Laserfiche WebLink
Exhibit A <br />• Provide an overview of the revised AWWA RRA J100-21 methodology and operational guide, other new <br />and updated related industry standard guidance, and updated USEPA requirements and guidance for the <br />RRA. <br />• Identify and clarify roles and responsibilities of the Arcadis team, Department RRA team, and key <br />stakeholders. <br />• Review previous RRA (2020) assumptions, details, and results for water system mission critical assets, <br />threats, and hazards with associated likelihood, consequence analysis, vulnerability analysis, risk <br />analysis, critical customers, and mitigation measures. <br />• Identify, verify, and obtain information regarding assessment components that require updating, addition, <br />and/or enhancement, including consideration of updated standards and guidance discussed in the RRA <br />overview. <br />• Review a data needs list including, but not limited to existing plans, policies, procedures, as -built design <br />drawings, Geographical Information System (GIS) shapefiles and area maps, previous assessments, <br />after-action/lessons learned exercise and incident reports, asset replacement costs, facility -specific <br />retrofits and upgrades, monitoring capabilities, master plans, asset management programs, and <br />coordinate hydraulic modeling needs with the Department's hydraulic modeling consultant (KMAC <br />Consulting) to obtain specific baseline and risk scenario consequence information. <br />• Review existing and planned mitigation options and CIP aspects to be incorporated into the analysis. <br />Deliverables: <br />1. Workshop PowerPoint slides and materials <br />2. Preliminary and Refined Data Needs List <br />3. Review Workshop summary of key highlights and decisions <br />Task 2.2 — Cyber Workshop and Assessment <br />A two-hour in person/remote Cyber Workshop and up to two, two-hour virtual meetings will be conducted with <br />applicable Department staff, stakeholders, and the Department's Industrial Controls Systems (ICS) subconsultant <br />(Grey Matter Systems) to review and collaborate on completion of the Information Technology (IT) and <br />Operational Technology (OT) cybersecurity assessment portion of the RRA. The IT cybersecurity assessment <br />will include use of the updated AWWA cybersecurity tool and guidance and an Arcadis cybersecurity <br />questionnaire in the two-hour Cyber Workshop with applicable County and Department IT staff . to evaluate IT <br />capabilities, practices, vulnerabilities, potential security breach consequences, and potential IT cyber mitigation <br />measures as required in the RRA. <br />The Cyber Workshop will focus on accomplishing the following: <br />• Review existing IT practices <br />• Discuss existing IT critical system vulnerabilities <br />• Complete the AWWA Cyber Security Tool with applicable County and Department staff <br />• Identify IT cybersecurity potential mitigation measures and enhancements. <br />An additional two-hour virtual meeting will be conducted to review and verify results of the IT cybersecurity <br />assessment and potential mitigation measures proposed in the RRA. <br />The Department is currently completing a major ICS Network project that emphasizes cybersecurity <br />enhancements to address cybersecurity identified OT system vulnerabilities with their subconsultant Grey Matter <br />Solutions. This project is nearing completion of the design phase. Arcadis will review and evaluate ICS design <br />