1 / 25

Risk Management Board

Risk Management Board. 5-4-12. Agenda. Review Existing Risks New Risks Pending Decisions Review Action Items. NOAA JPSS Office Top Risks. Approach M - Mitigate W - Watch A - Accept R - Research. L & C Trend Decreasing (Improving) Increasing (Worsening) Unchanged

mckenzie-reed
Download Presentation

Risk Management Board

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management Board 5-4-12

  2. Agenda • Review Existing Risks • New Risks • Pending • Decisions • Review Action Items

  3. NOAA JPSS Office Top Risks Approach M - Mitigate W - Watch A - Accept R - Research L & C Trend Decreasing (Improving) Increasing (Worsening) Unchanged New Since Last PMC Criticality High Med Low NEW

  4. NJO-005Enterprise Readiness for NPP Data IF the NOAA enterprise is not ready to receive and process NPP data, THEN there is the likelihood of a data gap between POES N19 and NPP Latest Status: • Effort to complete implementation of NDE Production System is on track to complete at the end of the month

  5. NJO-033 FY12 Budget Deliverable IF: NJO is unable to complete and submit an executable Program Office Estimate (POE) based on the LCC authorized by OMB THEN: The JPSS program may unnecessarily de-scope program elements , potentially affecting the FY-13 budget cycle and impacting NOAA’s ability to meet critical weather and climate data needs or leading to a gap in data measurements Status: • NASA provided the FY 2013-2018 PPBE by April 9, 2012 • NJO completed integration of POE on April 13, 2013. Updating element costs based on updated information. • Meeting with NESDIS leadership scheduled [please check with Todd he was going to do this]

  6. NJO-026Algorithm Change Process IF post-launch algorithm change process requires changes to be integrated into the operational code through GRAVITE Algorithm Development Area (G-ADA) THEN, a bottle neck may occur during the G-ADA test and verification step adding uncertainty to the timeless of integration into the IDPS Latest Status: • G-ADA Training Kick-off will be held 5/9/12, with 5-day intensive hands-on training to follow. Two STAR discipline team members scheduled for training in addition to the STAR AIT team members. • STAR has determined it will not assume Northrop Grumman responsibilities to test code in G-ADA.

  7. NJO-034Requirements Scrub Process • IF the JPSS L1RD is not updated by October 2012 and input on requirements changes to NASA by May/Jun, • THEN, , the Block 2.0 Ground baseline will reflect the current JPSS L1RD –and changes will potentially impact Ground System programmatic (cost, schedule) and technical (design) baselines Context: • NASA Ground Project briefed NJO on analysis of options; option for expanded use of today’s NESDIS Environmental Satellite Processing Center (ESPC) was not analyzed • NJO requested NESDIS OSD analyze option for expanded use of ESPC • Options and analysis to be briefed to COPC

  8. NJO-031DoD Data Delivery Approach IF: an approach to deliver data to the DoD users (i.e., AFWA, FNMOC and NAVO) is not defined THEN: the program will not have a complete understanding of the implications on the ground system (e.g., in terms of alternate processing sites, communications requirements, etc.) Status: DoD requirements collected and briefed to LORWG Ground Summit held to vet options to deliver data to DoD..

  9. NJO-010NPP Ops Transition From NASA/JPSS to NOAA/OSPO IF: Appropriate plans and contractual provisions for the NPP operations transition are not in place, THEN: NPP will not be considered operational, placing in question the reliability of data products delivered to the end users, NOAA will be paying twice for operational support for an extended period Latest Status: • IRT held 23 March • IRT Recommendations provided to NOAA & NASA. 9 Criteria proposed by IRT used to update Mitigation Plan - Criteria slides available as needed TBD

  10. NJO-032Out year funding for NDE-ESPC IF: the Office of Satellite and Product Operations (OSPO) does not receive it's appropriations for operating the NDE sub-system of ESPC THEN: OSPO will not be able to support 24x7 delivery of operational NPP products to the NWS and JPSS may be asked to support OSPO Status: WATCH Approach: WATCH

  11. Low Risks

  12. New Risks

  13. NJO-035Maintain Authorization to Operate and meeting POA&M IF: ATO and POA&Ms activities are not completed and approved within the agreed-upon schedule THEN: POA&Ms will be delayed placing the system on the NESDIS/NOAA watch list; possibly the OMB watch list, as well depending on the delay period. Context: • JPSS Ground System undergoing a mandated annual FISMA compliance activity for performing Security Control Assessment (SCA). • Part of the processes that needs to be completed as an input to the risk acceptance decision by the Authorizing Official (AO) for granting continuing Authorization To Operate (ATO) the JPSS Ground System at its’ current level of risk to the NOAA and NESDIS Organizations. • The current ATO expires July 19, 2012. • Parallel activities are ongoing in support of Plan of Action and Milestones (POA&M) to mitigate the vulnerabilities identified during FY11 SCA. • The ISSO has been informed that the prime contractor (Raytheon) support toward mitigating the POA&Ms are scheduled to end June 2012. • Post FY12 annual SCA new POA&M will be established to mitigate weaknesses identify during this year’s assessment. • Lack of a view to contracted activities creates a gap to understanding resourced activities that will delay current scheduled and future POA&M remediation. Recommend Risk Rating: Likelihood 4 x Consequence 5 (RED)

  14. NJO-038Lacking Situational Awareness Capability for JPSS and GRAVITE IF: ISSO is unable to have holistic visibility into the risk posture for the JPSS Ground System THEN: incidents of security intrusions, equipment outages, delayed data delivery and data loss have an extremely high risk of being actualized. Any occurrence of incident does have potential to impact the Confidentiality, Integrity and Availability of information assets downlinked from the on flight asset. Other C3 impacts not described in this chart could lead to mission failure. Context: • Ground System security architecture does not have the capability to provide visibility into the risk posture for the system in order to monitor health, performance, capacity and security posture holistically. • The ISSO is unable to prioritize and inform NJO, SO or AO of possible risk associated with operating the system from the tactical operations perspective, in accordance to the Risk Management Framework. • Intended or unintended malicious activities can go undetected for long period of time. • Without visibility into the risk posture ineffective and inefficient acquisition of technology solutions and security solutions have a significant increased risk of occurrence. • These ineffective and inefficient solutions will increase the risk of loss of on ground and potentially in flight assets and the inability to provide products to our relying partners and customers. Recommend Risk Rating: Likelihood 5 x Consequence 5 (RED)

  15. NJO-039Aging and unsupported COTS hardware and software within JPSS IF: aging and end-of-life Hardware and Software are not refreshed and THEN: data integrity will decline, data availability will be reduced, security event and security incident occurrences will increase in frequency and severity. Context: • Significant % of GS h/w & s/w is at or beyond end of life with respect to vendor support and version maintenance. • E.g. Cisco firewalls, switches and Microsoft Operating Systems (Windows 2000). • Without a strategy to maintain regular technology refresh cycles that replace portions of the environment at different intervals there will be significant cost incurred in support, repair and ultimately replacement of hardware and software components. • The out of date and out of maintenance h/w & s/w create high levels of exposure to threat sources as vulnerabilities become well known and are easily leveraged by advanced structured persistent threat sources. • These exposures place both ground and in flight assets and service delivery at high levels of risk. • The vendor is using large amounts of unsupported open source s/w tools in our operational environment. • Using unsupported software saves the prime contractor money and places the Government information assets at significant risk due to unknown supply chains. • The JPSS Ground System would benefit by requiring development and production products that have undergone certification by processes such as the Common Criteria. • These practices provide more secure products; given the pervasiveness of evaluated products, the potential benefits of independent evaluation help to eliminate unknowns with respect to products sustainability and long term supportability of these critical components of our JPSS Ground System.. Recommend Risk Rating: Likelihood 4 x Consequence 3 (YELLOW)

  16. NJO-036NJO Office Space and Staffing • IF: NOAA JPSS Office is unable to acquire adequate office space • THEN: The NOAA JPSS Office may be unable to meet our hiring requirements • If office over-crowding occurs this can negatively impact productivity by uncontrolled interactions or conversations by people nearby that cannot be avoided • Over-crowding might also increase the frequency of interruptions or distractions. • Increased levels of noise and other unwanted sounds might increase dissatisfaction. Context: • The NOAA JPSS Office has a hiring requirement to fill 11 and possibly 12 Government positions before the end of CY 12. Due to inadequate office space NOAA JPSS currently runs the risk of not being able to fulfill our hiring requirements and negatively impacting productivity.

  17. NJO-037Inadequate Future JPSS NSOF Library Support IF: We do nothing we will no longer have a secure repository for the Raytheon JPSS/NPP documents at NSOF. THEN: It will be necessary for Raytheon to stand up an MOT library. They will need a dedicated space, safes and a full time librarian. Context: • The NSOF library has been closed since January 13th, 2012. We currently have a backlog of 50 NPP/JPSS documents that need to be imputed into the NSOF libraries tracking system. When the library opens again it will only be opened until Sept 2012. Only one of the two employees will be coming back and that is only until September. That one person will be doing the work of two people. We have already been told OSD’s work has the priority and our 50+ documents that need to be imputed into the Library Management System (LMS) do not have priority. There is also some question as to whether the NSOF library will continue to maintain the LMS. • Currently there are 717 JPSS/NPP items being tracked in the NSOF LMS. Of those approximately 250 needs to be researched to identify what the LMS tracking number is. These numbers do not include the golden disks that are being kept in the library annex. • The documents that are being imputed into the library are not deliverables on the NASA contract. Raytheon has chosen to impute the documents into the library. They do not have access to the JPSS eRooms so they could not load them into eRooms. NOAA does not have access to these documents anywhere else.

  18. NJO-040Science Transition Plan IF: an approach to transition the science activities to NOAA is not completed THEN: the roles and responsibilities will continue to be undefined resulting in costly duplication of efforts and responsibilities for NPP algorithm science Context: • The Science Transition Plan was developed at the request of the NJO to define an executable plan, schedule, budget and roles and responsibilities for transitioning science algorithm development, cal/val and related science functions from the NPP demonstration program framework into a fully operational NOAA framework. The transition has three goals: • Enable more efficient and more cost-effective algorithm and cal/val science capabilities through maximized leverage of NESDIS subject matter experts. • Maintain the integrity and viability of the Suomi NPP operational products to meet the NOAA Level 1 requirements and ensure effective use by NOAA operations and Centrals. • Sustain and assure NOAA/NESDIS capacity to provide science leadership for space-based instrumentation, raw observations, derived data, products, and applications including calibration/validation methodologies and algorithm development. • Discussion and a clear path forward need to be initiated so the transition can be completed in a timely and efficient manner with no adverse impact to the operational products, contractual obligations and budget planning. Recommend Risk Rating: Likelihood 3 x Consequence 4 (YELLOW)

  19. Pending Risks • None

  20. Upcoming Decisions

  21. Upcoming Decisions

  22. Actions

  23. Back-up

  24. Consequence Criteria

  25. Likelihood Criteria

More Related