NOAA IT Security & Privacy Conference

A recent World Economic Forum report warned that the three top global risks to society, by likelihood, are:

• Extreme Weather Events
• Natural Disasters
• Cyber Attacks

No U.S. cybersecurity division deals with this tricky trifecta daily, except for the exceptional team at NOAA. Covering from sea to space, NOAA provides minute-to-minute data about the conditions of our oceans, our major waterways and our atmosphere. And to do it without any interruptions, they rely heavily on a secure and resilient global network infrastructure.

So that NOAA's Cybersecurity Division is prepared for every worst-case digital scenario, their Chief Information Security Officer (CISO) hosts an annual NOAA IT Security and Privacy Conference. This year's event includes briefings from various NOAA components and industry leaders. There will be an impressive speaker lineup and a vendor meet and greet.  

Last year's popular event boasted over 400 attendees, the vast majority of whom met with vendors during the multiple conference breaks (including the dedicated time for industry meet and greet). Virtual exhibit space and sponsorship opportunities are available on a first-come, first-serve basis. Sign up early, as this event filled up in record time last year!

Beat the crowd: Register now to help NOAA build on its existing cyber methodologies

From the 2021 NOAA IT Strategic Plan:

Objective 3.1:  Continuously mature NOAA cyber security posture and techniques
The frequency, sophistication, and maliciousness of cyber attacks directed at NOAA are rapidly increasing.  NOAA’s IT footprint continues to expand. We have a duty to protect NOAA’s IT and data by applying the best and most effective security measures. Those who seek to harm our systems are innovating their attacks constantly, and we must stay ahead of these techniques with our own defensive posture and methods.  

With our increased use of distributed and mobile technologies, NOAA will apply methods from the federal Cloud Smart Strategy for safe and secure system and information access. Because collaboration, particularly with global research colleagues, is essential to NOAA’s missions, we build security to empower safe partnerships. We will be continually improving our security processes and posture to enable secure collaboration. We will use advanced threat protection for early detection, strong defense, and effective response.

We acknowledge that even with the best technical tools and techniques, some of the most effective methods for modern cyber attacks do not come through hardware or systems, but through people. We will help guard NOAA against social engineering attacks through a robust Internal Risk Mitigation program that includes training across the Agency.

Objective 3.2: Ensure the security of NOAA networks, systems, and data
At the center of our mandate to protect NOAA’s mission is the security of our IT and data, beginning with our Primary Mission Essential Functions (PMEFs). We guard against NOAA IT security compromises that threaten observation, ingest, processing, and dissemination capabilities. Functional risks can include lapsed data integrity, network failures, and website compromise. Solutions to mitigate these risks include designing redundancy of critical systems, ensuring backup, and eliminating single points of failure. To ensure the continuity of PMEFs, the Homeland Security Program Office (HSPO) plays a key coordination role with the NOAA IT community.  

NOAA has been a leading bureau in the Department of Commerce for cyber security. We will build on this work and adapt to meet new challenges. This evolution will include transformation of NOAA Cyber Security Center services, continued roll-out of Continuous Diagnostics and Mitigation (CDM) for real time, threat-informed security, and implementation of the Zero Trust framework to secure increasingly cloud-based and mobile data and systems that fulfill NOAA’s global mission needs.

As NOAA’s cloud and mobile systems become increasingly complex, we must anticipate security requirements to protect the mission without slowing the mission down. This must be accomplished while empowering collaborative and secure data sharing outside of our security perimeters, including with foreign partners who
are essential to the global scope of our climate, ocean, and weather research missions.

To ensure effective security, legacy architecture must be upgraded to protect the availability and integrity of mission data from unauthorized access. Increased adoption of enterprise security services decreases the effectiveness and impact of cyber attacks. We will at all times maintain our cyber hygiene and ensure a robust
cyber security workforce.