The National Oceanic and Atmospheric Administration is exploring multi-factor authentication beyond its network as it looks to strengthen cybersecurity in accordance with the federal zero trust strategy, according to its chief information officer.

Zach Goldstein told FedScoop his agency already requires Common Access Cards (CACs) and personal identification numbers to authenticate to its network but continues to perform comparative analyses of multi-factor authentication (MFA) solutions for applications and devices.

“We’re looking at things other than CAC cards, things that are intelligent tokens — that know who I am, that can exchange certificates with a certificate server, that can be easily revoked, that can have multiple kinds of privileges,” Goldstein said.

Goldstein added that cybersecurity is his “first priority,” in keeping with the White House’s Cybersecurity Executive Order issued in May 2021, and that he hopes to select a token for app and device authentication by the second quarter of fiscal 2023.

NOAA is also increasing supply chain risk assessments of Software as a Service — looking not only at the firm but what they buy and use for services — under Goldstein, who’s been with the agency 17-and-a-half years and CIO since 2015.

Goldstein wants to expand NOAA’s use of the cloud in a way that further improves the agency’s cyber posture while shedding light on how migration is progressing.

“We have an initiative to create a Cloud Program Management Office (PMO), one of whose jobs will be to provide me and NOAA leadership with that answer,” he said.

Assuming the funding for the office within the president’s fiscal 2023 budget stands, Goldstein hopes to launch it by the end of that fiscal year.

According to Goldstein, NOAA was the second federal agency to move its email and calendar to a public cloud, Google Apps for Government, in 2011, and since then the agency has migrated websites, help desk ticketing and global device management.

“It became very clear that we needed to have more discipline going to the cloud and more efficiencies because people were duplicating each other by having to learn how to do a security evaluation of going to the cloud, learn how to authenticate to the cloud, figure out how to communicate and get my data to the cloud,” Goldstein said. “And they were also using different contract vehicles.”

The CIO agreed to authorize NOAA offices’ migrations with the expectation that once his team implemented centralized cloud services streamlining and lowering the cost of the process, they’d use those instead.

NOAA now offers a standard way of getting to the cloud; authenticating using its identity, credential and access management (ICAM) service; and contracting with the three large service providers — Google, Amazon and Microsoft — and others. The Office of the CIO’s Cyber Division evaluates cloud offerings once for universal use across NOAA, accelerating offices’ migrations, but the Cloud PMO will make it so they don’t have to consult separate experts for each step in the process.

A Cloud PMO will also help offices take advantage of NOAA Open Data Dissemination (NODD), which allows for “extremely inexpensive” egress to the public, Goldstein said.

The White House proposed a large funding increase for the Office of Space Commerce in its fiscal 2023 budget, which if accepted by Congress would elevate it to a staff office receiving IT support from the OCIO. 

Goldstein expects to indirectly advise on, provide perimeter security for and oversee the cloud-native Open-Architecture Data Repository, which processes tracking data on space objects to predict and assess risk of collision. This information will improve space situational awareness for commercial and civil space operators. A requirements analysis is ongoing, so the operational cost hasn’t been calculated yet.

“Because the cloud is available and they know how to do it, we know how to do it — we’re going to help the Office of Space Commerce with this — they’ll be able to get that capability in the hands of the world faster,” Goldstein said.

The cloud is also freeing up NOAA’s IT professionals — previously stuck patching, scanning and performing domain controller work — to improve weather forecasting model accuracy and speed.

Supercomputing improvements that continue to be made by NOAA have increased capacity for forecasting three times over and should lead to 30% growth in research computing by the end of 2022, but research and development could benefit from even more, Goldstein said. The agency’s objective is to get enough capacity to perform all NOAA research, and enable focusing these applications down to what should be operationalized.

“We’re not there yet,” Goldstein said. “But we’re getting closer.”

The post NOAA evaluating multi-factor authentication for apps and devices appeared first on FedScoop.

OSC had the National Oceanic and Atmospheric Administration‘s acquisition arm issue a request for information (RFI) Feb. 16 on commercial tracking data and services that will be available between now and 2030, so that its repository might serve as a marketplace for them.

Companies provided some data for free so OSC could develop a cloud-based Open-Architecture Data Repository (OADR) prototype, containing the locations of orbiting satellites and debris for space situational awareness (SSA), last summer. But OSC needs to study more commercial low Earth orbit (LEO) and geostationary orbit (GEO) data to improve its OADR algorithms to the point where satellite users trust the reliability of their collision warnings.

“We’re going to do that for the first few years, get that going and then we’re going after international data,” Leonard told FedScoop. “At the end of the day this is a global problem, and we feel like the U.S. can be the global leader in this area.”

OADR is an unclassified system, and OSC is already working with the European Union Space Surveillance and Tracking (EUSST) program to determine what data is interoperable and how more might be shared to fill in reporting gaps and begin tacking debris less than 3 centimeters in size.

OSC hopes to issue another RFI soon for cloud hosting of OADR and, after that, an omnibus RFI for all of the services comprising OADR like conjunction screening, ephemeris generation and the web interface, Leonard said.

The OADR prototype combined 60 days of Department of Defense data with commercial data on about 20,000 to generate on-orbit collision warnings every 15 minutes

“We feel like we can do this even faster because the cloud really offers a great opportunity for scaling up processing power, and that’s one of our intentions,” Leonard said. “We want to make sure that the satellite user gets these warnings and watches of the space environment on a very close to near real-time basis, which is a whole lot more modernized than what currently happens at DOD.”

DOD’s traditional SSA system currently provides collision warnings every eight hours and relies solely on its own tracking data, which is a problem because the department lacks the assets to do so effectively while also monitoring active payloads, large objects and foreign issues. As a result, companies that operate satellites are often reluctant to move them when DOD’s system warns them of a potential collision, Leonard said.

The Department of Commerce, of which OSC is a part, plans to take commercial sector work off of DOD’s plate with OADR, so it can focus on its defense and national security missions.

OSC is building a research and development environment in conjunction with OADR for testing the latest algorithms and working with companies like SpaceX, OneWeb and Amazon to get their large, planned constellations of satellites talking to OADR autonomously. The goal is for satellites to send timed maneuvers to OADR, which would give them the all-clear before proceeding, or alternatively the system would warn them of a pending collision and advise them on which of their stored maneuvers to use.

SpaceX’s launch of its Starling will help OSC and NASA, which has been involved with the project for the last six to seven months, get autonomous operations talking to ground systems as well.

OADR won’t just enable collision warnings though. Once the database is established, OSC has apps planned for satellite pre-launch and reentry screenings, gap analyses between the time satellites are launched and catalogued, validating data accuracy, predicting satellite light pollution for astronomers, and space weather forecasting.

The containerized architecture of OADR will allow OSC to provide satellite operators with DOD, NASA and commercial models in addition to its own, allowing for the sale of more in-depth analysis. DOD, NASA and the Federal Aviation Administration will fund advances to the OADR data products they need.

“We’ve been working with our appropriators in Congress and requesting the proper funding next year and follow-ons to build this system, and we’re excited,” Leonard said. “We’re bringing in new staff this year and should have a director and deputy director very soon; they actually just advertised the deputy director position for the office.”

The post Office of Space Commerce seeks more commercial satellite tracking data appeared first on FedScoop.

Called the Open-Architecture Data Repository (OADR), the prototype will ensure the U.S. space industry has situational awareness of orbiting satellites and junk for future missions.

The U.S. needs the best-available data to track about 29,000 space objects currently in orbit and an estimated 50,000 new satellites launching between now and 2030, so the Office of Space Commerce began piloting activities to improve commercial space safety earlier this year.

“It was a data strategy that really fell out of the National Oceanic and Atmospheric Administration because they already have the satellites up there,” said Tom Beach, interim chief data office at DOC, during a recent ACT-IAC event. “They already are collecting this data.”

OSC plans to conduct analysis, develop technical prototypes and perform additional demos with an eye toward using sensors and artificial intelligence to monitor the thermosphere and exosphere and prevent space objects from crashing into each other, Beach said.

What OSC is not trying to be is the Federal Aviation Administration of space. So while it will populate the OADR with accurate, timely data, that data is for industry to expand upon and develop services around that it sells back to government, Beach said.

OSC is working with the departments of Defense and Transportation and NASA — all of which have a shared interest in space traffic management — as well as industry and academia to populate OADR with data.

OADR will also provide conjunction, or close approach, alerts to satellite operators.

The post Commerce, DOD plan to create satellite location data repository appeared first on FedScoop.