SOW - Please give as much additional information as possible, such as the name of PDF

Preview

Summary

Please give as much additional information as possible, such as the name of the teacher....

Description

BH

Dallas Watchtower Consulting

Project Watchtower AI (WTAI) Black Hat LLC Date: 1/27/2021

Team Members: Lawrence J. Klinkert Riley Bates Liam Lowsley-Williams Rick Harris

Table of Contents Purpose of the Document

3

Scope of Work Components Hardware Software Out of Scope

4 4 4 4 5

Services Rendered Requirement Phase Objective Key Deliverables: Design Phase Objective Development Phase Objective Key Deliverables: Testing Phase Objective Key Deliverables: Deployment Phase: Objective Closing Phase: Project Hand-off, Post-Project Completion Support Plan Objective Key Deliverables:

6 6 6 6 6 6 7 7 7 7 7 8 8 8 8 8 8

Customer Responsibilities, Assumptions and Dependencies

9

Acceptance Criteria

10

Pricing / Payment Milestones

11

Agreement

12

2

Purpose of the Document This document details the agreement between the client (Black Hat LLC.) and the vendor (Dallas Watchtower Consulting). All names mentioned in this document shall refer to either the client or the vendor as referred to in this section. The purpose of this document is to present a Statement of Work (“SOW”) that outlines Dallas Watchtower Consulting’s roles, tasks, dependencies, and deliverables at a high level for deployment of services to support a planned launch by Black Hat LLC. The project is an Artificial Intelligence / Machine Learning Intrusion Detection / Intrusion Prevention appliance used in an enterprise networking environment. The price to deliver this solution is $565,500 USD. Details of this price are listed in the Payment Milestone section of this document. Performance of the services described in this SOW shall be governed by the terms of the proposed Supply and Services Agreement #6268346497 dated February 09, 2021 (“Agreement”) between Dallas Watchtower Consulting and Black Hat LLC. No obligation to provide the service described herein arises unless an order for the service, incorporating the terms of an agreed SOW, has been placed by the customer under a signed governing agreement in place between Dallas Watchtower Consulting and Black Hat LLC and accepted by Dallas Watchtower Consulting. Dallas Watchtower Consulting’s performance of the Services described below is subject to the assumptions, exclusions and other conditions identified in this document. In the event of a conflict between the terms of the Agreement and this SOW, the terms of this SOW shall prevail with respect to the subject matter contained herein.

3

Scope of Work Dallas Watchtower Consulting will provide an Artificial Intelligence / Machine Learning (AI/ML) Intrusion Detection / Intrusion Prevention appliance used in an enterprise networking environment to meet the business objectives of Black Hat LLC. The 1U form-factor appliance will meet Black Hat LLC’s provided requirements, provide IDS / IPS services that accurately detect abnormal network activity and implement processes to prevent that activity while alerting / reporting the abnormal activity and preventive measure to appropriate security personnel. The appliance will include a JSON API as well as command line / web portal configuration methods, include internal storage adequate to hold audit log information, and utilize AES256 / TLS 1.2 / SSH encryption. Dallas Watchtower Consulting will gather the Requirements, Analyze, Design, Develop, Test, Deploy, and Deliver the IDS / IPS appliance according to the guidelines stated in the SOW. Dallas Watchtower Consulting will also provide a detailed list of deliverables, processes involved, end products, review, and the approval process.

Components The product is a 1U device which installs in an enterprise networking environment. The product includes all necessary hardware and software to implement IDS / IPS within the environment.

Hardware ● ● ● ● ●

Pre-built hardware appliance - 2 devices delivered for testing and validation Includes operating system and software components necessary to implement the IDS / IPS system Hardware will include CPU, PSU, motherboard, memory, storage and enclosure Hard Drive encrypted utilizing industry standard methods 1U form-factor

Software ● ● ● ● ● ●

Production ready ML / AI models tested with our suite of cyber attack emulation Optional virtual device deployment configuration options for use with hypervisor or cloud system stacks Custom configurations per customer requirements Several pre-configured build options for rapid deployment Standard JSON configuration management interface Command line and Web Interface for system configuration

4

Out of Scope The following is considered “out of scope” for this development and delivery. If Black Hat LLC would like to pursue development in the items below, an approved Change Order will be submitted. ● Virtualized appliance ● Ongoing maintenance (other than validated “bug” fixes) ● Software modification / system enhancements not included in agreed requirements document ● Web Interface customization

5

Services Rendered Requirement Phase Objective Dallas Watchtower Consulting will consult with the client to gather requirements, use these to analyze the client’s needs, and create an initial requirements document for the customer’s approval. The initial phase requires the team to work closely with the customer to determine the customer's requirements for the product. This phase identifies the functionality, performance levels, and other characteristics which the product must satisfy in order for it to be acceptable to the customer. Dallas Watchtower Consulting will conduct a Stakeholder Analysis for the project and, based on that, will schedule stakeholder interviews to gather requirements. Post the interview process, requirements and evidence will be reviewed to draft the Requirements Document. Black Hat LLC will approve the requirements document outlining expected appliance performance criteria, configuration capabilities, and required timelines for delivery.

Key Deliverables: ● ● ●

Stakeholder Interview Schedule Testing Criteria Requirements documents

Design Phase Objective After accepting the approved requirements document, Dallas Watchtower Consulting will develop the following: ● ●

Systems Design and Specifications document Detailed Project (Action) Plan, including: ○ Detailed Project Schedule including preliminary Work Breakdown Schedule (WBS) ○ Project Milestones

Black Hat LLC will review and approve the items listed above. The Systems Design and Specifications document will: ●

Provide System expectations for: ○ IDS positive / false positive alerts ○ IDS performance metrics ○ IPS Response performance ○ Data storage

6

● ●

○ Alerting and Reporting mechanisms ○ Encryption Outline Database Schemas and connections Outline testing methods

Key Deliverables: 1. 2. 3. 4.

Initial Software workflow Initial Hardware design specifications Project Plan Systems Design and Specifications document

Development Phase Objective Dallas Watchtower Consulting will create a project based on previous plans and instructions from the client. At each milestone, Dallas Watchtower Consulting shall complete the planned items and deliver them to the client, Black Hat LLC. All the documents from the previous phase will be transformed into an actual solution. In the case of items not delivered due to unforeseen circumstances, the milestones shall be renegotiated. The work is divided into modules/units and actual development of the software begins. Software development is the main focus for the Watchtower group, and this is the longest phase of the software development life cycle.

Key Deliverables: 1. 2. 3. 4. 5.

Working ML models for identifying network traffic anomalies Working software and firmware for IPS/IDS device Working software for front-end web configuration portal Unit tests Bug Fixes

Testing Phase Objective Dallas Watchtower Consulting shall test the machine learning IDS/IPS solution against the requirements detailed in the requirement documents and ensure the least amount of bugs remain in the system. The testing ensures the solution delivers all the features required and it can operate without any major fault. Dallas Watchtower Consulting shall conduct integration testing for the main components: the machine learning model, the IDS/IPS hardware device, and the web and CLI configurations options.

Key Deliverables: 1. Testing Plan 2. Test Results

7

3. Execute Test Cases 4. Final Software Package

Deployment Phase: Objective This phase is Not Applicable as BlackHat LLC engineers will be responsible for deployment after the project completion.

Closing Phase: Project Hand-off, Post-Project Completion Support Plan Objective Dallas Watchtower Consulting will develop necessary software / applications, source needed hardware components, and test systems as provided by the Black Hat requirements documentation and provide all source documents, testing methods and results, source code, and 2ea IDS / IPS hardware appliances to the customer. Dallas Watchtower Consulting will provide information demonstrating that it completed all agreed activities in the approved Requirements Document and any applicable Change Orders (CO) related to the project. Information transfer includes training (not to exceed 40 man-hours) for Black Hat LLC staff related to production and configuration of the IDS / IPS appliance. Post Completion requirements documents and Statement of Work (SOW) will outline any additional activities related to enhancements, further production, or additional support related to this product.

Key Deliverables: 1. 2. 3. 4. 5.

2ea fully capable Hardware Appliances Technical and design specifications documentation Source Code and Documentation Testing criteria and performance results All sourcing material / vendor information

Customer Responsibilities, Assumptions and Dependencies ● ● ● ●

Temporary identification and access to Black Hat LLC facilities for Dallas Watchtower Consulting, for the duration of the project, to facilitate necessary work Access to Black Hat LLC Wi-Fi network for Dallas Watchtower Consulting employees working within Black Hat facilities pursuant to the project Applicable points of contact for Dallas Watchtower Consulting’s project manager and team Access to Black Hat LLC Key Stakeholders for interviews, data gathering, and reporting

8

● ● ●

Sufficient knowledge transfer sessions to understand business requirements to facilitate system design Access to independent testing facility, at customer’s expense, if additional testing is required by the customer Prompt payment of milestone and final deliverable invoices

9

Acceptance Criteria Dallas Watchtower Consulting will notify Black Hat LLC upon completion of the services noted above by providing the notice of completion. Black Hat LLC will have (15) days from the notice day to notify Dallas Watchtower Consulting if any requirements are not included in the Statement of Work; such services shall be deemed accepted by the earliest of: 1. The passage of ten (10) days from the date of notice of the completion with no notice of nonconformance from the client, Black Hat LLC. 2. Black Hat LLC’s actual acceptance (it being contemplated that the Customer will use the letter of acceptance (LOA) when accepting such Services). 3. Client’s use of any part of each Service or any result (or deliverable) of each Service, whether or not any revenue is generated by the Client, would constitute acceptance within (15) days.

10

Pricing / Payment Milestones Fees shall be paid as the deliverables and other costs identified below are produced and accepted by Black Hat LLC in accordance with the acceptance procedures described herein. Milestone estimates include salaries paid to designers, developers, and testers.

Milestones

Description

Price (in USD)

PM

Project Manager 1 person @ $80 per hour for 40 weeks 40 hours per week = 1600 hours

$160,000

M01

Requirements Phase 2 people @ $50 per hour for 5 weeks 40 hours per week = 400 hours

$25,000

M02

Design Phase 3 people @ $45 per hour for 10 weeks 40 hours per week = 1200 hours

$67,500

M03

Development Phase 5 people @ $55 per hour for 22 weeks 40 hours per week = 4400 hours

$302,500

M04

Testing Phase 3 people @ $35 per hour for 2 weeks 40 hours per week = 240 hours

$10,500

TOTAL

$565,500

11

Agreement This SOW and the non-conflicting terms and condition of the Agreement constitute the entire agreement between the Parties and supersede all prior oral or written negotiations and agreements regarding the subject matter herein. Any modification or addition to this SOW shall be in writing and signed by authorized representatives of both parties. IN WITNESS WHEREOF, the parties hereto have caused this SOW to be executed by their duly authorized representatives.

“Black Hat LLC”

Signature 1:

Mark Dowd

Name 1: Mark Dowd

“Dallas Watchtower Consulting”

Signature 1:

Name 1: Lawrence J. Klinkert Signature 2:

If applicable:

Lawrence J. Klinkert

Riley Bates

Name 2: Riley Bates Signature 3:

Rick Harris

Signature 2: __________N/A_____________

Name 3: Rick Harris

Name 2: ___________N/A_______________

Signature 4:

Liam Lowsley-Williams

Name 4: Liam Lowsely-Williams

Date: February 9, 2021

Date: February 9, 2021

12

END OF DOCUMENT

13...