Nearly two years into an ambitious overhaul of the National Oceanic and Atmospheric Administration (NOAA) Cyber Security Center (NCSC), brighter horizons are in sight for the agency in the form of improved cyber analytics capabilities. From the start, NOAA took a holistic approach to the NCSC transformation that encompasses people, process, and technology – in equal parts.
The NCSC protects 70,000 IT assets at NOAA and provides near real-time cybersecurity data for all bureaus across its federated parent agency – the Department of Commerce. In late 2018, NOAA teamed up with Leidos to completely overhaul NCSC operations. Mission success is the end goal – and efficiency is the top priority.
From the start, the agency embraced new approaches, rather than simply focusing on standard technology upgrades. NOAA, for example, created a dedicated engineering and development team to focus solely on NCSC transformation. Team members, freed from ad-hoc daily requests, can dedicate themselves 100 percent to the NCSC overhaul through superior end-to-end lifecycle management.
Given the scope of threats that the NCSC tackles, NOAA and Leidos knew that analysts could not go it alone. They needed smarter and more powerful solutions and new skill sets to tackle threats that grow exponentially. Baseline assessments shed light on analyst skills and as the agency introduces new training and technology, annual assessments track talent density in critical disciplines.
NOAA aims to streamline both processes and technology to empower analysts when it comes to knowledge management. They don’t need to understand the ins and outs of each incident response because they have established processes to guide them through the storm. For example, the agency uses sophisticated content rules to reduce guesswork when evaluating threats.
Consistency is critical. The NOAA and Leidos team focuses on ensuring that analysts have information they need at their fingertips – in a consistent format – without having to log into several different systems. This saves times and produces better outcomes. “You can’t just train people and hope that a process or technology is going to solve [a problem]. You need a three-part solution to a three-pronged problem,” said Chi Kang, Deputy Director for Operations, Cyber Security Division at NOAA.
“In addition to process and technology, we’re focused on the person part of the equation. That’s our largest investment, and we need to empower them with a process that makes sense, streamlines, minimizes error, and gives analysts enough flexibility to do their function,” he said.
Efficiency is at the core of the NCSC transformation, and continuous adoption of Machine Learning (ML) technology is a key enabler. The agency already uses ML for vital use cases. For example, the NCSC leverages ML to rapidly identify correlations that would take human analysts weeks or months, in best-case scenarios. NOAA continues to explore new ML uses cases to improve the speed and effectiveness of its cyber analytics initiatives.
The agency grapples with constant expansion of network perimeters. This accelerated exponentially when the coronavirus pandemic hit and the agency moved to telework at scale. Today, there is a greater need for visibility and policy enforcement, and NOAA is well equipped. “We are fortunate to be able to make conscious choices versus making a forced decision,” said Kang. “Agility and options promote a better risk-based decision.”
As NOAA progresses through the NCSC overhaul, Kang and his team lean on expertise from Leidos and connect with agency counterparts to exchange notes. There is no rulebook for these projects. Relying on industry partners and sharing information, agencies can weather the storm together. Brighter horizons are ahead as NOAA continues to embrace their NCSC transformation and achieve mission success.