risk management board 5-4-12 1. agenda review existing risks new risks pending decisions review...
TRANSCRIPT
1
Risk Management Board
5-4-12
2
Agenda
• Review Existing Risks• New Risks• Pending• Decisions• Review Action Items
Joint Polar Satellite System
2012_0215_JPSS_NOAA_PMC_FINAL.pptx 3
RANK
TREND
RISK ID TITLE
APPROACH
LIKE
CONSEQ
1 NJO-005 Enterprise Readiness for NPP Data (Technical) W 2 4
2 New NJO-033 FY2013-2018 Budget Deliverable (Programatic) M 2 4
3 NJO-026 Algorithm Change Process (Technical) M 3 3
4 New NJO-034 L1 Requirements Scrub (Technical) M 3 3
5 New NJO-031 DoD Data Delivery Approach M 4 2
6 NJO-010NPP Ops Transition From NASA/JPSS to NOAA/OSPO (Programmatic)
M 4 2
7 New NJO-032 Out Year Funding for NDE-ESPC W 4 2
LIKELIHOOD
5
4 5, 6, 7
3 3, 4
2 1, 2
1
1 2 3 4 5
CONSEQUENCE
Approach
M - Mitigate
W - Watch
A - Accept
R - ResearchMed
High
Low
CriticalityL & C Trend
Decreasing (Improving)
Increasing (Worsening)
Unchanged
New Since Last PMCNEW
NOAA JPSS Office Top Risks
4
NJO-005Enterprise Readiness for NPP Data
Latest Status:
• Effort to complete implementation of NDE Production System is on track to complete at the end of the month
IF the NOAA enterprise is not ready to receive and process NPP data, THEN there is the likelihood of a data gap between POES N19 and NPP
LxC J-11 J-11 A-11 ## ## ## ## ## ## # A-12 M-12
3x4
2x4
1x4
#2 & #3#1
#5
#4
#6
#7Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk 6/15/2011 6/15/2011 3x4 Complete
2Develop phased approach to NDE product distribution 7/1/2011 7/1/2011 3x4 Complete
3
Work with stakeholders to execute plans and schedule to get capability in place 7/1/2011 7/1/2011 3x4 Complete
4
Develop subset of NPP critical products for functional testing during July NDE distribution test 7/15/2011 7/15/2011 3x4 Complete
5Complete NCT-4 Proving CGS readiness 8/10/2011 8/10/2011 2x4 Complete
6Complete NDE Processing Test 9/1/2011 9/1/2011 2x4 Complete
7NDE Production System in Place 4/30/2012 1x4 On Schedule (as of 4-1-12)
5
NJO-033 FY12 Budget Deliverable
Status:•NASA provided the FY 2013-2018 PPBE by April 9, 2012
• NJO completed integration of POE on April 13, 2013. Updating element costs based on updated information.
• Meeting with NESDIS leadership scheduled [please check with Todd he was going to do this]
IF: NJO is unable to complete and submit an executable Program Office Estimate (POE) based on the LCC authorized by OMB THEN: The JPSS program may unnecessarily de-scope program elements , potentially affecting the FY-13 budget cycle and impacting NOAA’s ability to meet critical weather and climate data needs or leading to a gap in data measurements
LxC M-12 A-12 M-12 J-12
2X4
Closed
#1
#8
#2 #3 #4 #5 #6
Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk/RMB Acceptance 3/28/12 3/28/12 2X4 Complete
2Develop NOAA estimate for Ground, O&S and Science beyond JPSS-1 + 1 year 4/6/12 4/6/12 Complete
3
Hold integration reviews of the draft POE to assess each spending/funding line, the assumptions used in determining costs, and validation of content included for funding 4/13/12 4/13/12 Complete
4 Clearly identify all content ranked in the most important to the least important 4/20/12
5Briefing to NESDIS of POE results/content (tentative) 4/24/12
6 Briefing to NOAA/DOC (tentative) 5/16/127 Briefing to OMB (tentative) 5/30/128 Submit Final Package 5/31/12 Closed
6
NJO-026Algorithm Change Process
Latest Status:1. G-ADA Training Kick-off will be
held 5/9/12, with 5-day intensive hands-on training to follow. Two STAR discipline team members scheduled for training in addition to the STAR AIT team members.
2. STAR has determined it will not assume Northrop Grumman responsibilities to test code in G-ADA.
IF post-launch algorithm change process requires changes to be integrated into the operational code through GRAVITE Algorithm Development Area (G-ADA) THEN, a bottle neck may occur during the G-ADA test and verification step adding uncertainty to the timeless of integration into the IDPS
LxC S-11 ### ### ### J-12 ## M-12 A-12 M-12 J-12
3x3
1X3
#3#1 #5#4
#2
Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk 9/22/11 9/22/11 3x3 Complete
2Allow STAR leads access to G-ADA test area reducing the need for off-line testing certification and CM of testing 5/31/12
3
Use data product prioritizations to determine schedule for algorithm changes by DRAT (Discrepancy Report Action Team) 1/1/12 1/1/12 Complete
4Use Defined fast Track and Urgent change processes to get changes quiclky into IDPS 3/21/12 3/21/12 Complete
5DPA lead to assess effectiveness of change process after instruments are on and some experience is gained. 3/21/12 3/21/12 1X3 Complete
7
NJO-034Requirements Scrub Process
Context: • NASA Ground Project briefed NJO on analysis of options; option for expanded use of today’s NESDIS Environmental Satellite Processing Center (ESPC) was not analyzed• NJO requested NESDIS OSD analyze option for expanded use of ESPC• Options and analysis to be briefed to COPC
IF the JPSS L1RD is not updated by October 2012 and input on requirements changes to NASA by May/Jun,THEN, , the Block 2.0 Ground baseline will reflect the current JPSS L1RD –and changes will potentially impact Ground System programmatic (cost, schedule) and technical (design) baselines
LxC M-12 A-12 M-12 J-12 J-12
3x3
#1 #2
Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk/RMB Acceptance 3/28/12 3/28/12 3 X 3 Complete
2
Document known requirement changes in L1RD Configuration Change Requests (CCRs). These will be provided to NASA as in-process 5/31/12
3
Identify requirements requiring studies before decision to include as a CCR. Establish joint NJO/NASA Program working group to conduct Ongoing
4Review NOAA and NASA comments on L1RD and Supplement for Ongoing
8
NJO-031DoD Data Delivery Approach
Status: DoD requirements collected and briefed to LORWG
Ground Summit held to vet options to deliver data to DoD..
IF: an approach to deliver data to the DoD users (i.e., AFWA, FNMOC and NAVO) is not defined THEN: the program will not have a complete understanding of the implications on the ground system (e.g., in terms of alternate processing sites, communications requirements, etc.)
LxC M-12 A-12 M-12 J-12 ## ## ## O-12 N-12
4x2
Closed
#1 #2 #3 #4 #5
#6
Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk/RMB Acceptance 3/28/12 3/28/12 4x2 Complete
2
Update DoD requirements impacting the ground system in terms of products required and level of processing 4/1/12 4/1/12
Complete (estimated date)
3Develop alternate processing and distribution scenarios to brief to the 5/24/12
4Complete trades on processing and distribution 5/31/12
5Issue Direction Letter to NASA 6/15/12
6 Modify requirements to reflect new approach - TBD 10/31/12
9
LxC S-11 O-11 N-11 D-11 J-12 F-12
4x3
#1
NJO-010NPP Ops Transition From NASA/JPSS to NOAA/OSPO
Latest Status:• IRT held 23 March •IRT Recommendations provided to NOAA & NASA. 9 Criteria proposed by IRT used to update Mitigation Plan - Criteria slides available as needed
IF: Appropriate plans and contractual provisions for the NPP operations transition are not in place, THEN: NPP will not be considered operational, placing in question the reliability of data products delivered to the end users, NOAA will be paying twice for operational support for an extended period
TBD
Step # Mitigation Step
Planned Complete
Actual Complete LxC Status
1 ID Risk 6/15/11 6/15/11 4x2 Complete2 Conduct Independent Review Team 3/31/12 3/31/12 Complete
3Positions are identified and staffed with trained and certified personnel with adeuquate OJT Complete?
4
Responsibilities of and interfaces between the OSPO Mission Operations Team (MOT) and the JPSS Mission Support Team (MST) are clear Complete?
5
Mission documentation is complete and configuration controlled and has been provided to the operations organization Complete?
6Mishap and anomaly procedures are in place Complete?
7End of mission and disposal plans are in place Date?
8State of flight and ground systems is suffi ciently stable and understood Complete?
9Spacecraft, instrument, and ground system sustaining engineering resources are available Complete?
10Operations processes have been reviewed and modifications, if any, have been agreed to and documented Complete?
11
Responsibilities, lines of authority and communications with regard to Satellite Operations Management Authority are agreed to between NASA and NOAA, including the role of NASA’s Earth Sciences Division Date?
10
LxC S-11 O-11 N-11 D-11 J-12 F-12
4x3
#1
NJO-032Out year funding for NDE-ESPC
Status:
IF: the Office of Satellite and Product Operations (OSPO) does not receive it's appropriations for operating the NDE sub-system of ESPC THEN: OSPO will not be able to support 24x7 delivery of operational NPP products to the NWS and JPSS may be asked to support OSPO
WATCH
Approach: WATCH
11
Low Risks
ID Title (Owner) L x C Next Step(s) Status
003 Undefined IP Liabilities (Mehta) 1 x 4
Watch
028 NG IP for NPP OPS (Mehta) 2 x 3
Solid agreements in place to ensure access to tools and data through end of NPP Cal/Val
018Lack of end User Feedback (Goldberg)
2 x 2 Develop program for JPSS Proving Ground and Risk Reduction and work closely with GOES-R to leverage activities where they make sense.
PGRR Established
021 DRN Landing Rights (Brauer) 5X1
Watch Preliminary NOAA Integrated Satellite Priorities has decided that 30 minute latency is a supplemental requirement that may not be fundedThis would reduce the criticality of the DRN architecture making the risk more likely to be realized but reducing the consequences
012Correctness of Level 1 Supplemental Requirements (Goldberg)
3 x 1
Distribute draft supplemental L1 requirementsLEORWG comment and coordinate changes
Close based on establishment of NJO-034 which more directly addresses the risk remaining with the JPSS requirements process
014NOAA IT Access to Enterprise Resources (Chamberlin)
3 x 1
Establish a NESDIS/NOAA enclave at GreenTech 4 which will allow access to critical organization resources
Enclave established and being expanded. Recommend closing
12
New RisksID Title (Owner) Proposed L x C Context
035 Maintain Authorization to Operate and meeting POA&M 4 x 5 Separate Slide
038Lacking Situational Awareness Capability for JPSS and GRAVITE
5 x 5Separate Slide
039Aging and unsupported COTS hardware and software within JPSS
4 x 3Separate Slide
036 NJO Office Space and Staffing TBD Separate Slide
037 Inadequate Future NSOF Library Support TBD Separate Slide
040 New STAR Risk
13
NJO-035Maintain Authorization to Operate and meeting POA&M
Context: • JPSS Ground System undergoing a mandated annual FISMA compliance activity for
performing Security Control Assessment (SCA). – Part of the processes that needs to be completed as an input to the risk acceptance decision by the
Authorizing Official (AO) for granting continuing Authorization To Operate (ATO) the JPSS Ground System at its’ current level of risk to the NOAA and NESDIS Organizations.
– The current ATO expires July 19, 2012.
• Parallel activities are ongoing in support of Plan of Action and Milestones (POA&M) to mitigate the vulnerabilities identified during FY11 SCA.
– The ISSO has been informed that the prime contractor (Raytheon) support toward mitigating the POA&Ms are scheduled to end June 2012.
– Post FY12 annual SCA new POA&M will be established to mitigate weaknesses identify during this year’s assessment.
• Lack of a view to contracted activities creates a gap to understanding resourced activities that will delay current scheduled and future POA&M remediation.
IF: ATO and POA&Ms activities are not completed and approved within the agreed-upon schedule THEN: POA&Ms will be delayed placing the system on the NESDIS/NOAA watch list; possibly the OMB watch list, as well depending on the delay period.
Recommend Risk Rating: Likelihood 4 x Consequence 5 (RED)
14
NJO-038Lacking Situational Awareness Capability for JPSS and GRAVITE
Context: • Ground System security architecture does not have the capability to provide
visibility into the risk posture for the system in order to monitor health, performance, capacity and security posture holistically.
– The ISSO is unable to prioritize and inform NJO, SO or AO of possible risk associated with operating the system from the tactical operations perspective, in accordance to the Risk Management Framework.
– Intended or unintended malicious activities can go undetected for long period of time.
• Without visibility into the risk posture ineffective and inefficient acquisition of technology solutions and security solutions have a significant increased risk of occurrence.
– These ineffective and inefficient solutions will increase the risk of loss of on ground and potentially in flight assets and the inability to provide products to our relying partners and customers.
IF: ISSO is unable to have holistic visibility into the risk posture for the JPSS Ground System THEN: incidents of security intrusions, equipment outages, delayed data delivery and data loss have an extremely high risk of being actualized. Any occurrence of incident does have potential to impact the Confidentiality, Integrity and Availability of information assets downlinked from the on flight asset. Other C3 impacts not described in this chart could lead to mission failure.
Recommend Risk Rating: Likelihood 5 x Consequence 5 (RED)
15
NJO-039Aging and unsupported COTS hardware and software within JPSS
Context: • Significant % of GS h/w & s/w is at or beyond end of life with respect to vendor support and version maintenance.
– E.g. Cisco firewalls, switches and Microsoft Operating Systems (Windows 2000).
• Without a strategy to maintain regular technology refresh cycles that replace portions of the environment at different intervals there will be significant cost incurred in support, repair and ultimately replacement of hardware and software components.
• The out of date and out of maintenance h/w & s/w create high levels of exposure to threat sources as vulnerabilities become well known and are easily leveraged by advanced structured persistent threat sources.
– These exposures place both ground and in flight assets and service delivery at high levels of risk.
• The vendor is using large amounts of unsupported open source s/w tools in our operational environment. – Using unsupported software saves the prime contractor money and places the Government information assets at significant risk due to unknown
supply chains.
• The JPSS Ground System would benefit by requiring development and production products that have undergone certification by processes such as the Common Criteria.
– These practices provide more secure products; given the pervasiveness of evaluated products, the potential benefits of independent evaluation help to eliminate unknowns with respect to products sustainability and long term supportability of these critical components of our JPSS Ground System..
IF: aging and end-of-life Hardware and Software are not refreshed and
THEN: data integrity will decline, data availability will be reduced, security event and security incident occurrences will increase in frequency and severity.
Recommend Risk Rating: Likelihood 4 x Consequence 3 (YELLOW)
16
NJO-036NJO Office Space and Staffing
Context:• The NOAA JPSS Office has a hiring requirement to fill 11 and possibly 12
Government positions before the end of CY 12. Due to inadequate office space NOAA JPSS currently runs the risk of not being able to fulfill our hiring requirements and negatively impacting productivity.
IF: NOAA JPSS Office is unable to acquire adequate office space THEN: The NOAA JPSS Office may be unable to meet our hiring requirements
• If office over-crowding occurs this can negatively impact productivity by uncontrolled interactions or conversations by people nearby that cannot be avoided
• Over-crowding might also increase the frequency of interruptions or distractions. • Increased levels of noise and other unwanted sounds might increase dissatisfaction.
17
NJO-037Inadequate Future JPSS NSOF Library Support
Context:
• The NSOF library has been closed since January 13th, 2012. We currently have a backlog of 50 NPP/JPSS documents that need to be imputed into the NSOF libraries tracking system. When the library opens again it will only be opened until Sept 2012. Only one of the two employees will be coming back and that is only until September. That one person will be doing the work of two people. We have already been told OSD’s work has the priority and our 50+ documents that need to be imputed into the Library Management System (LMS) do not have priority. There is also some question as to whether the NSOF library will continue to maintain the LMS.
• Currently there are 717 JPSS/NPP items being tracked in the NSOF LMS. Of those approximately 250 needs to be researched to identify what the LMS tracking number is. These numbers do not include the golden disks that are being kept in the library annex.
• The documents that are being imputed into the library are not deliverables on the NASA contract. Raytheon has chosen to impute the documents into the library. They do not have access to the JPSS eRooms so they could not load them into eRooms. NOAA does not have access to these documents anywhere else.
IF: We do nothing we will no longer have a secure repository for the Raytheon JPSS/NPP documents at NSOF. THEN: It will be necessary for Raytheon to stand up an MOT library. They will need a dedicated space, safes and a full time librarian.
18
NJO-040 Science Transition Plan
Context: • The Science Transition Plan was developed at the request of the NJO to define an executable
plan, schedule, budget and roles and responsibilities for transitioning science algorithm development, cal/val and related science functions from the NPP demonstration program framework into a fully operational NOAA framework. The transition has three goals:
1. Enable more efficient and more cost-effective algorithm and cal/val science capabilities through maximized leverage of NESDIS subject matter experts.
2. Maintain the integrity and viability of the Suomi NPP operational products to meet the NOAA Level 1 requirements and ensure effective use by NOAA operations and Centrals.
3. Sustain and assure NOAA/NESDIS capacity to provide science leadership for space-based instrumentation, raw observations, derived data, products, and applications including calibration/validation methodologies and algorithm development.
• Discussion and a clear path forward need to be initiated so the transition can be completed in a timely and efficient manner with no adverse impact to the operational products, contractual obligations and budget planning.
IF: an approach to transition the science activities to NOAA is not completed THEN: the roles and responsibilities will continue to be undefined resulting in costly duplication of efforts and responsibilities for NPP algorithm science
Recommend Risk Rating: Likelihood 3 x Consequence 4 (YELLOW)
19
Pending Risks
• None
Joint Polar Satellite System
2012_0215_JPSS_NOAA_PMC_FINAL.pptx 20
Upcoming DecisionsDecision Timeframe Decision
AuthorityStatus/Comments
Approve changes to Level-1 Requirements Document:• Do not deploy IDPs to Navy Centrals• Remove OMPS-L from JPSS-2• Relax 30-minute latency to 80 minutes for life
of the program
May 2012 DUS/O Conducting discussions with DoD on JPSS data requirements and architecture alternatives. Communicated to International Partners that JPSS will not implement the Distributed Receptor Network. Initial steps of requirements change process underway. Potentially slipping to June 2012. Change needs to go through NJO ERB and PCB, then NESDIS PMC, then NOSC, and then DUS/O.
Approve Priorities for current JPSS Level-1 Requirements (GAO recommendation)
April 2012 DUS/O The LORWG prioritized JPSS Environmental Data Records (EDRs) on Mar 16. This prioritization activity will be incorporated into the overall Level-1 requirements scrub, and was briefed to NOSC on Mar 29.
Review and Approve the FY-12 JPSS Budget Deliverable documenting updated program plan based on PB13.
May 2012 DOC Element estimates received Apr 8. Initial integration occurred the week of Apr 9. Draft POE in development. Final internal checks to be complete by May 1. Review and brief-out to be completed by May 31.
Joint Polar Satellite System
2012_0215_JPSS_NOAA_PMC_FINAL.pptx 21
Upcoming DecisionsDecision Timeframe Decision
AuthorityStatus/Comments
Key Decision Point 0 July 2012 US Data products and deliverables for the review team are in progress, and are being uploaded to the designated NSCKN site, including requirements agreements log, budget/POE, schedules program/implementation plans. SRR Kick-off with NOAA JPSS and NASA JPSS Program planned for April 17, 2012 at Greentech. JPSS P/SRR planned for May 22-24, 2012. Upon completing of the P/SRR, the following joint management councils will be conducted: GSFC CMC at GSFC on June 7, 2012, NESDIS/SMD PMC at NASA HQ on June 13, 2012, and APMC at NESDIS HQ on July 18, 2012.
Authority to Operate July 2012 NESDIS/AA System Security Plan and FIPS200 submitted to NESDIS CID. Planning underway for assessment.
22
Actions
23
Back-up
24
Consequence CriteriaRisk 1 Very Low 2 Low 3 Moderate 4 High 5 Very High
Safety Negl igible or no impact
Could cause the need for only minor fi rst a id treatment
May cause minor injury or occupational i l lness or minor property damage
May cause severe injury or occupational i l lness or major property damage
May cause death of permanently disabl ing injury or destruction of property
Programmatic No impact to enterprise success
Minor impact to enterprise success
Moderate impact to enterprise success . Minimum enterprise miss ion achievable with margin
Major impact to enterprises success , Minimum enterprise miss ion i s achievable.
Minimum enterprise miss ion i s not achievable
Technical No impact to ful l miss ion success cri teria
Minor impact to ful l miss ion success cri teria
Moderate impact to miss ion success cri teria , Minimum cri teria i s achievable with margin
Major impact to ful l miss ions success cri teria , Minimum success cri teria i s achievable.
Minimum miss ion success cri teria i s not achievable
Schedule Negl igible or no schedule impact
Minor impact to schedule mi lestones ; accommodated within reserves no impact to critica l path
Impact to schedule mi lestones ; accommodated within reserves ; moderate impact to critica l path
Major impact to schedule mi lestones ; major impact to critica l path
Cannot meet schedule and program mi lestones
Cost <2% increase over a l located budget and negl igible impact on reserves
Between 2% and 5% increase over a l located budget and can be handled with reserves
Between 5% and 7% increase over a l located budget and cannot be handled with reserves
Between 7% and 10% increase over a l located budget and/or exceeds proper reserves
>10% increase over a l located budget and can’t handle with reserve
Consequence Categories
25
Likelihood Criteria