Template revised September 22, 2016.
COMMISSION
AGENDA MEMORANDUM
Item No.
4d
ACTION ITEM
Date of Meeting
June 27, 2017
DATE: June 19, 2017
TO: Dave Soike, Interim Executive Director
FROM: Matt Breed, ICT Infrastructure Services
SUBJECT: Enterprise Network Firewall Upgrade Project (CIP #C800908)
Amount of this request:
$1,500,000
Total estimated project cost:
$1,500,000
ACTION REQUESTED
Request Commission authorization for the Executive Director to (1) proceed with the Enterprise
Network Firewall Upgrade project; (2) procure required hardware, software, vendor services,
and maintenance; and (3) use Port staff for implementation, for a total project cost not to
exceed $1,500,000.
EXECUTIVE SUMMARY
This project will procure and upgrade firewalls protecting the Port Enterprise network through
which our financial, human resource, maintenance, project management, and many other
critical systems communicate. Our network firewalls provide the first line of defense against
cyber threats. Because cyber-crime is increasing rapidly in sophistication and prevalence, it is
imperative that we keep pace with current technology in order to stay ahead of these very real
threats.
A network firewall is a security device that grants or rejects network access between an
untrusted zone such as the Internet and an internal network. The Port network is constantly
inundated with outside hacking attempts and viruses. Our firewalls are designed to protect our
internal network resources from these external security vulnerabilities and advanced threats.
Existing Port firewalls, last upgraded seven years ago, do not have the necessary sophistication
and advanced features to fend off today’s advanced cyber threats, and have reached their end
of life.
JUSTIFICATION
This project includes several important benefits.
(1) More advanced security features to stay ahead of today’s cyber threats
COMMISSION AGENDA – Action Item No. 4d Page 2 of 4
Meeting Date: June 27, 2017
Template revised September 22, 2016; format updates October 19, 2016.
(2) Increased processing speeds to meet new system requirements and allow for more
frequent and realistic security penetration testing.
(3) Continued availability of replacement hardware and security patches.
(4) Common management platform across Port networks to reduce inconsistency and
improve efficiency when dealing with security incidents.
DETAILS
Scope of Work
(1) Procure and replace firewall equipment and software for the Port Enterprise network at
the Port’s main SeaTac and backup Liberty Lake data centers.
Schedule
Commission design authorization
2017 Quarter 2
Procurement Complete
2017 Quarter 4
Installation Complete
2018 Quarter 4
Cost Breakdown
This Request
Total Project
Hardware/Software
$880,000
$880,000
Vendor Implementation Services
$182,000
$182,000
Port Labor
$350,000
$350,000
WA State Tax
$88,000
$88,000
Total
$1,500,000
$1,500,000
ALTERNATIVES AND IMPLICATIONS CONSIDERED
Alternative 1 – Purchase firewall equipment as it fails from 3
rd
party vendors
Cost Implications: $0 for project implementation
Pros:
(1) Capital funds are available for other projects.
Cons:
(1) After May 2019, our current firewall vendor will no longer provide security patches for
our system due to the system age. This leaves our network vulnerable to new cyber-
attacks that are constantly maturing and evolving. These attacks will cause network
outages, data loss, and corruption on one of our two largest networks running
financials, maintenance, public safety, and access control systems.
COMMISSION AGENDA – Action Item No. 4d Page 3 of 4
Meeting Date: June 27, 2017
Template revised September 22, 2016; format updates October 19, 2016.
(2) While redundant firewalls are in place to ensure an individual firewall failure doesn’t
immediately put our organization network in jeopardy, the failing equipment must be
replaced or we risk the serious operational impacts of a total failure.
(3) Individual firewall failures would need to be replaced with 3rd party equipment,
reducing our effectiveness and ability to manage the system. This 3rd party
equipment is extremely scarce at the moment and will be increasingly hard to find as
the market matures.
(4) A catastrophic firewall failure would expose the Port’s information systems and
sensitive data to cyber-attacks.
(5) This solution will not scale to accommodate future needs that will require faster
throughput and more advanced security features.
This is not the recommended alternative.
Alternative 2 – Purchase and install redundant network firewall systems for the Port’s
Enterprise network
Cost Implications: $1,500,000
Pros:
(1) Significantly improves the protection of our data and information systems that are
increasingly more vulnerable to cyber-attacks as a result of potential equipment
failure and the growing sophistication of cyber threats.
(2) Improves our flexibility, performance, and management capability to meet current
and future technology requirements.
(3) Provides a common management platform across multiple Port networks.
(4) Meets future requirements for faster throughput and advanced security features.
Cons:
(1) Capital funding is not available for other efforts.
This is the recommended alternative.
FINANCIAL IMPLICATIONS
Cost Estimate/Authorization Summary
Capital
Expense
Total
COST ESTIMATE
Original estimate
$800,000
$0
$800,000
Current change
$700,000
$0
$700,000
Revised estimate
$1,500,000
$0
$1,500,000
COMMISSION AGENDA – Action Item No. 4d Page 4 of 4
Meeting Date: June 27, 2017
Template revised September 22, 2016; format updates October 19, 2016.
AUTHORIZATION
Previous authorizations
$0
$0
$0
Current request for authorization
$1,500,000
$0
$1,500,000
Total authorizations, including this request
$1,500,000
$0
$1,500,000
Remaining amount to be authorized
$0
$0
$0
Annual Budget Status and Source of Funds
This project was included in the 2016-2020 capital budget and plan of finance under committed
CIP #C800908 in the amount of $800,000. A competitive procurement was completed in early
2017 to set a firewall equipment standard and through that process it was determined that a
larger budget will be necessary to meet the objectives for this project. The remaining $700,000
for the capital funding will be transferred from the IT Renewal/Replacement CIP (C800097) to
the project (C800908) resulting in no net change to the overall capital budget.
Financial Analysis and Summary
Project cost for analysis
$1,500,000
Business Unit (BU)
ICT
Effect on business performance
(NOI after depreciation)
NA
IRR/NPV (if relevant)
NA
CPE Impact
$0.01
Future Revenues and Expenses (Total cost of ownership)
Annual maintenance costs are estimated to increase by $31,000. This will be budgeted in the
Information & Communication Technology (ICT) Operating Budget.
ATTACHMENTS TO THIS REQUEST
None
PREVIOUS COMMISSION ACTIONS OR BRIEFINGS
None
