The agency best known for its use of satellites and sensors to pump out weather and climate data for forecasters needs some extra cybersecurity help.
The National Oceanic and Atmospheric Administration is looking for small businesses that might be able to help with the IT security of its data centers and systems, as well as the data flow of everything between them and its satellites, according to an agency request for information.
NOAA’s “Office of Satellite and Product Operations (OSPO) requires an IT Security Program to implement required security controls to ensure confidentiality, integrity and availability of the information resources integral to the successful operation of OSPO satellite ground systems, product processing and distribution systems, and Admin LANs,” the agency’s RFI says.
Those ground systems are quite powerful, as they control more than a dozen high-impact geostationary and polar-orbiting satellites. They “also ingest, generate, and distribute satellite data and derived products and services to NOAA and other users,” according to the agency. Such information allows for constant monitoring of the climate and “atmospheric triggers” that can lead to catastrophic weather events.
“These systems and applications must be available, secure, and reliable so that customers get high quality and timely products and services,” the RFI explains, which can ultimately protect life, property and the economy.
NOAA’s National Environmental Satellite, Data, and Information Service, which supports the satellites’ data services, was dinged a few years ago in an inspector general report for “significant” IT security deficiencies that put its ground systems at risk for cyberattack.
The Commerce Department IG found the satellites “have interconnections with systems where the flow of information is not restricted, which could provide an attacker with access to these critical assets. Although system interconnections can facilitate interagency and external communications and services, such connections can also pose significant risk to each interconnected information system (i.e., more easily allow malware to spread, or attackers to use one system to access another),” the audit says.
The eventual contract, if NOAA decides to launch one based on industry feedback to the RFI, would begin in July 2019 and run for a year, with four optional years. Vendors can respond to the RFI until Dec. 18.
The agency already issued a $113 million contract to Vencore in February to support the National Environmental Satellite, Data, and Information Service’s IT, “sustain legacy systems and enable the transition of future ground systems for new environmental satellites including GOES-R and JPSS,” according to a release.
NOAA did not respond to FedScoop’s request for comment.
The agency also recently revealed more details about its IT services mega-contract, NOAA Enterprise and Mission Information Technology Services, to be awarded in 2020.