Recent Non-technical Forces in Security at the National Center for Atmospheric Research

Abstract

There are an increasing number of non-technical forces contributing to security concerns at the National Center for Atmospheric Research (NCAR). These include: FIPS/FISMA, ITAR, DFARS, and integrating with cloud providers. NCAR is in an unusual position as we have contracts from a wide variety of funding organizations including the National Science Foundation (NSF), the National Aeronautics and Space Administration (NASA), the Centers for Disease Control (CDC), the Department of Energy (DoE), and the Department of Defense (DoD), the National Oceanic and Atmospheric Administration (NOAA), and others. NCAR also works directly with the governments of a number of other countries and has active field projects in every corner of the globe. Therefore, NCAR has exposure to a wide variety of stipulations from these very different sources.Legislation has also recently become more applicable to security operations at NCAR. House bill H.R.3547, the Consolidated Appropriations Act of 2014 has two sections that might be of concern to NCAR. The first is Section 534 that states None of the funds made available in this Act may be used to maintain or establish a computer network unless such network blocks the viewing, downloading, and exchanging of pornography. The second is Section 515 that puts additional constraints on purchasing IT equipment rated at FIPS 199 Moderate or High impact, including a review of the supply chain of those companies [...] that may be owned, directed, or subsidized by the People's Republic of China. This is relevant both from a supercomputing and general IT supply chain point of view as many of the components in both supercomputing and IT equipment are from the People's Republic of China.The effect and response to these forces is ongoing at NCAR and will continue to be in the foreseeable future. This talk is intended to share with the community our current directions, and to create discussions around what others are experiencing and future directions.