NASA’s Inspector General paints bleak picture for agency projects, IT security

NASA budget constrains way agency handles missions, IT operations

The bottom line for NASA as well as any number of government agencies in this new era of sequestration is money - and NASA in this case has too many programs chasing too few dollars.

That is just one of a number of bleak conclusions NASA's Inspector General Paul Martin laid out to a Congressional hearing today adding that "declining budgets and fiscal uncertainties present the most significant external challenges to NASA's ability to successfully move forward on its many projects and programs. For the first 6 months of this year, NASA has operated under a continuing resolution that funds the Agency at  last year's level of $17.8 billion. Moreover, NASA's share of the Government-wide sequestration cuts reduce that spending authority by $894 million."

[RELATED: What is so infinitely cool about Mars?

MORE: NASA's hot radiation mission]

Martin noted that in 2012 "the need to reprogram funds from several Agency initiatives to accommodate cost overruns in the James Webb Space Telescope and other projects. This shift contributed to developmental delays in several ongoing projects and cancellation of others, including a joint project with the European Space Agency for planned missions to Mars in 2016 and 2018."

"Because NASA received less than half its requested budget for commercial crew development last year, the Agency extended to 2017 the earliest it expects to obtain commercial crew transportation services to the ISS - a date uncomfortably close to the Station's currently scheduled 2020 retirement. At the same time, NASA is moving forward with development of a new rocket, capsule, and related launch infrastructure to enable crewed missions to an asteroid, the Moon, or Mars - expensive and technically complex undertakings in an increasingly austere budget environment," Martin said.

While space projects get a lot of positive attention, NASA's IT security state has garnered a darker quality.

From Martin: "NASA remains a target of cyber intruders both because of the large size of its networks and because of the technical and scientific information it maintains. Over the years, NASA has increasingly become a target of a sophisticated form of cyber attack known as advanced persistent threats or APTs. The individuals or nations behind these APTs are typically well organized and well funded.

For example, our investigation of a series of APT attacks at the Jet Propulsion Laboratory (JPL) involving Chinese-based Internet protocol addresses between November 2011 and February 2012 confirmed that cyber attackers were successful in achieving control over much of JPL's network for several weeks and used this access to steal or attempt to steal NASA-funded data. While data theft appears to be the primary motive, the level of access gained by the intruders positioned them to have caused significant operational disruption had that been their goal."

Martin noted the his office has consistently identified what he called "systemic and recurring weaknesses in NASA's IT security program that adversely affect the Agency's ability to protect the information and information systems vital to its mission. In particular, the CIO's inability to ensure that NASA's mission computer networks implement key IT security controls continues to put these critical IT assets at risk of compromise. To illustrate, the Agency has not yet implemented two recommendations from a May 2010 OIG audit report to monitor its mission networks for the presence of critical software patches and technical vulnerabilities."

He added that NASA's portfolio of information technology assets includes more than 550 information systems that control spacecraft, collect and process scientific data, and enable NASA personnel to collaborate with colleagues around the world. Hundreds of thousands of NASA personnel, contractors, academics, and members of the public use these IT systems daily and NASA depends on them to carry out its essential operations. Overall, NASA spends more than $1.5 billion annually on its IT-related activities, $58 million of that for IT security.

It is also worth noting that current NASA CIO Linda Cureton is leaving the agency April 1 and a new executive will probably come in just in time for Martin's latest  report on NASA's IT governance structure which he said his office was completing.

Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook

Check out these other hot stories:

NASA: Mars rock sample shows Red Planet could have supported life

NASA exploring groundbreaking space network to sustain large data dumps and trips to the moon, Mars

Robots get an open source Web-based helpline

Preserving the "Web before the Web:" Minitel history in danger of being lost

The Facebook privacy conundrum:  Desire for more confidentiality increases but so does volume of personal data

NASA's hot radiation mission

Hockey sticks, pocket knives and billiard cues among carry-on items TSA will soon let onboard planes

Hope these guys don't work for Yahoo!: Nearly 600,000 mega-commuters have 90 minute ride to work

Sandia Lab lays claim to world's largest fiber optic local area network

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies