20-133.00 Pisces NW: Network Security Event Monitoring 20'
Sjö1ane
Valley®
10210 E Sprague Ave ♦ Spokane Valley WA 99206
509.921.1000 ♦ Fax: 509.921.1008 ♦ cityhall@spokanevalley.org
Memorandum
To: Mark Calhoun, City Manager
From: Chad Knodel, IT Manager
Date: July 14,2020
Re: PISCES-NW Project
The PISCES project is no-cost security monitoring for the public sector, using data collected to
train university students as cyber analysts.
The City of Spokane Valley would configure one of our current leased computers with software
that would collect IP header information from our network, and share with PISCES to allow for
analysis. The information collected is limited to packet headers and intrusion detection system
alerts. No email,privacy information, or other data content is shared. Any information shared
outside the project is anonymized. Attached is a flier explaining more about the project.
I ask that the data sharing agreement is executed, allowing us to take part in this no-cost
monitoring project that will add to our network monitoring, as well as provide training for
students participating in cyber security curriculum at universities within the state of Washington.
90 • 133
SECURITY EVENT DATA SHARING AGREEMENT
This SECURITY EVENT DATA SHARING AGREEMENT("Sharing Agreement")is entered into by
City of Spokane Valley,hereinafter referred to as AGENCY,and PISCES-NW,for the Purpose outlined
below(hereinafter,"Project").
I. PURPOSE
PISCES-NW is a system that has been developed for gathering security event data relating to
compromised information technology assets that may impact the sustainability and resilience of
critical infrastructure operated by local government organizations. This system will receive data
from public sector organizations and,using college and university students as analysts,will identify
events and trends of interest and alert participants and other stakeholders depending on severity and
taxonomy of the fmdings. The objective of the data collection and analysis is to supply situational
awareness of the region's current threat taxonomy,and to identify and initiate response to true
incidents.An additional objective is to facilitate education and research in cyber security.
To this end,AGENCY agrees to share security event data with PISCES-NW to help achieve the
goals of infrastructure protection,work force development,and research.
II. DEFINITION OF SECURITY EVENT DATA
Security Event Data("Data")shall consist of(1)the AGENCY'S network metadata(e.g.,network
flows,or"netflow")containing the packet header information,to be collected at the AGENCY
Internet ingress/egress point,connecting AGENCY'S computer network(s)to the Internet; and(2)
alerts that are transmitted along with the network metadata from any intrusion detection system
(IDS)embedded in any data collection device. For avoidance of doubt,the content layer of the
network data(e-mail,web page,database transaction,et al.)are not"Data"that may be exported
under this agreement.
III. TERMS OF USE
1. By using the Data contained contributed by AGENCY participation in the Project,PISCES-
NW agrees to be bound by the provisions of this Sharing Agreement.
2. Data is provided for the Project's use only.PISCES-NW is granted a limited,non-exclusive,
non-transferable right to use the data solely for the purposes identified in this Sharing
Agreement.
3. All other uses,including but not limited to the transfer of any portion of the analysis products
to another party or agency,must be authorized by AGENCY in advance of such use and in
writing. Disclosure of Data to any party or agency must also be authorized by AGENCY,
unless such disclosure is required by law. AGENCY acknowledges that the Project includes
data from public agencies that are subject to the requirements of the Public Records Act
(PRA).The PRA includes exemptions that apply to the Data,including the exemptions found
under RCW 42.56.420. If the PISCES organization receives a request for records under the
PRA that includes the Data,the organization will not disclose the Data and refer the requestor
to AGENCY.
7/14/2020
that corresponds to collegiate terms when school is in session. PISCES will not provide 24/7
analysis.
8. PISCES-NW will communicate significant Project changes to AGENCY staff when they
occur,including between planned quarterly updates. An example of a significant Project
changes is the periodic addition of technology to add capacity and associated outage window.
9. AGENCY warrants that it can provide the appropriate technology and staff assistance to
facilitate data collection at the ingress/egress network switch,either through"port mirroring",
"SPAN",network tap,or other method for providing network flow data that are adequate and
complete.
10. This SHARING AGREEMENT may only be amended or supplemented to provide for
additional opportunities to share data; otherwise,it shall remain in effect until the end of the
term of this agreement,or through cancellation by thirty(30)days written notice from one
party to the other party.
11. Data Ownership: The stated purpose of the project is to collect and aggregate threat data for
analysis and research purposes.However,the AGENCY retains full ownership of its Data.
12. Term of Agreement:this Sharing Agreement will remain in effect for a term of three(3)years.
13. Termination of contract: At the conclusion of the term of this Sharing Agreement,or in the
event of election to terminate this Sharing Agreement,PISCES NW agrees to dispose of
AGENCY specific information at the AGENCY's discretion. The following are three options
for disposal of AGENCY owned data:
a. Allow PISCES NW to retain the data in its entirety for research purposes
b. Direct PISCES-NW to destroy the data in its entirety,such that it is demonstrably
unrecoverable
c. Return all data and analysis conducted to the AGENCY up to and including the date of
termination and destroy all aggregated data as above.
14. Renewal: at the end of the term of this Sharing Agreement,it may be renewed at the request
of the AGENCY providing that the AGENCY continues to meet the requirements for a
monitored jurisdiction.
15. Nothing herein shall be construed as obligating AGENCY or PISCES-NW to expend funds or
involve either party in any contract or other obligation for future payment of money,in excess
of appropriations authorized by law and administratively available for this work.
16. Governing Law. This Agreement shall be construed and interpreted in accordance with the
laws of the State of Washington.
17. The parties agree that the venue of any action or suit concerning this Agreement shall be in
federal or state courts located in King County,Washington,and all actions,or suits thereon
shall be brought therein.
7/14/2020
4. Reproduction and/or disclosure of AGENCY data for commercial purposes is prohibited,
unless expressly authorized through a separate licensing agreement with AGENCY.
5. Anonymization of the data for the purpose of research and research presentation by students is
authorized,providing that the data have been anonymized to the extent that AGENCY is not
identified.
6. Errors may exist in the Data provided. PISCES NW accepts data products as is,with all
faults, and assumes all responsibility for use thereof,and further covenants and agrees to hold
AGENCY harmless from and against any claims,damages,losses,or liabilities arising from
any use of the data.
7. THE AGENCY DISCLAIMS ANY WARRANTY OF ANY KIND,INCLUDING ANY
WARRANTY OF MERCHANTABILITY OR WARRANTY FOR FITNESS OF USE FOR A
PARTICULAR PURPOSE,EXPRESS OR IMPLIED,WITH RESPECT TO ANY
SECURITY EVENT DATA OR ANALYSIS PRODUCT.
8. THE AGENCY MAKES NO REPRESENTATION OR WARRANTY AS TO THE
ACCURACY OF INFORMATION IN THIS DATA. PISCES-NW ASSUMES ALL RISKS
ARISING FROM THE USE OF ANY EVENT DATA.
N. IT IS MUTUALLY AGREED AND UNDERSTOOD BY AND BETWEEN THE PARTIES
THAT:
I. In exchange for,and in consideration of,security event data monitoring and analysis services
provided by PISCES-NW,AGENCY will share with PISCESNW Security Event Data.
•
2. AGENCY shall purchase and supply its own data collection hardware,which will meet
specifications provided by PISCES NW.
3. AGENCY and PISCES-NW agree to exchange Security Event Data for the Project.
4. PISCES-NW may share information on confirmed security events provided by the AGENCY
with the Washington.State Fusion Center.
5. PISCES-NW will utilize college-level student analysists to review,maintain,and analyze Data
provided by the AGENCY.
6. AGENCY recognizes that while PISCES-NW analysts will provide their best efforts,the
coverage provided,the level of coverage,and the experience and abilities of the analysts will
vary greatly over time,and may include gaps and delays resulting from,for example,changes
in the academic schedules,changes in schools and students participating, and changes in the
academic level of the students.
7. AGENCY agrees to provide Security Event Data on a real-time or near real-time basis
beginning after execution of this Sharing Agreement,and continuing until the termination of
this Sharing Agreement,as provided below. PISCES will provide episodic event data analysis
7/14/2020
18. NO SERVICE LEVEL IS EXPRESSED OR IMPLIED BY PISCES-NW,AND PISCES-NW
MAKES NO REPRESENATION OR WARRANTY AS TO THE QUALITY OF ANY
SERVICES OR DATA PROVIDED AND HEREBY DISCLAIMS ANY SUCH
WARRANTY.
This AGREEMENT becomes effective on the date of the most recent signature below.
AGENCY PISCES-NW
Signature YA rk), 644_, Signature
f'' [ �
Title CI'sly VG,c1„{t r Title � ,_„ `�lr�c- � , /5c_e5-UIJ
Date 7 (S Date �"�,,! 17 2.02 a
7/14/2020