This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
IT/Web

OIG: NASA Chief Information Officer Is Doing A Crappy Job

By Keith Cowing
NASA Watch
October 19, 2017
Filed under ,
OIG: NASA Chief Information Officer Is Doing A Crappy Job

OIG: NASA’s Efforts to Improve the Agency’s Information Technology Governance
“In the 4 years since issuance of our IT governance report and the 3 years since completion of its own internal review, the Office of the Chief Information Officer (OCIO) has made insufficient progress to improve NASA’s IT governance, casting doubt on the office’s ability to effectively oversee the Agency’s IT assets. Specifically, the NASA Chief Information Officer (CIO) continues to have limited visibility into IT investments across the Agency and the process NASA developed to correct this shortcoming is flawed.
Despite these efforts, the OCIO’s insight into and control over the bulk of the Agency’s nearly $1.4 billion in annual IT funding remains limited … this lack of authority and visibility over the majority of the IT budget limits the Agency’s ability to consolidate IT expenditures, realize cost savings, and drive improvements in the delivery of IT services. … the Agency’s current enterprise architecture remains immature after a decade-long effort, a situation that contributes to the undisciplined manner in which NASA makes IT investments. Moreover, despite changes to two of the Agency’s three top-level IT governance boards, IT managers across the Agency remain unsure of board functions and their decision making processes and the boards have yet to make strategic decisions that substantively impact how IT at NASA is managed. In addition, as of August 2017 the roles and responsibilities associated with NASA’s IT governance structure have not been finalized by the OCIO – one of the most basic and critical pieces of the Agency’s Business Services Assessment (BSA) Implementation Plan. … Lingering confusion about security roles coupled with poor IT inventory practices continues to negatively impact NASA’s security posture. … Finally, the OCIO continues to exercise limited ability to influence IT management within the Mission Directorates and Centers due to the autonomous nature of NASA operations and the office’s lack of credibility on IT issues in the eyes of its customers.”

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

11 responses to “OIG: NASA Chief Information Officer Is Doing A Crappy Job”

  1. Al Vacado says:
    0
    0

    “… the office’s lack of credibility on IT issues in the eyes of its customers.” They are not wrong

  2. sunman42 says:
    0
    0

    Considering the Agency CIO’s ignorance of what is needed for us to carry out our missions, or our extended mission budgets, I’d say the IG’s finding represents a net positive to the Agency and the taxpayer, regardless of the benefits of “enterprise architecture” (a marketing term if there ever was one) to the business side of our “enterprise.”

    • sunman42 says:
      0
      0

      I have to agree. The number of idiotic but “must be obeyed, no waivers” policies such as https-only, IPv6 rollout, and server “consolidation” (when the real purpose is power usage efficiency [PUE]) shows that the CIO’s organization is good for saluting whatever government-wide efforts are run up the flagpole and punching the tickets of eager-beaver managers in the organization. The lack of value added to (and often value subtracted from) our ability to develop, launch and operate missions is depressing.

  3. Michael Spencer says:
    0
    0

    Taking the NASA budget, in round numbers, at $18 Billion, the annual IT cost at $1.4B is about 8% of the annual budget.

    At first I was surprised, thinking that’s a very large piece of the pie. Then I realized I don’t really have direct knowledge of IT costs for large organizations, particularly one, like NASA, that’s spread across the country.

    Is the issue here the actual amount being spent, or is it the work product received given the money spent?

    • fcrary says:
      0
      0

      That’s hard to say in detail, since most large organizations don’t publicly distribute budget information like this. But based on NASA contracts to universities and industry, I think 8% is a little high. IT at those institutions is supposed to be paid for out of overhead on the contract, not billed to the contract directly. In other words, the institution tacks on a fee to cover all the costs of supporting work in general, which aren’t necessarily tied to the contracted work. That’s IT, rent on offices, utility bills, clerical support, salaries for line managers, work writing future proposals, etc. For a university, a 40% overhead is probably representative. If 8% of the money from contracts went to IT, I don’t see how these institutions could cover their other expenses. In general, talking to NASA employees, I don’t get the impression that IT support at NASA centers is significantly different from IT support at their contractors.

      On the other hand, I don’t know if the quoted $1.4 billion includes supporting and improving the NASA supercomputing facilities like Pleiades at NASA/Ames. That would be above and beyond the usual overhead IT I described, above. On the third hand, I think that’s part of the complaint. Without some uniformity and coordination, it’s hard to tell what’s being charged to institutional overhead versus project-specific computer support. If you can’t tell where the money is going, you can’t manage it or know if you’re paying too much.

    • sunman42 says:
      0
      0

      The $1.4B was fastened onto early in the G.W. Bush administration as a justification for centralized management and planning (“enterprise architecture”). If our own experience scales, however, some of the contributors to that figure are highly suspect. Within our group, for instance, people whose jobs involve instrument command loads on scientific spacecraft (“command generators”) and even scientists were included in the figure because nothing can inflate a dollar total faster than burdened salaries.

      Also, NASA bookkeeps its hardware investments at purchase price, rather than depreciated value — and nothing loses its freshness faster except strawberries. Frankly, I estimate NASA’s real IT investments to be worth considerably less than the $1.4B figure.

  4. Daniel Woodard says:
    0
    0

    When computers first became common across the agency, they were entirely an organizational responsibility. Each division, department, office and contractor had its IT department, which might be just one or two people. If you needed help, they helped you. If you wanted to do the job yourself, they showed you how. If you needed equipment, and the money was available, you ordered it. If it was working, you didn’t fix it. Some departments had Macs, some had PCs, some had Suns and SGIs. Departments often had their own servers and websites. Websites did not have a uniform look and feel, but they did their job efficiently.

    Then someone decided that control of information technology was too important and too difficult to be in the hands of experienced department managers, engineers, and scientists. IT was torn out of every department and centralized at “IT contractors”. Never mind that the actual work was done either by the same people who had provided in-house support before, or by people with much less experience than the users whose machines they had control of. I remember one of the first briefings by the IT contractor, in which one of their managers said they “might” give researchers with unix systems access to their own root passwords. Websites gained a consistent look and feel, but required a work order and multiple signoffs to change the spelling of a word. Internal websites, the ones that actually helped the organization work more efficiently, largely died out. You can’t buy computers, you have to buy “seats” with maintenance and overhead cost. Computers that are perfectly adequate are replaced because the schedule says so. Every time there is an intrusion password complexity is increased and password changes are required more often, to show that IT management considers security important, never mind that “brute force” password cracking hasn’t been behind any intrusions since the 80’s and the IT security policy ignores human factors.

    I think if one compared the total IT budget with the amount actually spent on new hardware and software requested by users, there would be quite a discrepancy. NASA has a lot of capable people. Unfortunately they aren’t in general, given the authority to manage their own IT. I don’t take issue with the suggestion in the report that there is a problem. I take issue with the suggestion that the solutrion is even more centralized control. Insanty is doing the same thing and expecting different results.

    • Michael Spencer says:
      0
      0

      I’m old enough- perhaps you are, too- to recall the days before pervasive IT departments. There was a time when the Computer of the Future would do so much of our work that the chief problem facing us 40 years hence would be sufficiently creative and demanding leisure activities. We’d all work 20 hour weeks while producing 40 hours’ work.

      That didn’t happen, for a variety of reasons. I mention it in the context of the 8% overhead, wondering if we really get a commensurate productivity boost.

      I find myself, for instance, organizing projects in a manner that is most suitable for computerization. A recent project would have benefited for instance in simple, hand-drawn documentation, yet the drawings were computerized nonetheless.

      Unanswerable questions.

      • Daniel Woodard says:
        0
        0

        Same thing in medicine. When electronic medical records were introduced there was concensus that they would radically reduce cost. Instead, in almost every case, the introduction of EMR has increased cost and required doctors to spend the patient visit pounding on a keyboard instead of making eye contact. We produce, at great expense, terabytes of data which is never read by providers, but only by billers and insurance carriers.