Specifications include, but are not limited to: Part 1 (initial scope) The initial scope will entail requirements, design, implementation, testing, and deployment of an on-board cyber security monitoring solution for a specific Amtrak rolling stock fleet of trainsets. Currently this fleet is expected to contain 83 trainsets with different configurations consisting of approximately 500 train cars of various types – Coach cars, Business cars, Food Service cars etc. The fleet size may grow in time as needed to support Amtrak operations and business objectives. Each trainset in the fleet will contain onboard systems such as Train Control systems, Diagnostics systems, Passenger Information systems, Video Surveillance systems, etc. that are commonly encountered in a modern trainset. Many of these onboard systems will be subject to monitoring by the onboard monitoring solution. The exact scope of systems subject to the monitoring shall be ascertained during discovery phase in Part 1. Part 2: Follow-on scope The follow-on scope extends the initial scope through requirements, design, implementation, testing, and deployment for other rolling stock fleets and associated operational technologies (for critical infrastructure related ET-SCADA, F&S, PTC, dispatch, and C&S) and evaluate bidder's technical experience and maturity in deploying intrusion detection monitoring solutions for operational technology. The exact scope of additional fleet systems and OT systems that will be subject to the monitoring shall be ascertained during a discovery phase in Part 2. Examples of assets include workstations, servers, routers, switches, network monitoring systems, jump hosts, DNS servers, and Remote Terminal Units spread through over 120 various subnets. There will be at least 5 Gigamon taps from which data can be monitored. The sensors would be deployed to at least 5 different geographically separated sites. In addition to section 2.2 requirements, the bidder must address the requirements in sections 3, 4, 5, and 6. By addressing both rolling stock and related operational technologies, we envision a solution that will scale as more sensors are deployed throughout the OT environments in a cost-effective, sustainable, reliable, and manageable manner. Amtrak expects to reduce complexity in integration and compatibility through a single enterprise solution that can provide a seamless user experience through logging, analysis, and alerting of security events in near-real time. Amtrak further expects to reduce analyst fatigue and improve detection through automation, workflows, and artificial intelligence where the capability exists. The objectives of the monitoring capability are to: Identify assets, establish a security baseline configuration, and log, monitor, and alert on deviations from the baseline Detect, analyze, correlate, and alert on anomalous behavior and vulnerabilities Protect assets from exploitation Enable remote access control and monitoring of the solution The maximum total page length for response (e.g., technical, staffing, pricing, management, etc.) is 35 pages.
