This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
IT/Web

NASA OIG IT Report Highlights Governance Problems

By Marc Boucher
NASA Watch
June 5, 2013
Filed under , ,

NASA’s Information Technology Governance, NASA OIG
“The decentralized nature of NASA’s operations and its longstanding culture of autonomy hinder the Agency’s ability to implement effective IT governance. The Agency CIO has limited visibility and control over a majority of the Agency’s IT investments, operates in an organizational structure that marginalizes the authority of the position, and cannot enforce security measures across NASA’s computer networks. Moreover, the current IT governance structure is overly complex and does not function effectively. As a result, Agency managers tend to rely on informal relationships rather than formalized business processes when making IT-related decisions. While other Federal agencies are moving toward a centralized IT structure under which a senior manager has ultimate decision authority over IT budgets and resources, NASA continues to operate under a decentralized model that relegates decision making about critical IT issues to numerous individuals across the Agency, leaving such decisions outside the purview of the NASA CIO. As a result, NASA’s current IT governance model weakens accountability and does not ensure that IT assets across the Agency are cost effective and secure.”
Marc’s note: There is no simple solution to this as long as the centers continue to butt heads with HQ and as long as NASA’s CIO only controls a fraction of the IT budget with the centers controlling the majority.

SpaceRef co-founder, entrepreneur, writer, podcaster, nature lover and deep thinker.

7 responses to “NASA OIG IT Report Highlights Governance Problems”

  1. wscandje says:
    0
    0

    Centralization is not the solution. It is the problem. NASA’s IT assets functioned far more effectively and efficiently when the individual centers had full control over them. Things started going downhill with the initial centralization travesty of ODIN, and have continued to do so at a rapid pace.

    • Chris Pino says:
      0
      0

      These recommendations are foolish in the extreme in so many ways. I served as the CIO for Code M/SOMD and, as directed by my direct management, spent a great proportion of my time combating Agency CIO initiatives that would have been harmful to our missions.

      The Agency CIO and many if not all of the CIO’s direct reports are individuals with backgrounds in Institutional IT and backgrounds in Management Information Systems. One individual during my tenure had a strong background in both computer science and mission systems requirements. He accomplished a great deal of good and easily won the support of the MIssion CIOs but he was the exception, not the rule. The same is true of the HQ CIO’s staff. There was/is one strong technologist on the team who did a great deal of good. He was also an exception to the rule

      The requirements of Mission IT work has very little to do the requirements of Center and Administrative IT.

      Mission IT is managed by complex board structures focused on flight systems and their components. The OIG is right – they do not consider the rules of OMB, the OIG, the Agency CIO, or the Federal CIO relevant to their tasks except as a costly irritant. Does anyone really believe that the database architecture of Mission Control or Launch control be brought into accordance with some generalized model issued by government bureaucrats? Does anyone really believe that it would help the ISS in any way to have MIS trainees play a central role in the IT related decisions made by the ISS Boards?

      Of course not.

      It is ironic that the OIG made these recommendations having conferred with the VA, the Post Office, and the Department of the Interior. One would be hard pressed to find and three agencies whose operations and missions were any dissimilar to NASA’s. Does anyone believe that the DOD CIO has an important roll in specifying inter and intra vehicle networks in an Armoured Division? Or the network used within and between warships?

      The report is right insofar as the Agency CIOs roll has been a weak, poorly funded position. It should stay so.

  2. Jane says:
    0
    0

    As a former NASA engineer and current DOD engineer , I can tell you that rigid control is not the answer. At NASA, we could use one computer for all of our needs. At DOD, we MUST use two PC’s and cannot use email on one of them. File transfer must be done with an encrypted and approved external drive, no thumb drives. We spend a substantial amount of time just moving our files to the platform where we do the work, then moving them back to email them out.

  3. Geoffrey Landis says:
    0
    0

    So, what the NASA OIG is saying here is that since other agencies are moving toward operating on the Stalinist model, NASA should, too.

  4. dogstar29 says:
    0
    0

    There are many people at the bottom of the tier in network and computer support who are doing a fine job to the extent they are allowed. The problem is with the decision-makers, who are unwilling to listen to “users”, many of whom have far more experience than they do in actually using IT to accomplish useful tasks.

    NASA has isolated IT to a separate set of contractors, forcing minor changes in websites to go through contract change request procedures, they have limited research laboratories to Windows laptops with approved software and separate DAR passwords for every user, and forget linux because it is not covered by the IT contractor’s “security plan”, the crazy 1G limit on email storage to “conserve disk space”, the ridiculous password rotation rules that ignore human factors and make it impossible to actually memorize passwords. At the simplest level IT management is concerned more about looking bad because of one stolen laptop than making it possible for NASA to look good by doing useful work.

  5. sunman42 says:
    0
    0

    With respect, Marc, the IG is pretty obviously not familiar with NASA’s policy requirements, e.g. 7120.5 and 7120.7, which detail risk management responsibility for projects. Neither involves the CIO, which is probably something that should be updated, but giving the CIO or anyone in the CIO organization control over program/project elements for which they are not responsible for risk management is a recipe for epic failure.

    And to date, the CIO organization’s only “solutions” have been one-size-fits-all, which may work in some cases and may be disastrous in others. The underlying danger is that the CIO organization is managed by people who know little or nothing about mission/project management when they join NASA, and after they’ve spent a few years on the job and (maybe) learned something about the space biz, they’re off to another federal management job.

    Let’s face it: NASA is not the Small Animal Administration or the Department of Paperwork. We actually do stuff.

  6. sunman42 says:
    0
    0

    Sorry to post again, but I couldn’t let this go by: The $1.46, or $1.6, or $2.0 billion figures are all hot air. Several years ago, when the CIO organization started tracking this, they decided to count as IT anyone who was employed under a contract that they (the CIO organization) deemed to be an IT contract — even if the contract employee’s responsibilities were engineering, flight operations, science mission operations, or scientific research. At the time, it was widely discussed that the CIO organization was skewing the numbers to make NMASA”s IT investment appear to be a much larger fraction of NASA’s annual budget than it actually was. The entire argument the OIG report uses is based on deliberately biased statistics assembled by a self-aggrandizing CIO outfit.