Cyber Vulnerability Assessment of Lakeland Electric’s Energy Management System

Lakeland Electric seeks qualified cybersecurity professionals to conduct a comprehensive Cyber Vulnerability Assessment (CVA) of its Energy Management System (EMS). The assessment must identify and evaluate potential risks to critical assets and ensure compliance with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standards, specifically NERC CIP-010-4 R3 requirements. The contractor will assess the effectiveness of existing security controls, detect vulnerabilities that could be exploited by threat actors, and determine the overall risk to the reliability of the Bulk Electric System (BES).

Lakeland Electric is a vertically integrated municipal electric utility owned and operated by the City of Lakeland, Florida, serving approximately 256 square miles in Polk County. The utility operates a transmission system consisting of approximately 28 circuit miles of 230kV lines and approximately 135 circuit miles of 69kV sub-transmission lines, with 8 synchronous tie lines to three different utilities. LAK owns and operates its own generating units and has two control centers rated as medium impact, seven BES substations and one generating unit rated as low impact.

The CVA deliverables must include identification of vulnerabilities, recommendations for mitigation strategies, and suggested improvements to ensure that Lakeland Electric maintains a robust cybersecurity defense posture in alignment with NERC CIP requirements. The assessment should focus on critical infrastructure protection and operational technology security.

Key dates include a Q&A deadline of September 12, 2024 at 9:00 PM ET and a proposal submission deadline of September 20, 2024 at 6:00 PM ET. The RFP was released on August 29, 2024.