RSS Feeds

Danger Will Robinson! NASA can't manage computers, cyber threats effectively

By John Solomon

Monday - 6/10/2013, 7:03am  ET

The agency that sent man to the moon and gave most Americans their first glimpse of computers more than four decades ago today no longer manages its technology effectively, leaving it vulnerable to cyber attacks and excessive spending, according to its internal watchdog.

In fact, NASA’s Information Technology (IT) management is so decentralized that the agency’s Chief Information Officer didn’t know it had spent $400 million more on technology than it had reported until bean counters requested the information, the space agency’s inspector general reported.

The problem is the Chief Information Officer doesn’t have control over the majority of NASA’s technology spending, overseeing just 11 percent of the $1.46 billion allocated for that purpose in 2012 while independent centers and offices handle the rest, the inspector general found.

“While other Federal agencies are moving toward a centralized IT structure under which a senior manager has ultimate decision authority over IT budgets and resources, NASA continues to operate under a decentralized model that relegates decision making about critical IT issues to numerous individuals across the Agency,” the inspector general reported this month. “As a result, NASA"s current IT governance model weakens accountability and does not ensure that IT assets across the Agency are cost effective and secure.”

The concerns aren’t just about bureaucratic structure. NASA managers often don’t know what the space agency is spending technology money on and what hardware they own.

For instance, technology managers at five of NASA’s centers told investigators “they could not account for 100 percent of the IT systems and hardware at their centers,” the inspector general said.

And while NASA reported its 2010 spending on IT was $1.6 billion, the agency actually spent $2 billion and its chief information officer was “unaware of the $400 million in additional spending until the Mission Directorates reported actual expenditures to her office in a data call responding to a” a White House budget office request.

“The agency CIO's lack of authority over IT funding limits the agency’s ability to consolidate IT expenditures to realize cost savings and drive improvements in the delivery of IT services,” the inspector general said.

Such disorganization poses even greater risks in an era of increased cyber attacks and industrial espionage aimed at unmasking America’s greatest space technology, the IG added.

Among the red flags cited by the inspector general, the NASA center responsible for continuous monitoring of computer threats “does not have purview over all of NASA"s networks,” monitoring just 90 percent of NASA’s institutional networks and only "a very small portion" of the agency’s mission networks.

“NASA's ability to secure its networks is further complicated because the agency lacks a complete inventory of IT assets,” the report added.

“In 2012 Congressional testimony, the CIO acknowledged that the Agency’s culture does not support building effective cyber security processes, and stated that the largest impediment to effective IT security is persuading and changing the Mission Directorate culture,” the report noted.

The inspector general, the agency’s internal watchdog, has been raising alarm about NASA’s technology structure for years. But its new report urges a massive overhaul of top management to take more urgent action and better empower the chief information officer to oversee and consolidate the unwieldy system.

“We recommend the NASA Administrator – in consultation with the Mission Directorate and Center CIOs and the Agency"s senior management team – consolidate the overall governance of IT within the OCIO and ensure the OCIO has adequate visibility into Mission-related IT assets and activities,” the report said.

NASA’s top official agreed with most of the inspector general’s findings, promising to undertake an overhaul starting with the selection of a new chief information officer. The prior CIO left the space agency recently.

“I share the OIG’s concerns in these areas,” NASA Administrator Charles Bolden Jr. wrote in a response to the report. “I consider IT governance and IT security to be top priorities for the agency.”

Bolden said he wants NASA to consolidate its IT management and will ask the new CIO, once selected, to begin the process with a comprehensive review of current technology assets.