SHET network segregation project and networking support services

Concepts

• computer network
• perth
• shet network zones
• shet network segregation project
• network segments
• shet project
• network
• shet
• sse corporate networking
• support services

Location

Onsite delivery to take place across the geography of Scotland, any remote delivery services to be performed within the UK

Description

Scottish Hydro Electric Transmission seek a skilled provider of network and security consulting and project delivery services to design and deliver a major IT network and authentication re-structure. The objective of the project is to further segregate SHET network zones from SSE corporate networking, enabling SHET to apply networking changes in a more agile way with less inter-group dependency. The projects span both IT and OT (operational technology). This project will in 2025 define a costed strategy, architecture secure design, support model and execution plan for SHET to meet its desired network and security outcomes, with execution of the approved design to follow in 2026 as part of the RIIO-T3 regulatory period. On-site execution will take place across the territory of Scotland.

Total Quantity or Scope

The objective of the project is to further segregate SHET network zones from SSE corporate networking, enabling SHET to apply networking changes in a more agile way with less inter-group dependency, and where relevant limit personnel access to network segments. The projects span both IT and OT (operational technology); on-site execution will take place across the territory of Scotland. Project 1 - 2025 (Part of RIIO-T2): Provide costed strategy options to fulfil the programme outcome, this to include; • 'To-be' estate architecture and security design (including Business Continuity and Disaster Recovery design) • 'To be' support model • 'To-be' Resource Plan, including skills matrix and recruitment plan. • Detailed estate transition execution plan including, hypercare and Handover to Support approach • Risk assessment, management and mitigation approach • 'End-state' assessment approach of final estate post-transformation; creating report summarizing outcomes achieved/partially achieved, testing/pen-testing outcomes, residual management/activity required to retain acceptable risk level and manage emerging risk The design phase to provide options that can be reviewed and agreed with by SHET: o High Level Design Options with level of risk for acceptance o Low Level Design Options with level of risk for acceptance • The current network design is complex with a disparate combination of separate and shared services with other SSE businesses. It is important that the design for the "To-Be" solution minimises the risk to the business during the transformation from the current network architecture to the future model. Suppliers should appreciate transition will be undertaken in the context of a live operating environment. • SHET may wish to see an approach where a supplier can deliver a scalable proof of concept of key assemblies in a reasonable time, to demonstrate and rigour-test a solution approach prior to mass-scale deployment The estate transformation will include the following; - Creating a new physically and logically separated Active Directory, directory scheme, configuration, and access control structure. - Physical separation of network and server infrastructure; including: o Servers (including data centres) o Storage, backups o Fibres (using existing fibre bundles/lines) o Switches o Routers o SHET dedicated firewall appliances o Wide Area Network communications between SCADA and remote sites o Firewalls - Physical separation in Purdue level 3, in RIIO-T3, such that Transmission OT systems are only accessible to Transmission staff and their approved suppliers. - Separation of remote devices so they are ringfenced to only access a specific network zone. The prospective supplier should ensure that their proposed design recommendation has been thoroughly reviewed by their internal design authority and will be required to seek design approval from SHET's own design authority. Project 2 - 2026 (Part of RIIO-T3): EXECUTE the agreed costed strategy option; including: • Delivery of estate transformation (including on-site work pan-Scotland) • Solution testing including functional, pen-testing, BCDR testing (where appropriate) • Project management of suppliers own resources, feed into SHET project, programme and design governance. Actively manage risk and mitigate service impact during transition. • Service Transition including SCADA Centre and Sub-stations • Post-implementation hyper-care • Final outcomes and testing report Other services

Renewal Options

Total term of 8 years reflects a top end estimate, including initial project delivery (timescale to be confirmed through detailed planning with successful tenderer) plus option for ongoing services subject to SHET agreeing such services with the successful tenderer

CPV Codes

• 72700000 - Computer network services

Indicators

• Bids should cover the whole contract.
• Renewals are available.
• Financial restrictions apply.
• Professional qualifications are sought.
• Staff qualifications are relevant.
• Award on basis of price and quality.

Other Information

The supplier should be able to provide CREST certified penetration testing services It is desirable that the supplier have the capability to provide IT managed services and project delivery services (for example but not limited to networking, infrastructure, cybersecurity specialisms) and professional services as this may be a future requirement. The PIN estimate reflects a combination of initial project delivery, contingency, potential ad-hoc projects and support services, and is not a promise or guarantee that the estimate will be reached during the initial or renewal terms.