />addressing NCSR category ID.SC-2. As we continue to upgrade and fortify our environment, supply chain risk <br />assessment through a third party will give us greater insight into unknown risks of future equipment. <br /> <br />IMPACT <br />In working across departments such as Public Utilities as well as Emergency Services, insight into our supply chain <br />risks will ensure we purchase equipment, software and services that are most likely to continue to provide <br />firmware, software upgrades and security updates. Suppliers will be vetted and assessed as to their business <br />processes and environment. This willl allow us to avoid purchasing assets with known vulnerabilities and ensure our <br />stakeholders that we manage and reduce risk in our IT environments. <br /> <br />OUTCOME <br />The outcome of securing a Supply Chain Risk Assessment Vendor is to be agile in selection of appropriate assets and <br />suppliers, with a clear view of risks we accept when purchasing assets. <br />