CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION

Transcription

1 Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 219 (U 94-G) ) ) ) ) Application No Exhibit No.: (SCG-27-CWP) CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA OCTOBER 217

2 219 General Rate Case - APP INDEX OF WORKPAPERS Exhibit SCG-27-CWP - DOCUMENT PAGE Overall Summary For Exhibit No. SCG-27-CWP 1 A. PROTECT A - RAMP - INCREMENTAL PKI REBULD B - RAMP - INCREMENTAL FIREWALL SECURITY G - RAMP - INCREMENTAL FOF - CONVERGED PERIMETER SECURITY H - RAMP - INCREMENTAL FOF - HOST BASED PROTECTION J - RAMP - INCREMENTAL SPAM PROTECTION K - RAMP - INCREMENTAL IS ZONE REBUILD M - RAMP - INCREMENTAL SECURITY ORCHESTRATION N - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION O - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION P - RAMP - INCREMENTAL CRITICAL GAS INFRASTRUCTURE PROTECTION Q - RAMP - INCREMENTAL CASB (CLOUD DATA USE) R - RAMP - INCREMENTAL WEB APPLICATIONS AND DATABASE FIREWALLS U - RAMP - INCREMENTAL ENTERPRISE SOURCE CODE SECURITY V - RAMP - INCREMENTAL WIRED NETWORK PREVENTATIVE CONTROLS W - RAMP - INCREMENTAL MULTI FACTOR AUTHENTICATION REFRESH X - RAMP - INCREMENTAL MY ACCOUNT MULTI FACTOR AUTHENTICATION 113 B. DETECT AA - RAMP - INCREMENTAL THREAT RESPONSE SYSTEMS AB - RAMP - INCREMENTAL THREAT RECOVERY SYSTEMS D - RAMP - INCREMENTAL SCG NETWORK ANOMALY DETECTION PHASE F - RAMP - INCREMENTAL INSIDER THREAT DETECTION / PREVENTION I - RAMP - INCREMENTAL SSL DECRYPTION L - RAMP - INCREMENTAL NETWORK SECURITY MONITORING S - RAMP - INCREMENTAL PERIMETER TAP INFRASTRUCTURE REDESIGN Z - RAMP - INCREMENTAL THREAT DETECTION SYSTEMS 173 C. RESPOND C - RAMP - INCREMENTAL FORENSICS SYSTEM REBUILD T - RAMP - INCREMENTAL INCIDENT RESPONSE SECURE COLLABORATION 192 D. IDENTIFY E - RAMP - INCREMENTAL ENTERPRISE THREAT INTELLIGENCE Y - RAMP - INCREMENTAL THREAT IDENTIFICATION SYSTEMS 29

3 219 GRC - APP Overall Summary For Exhibit No. SCG-27-CWP In 216 $ () Adjusted-Forecast A. PROTECT 1,515 16,85 4,87 B. DETECT 5,653 1,477 13,193 C. RESPOND 22 1,914 D. IDENTIFY 1,474 4,731 Total 17,844 19,476 22,731 Note: Totals may include rounding differences. Page 1 of 216

4 219 GRC - APP Workpaper: A. PROTECT VARIOUS Summary for A. PROTECT In 216$ () Adjusted-Recorded Adjusted-Forecast Labor 813 1, Non-Labor 8,868 15,5 4,49 NSE 834 Total 1,515 16,85 4,87 FTE A RAMP - Incremental PKI Rebuld Labor 58 Non-Labor NSE Total 58 FTE B RAMP - Incremental Firewall Security Labor 58 Non-Labor 25 NSE Total 38 FTE G RAMP - Incremental FOF - Converged Perimeter Security Labor Non-Labor 2,4 1,2 NSE Total 2,516 1,27 FTE H RAMP - Incremental FOF - Host Based Protection Labor Non-Labor 2,151 NSE Total 2, FTE J RAMP - Incremental Spam Protection Labor 15 Non-Labor 147 NSE 834 Total 1,86 FTE Note: Totals may include rounding differences. Page 2 of 216

5 219 GRC - APP Workpaper: A. PROTECT VARIOUS In 216$ () Adjusted-Recorded Adjusted-Forecast K RAMP - Incremental IS Zone Rebuild Labor 81 Non-Labor 82 NSE Total 91 FTE M RAMP - Incremental Security Orchestration Labor Non-Labor 1,6 15 NSE Total 1, FTE N RAMP - Incremental Critical Gas Infrastructure Protection Labor 174 Non-Labor 1,5 NSE Total 1,674 FTE O RAMP - Incremental Critical Gas Infrastructure Protection Labor 291 Non-Labor 2, NSE Total 2,291 FTE P RAMP - Incremental Critical Gas Infrastructure Protection Labor 232 Non-Labor 4, NSE Total 4,232 FTE Q RAMP - Incremental CASB (cloud data use) Labor 93 Non-Labor 2,8 NSE Total 2,893 FTE R RAMP - Incremental Web Applications and Database Firewalls Labor 128 Non-Labor 2,1 NSE Total 2,228 FTE Note: Totals may include rounding differences. Page 3 of 216

6 219 GRC - APP Workpaper: A. PROTECT VARIOUS In 216$ () Adjusted-Recorded Adjusted-Forecast U RAMP - Incremental Enterprise Source Code Security Labor 8 36 Non-Labor 1,1 NSE Total 1,18 36 FTE V RAMP - Incremental Wired Network Preventative Controls Labor Non-Labor 3,2 NSE Total 3,375 6 FTE W RAMP - Incremental Multi Factor Authentication Refresh Labor 14 Non-Labor 2,5 NSE Total 2,64 FTE X RAMP - Incremental My Account Multi Factor Authentication Labor 7 Non-Labor 49 NSE Total 479 FTE....6 Note: Totals may include rounding differences. Page 4 of 216

7 219 GRC - APP Beginning of Workpaper Group 758A - RAMP - Incremental PKI Rebuld Page 5 of 216

8 219 GRC - APP 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 58 Non-Labor Zero-Based NSE Zero-Based Total 58 FTE Zero-Based Business Purpose: Our enterprise PKI currently uses the SHA-1 signature algorithm. SHA-1 algorithm has been widely used since1985 but is vulnerable to hacking and is no longer recommended for PKI. Microsoft, Google and other major providers will not recognize certificates signed using SHA-1 after January 1, 217. The impact to our users (and potentially customers) will be a series of escalating trust notifications beginning December 215 and eventual loss of access to systems. Physical Description: To secure our websites, intranet communications and applications we must build a new PKI infrastructure using SHA-2 in parallel to the current SHA-1 PKI and issue new certificates to all dependent systems. Project Justification: Enhance security of company websites, intranet communications and applications. Certificate Authorities servers will enable consolidation of systems, simplify support and reduce support complexity. Upgrade to MS Server 212 will improve high-volume certificate issuance and certificate enrollment across Active Directory Domain Services forest boundaries. Note: Totals may include rounding differences. Page 6 of 216

9 219 GRC - APP 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld Forecast Methodology: Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. Non-Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. NSE - Zero-Based N/A Page 7 of 216

10 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758A Page 8 of 216

11 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld 758A.1 - RAMP - Incremental PKI Rebuld 1/31/217 Description: Self developed software Forecast In 216 $() Years Labor 58 Non-Labor NSE Total 58 FTE.5.. Note: Totals may include rounding differences. Page 9 of 216

12 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758A - RAMP - Incremental PKI Rebuld 758A.1 - RAMP - Incremental PKI Rebuld RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Public Key Infrastructure Program Description: PKI digital key encryption system to protect in transit and to authenticate devices, services, and applications Deploy SHA2 compliance public key infrastructure for digital certificates Risk/Mitigation: Risk: All Cyber Security Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 1 of 216

13 219 GRC - APP Beginning of Workpaper Group 758B - RAMP - Incremental Firewall Security Page 11 of 216

14 219 GRC - APP 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 58 Non-Labor Zero-Based 25 NSE Zero-Based Total 38 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy a firewall management system (hardware and software) to control outbound firewall egress policies, Prevent unauthorized access to firewall, centrally managed configurations, mitigate vulnerabilities using industry standard best practices, Secure the Enterprise network perimeter and internal firewalls. Project Justification: Reduced risk of business system outages, data loss, and malware proliferation. Increased efficiency in firewall request approval and risk assessment and enhancing current capabilities. Note: Totals may include rounding differences. Page 12 of 216

15 219 GRC - APP 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security Forecast Methodology: Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. Non-Labor - Zero-Based Project is currently in-flight. Based on actual timeline of the project to complete. NSE - Zero-Based N/A Page 13 of 216

16 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758B Page 14 of 216

17 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security 758B.1 - RAMP - Incremental Firewall Security 2/28/217 Description: Tufin upgrade Forecast In 216 $() Years Labor 58 Non-Labor 25 NSE Total 38 FTE.5.. Note: Totals may include rounding differences. Page 15 of 216

18 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758B - RAMP - Incremental Firewall Security 758B.1 - RAMP - Incremental Firewall Security RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Web Applications and Database Firewalls Program Description: Firewall Security Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Construction Start Date: Forecast Method: Zero-Based In Service Date:2/28/217 Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 16 of 216

19 219 GRC - APP Beginning of Workpaper Group 758G - RAMP - Incremental FOF - Converged Perimeter Security Page 17 of 216

20 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 2,4 1,2 NSE Zero-Based Total 2,516 1,27 FTE Zero-Based Business Purpose: Simplify network perimeter cybersecurity systems to improve ability to monitor and support protection and detection functions. Physical Description: The scope of this project will focus on firewalls (4) and Intrusion Prevention Devices (6) at the data center perimeters. Project team will be formed to develop and RFP to identify viable alternatives and conduct on site evaluations to determine the best solution. Project Justification: Enhance cybersecurity controls of perimeter and provide operational efficiencies. Note: Totals may include rounding differences. Page 18 of 216

21 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 19 of 216

22 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758G Page 2 of 216

23 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security 758G.1 - RAMP - Incremental Fueling Our Future 76 6/3/218 Description: FOF IDEA # 76 Forecast In 216 $() Years Labor Non-Labor 2,4 1,2 NSE Total 2,516 1,27 FTE Note: Totals may include rounding differences. Page 21 of 216

24 219 GRC - APP 758. A. PROTECT 1. PROTECT 758G - RAMP - Incremental FOF - Converged Perimeter Security Workpaper Detail: 758G.1 - RAMP - Incremental Fueling Our Future 76 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Converged Perimeter Systems Program Description: Converged Perimeter Systems - FOF 76 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 22 of 216

25 219 GRC - APP Beginning of Workpaper Group 758H - RAMP - Incremental FOF - Host Based Protection Page 23 of 216

26 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 2,151 NSE Zero-Based Total 2, FTE Zero-Based Business Purpose: Continued implementation of separate systems causes additional infrastructure need, multi-vendor incompatability and additional endpoint agents that compete for system resources. Physical Description: Servers would be included in the scope of this project. Project Justification: Virtualized servers will be better protected and resillient when located outside the protected perimeter, such as being placed in cloud environments or connecting to the network while working offsite. Note: Totals may include rounding differences. Page 24 of 216

27 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 25 of 216

28 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758H Page 26 of 216

29 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection 758H.1 - RAMP - Incremental Fueling Our Future 79 3/31/218 Description: Self developed software portion of the project. FOF IDEA # 79 Forecast In 216 $() Years Labor Non-Labor 324 NSE Total FTE Note: Totals may include rounding differences. Page 27 of 216

30 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Workpaper Detail: 758H.1 - RAMP - Incremental Fueling Our Future 79 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Host Based Protection Program Description: Host Based Protection - FOF 79 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 28 of 216

31 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection 758H.2 - RAMP - Incremental Fueling Our Future 79 3/31/218 Description: License/materials purchase (non self developed) Forecast In 216 $() Years Labor Non-Labor 1,827 NSE Total 1,827 FTE... Note: Totals may include rounding differences. Page 29 of 216

32 219 GRC - APP 758. A. PROTECT 1. PROTECT 758H - RAMP - Incremental FOF - Host Based Protection Workpaper Detail: 758H.2 - RAMP - Incremental Fueling Our Future 79 RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Hosted Based Protection Program Description: Hosted Based Protection - FOF 79 Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 3 of 216

33 219 GRC - APP Beginning of Workpaper Group 758J - RAMP - Incremental Spam Protection Page 31 of 216

34 219 GRC - APP 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 15 Non-Labor Zero-Based 147 NSE Zero-Based 834 Total 1,86 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management and supporting network protections such as firewalls and intrusion detection and prevention. Physical Description: Deployment of protection system hardware and software. Project Justification: The legacy provides spam filter and malware defense system for all internal and external that has reached end of life. Select and deploy a current state system. Note: Totals may include rounding differences. Page 32 of 216

35 219 GRC - APP 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 33 of 216

36 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758J Page 34 of 216

37 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.1 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter 1/31/217 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 15 Non-Labor 147 NSE Total 252 FTE 1... Note: Totals may include rounding differences. Page 35 of 216

38 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.1 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: and Web Browser Protections Program Description: Solution deployment for internet spam, phishing and malware filtering Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 36 of 216

39 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.2 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter - SDS 1/31/217 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor NSE 834 Total 834 FTE... Note: Totals may include rounding differences. Page 37 of 216

40 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758J - RAMP - Incremental Spam Protection 758J.2 - RAMP - Incremental RFP to evaluate and upgrade spam malware filter - SDS RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: and Web Browser Protections Program Description: Solution deployment for internet spam, phishing and malware filtering Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 38 of 216

41 219 GRC - APP Beginning of Workpaper Group 758K - RAMP - Incremental IS Zone Rebuild Page 39 of 216

42 219 GRC - APP 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 81 Non-Labor Zero-Based 82 NSE Zero-Based Total 91 FTE Zero-Based Business Purpose: Ensure continued network reliability and ensure recovery is quick and supported in the event of a hardware or software network device failure. Physical Description: Replace all network switches in both RB and MPK IS physical zones and upgrade the connectivity between racks to1gb. Replace KVMS equipment. Project Justification: Timely replacement of technology infrastructure Note: Totals may include rounding differences. Page 4 of 216

43 219 GRC - APP 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 41 of 216

44 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758K Page 42 of 216

45 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild 758K.1 - RAMP - Incremental replace switches and IPS IS zone 11/3/217 Description: replace switches and IPS IS zone Forecast In 216 $() Years Labor 81 Non-Labor 82 NSE Total 91 FTE.5.. Note: Totals may include rounding differences. Page 43 of 216

46 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758K - RAMP - Incremental IS Zone Rebuild 758K.1 - RAMP - Incremental replace switches and IPS IS zone RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: IS Zone Rebuild Program Description: Replace switches and IPS in IS zone Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 44 of 216

47 219 GRC - APP Beginning of Workpaper Group 758M - RAMP - Incremental Security Orchestration Page 45 of 216

48 219 GRC - APP 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based Non-Labor Zero-Based 1,6 15 NSE Zero-Based Total 1, FTE Zero-Based Business Purpose: The Cybersecurity Respond function refers to developing and implementing the appropriate activities to take action regarding a detected Cybersecurity event. The Respond Function supports the ability to contain the impact of a potential Cybersecurity event. Examples of control Categories within this Function include: Response Planning; Communications; Analysis; Mitigation and Improvements. The Incident Response team coordinates cybersecurity incident response activities when a security event is escalated. They also provide analysis of the incident, during the incident, to determine the most effective response, as well as after the incident in terms of lessons learned. During the incident, communications with stakeholders are maintained. This functional area is the focus of ongoing training to maintain readiness through exercises to validate the response plans for high impact systems. Physical Description: Automation of repeatable Information Security Operations Center tasks on the business network. Project Justification: Currently many repeatable incident reponse processes are handled manually. These repeatable incident response tasks could be executed more effectively and more quickly through process automation, freeing up analyst time to focus on higher value tasks. Note: Totals may include rounding differences. Page 46 of 216

49 219 GRC - APP 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 47 of 216

50 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758M Page 48 of 216

51 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.1 - RAMP - Incremental Automate key security triage tasks 3/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor Non-Labor NSE Total FTE Note: Totals may include rounding differences. Page 49 of 216

52 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.1 - RAMP - Incremental Automate key security triage tasks RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Security Orchestration Program Description: Automate key security triage tasks Risk/Mitigation: Risk: All Cyber Risks Mitigation: Respond Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 5 of 216

53 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.2 - RAMP - Incremental Automate key security triage tasks 3/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,36 NSE Total 1,36 FTE... Note: Totals may include rounding differences. Page 51 of 216

54 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758M - RAMP - Incremental Security Orchestration 758M.2 - RAMP - Incremental Automate key security triage tasks RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Security Orchestration Program Description: Automate key security triage tasks Risk/Mitigation: Risk: All Cyber Risks Mitigation: Respond Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 52 of 216

55 219 GRC - APP Beginning of Workpaper Group 758N - RAMP - Incremental Critical Gas Infrastructure Protection Page 53 of 216

56 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 174 Non-Labor Zero-Based 1,5 NSE Zero-Based Total 1,674 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 54 of 216

57 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 55 of 216

58 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758N Page 56 of 216

59 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection 758N.1 - RAMP - Incremental Gas infrastructure protection systems /3/217 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 174 Non-Labor 225 NSE Total 399 FTE 1... Note: Totals may include rounding differences. Page 57 of 216

60 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Workpaper Detail: 758N.1 - RAMP - Incremental Gas infrastructure protection systems RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Work Paper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 58 of 216

61 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection 758N.2 - RAMP - Incremental Gas infrastructure protection /3/217 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,275 NSE Total 1,275 FTE... Note: Totals may include rounding differences. Page 59 of 216

62 219 GRC - APP 758. A. PROTECT 1. PROTECT 758N - RAMP - Incremental Critical Gas Infrastructure Protection Workpaper Detail: 758N.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber securtiy incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Work Paper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 6 of 216

63 219 GRC - APP Beginning of Workpaper Group 758O - RAMP - Incremental Critical Gas Infrastructure Protection Page 61 of 216

64 219 GRC - APP 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 291 Non-Labor Zero-Based 2, NSE Zero-Based Total 2,291 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements. Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 62 of 216

65 219 GRC - APP 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 63 of 216

66 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758O Page 64 of 216

67 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.1 - RAMP - Incremental Gas infrastructure protection 1/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 291 Non-Labor 3 NSE Total 591 FTE Note: Totals may include rounding differences. Page 65 of 216

68 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.1 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 66 of 216

69 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.2 - RAMP - Incremental Gas infrastructure protection 1/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 1,7 NSE Total 1,7 FTE... Note: Totals may include rounding differences. Page 67 of 216

70 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758O - RAMP - Incremental Critical Gas Infrastructure Protection O.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 68 of 216

71 219 GRC - APP Beginning of Workpaper Group 758P - RAMP - Incremental Critical Gas Infrastructure Protection Page 69 of 216

72 219 GRC - APP 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 232 Non-Labor Zero-Based 4, NSE Zero-Based Total 4,232 FTE Zero-Based Business Purpose: The Cybersecurity Protect function refers to developing and implementing the appropriate safeguards so that the company can provide safe and reliable delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of control Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance and Protective Technology. Protection-oriented activities are focused on avoiding or limiting potential cybersecurity events. Activities in this functional area include: managing asset access, cybersecurity awareness and training, protective technologies, and system maintenance. Ongoing cybersecurity awareness and training is important for engaging all employees so that they understand their roles and responsibilities regarding cybersecurity. Other activities in this area include vulnerability management, system implementation, security consulting and support, and operating support for protection systems. This support can include: two-factor authentication, the public key infrastructure, malware prevention, web content management, and supporting network protections, such as firewalls and intrusion detection and prevention. Physical Description: Evaluate and deploy hardware and software meet cybersecurity protection requirements. Project Justification: Cost estimated are based on cybersecurity subject matter experts and historical experience responding to changing priorities and risks to address: Timely implementation of technology controls Addressing evolving threat capabilities Supporting and/or leveraging new technologies Note: Totals may include rounding differences. Page 7 of 216

73 219 GRC - APP 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 71 of 216

74 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758P Page 72 of 216

75 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.1 - RAMP - Incremental Gas infrastructure protection 1/31/219 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 232 Non-Labor 6 NSE Total 832 FTE.. 2. Note: Totals may include rounding differences. Page 73 of 216

76 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.1 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 74 of 216

77 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.2 - RAMP - Incremental Gas infrastructure protection 1/31/219 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 3,4 NSE Total 3,4 FTE... Note: Totals may include rounding differences. Page 75 of 216

78 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758P - RAMP - Incremental Critical Gas Infrastructure Protection P.2 - RAMP - Incremental Gas infrastructure protection RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Critical Gas Infrastructure Protection Program Description: Critical Gas Infrastructure Protection Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpapers Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 76 of 216

79 219 GRC - APP Beginning of Workpaper Group 758Q - RAMP - Incremental CASB (cloud data use) Page 77 of 216

80 219 GRC - APP 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 93 Non-Labor Zero-Based 2,8 NSE Zero-Based Total 2,893 FTE Zero-Based Business Purpose: Implement the ability to monitor services, policy enforcement and data loss in cloud solution. Physical Description: Deploy CASB appliances at the data centers and acquire software licensing from top tier provider in time to support enterprise deployment of cloud technologies. Project Justification: Greater ability to identify, react, respond, and recover from a sensitive information extraction and cyber security incident Limit potential impact due to a cyber security incident Ability to leverage this technology for future requirements Note: Totals may include rounding differences. Page 78 of 216

81 219 GRC - APP 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 79 of 216

82 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758Q Page 8 of 216

83 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.1 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA 8/31/218 Description: Self developed software portion of the project Forecast In 216 $() Years Labor 93 Non-Labor 42 NSE Total 513 FTE. 1.. Note: Totals may include rounding differences. Page 81 of 216

84 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.1 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: CASB (cloud data use) Program Description: CASB (cloud data use) Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 82 of 216

85 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.2 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA 8/31/218 Description: License/materials purchase non SDS Forecast In 216 $() Years Labor Non-Labor 2,38 NSE Total 2,38 FTE... Note: Totals may include rounding differences. Page 83 of 216

86 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758Q - RAMP - Incremental CASB (cloud data use) 758Q.2 - RAMP - Incremental Cloud Access Security Broker i.e. Netskope RSA RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: CASB (cloud data use) Program Description: CASB (cloud data use) Risk/Mitigation: Risk: A major cyber security incident that causes disrup Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 84 of 216

87 219 GRC - APP Beginning of Workpaper Group 758R - RAMP - Incremental Web Applications and Database Firewalls Page 85 of 216

88 219 GRC - APP 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls Summary of Results (Constant 216 $ in s): Forecast Method Adjusted Recorded Adjusted Forecast Years Labor Zero-Based 128 Non-Labor Zero-Based 2,1 NSE Zero-Based Total 2,228 FTE Zero-Based Business Purpose: WAF implementation would defend and alert against attacks that have been the most common vectors of attack. It would also allow us to protect systems in production with undiscovered (zero day) vulnerabilities. This capability would provide a development team more time to fix issues while not impeding deployment schedules. Physical Description: This project will implement a High Availability WAF configuration located at both datacenters to protect web facing systems, and enhance response to vulnerabilities as well as the system's availability SLAs. The WAF placement would initially protect web facing servers that handle sensitive data or that connect to systems that contain sensitive data. Other systems would then be added as capacity allows. This system would integrate with current cybersecurity systems for Web Services protection. Project Justification: Provides an extra layer of protection for web applications and databases by implementing a general protection versus mis-use as well as a method to quickly address an incident or vulnerability without modifying the underlying application. The quick response capability is particularly valuable in situations where a new vulnerability has been discovered but no patch has been made available. Note: Totals may include rounding differences. Page 86 of 216

89 219 GRC - APP 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls Forecast Methodology: Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. Non-Labor - Zero-Based Based on Project Manager and Subject Matter Expert estimates. NSE - Zero-Based N/A Page 87 of 216

90 219 GRC - APP Beginning of Workpaper Sub Details for Workpaper Group 758R Page 88 of 216

91 219 GRC - APP Workpaper Detail: In-Service Date: 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls 758R.1 - RAMP - Incremental Security controls on servers. Deploy web application firewalls 9/3/218 Description: Security controls on servers. Deploy web application firewalls Forecast In 216 $() Years Labor 128 Non-Labor 2,1 NSE Total 2,228 FTE Note: Totals may include rounding differences. Page 89 of 216

92 219 GRC - APP Workpaper Detail: 758. A. PROTECT 1. PROTECT 758R - RAMP - Incremental Web Applications and Database Firewalls 758R.1 - RAMP - Incremental Security controls on servers. Deploy web application firewalls RAMP Item # 1 RAMP Chapter: SCG-3 Program Name: Web Applications and Database Firewalls Program Description: Security controls on servers. Deploy web application firewalls Risk/Mitigation: Risk: All Cyber Risks Mitigation: Protect Forecast CPUC Cost Estimates ($) Low High Funding Source: CPUC-GRC Forecast Method: Zero-Based Work Type: Non-Mandated Work Type Citation: See Workpaper Historical Embedded Cost Estimates ($) Embedded Costs: Explanation: Page 9 of 216