B -- DEVELOPMENT OF METHODOLOGY FOR SECURITY TESTING OF COMPUTING PLATFORMS FOR ELECTRIC POWER CONTROL SYSTEMS

Notice Date

June 15, 2001

Contracting Office

Department of Commerce, National Institute of Standards and Technology (NIST), Acquisition and Logistics Division, 100 Bureau Drive, Building 301, Room B129, Mail Stop 3571, Gaithersburg, MD, 20899-3571

ZIP Code

20899-3571

Solicitation Number

1-811-5480

Response Due

June 22, 2001

Point of Contact

Sandra Febach, Sup. Contracting Officer, Phone (301) 975-6326, Fax (301) 975-8884, Email sandra.febach@nist.gov

Description

The National Institute of Standards and Technology (NIST) plans to issue a purchase order on a sole source basis to EPRI, 3412 Hillview Avenue, Palo Alto, CA. 94304, under the authority of FAR 13.106-1(b). NIST is examining security vulnerabilities of computing platforms used by the electric industry as part of the Critical Infrastructure Protection (CIP) Initiative. The National Plan for Information Systems Protection, prepared by the CIP Interagency Working Group (IWG) cites control systems as critical points of vulnerability in America's industrial infrastructure. The NIST Electricity Division of the Electrical and Electronics Engineering Laboratory is collaborating with the Manufacturing Engineering Laboratory to help identify and address the security vulnerabilities of computer systems used by the electric power and other process control industries. Two of the goals of this work are to develop security requirements for control systems such as Programmable Logic Controllers (PLC) and Distributed Control Systems (DCS), and to review and analyze, in collaboration with industry, existing power industry standards efforts. To achieve these goals, the NIST Electricity Division is seeking support to identify the security weaknesses of and develop security test procedures for control systems such as PLC and DCS systems, and to review and analyze electric power industry IT standards development efforts. EPRI has the experience and contacts with the electric power industry, and the in-depth knowledge of the industrial controls used in power generation, transmission, and distribution to satisfy the requirements of this project. EPRI is the only known responsible source that has an established program in security control systems used by electric utilities. EPRI is also the primary research and development organization for the electric power industry. As a result of conducting a series of workshops in this discipline for the power industry, EPRI has gained information not available to other contractors that is needed to successfully identify the security problems and develop the methodologies in the requested work in the required time limits. For these reasons, it is in the best interest of the Government to contract only with EPRI for these requirements. The period of performance will be six months from date of contract award. Interested persons may identify their interest and capability to respond to the requirement. This notice of intent is not a request for competitive quotes. However, the Government will consider all responses received by the date identified above. Written responses to this synopsis shall contain sufficient documentation to establish a bonafide capability to fulfill the requirement. A solicitation is not available.=20 See Note 26.

Web Link

Visit this URL for the latest information about this (http://www.eps.gov/spg/DOC/NIST/AcAsD/1-811-5480/listing.html)

Record

Loren Data Corp. 20010619/BSOL003.HTM (D-166 SN50P0T5)