Proposal Alert
Expired RFQ

Cyber Security – 07 PSEGLI Vulnerability Assessment/Penetration Test

LIPA is seeking a comprehensive penetration testing assessment across PSEGLI's Enterprise and Operational Technology environments, including external network testing (up to 100 IPs, single DNS domain), internal network testing (1,000+ Windows-based IPs with IT/OT segmentation evaluation), wireless testing (2 SSIDs at 1 location), OWASP Top 10 web application testing on customer portals and SCADA interfaces, and ICS/SCADA security assessment across primary and disaster recovery sites. Testing must be non-disruptive, conducted during Eastern Time business hours with pre-approved scheduling, and coordinated with operations staff for OT systems.

LIPA NY

Important dates

  • Published

  • Submission deadline

    Deadline passed

AI overview

LIPA is requesting quotations from qualified cybersecurity vendors to conduct a comprehensive penetration testing assessment of PSEGLI's Enterprise and Operational Technology (OT) environments. The engagement includes: (a) External Network Penetration Test - assessing public-facing systems and services hosted on-prem and in the cloud, identifying vulnerabilities exploitable from the internet, attempting controlled exploitation to validate risk, testing up to 100 IPs and a single principal DNS domain, performed remotely during business hours (Eastern Time); (b) Internal Network Penetration Test - simulating an attacker with internal network access, testing segmentation between corporate IT and OT networks, evaluating Active Directory and identity management security, covering more than 1,000 active IPs primarily Windows-based assets, may be conducted remotely using a vendor-provided virtual machine in bridged mode; (c) Wireless Network Penetration Testing - performed during business hours (Eastern Time), covering 1 location with 2 SSIDs, may be performed remotely using a portable Wi-Fi testing appliance; (d) Web Application Testing - conducting OWASP Top 10-based testing on critical web applications including customer portals, billing systems, and SCADA web interfaces; (e) Operational Technology (OT) Security Assessment - reviewing ICS/SCADA systems for exposure and vulnerabilities, validating network isolation and remote access controls, conducting non-disruptive testing in coordination with operations staff. The objective is to identify vulnerabilities, assess risks, and provide actionable recommendations to strengthen cybersecurity posture. All testing must be conducted in a non-disruptive manner with pre-approved scheduling. Vendor must sign an NDA and comply with all applicable laws, regulations, and industry standards. All findings and reports are the sole property of The Long Island Power Authority. PSEGLI maintains a primary and secondary (disaster recovery) site, and the scope includes systems and applications located at both sites.

Resources & contact

Proposal Document

View proposal document

Contact

Unlock Full Access to Utility Proposals

You're viewing past opportunities. Start a free trial to see active RFPs right now, filter by your utilities, and get real-time alerts — no credit card required.

Sign Up Free

Already have an account? Log in

Back to proposals