4d. Memorandum
COMMISSION AGENDA MEMORANDUM Item No. 4d ACTION ITEM Date of Meeting June 27, 2017 DATE: June 19, 2017 TO: Dave Soike, Interim Executive Director FROM: Matt Breed, ICT Infrastructure Services SUBJECT: Enterprise Network Firewall Upgrade Project (CIP #C800908) Amount of this request: $1,500,000 Total estimated project cost: $1,500,000 ACTION REQUESTED Request Commission authorization for the Executive Director to (1) proceed with the Enterprise Network Firewall Upgrade project; (2) procure required hardware, software, vendor services, and maintenance; and (3) use Port staff for implementation, for a total project cost not to exceed $1,500,000. EXECUTIVE SUMMARY This project will procure and upgrade firewalls protecting the Port Enterprise network through which our financial, human resource, maintenance, project management, and many other critical systems communicate. Our network firewalls provide the first line of defense against cyber threats. Because cyber-crime is increasing rapidly in sophistication and prevalence, it is imperative that we keep pace with current technology in order to stay ahead of these very real threats. A network firewall is a security device that grants or rejects network access between an untrusted zone such as the Internet and an internal network. The Port network is constantly inundated with outside hacking attempts and viruses. Our firewalls are designed to protect our internal network resources from these external security vulnerabilities and advanced threats. Existing Port firewalls, last upgraded seven years ago, do not have the necessary sophistication and advanced features to fend off today's advanced cyber threats, and have reached their end of life. JUSTIFICATION This project includes several important benefits. (1) More advanced security features to stay ahead of today's cyber threats Template revised September 22, 2016. COMMISSION AGENDA Action Item No. 4d Page 2 of 4 Meeting Date: June 27, 2017 (2) Increased processing speeds to meet new system requirements and allow for more frequent and realistic security penetration testing. (3) Continued availability of replacement hardware and security patches. (4) Common management platform across Port networks to reduce inconsistency and improve efficiency when dealing with security incidents. DETAILS Scope of Work (1) Procure and replace firewall equipment and software for the Port Enterprise network at the Port's main SeaTac and backup Liberty Lake data centers. Schedule Commission design authorization 2017 Quarter 2 Procurement Complete 2017 Quarter 4 Installation Complete 2018 Quarter 4 Cost Breakdown This Request Total Project Hardware/Software $880,000 $880,000 Vendor Implementation Services $182,000 $182,000 Port Labor $350,000 $350,000 WA State Tax $88,000 $88,000 Total $1,500,000 $1,500,000 ALTERNATIVES AND IMPLICATIONS CONSIDERED Alternative 1 Purchase firewall equipment as it fails from 3rd party vendors Cost Implications: $0 for project implementation Pros: (1) Capital funds are available for other projects. Cons: (1) After May 2019, our current firewall vendor will no longer provide security patches for our system due to the system age. This leaves our network vulnerable to new cyberattacks that are constantly maturing and evolving. These attacks will cause network outages, data loss, and corruption on one of our two largest networks running financials, maintenance, public safety, and access control systems. Template revised September 22, 2016; format updates October 19, 2016. COMMISSION AGENDA Action Item No. 4d Page 3 of 4 Meeting Date: June 27, 2017 (2) While redundant firewalls are in place to ensure an individual firewall failure doesn't immediately put our organization network in jeopardy, the failing equipment must be replaced or we risk the serious operational impacts of a total failure. (3) Individual firewall failures would need to be replaced with 3rd party equipment, reducing our effectiveness and ability to manage the system. This 3rd party equipment is extremely scarce at the moment and will be increasingly hard to find as the market matures. (4) A catastrophic firewall failure would expose the Port's information systems and sensitive data to cyber-attacks. (5) This solution will not scale to accommodate future needs that will require faster throughput and more advanced security features. This is not the recommended alternative. Alternative 2 Purchase and install redundant network firewall systems for the Port's Enterprise network Cost Implications: $1,500,000 Pros: (1) Significantly improves the protection of our data and information systems that are increasingly more vulnerable to cyber-attacks as a result of potential equipment failure and the growing sophistication of cyber threats. (2) Improves our flexibility, performance, and management capability to meet current and future technology requirements. (3) Provides a common management platform across multiple Port networks. (4) Meets future requirements for faster throughput and advanced security features. Cons: (1) Capital funding is not available for other efforts. This is the recommended alternative. FINANCIAL IMPLICATIONS Cost Estimate/Authorization Summary Capital Expense Total COST ESTIMATE Original estimate $800,000 $0 $800,000 Current change $700,000 $0 $700,000 Revised estimate $1,500,000 $0 $1,500,000 Template revised September 22, 2016; format updates October 19, 2016. COMMISSION AGENDA Action Item No. 4d Page 4 of 4 Meeting Date: June 27, 2017 AUTHORIZATION Previous authorizations $0 $0 $0 Current request for authorization $1,500,000 $0 $1,500,000 Total authorizations, including this request $1,500,000 $0 $1,500,000 Remaining amount to be authorized $0 $0 $0 Annual Budget Status and Source of Funds This project was included in the 2016-2020 capital budget and plan of finance under committed CIP #C800908 in the amount of $800,000. A competitive procurement was completed in early 2017 to set a firewall equipment standard and through that process it was determined that a larger budget will be necessary to meet the objectives for this project. The remaining $700,000 for the capital funding will be transferred from the IT Renewal/Replacement CIP (C800097) to the project (C800908) resulting in no net change to the overall capital budget. Financial Analysis and Summary Project cost for analysis $1,500,000 Business Unit (BU) ICT Effect on business performance NA (NOI after depreciation) IRR/NPV (if relevant) NA CPE Impact $0.01 Future Revenues and Expenses (Total cost of ownership) Annual maintenance costs are estimated to increase by $31,000. This will be budgeted in the Information & Communication Technology (ICT) Operating Budget. ATTACHMENTS TO THIS REQUEST None PREVIOUS COMMISSION ACTIONS OR BRIEFINGS None Template revised September 22, 2016; format updates October 19, 2016.
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.