Smart meter security audit plans schedules proposals contracts discussion results (Tacoma)

Phil Mocek filed this request with the Tacoma Public Utilities of Tacoma, WA.
Tracking #

T003572-101019

Status
Rejected

Communications

From: Phil Mocek

To Whom It May Concern:

Pursuant to the Washington Public Records Act, I hereby request the following records:

Plans for, schedules of, policies dictating the performance of, requests for proposals to, contracts for, discussion of, and results of, all security audits performed of "smart meter" devices (remotely-addressable electrical meters sometimes referred to as "advanced metering infrastructure"), along with metadata. These devices are designed to replace traditional electric meters. They contain sensors that monitor activities inside subscribers' premises and automatically communicate information collected by those sensors to machines in remote locations.

Your agency's "AMI Timeline" published at <hhttps://www.mytpu.org/community-environment/projects/advanced-meters/> indicates that in 2018, critical business requirements were identified, system design began, requests for proposals were sent out, and vendor evaluation and selection occurred. It further indicates that during this year, 2019, you plan for your public utility board to approve contracts, for system design and integration to continue, for installation of netowrk infrastructure to occur, for a lab to be created to test system functions, and for public outreach and employee training to start. Given 1) the risk of massive privacy violations and disruption to many thousands of ratepayers' electrical service that remotely-controlled, real-time usage utility meters create and 2) public outcry over various risk factors associated with "smart meters" in other areas (including just up the street in Seattle), I trust that no vendor was selected prior to auditing of the security of their hardware.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 5 business days, as the statute requires.

Sincerely,

Phil Mocek

From: Tacoma Public Utilities

We received your request Reference number: T003572-101019 Date received: October 09, 2019 Records Requested: From: requests@muckrock.com <requests@muckrock.com>

From: Tacoma Public Utilities

--- Please respond above this line ---

10/15/2019
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
The City of Tacoma and Tacoma Public Utilities has received your public records request dated 10/9/2019, in which you requested the following information:
“From: requests@muckrock.com <requests@muckrock.com>

From: Tacoma Public Utilities

--- Please respond above this line ---

11/18/2019
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
The City of Tacoma and Tacoma Public Utilities has received your public records request dated 10/9/2019, in which you requested the following information:
“From: requests@muckrock.com <requests@muckrock.com>

From: Tacoma Public Utilities

--- Please respond above this line ---

12/11/2019
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
The City of Tacoma and Tacoma Public Utilities has received your public records request dated 10/9/2019, in which you requested the following information:
“From: requests@muckrock.com <requests@muckrock.com>

From: Tacoma Public Utilities

--- Please respond above this line ---

12/13/2019
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
The City of Tacoma and Tacoma Public Utilities has received your public records request dated 10/9/2019, in which you requested the following information:
“From: requests@muckrock.com <requests@muckrock.com>

From: Tacoma Public Utilities

--- Please respond above this line ---

12/31/2019
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
<tpupdr@ci.tacoma.wa.us>Unfortunately it is taking longer than anticipated to compile and review responsive records to your request and determine wh</tpupdr@ci.tacoma.wa.us>ether any of the documents are exempt from disclosure. We now anticipate an update to your request should be determined by January 10, 2020.
In the meantime, if you should have any questions, please feel free to contact me.
Regards,
Lisa Anderson
Public Disclosure Analyst
Public Records Office
(253) 779-7002

From: Tacoma Public Utilities

Attachments:
Exhibit_E_-_City_SSP-A09-FedRAMP-Low-or-Moderate-CIS-Workbook-Template.xlsx (https://u8387795.ct.sendgrid.net/wf/click?upn=Ow1KccipsoIsnXbuEgm-2FNxekXWyvYMvJpkBabV0SC1B3hJr-2BeWI8naUP8-2B8-2FnhZ6-2F9TNemp8-2FviZYpAp2PjEkhyyA2oI7s9-2BGWO8KkwuTC5KRezaRp8Gc8RSvPpoEQaimXaqkGAol7H76R5WFS278rWeI7DZSZrmF0CH79e8lO2CZSjIosut3lUgjQImP-2BJ5Eh-2FvzKyfNewQWH4lBgrfJgqvLxLOVpREt7kzKxzgUDc-3D_Hntq8zuwNOrmWJligGi-2Bs-2FaUiVCIdjq0pEHdv6KdQospWGMYbDXoxBOYD-2BPokqAq4RkEDANdulozt3-2FSWuRU9ye-2BP9-2BnyzWX-2FNNEre7MEaG3m2-2FIQPYnFd0TtzuTCF59ib6T0bBFV8TRCU4CDlmGhksoxXGnNA3PuQ4OjtuBU2JUmWUo6Py7LvehPsX4NRD7xmCmfo2eDFSsdj-2BT0MuEFl0ZRj7kuPaRQ4Mx3FstOrsMpOdTaBQdCpiKvDag8l1CXXfn0F4Edix9IHigdm-2F69Xs95-2Bv4md1D-2BmT7VT7RQ6hVJM4JNxJOx786DofuWj-2BEjzNgVhQQeLmpkQcauabbOICV68l9kdfFmdmdd4c7UwRnov17fJjxX4oo9ZAwG6iyMGeM-2BLLQQzuJpDVfhr-2BneIX2vujbuyIb0FyE9Rc-2BUoY-3D)

--- Please respond above this line ---

01/07/2020
Mr. Phil Mocek
DEPT MR 81475 411A Highland Ave
Somerville, MA  02144-2516
RE: PDR # T003572-101019
Dear Mr. Phil Mocek,
During the procurement phase of the AMI project all proposals were required to fill out responses to a security controls questionnaire.  This initial look into the security and privacy controls provided by the potential AMI vendors was done using the Federal Risk and Authorization Management Program (FedRAMP).  This program was developed by the federal government to standardize the approach to security assessments, authorization and continuous monitoring for cloud products or services being consumed.  We evaluated all vendors to this standard and the form provided in this PDR is an example of the form used.
The completed forms and the follow on security assessments are exempt from public disclosure pursuant to RCW 42.56.420(4) but I hope this alleviates your concerns on cybersecurity diligence. RCW 42.56.420(4) Information regarding the public and private infrastructure and security of computer and telecommunications networks, consisting of security passwords, security access codes and programs, access codes for secure software applications, security and service recovery plans, security risk assessments, and security test results to the extent that they identify specific system vulnerabilities, and other such information the release of which may increase risk to the confidentiality, integrity, or availability of security, information technology infrastructure, or assets;
This request is now closed.  However, if you believe there are responsive records, or this does not meet the scope of your request, please contact me immediately.
Regards,
Lisa Anderson
Public Disclosure Analyst
Public Records Office
(253) 779-7002

Files