CIP-005-7 and CIP-007-6 OT Firewall Infrastructure and Compliance Assessment

Lakeland Electric is seeking a qualified consultant to conduct an independent evaluation of its Operational Technology (OT) network and perform a comprehensive gap analysis with respect to NERC CIP-005-7 and CIP-007-6 R4 and R5 compliance requirements, specifically as applicable to firewalls and firewall infrastructure. The consultant shall assess Lakeland Electric's current compliance and security posture, identify compliance gaps and security risks related to Electronic Security Perimeter and firewall controls, and provide clear, actionable, and prioritized recommendations to remediate identified deficiencies.

Lakeland Electric is a vertically integrated municipal electric utility owned and operated by the City of Lakeland, serving approximately 256 square miles located entirely within Polk County, Florida. The utility operates approximately 28 circuit miles of 230kV transmission lines and approximately 135 circuit miles of 69kV sub-transmission lines, with 8 synchronous tie lines connecting to Duke Energy Florida, Tampa Electric Company, and Orlando Utilities Commission. Lakeland Electric owns and operates its own generating units and has two medium-impact control centers, seven low-impact BES substations, and one low-impact generating unit. The Energy Management System (EMS), classified as a single cyber system, contains approximately 151 in-scope cyber assets, 145 of which have external routable connectivity within an extended Electronic Security Perimeter. The EMS is protected by an extended Electronic Security Perimeter created by three physical cyber assets (firewalls) operating as a cluster managed by a virtual firewall management server.

Key dates for this proposal include a Q&A deadline of February 16, 2026 at 22:00 UTC and a proposal submission deadline of March 4, 2026 at 20:00 UTC. Respondents must submit complete proposals including pricing, vendor questionnaires, and all required compliance documentation. The scope requires detailed gap analysis findings, actionable recommendations for remediation, and a prioritized implementation plan addressing identified firewall and Electronic Security Perimeter control deficiencies.