The Saturn Partners, Inc.

Capabilities Statement

Carole Crawford President & CEO

Winter 2014

Cyber Security and SCADA Security Engineering

P a g e | 2

COMPANY OVERVIEW

We are The Saturn Partners, Inc., Since 2001, we’ve been providing network and critical

infrastructure security services, serving clients in industries such as banking, health care, utilities,

education and federal government sectors, with the ratio of clients returning to us for services

each year or sooner in the range of 87%.

Take a look at these security concerns for your network environment:

By 2015, we will witness several successful, internationally known hacker attacks on sensitive

data that governments and prominent enterprises will have failed to protect.

By 2015, almost one-third of companies plan on delivering private cloud capabilities.

Many companies have major "holes" in their overall security programs, which can produce

catastrophic results in case of a major breach in the network environment. An example is a client

who conducts regular third party vulnerability testing on the network, maintains a high quality

body of IT security policies, but has an obsolete disaster recovery plan that hasn't been updated

or tested for years.

OUR CORE SERVICES AT A GLANCE:

Cyber risk assessment and analysis

Vulnerability Assessment and Penetration Testing

Disaster Recovery Planning/Testing and COOP

Physical/environmental security assessments

Breach and compromise assessments

SCADA services for Critical Infrastructure

Wireless Security Assessments

Policy and Procedure Review and Design

Standards-based assessments (ISO, NIST, FERC, SOX, GLBA, HITECH)

NOTE: For more on these specialized services for your particular environment, email us at

cacrawf@saturnpartners.com or call us at 262-942-3626 or 312-961-9469 today.

See more specifics on additional Cyber security related services later in this brochure....

No matter what your business is, IT management will see security concerns that will force needed

change...which demands that you adapt your IT and ENVIRONMENTAL security programs

for 2014.

P a g e | 3

Whether you need help in the areas of disaster recovery planning/testing, vulnerability

assessments (including penetration testing), social engineering, IT security policy development or

SCADA testing, The Saturn Partners is at the forefront when it comes to helping clients address

and plan for new security threats in 2014.

If your organization is facing budget constraints which prevent you from moving forward with

necessary security audits, contact us. Our SCALABLE solutions are designed to fit any security

program budget. Get in touch with us today for a free consultation on how we can help you.

Company Overview

The Saturn Partners, Inc. (SPI) is a 100% Woman-Owned, Small Business

Administration’s (SBA) Small Business. located near Chicago, Illinois in Southeastern

Wisconsin. SPI services include cyber security, SCADA security, business re-

engineering, disaster recovery planning, testing; assessments on overall efficiency and

productivity within management, operations and network ranks, and customized

training in emergency preparedness, operational efficiency, and streamlining of

operational processes which affect overall productivity, among other areas.

Since 2001, SPI has worked with banks and credit unions to help prepare for Federal Deposit

Insurance Corporation (FDIC), the Statement on Auditing Standards No. 70 (SAS 70) and other

operational audits; hospitals and clinics to overhaul strategic operations while adhering to Health

Insurance Portability and Accountability Act (HIPAA) standards. Additionally, SPI works with

electrical and water utilities to assist with developing protection standards along North American

Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC)

guidelines, for critical grid infrastructures, to guard against mechanical failure and compromise

both internally and externally. SPI has worked with state universities to develop safety and

soundness programs for their operational and network structure in case of disaster or compromise

and train for incident response at all levels of management. Since 2005, we have offered SCADA

consulting and testing services for utilities and other grid operated industry clients, including in

the Eastern Caribbean region.

In May, 2012, Saturn also won a spot on Cambridge International’s Small Business team for HHS

and their CIO3CP contract. In addition, Saturn has a spot on the Small Business team for

Cambridge International Inc. for EAGLE II, awarded in Fall of 2013.

P a g e | 4

SERVICES

SPI has focused on assisting clients with development and testing of all elements of a sound

Information Technology (IT) and environmental security plan. Because Security is a PROCESS

AND NOT A PRODUCT, SPI offers these Security services to clients, either separately or as a

bundled offering. These can be tailored to fit any regulatory standards to which clients are seeking

to adhere.

Specifically, SPI offers services under the following North American Industry Classification

System (NAICS) Codes and qualifies as a small business for each code:

238210 - Electrical Contractors and Other Wiring Installation Contractors

512290-Other Sound Recording Industries

519190-All Other Information Services

532490-Other Commercial and Industrial Machinery and Equipment Rental and Leasing

541330-Engineering Services

541350-Building Inspection Services

541380-Testing Laboratories

541420-Industrial Design Services

541490-Other Specialized Design Services

561499-All Other Business Support Services

541511-Custom Computer Programming Services

541512-Computer Systems Design Services

541513-Computer Facilities Management Services

541519-Other Computer Related Services

541611-Administrative Management and General Management Consulting Services

541614-Process, Physical Distribution, and Logistics Consulting Services

541618-Other Management Consulting Services

541620-Environmental Consulting Services

541690-Other Scientific and Technical Consulting Services

561621-Security Systems Services (except Locksmiths)

562910-Remediation Services

Additional services offered under our Cyber security umbrella include

Cyber Security Testing and Plan Development

Remote Scanning Services

IT Vulnerability Assessments/External/Internal

Penetration Testing

Business Continuity/Disaster Recovery Planning and Testing

Voice over IP Telephony Assessments

Business Processes/Efficiency Studies and Audits

P a g e | 5

Safety and Soundness Auditing

SCADA/Critical Controls Security

Voice over IP Systems Implementation/Management and Call Center Assistance

24/7 Monitoring Services/Managed Scanning Services

Patch and Anti-Virus Management

Host and Perimeter Intrusion Protection

Email Encryption and Privacy Protection

VoIP and WAN Infrastructure Design

Web Application Security Analysis

SLA Review Services

Web Development/Hosting

Redundant/Fail-Over Site Design

Data Vaulting/Availability Solutions

Secure Data Center Solutions

Secure Internet Access Services

Internet and Email Content Management

Federal or Regulatory Audit Compliance Assistance

Certification and Accreditation Services

800 Series Compliance Assistance

Security Testing and Evaluation Services (ST&E)

Network Security Policy Development and Auditing

Custom Software and Web Development Services

Environmental Auditing

Project Management Expertise

Security Awareness and NIMS-related Disaster Preparedness Training

Managed Security Risk Services through Acquisition Lifecycle

Emergency Notification Services

Web Based Customized Network Security Training Services

P a g e | 6

STAFF QUALIFICATIONS

SPI deploys engineers and analysts worldwide for specific projects for clients in the financial,

health care and other sectors, and added business continuity planning and disaster recovery

planning services in 2005 to the company lineup of services. The Saturn Partners, Inc. is located

in Pleasant Prairie, Wisconsin, on the shores of Lake Michigan, approximately 45 minutes north

of Chicago.

At SPI our staff is the cornerstone of our success. Seasoned in-house staff and consultant

associates, each of whom possesses specialized professional expertise that enables the company to

provide clients with the highest level of quality in service and product delivery, comprise our

team. Committed to ongoing growth and improvement, our staff is eager and ready to help clients

meet the ever-changing demands of an ever-changing world.

SPI has a highly experienced professional staff with cumulative experience in excess of 100

years. Through participation in numerous professional associations and technical committees, the

SPI staff maintains current proficiency in many specialty areas.

Among the certifications held by members of our team are the following. (ADD RAY'S NEW

ACRONYMS HERE)

CISSP (Certified Information Systems Security Professional)

CBCP (Certified Business Continuity Professional)

PMP (Project Management Professional)

CCSP (Certified Cisco Security Professional)

CISA (Certified Information Systems Auditor)

CSOX (Certified Sarbanes-Oxley)

CCNA (Cisco Certified Network Associate)

CCDA (Cisco Certified Design Associate)

HIMS (Health Information Management System)

Certified Ethical Hacker

SCADA Certified Engineer

The following are Key Personnel at SPI and their resumes are available upon request. The SPI

team collectively has experience in most levels of government at the local, state, and Federal

Levels to include the US Department of Defense, National Security Agency, US Department of

Navy, among others.

Carole Crawford

Blake Turrentine, CISSP (SEE BLAKE'S AND JOVON'S RESUME HERE

Jared R. Greene, CPTE, CCDP, CISSP, ISSAP, ISSMP, CCNP, PCIP, CHS

Jovon Itwaru, CISSP, SCJP, MCSA

P a g e | 7

Ray Friedman, CISSP

Below is a sample of capabilities summaries of some of our team members:

Carole Crawford

Ms. Crawford founded The Saturn Partners, Inc. (SPI) in 2001 after leaving the technology sector

to focus on work related to Internet security and the new, but growing Internet security threat in

the network environments of corporate clients. She received her MBA from Roosevelt University

in Chicago and worked in various levels of management in the software, high speed ATM and

other technology sectors during the years before founding the company.

Serving as the managing partner and currently Chief Operations Officer for SPI, Ms. Crawford

began developing security policies for banks to comply with the Gramm-Leach-Bliley Act,

followed by compliance assistance for hospitals related to HIPAA privacy standards. Next was

compliance with Federal standards bodies and development of services for disaster recovery

planning for networks and SCADA testing for critical infrastructures such as those found in

electrical utilities, transportation hubs and chemical factories.

Jovan Itwaru, CISSP, SCJP, MCSA

Mr. Itwaru is a systems analyst with extensive experience in security, architecture, and design

implementation. He is experienced in problem identification and efficient resolution

incorporation with extensive practical application of network management in enterprise

environments. Mr. Itwaru is a team oriented professional desiring a challenging atmosphere to

meet organizational goals and objectives.

Shelley Fraizer, CISSP

Ms. Frazier has extensive experience in providing security support for multimillion-dollar

military information systems. She is highly successful in the development of security

documentation, by understanding network and system engineering concepts combined with the

knowledge and understanding of security directives. Ms. Frazier has also provided support in

security assessments, requirements analysis, certification and accreditation (C&A), certification

test and evaluation (CT&E), security test and evaluation (ST&E) and experience with multilevel

automated information systems. She has provided security support for multiple governmental

agencies, which include Department of Army, the National Security Agency (NSA) and the

Department of the Air Force and maintains current DOD Top Secret Clearance.

Ray Friedman, CISSP:

Raymond Friedman is the CEO and President of Mile2® and has been in the IT Security space

since 2002. While in this industry, he has been actively engaged in consulting for global financial

P a g e | 8

and government institutions; performing security audits, penetration tests and digital forensics

services. During his tenure at Mile2®, Raymond has spearheaded the development of the present

series of Mile2® certifications which have become globally recognized. Presently, Raymond

carries several certifications and advanced degrees such as the Master of Science in Accounting –

Forensics & Controllership, the Certified Information Systems Security Officer, Certified

Penetration Testing Engineer and Certified Digital Forensics Examiner. Ray has conducted

dozens of Vulnerability Assessments, Penetration Tests, Social Engineering projects and other

related work for The Saturn Partners since 2009.

STRATEGIC TEAMING PARTNERS

It is becoming increasingly important for companies to team on projects to provide the highest

possible quality service in responding to complex government requirements. By creating such

relationships, customers receive the full complement of specialized expertise and comprehensive

solutions for their programs.

We are proud of the partnerships we have built with many professional organizations including:

Transystems (Kansas City, MO)

Transystems is a very large transportation construction and consulting firm, positioned

strongly in the FAA and DOT, providing airport construction, transit construction and

highway construction projects. SPI has subcontracted to Transystems in providing

SCADA testing services to the Department of Water Resources in California, a

Transystems client. SPI also offers vulnerability testing, security policies and disaster

recovery planning services to Transystems in various offices in the U.S.

CH2M Hill (Milwaukee, WI)

SPI works closely with the Milwaukee location and other regions in pursuing joint

environmental security projects where infrastructure security is an issue. Based in

P a g e | 9

Denver, this large environmental partner has teams with SPI on projects involving EPA

and other government agencies.

Technical Toolboxes and TechCorr/Catalyst

These Canadian and Texas companies work closely with SPI to enhance SPI services in

the SCADA area, adding maintenance services, upgrades, auditing services system

replacement and inspection services to SCADA clients in the utilities and oil/gas pipeline

sectors.

Ready Alert Services (Tampa, FL)

SPI partners with Ready Alert to offer web/text based emergency notification services to

the DHS/Customs and Border Patrol, through an 8a sole source prime contract awarded to

SPI in January of 2009. Other work with Ready Alert includes project management duties

for Ready Alert clients Indianapolis International Airport, South Bend Indiana Airport and

others. SPI is expanding the offering for Ready Alert, pursuing further contract expansion

to TSA within DHS and other areas where this vital and competitively priced service is

greatly.

Robert Slye Electronics (Arlington, VA)

SPI has a 5 year 8a sole source contract with Slye where SPI is the Prime contract holder

to offer specialized AV and electronic support services to the U.S. Treasury/OCC on a

monthly basis for special events. This Arlington, VA based partner has worked with such

agencies as the Smithsonian, U.S. Army, U.S. Treasury and other agencies since 1960 and

hand-picked SPI, a Wisconsin based 8a, for this important and sensitive AV contract with

the OCC.

Mile2: IT Security Training/Disaster Recovery Planning/Testing/Social Engineering:

P a g e | 10

Mile 2 is our source for sensitive, high level training certification offerings, For just a

sampling of the type of training services offered by this valued partner, see below:

.

P a g e | 11

SPECIFIC PROJECT SUMMARIES

PROJECT ONE: Emergency Alert & Consulting Services

Company/Agency Name:

Department of Homeland Security

Customs and Border Protection (Office of Air and

Marine)

Address: 1120 Seaway Drive, Suite 200, Ft. Pierce FL 34949

Phone Number: 772-466-1648, ext 105

FAX NUMBER: N/A

POC FOR THE PROJECT: Chris Wiyda

POC EMAIL ADDRESS: Christopher.wiyda@dhs.gov

PROJECT PERIOD OF

PERFORMANCE: November 2008-2013

BRIEF DESCRIPTION:

SPI was contracted as a prime contract holder on this emergency notification alert services and

consulting contract for the Customs and Border Protection office of the Department of Homeland

Security (DHS), within the Office of Air and Marine. Currently this new contract is set to run for

one (1) year to launch the service in the Miami District, and eventually expand into California and

other regions in subsequent years. There is no current cutoff to the contract, which commenced

on November 7, 2008.

SERVICES PROVIDED:

SPI’s subcontract partner, Ready Alert Services of Largo, Florida will assist in managing the

service implementation and rollout, with SPI as the project management for the duration of the

contract. The service provides real time confirmation that the recipients of a text message, used in

the event of failure of conventional telecommunication service, have read and responded to the

alert, which is sent and tracked in real time. The service reaches thousands of people in minutes

with one easy to send alert transmitted simultaneously to the recipient’s cell phone, pager, PDA

and all e-mail accounts. This service can be used in non-emergency mode as well for mass

updates and scheduling as well.

RESULTS ACHIEVED:

This contract will deliver a fully managed program to DHS and we expect to expand into other

areas. We expect to improve overall emergency preparedness levels within this agency with this

service and develop it for DHS in other regions to come.

P a g e | 12

PROJECT TWO: HIPAA Operational Compliance Audit

Company/Agency Name: The Monroe Clinic

Address: 515 22nd Avenue, Monroe, WI

Phone Number: 608-324-1584

FAX NUMBER: N/A

POC FOR THE PROJECT: Ron Mattson, IT Director

PROJECT PERIOD OF

PERFORMANCE: Fall 2006, and Fall 2013/Winter 2014

BRIEF DESCRIPTION:

SPI was contacted to guide hospital management in compliance with HIPAA standards for safety and

soundness.

SERVICES PROVIDED:

SPI was tasked to upgrade all operational management processes for critical systems, infrastructure,

personnel and security policy, and construct a working blueprint for business continuity of systems,

aligned with HIPAA security and operational management guidelines, for infrastructure, operational

procedures, security and soundness policy and business continuity for systems for this client.

Extensive in- and out-brief meetings were conducted, before, during and at the conclusion of the project

work. The purpose of this was to serve as checkpoints throughout the work in the areas of policy

development, audit of management procedures, controls, and ongoing advisement to the client of the status

of current standards of business continuity and systems preparedness in case of disaster to the hospital

operational system or its environment. Using proven change management processes, SPI was able to

instigate and assist with immediate and ongoing changes to less than efficient standards within the hospital

operations, as well as networks, according to HIPAA guidelines.

All systems, controls and procedures were tested for soundness; training parameters for employees and

management were upgraded using Power Point tools for future training sessions.

SPI made recommendations regarding system placement, equipment usage, upgrades of equipment and

software for patient recordkeeping, to replace old and outdated methods of record management. New

safeguards were put in place by SPI as a result of weaknesses found in communications policies and

network structures, and all systems standards were upgraded, to be put into place for use during 2006-

2007.

A slight project delay of a week was encountered due to the under-estimation of the size of the overall

environment to be audited, but this was handled with adjustments to the original estimates and we still

finished the project within the desired timeframe. Our reports were delivered on time, within 30 days of

project completion, which consisted of offsite research and surveys, offsite testing and onsite inspections,

analysis and training sessions with hospital management during the two week onsite portion of the project.

SPI continues to monitor the process of streamlining and upgrading all communications, systems

management practices, software applications and policies into 2008, when we are scheduled to return to

P a g e | 13

undergo another complete audit of Monroe Clinic to review all standards and practices once again for

HIPAA compliancy and overall efficiency.

Tools involved included HIPAA standards, power point training programs, matrices with timelines for

suggested upgrades and changes, policy templates we have developed, training examples for employee

responsibility and duty under both HIPAA and current legal policy for Monroe Clinic, using power point

and written guidelines as part of our audit report.

RESULTS ACHIEVED: SPI succeeded in raising management awareness of serious weaknesses in core management practices

within the network and key department management areas located in outpatient, nursing, cardiac and

emergency sectors. All policies governing management practices in these departments were reviewed and

upgraded using the latest standards and guidelines to assure HIPAA compliancy.

P a g e | 14

PROJECT THREE: Business Continuity Planning and Development

Company/Agency Name: Grenada Electrical Utilities, Ltd

Address: St George’s Parish, Grenada, West Indies

Phone Number: 473-440-2111

FAX NUMBER: N/A

POC FOR THE PROJECT: Jeffrey Neptune, Director of Operations

POC EMAIL ADDRESS: jneptune@grenlec.com

Project Performance Period: September 2004, 2007 and 2012 ongoing

BRIEF DESCRIPTION:

SPI was first contracted to design, test and implement disaster preparedness for a three island

utility in the Eastern Caribbean after devastation left behind by Hurricane Ivan in late 2004.

SERVICES PROVIDED:

SPI’s planning and designing of this emergency response/disaster recovery and business

continuity effort for GRENLEC included all operations, SCADA infrastructure, networks,

personnel policies and upper management strategic planning for downtime and outage, when

from attack or operational/structure failure.

SPI evaluated the risk to business process failures, identified critical and necessary business

functions/processes and their resource dependencies; estimated the financial and operational

impacts of disruption and the required recovery timeframe for these critical business functions.

SPI also assessed the effectiveness of existing risk reduction measures.

SPI was also tasked to identify a range of specific recovery strategies to address interruptions of

production processes, identify the computing resources required to recover the various distributed

processing environments and document alternative recovery strategies within a Recovery Strategy

Selection report to Grenada Electricity Services, Ltd.

No problems were encountered during this project, although SPI anticipated a normal lag

times/delays in getting our business impact analyses back from senior management. However,

we received the surveys back in 30 days and SPI was able to complete milestones in a timely

fashion

RESULTS ACHIEVED:

SPI has successfully developed an updatable emergency and disaster response plan with a clear

management blueprint to assist with continuity of operations (COOP) for this island utility,

aligned along with the U.S. examples of those plans designed by NERC for American utilities to

follow for safety, soundness, efficiency of infrastructure management and management

procedures.

P a g e | 15

PROJECT FOUR: Operational Security Audit

Company/Agency Name: University of Wisconsin

Address: Hwy E, Kenosha, WI 53144

Phone Number: 262-595-2010

FAX NUMBER: N/A

POC FOR THE PROJECT: Ann Marie Durso/CIO

POC EMAIL ADDRESS: Durso@nwp.edu

Project Performance Period: October-November 2006

BRIEF DESCRIPTION: SPI was contracted to train management staff on information systems forensics and protection of

intellectual property and electronic data for prosecution at trial, after isolating cause of the breach

at several management levels.

SERVICES PROVIDED: This project evolved after several breaches of confidentiality at the management level in the

finance office. SPI mission was to isolate the source of the breach and redesign system and policy

controls for the university operational management team. SPI provided guidance, training on

evidence protection, forensics, collection and isolation; support, testing services, analysis and

hands on instruction to upper operational management in the areas of electronic evidence retrieval

and use in prosecution.

Our audit revealed holes in policy management, weaknesses in management policy regarding the

financial office, record keeping and auditing, informational security and lack of emergency

preparedness in case of attack on campus infrastructure, assets, systems or personnel. Our work

included drafting of new guidelines and policies for usage of campus assets or network facilities,

and training of operations personnel to spot attempt of compromise or theft of financial records,

both on paper and electronic. SPI developed guidelines and policy templates for upper

management to used and designed a program to build teams within operations, IT and law

enforcement to tighten management day to day on all University assets. Forensics work was also

done to assist FBI locally to isolate financial records tampering and instruct staff on best practices

to use to assist law enforcement with prosecution of criminal activity against the University

including protection of evidence.

RESULTS ACHIEVED:

SPI conducted strategic planning, policy overhaul, staff cross-training and efficiency auditing to

upgrade operations overall at this campus, and elevated security/disaster preparedness levels at

the university overall, both from a network and operations standpoint.

P a g e | 16

PROJECT FIVE: Project Management & Security Review

Company/Agency Name: U.S. Department of Treasury

Office of the Comptroller

Address: 250 E Street SW, Washington, DC 20219

Phone Number: 202-874-5096

FAX NUMBER: N/A

POC FOR THE PROJECT: Andrea Lipiro, Contracts Officer

POC EMAIL ADDRESS: Andrea.Lipiro@occ.treas.gov

Project Performance Period: August 2006-August 2011

BRIEF DESCRIPTION: SPI was contracted to supply project management and security standard review to the Office of

Special Events for the Office of the Comptroller of the Currency at the U.S. Treasury Department

in Washington, DC. SPI is currently executing the third year of a five (5) year contract as the

prime contractor in conjunction with a Virginia based audio visual subcontractor, Robert Slye

Electronics, Inc. (Slye).

SERVICES PROVIDED: This project entails management and logistics and security guidelines support to subcontract

Slye’s physical infrastructure design of all electronic communications for each Special Event

ordered during the course of any contract year. To date, the OCC has ordered services, as needed

for special events, approximately once every 90 to 120 days. SPI serves as project manager and

final auditor of all security standards and testing of equipment and connections for security or

infrastructure problems prior to set up of each event structure and delivery by subcontractor

Robert Slye Electronics, at the OCC. Once these steps to test and evaluate the project

infrastructure, including connections, wiring, and physical security requirements is complete,

Slye is able to set up the event and tear it down upon completion, wherein at that time SPI signs

off at completion that all security measures and proper checklists are followed to run and

structure the event setup.

RESULTS ACHIEVED:

SPI has structured and audited each event with the highest standards in electronic security,

infrastructure security and efficiency and has had zero downtime or problems with any event

since starting this contract in 2006. Ms. Brown, the client POC. The contract expired in 2011,

with the OCC developing an in house team to do the work for the agency.

P a g e | 17

PROJECT SIX: SCADA/NERC Compliance Auditing

Company/Agency Name: California Department of Water Resources

Address: Sacramento, California

Phone Number: 202-874-5096

FAX NUMBER: 916-654-5554

POC FOR THE PROJECT: John J. Rizzardo, PE

POC EMAIL ADDRESS: jrizzard@water.ca.gov

Project Performance Period: January 2009- March 2010

BRIEF DESCRIPTION: SPI conducted SCADA testing on critical control systems for a large California water utility

company. The objective was to test SCADA system for vulnerabilities and also advise the client

how to prepare for upcoming NERC audit. Standards review was conducted along lines of

standards CIP 0002-0009 with recommendations for the client regarding adherence to NERC

security guidelines for water utilities.

SERVICES PROVIDED: SPI conducted full testing of all SCADA and network security

parameters for DWR during this audit; systems were also inspected and upgrades were

recommended. SPI followed benchmarks for the testing according to current NERC/FERC

guidelines, to help DWR prepare for an upcoming State of California audit of its systems, both

network and SCADA

RESULTS ACHIEVED: SPI’s customized out-brief instructed DWR on step-by-step processes to

harden all SCADA and network systems, complete with timetable to complete this work prior to

the state audit to take place. By remaining on call to DWR until the California State audit was

complete, SPI were able to address last minute security issues and walk through upgrades and

hardening processes with the client. The result was improved ratings from the California State

audit regarding the soundness of SCADA and network systems at DWR.