Recently in IT/Web Category

NASA OIG: NASA's Independent Verification and Validation Program

"We found that by continuing to occupy and maintain the West Virginia facility, NASA is paying more than necessary in O&M expenses, which leaves the Agency with less funding to perform actual IV&V services on NASA software projects.  We estimated the Agency could save as much as $9.7 million between FYs 2015 and 2018 if the IV&V Program took steps to reduce costs associated with the facility. In order to make additional funds available for review of mission-critical software, we recommended NASA analyze alternatives for reducing occupancy costs associated with the facility, including abandoning the facility and moving staff to an existing NASA Center or relocating the staff to a nearby office building that would cost significantly less. We determined that NASA was not legally obligated to pay O&M expenses associated with the building it currently occupies, but rather has chosen to pay these expenses over the last 20 years.  In our judgment, continuing this arrangement does not make fiscal sense for NASA, particularly when the Agency has more projects needing IV&V services than the current budget can accommodate."

NASA OIG: Security of NASA's Publicly Accessible Web Applications

"NASA Inspector General Paul K. Martin released a report today evaluating NASA's effort to safeguard its Internet-accessible web applications. These applications consist of hundreds of websites NASA uses to share scientific information with the public and collaborate with research partners, as well as login portals and administrative systems that provide authorized personnel with remote access to Agency IT resources."

Export Controls: NASA Management Action and Improved Oversight Needed to Reduce the Risk of Unauthorized Access to Its Technologies

"Weaknesses in the National Aeronautics and Space Administration (NASA) export control policy and implementation of foreign national access procedures at some centers increase the risk of unauthorized access to export-controlled technologies. NASA policies provide Center Directors wide latitude in implementing export controls at their centers. Federal internal control standards call for clearly defined areas of authority and establishment of appropriate lines of reporting. However, NASA procedures do not clearly define the level of Center Export Administrator (CEA) authority and organizational placement, leaving it to the discretion of the Center Director."

Statement by Charles Bolden Hearing on NASA FY 2015 Budget

Statement by Dick Thornburgh Hearing on NASA FY 2015 Budget

"Due to the fact that the NASA systems lack the necessary controls to protect information, allow foreign nationals access to the networks, and allow remote access, the Panel concludes that the NASA networks are compromised. Publicly available reports on systemic data breaches across the country, NASA's own internal reports, and briefings given to Academy staff leave little doubt that information contained on the NASA IT systems is compromised."

Opening Statement by Rep. Frank Wolf Hearing on NASA FY 2015 Budget

"Our first panel today will focus on issues in NASA's security controls that were brought to light through the work of the National Academy of Public Administration. Governor Thornburgh, a NAPA fellow, led a team of experts in a comprehensive review of NASA security practices, culminating in a report that was issued about two months ago ... To my great frustration, the full contents of those reports are restricted and the publicly available executive summaries are lacking in many of the details and examples that are needed to fully understand the scope of the problem."

Keith's note: What is baffling is how Rep. Wolf, Culberson et al embrace the report findings that NASA's IT systems are flawed and have been compromised - and yet they want to fully release the same report that exposes these faults in great detail (so the people who want to cause problems will have a user guide.)

- OIG: NASA Has No Idea How Many Portable Devices It Has, earlier post
- NASA Admits Antiquated Record Keeping Capabilities, earlier post
- Earlier IT posts

NASA OIG: NASA's Management of its Smartphones, Tablets, and Other Mobile Devices

"The OIG found that weaknesses in NASA's mobile device management means the Agency is unable to ensure that it is not paying for a significant number of unused devices. Specifically, NASA lacks a complete and accurate inventory of Agency-issued smartphones, tablets, cellphones, and AirCards (used to provide internet access) because the information system NASA uses to order equipment from its main IT contractor is not fully functional or integrated with the database the Agency uses to track IT assets."

- Do You Really Trust NASA Not to Ruin Your Mobile Device?, earlier post
- NASA Mobile Security Requirements: Why Now?, earlier post
- OIG on Information Technology Security Tools, earlier post

Procedures for Disclosure of Records Freedom of Information Act Regulations (NASA, Federal Register

"Sec. 1206.300 How to make a request for Agency records.

(b) NASA does not have a central location for submitting FOIA requests and it does not maintain a central index or database of records in its possession. Instead, Agency records are decentralized and maintained by various Centers and Offices throughout the country.

(c) In accordance with the Agency Records Management procedures NASA has not yet implemented a records management application for automated capture and control of e-records; therefore, official files are primarily paper files."

#WhatIsNASAFor and the Defending NASA, earlier post

"@NASA tweeting resulted in 17,597,370 impacts. @NASASocial produced 7,627,023. @NASAWatch produced 5,296,071 and @SpaceRef produced 1,632,662."

Keith's note: I am not certain what David Weaver is crowing about. The agency used its main Twitter accounts @NASA and @NASASocial for the #WhatIsNASAFor effort a few times. That's it. None of the agency's field centers, major mission Twitter accounts, etc. bothered to participate - even though they were made aware that participation was encouraged. As such, it is somewhat embarassing that @NASAWatch and @SpaceRef - run by one person in their basement - were able to generate Twitter impacts on a par with the largest space agency on the planet - the same agency that loves to brag about its unrivaled social media prowess. In this instance NASA decided (by default) to sit the whole effort out because it could not figure out how to use the resources. They could have easily generated hundreds of millions of Twitter impressions. But they didn't. As they say on Twitter #FAIL.

Review of NASA's Agency Consolidated End-User Services Contract, NASA OIG

"NASA's lack of adequate preparation prior to deploying the ACES contract together with HP's failure to meet important contract objectives has resulted in the contract falling short of Agency expectations. We attribute these shortcomings to several factors, including a lack of technical and cultural readiness by NASA for an Agency-wide IT delivery model, unclear contract requirements, and the failure of HP to deliver on some of its promises. In general, these issues fall into two categories: (1) issues related to the Agency's overall IT governance and (2) management and problems specific to the ACES contract."

NASA Flunks Open Data Test

Implementation of the Open Data policy, Public Private Sector

"This is a tracking tool setup to understand which federal agencies have deployed their data.json in compliance with Executive Order 13642 of May 9, 2013, Making Open and Machine Readable the New Default for Government Information and OMB Memorandum M-13-13 Open Data Policy-Managing Information as an Asset."

China Copied NASA's NTRS

Keith's note: Have a look at "The Lunar Orbiter Meteoroid Experiments -Description and Results from Five Spacecraft" online at Infoeach - in China. China has their own version of NTRS - just in case NASA shuts it down again to check and see if China is getting access that it should not have. This paper was not available on NTRS to Americans for months even though it deals with spacecraft that flew in the 1960s. Feel safer now?

- NASA Blocks Everyone From Access To Everything on NTRS, Earlier post
- Charlie Bolden's Gutted Version of NTRS is Back Online, Earlier post

Keith's note: At bottom of this release "Mars Rover Teams Dub Sites in Memory of Bruce Murray", JPL has included "For more information about Opportunity, visit http://www.jpl.nasa.gov/msl , http://www.nasa.gov/rovers and http://marsrovers.jpl.nasa.gov . For more information about Curiosity, visit http://www.nasa.gov/msl and http://mars.jpl.nasa.gov/msl" .

Two missions - five websites.

First for the Opportunity links. if you go to http://www.jpl.nasa.gov/msl/ you do not get anything on Opportunity but rather its a Curiosity page. If you go to http://marsrovers.jpl.nasa.gov it redirects you to http://marsrovers.jpl.nasa.gov/home/index.html at JPL. If you go to http://www.nasa.gov/rovers it redirects you to http://www.nasa.gov/mission_pages/mer/index.html at NASA HQ. If you go to the NASA HQ rover site it has a link to a JPL rover website at http://marsrover.nasa.gov/home/index.html it does not link to http://marsrovers.jpl.nasa.gov. And http://marsrovers.jpl.nasa.gov is identical to http://marsrover.nasa.gov/home/index.html. So, one of the three links listed has nothing to do with Opportunity. The NASA HQ MER site links to a JPL MER site but it is at a different address than the JPL MER website listed in the release even though the content is identical.

Now for the Curiosity links. If you go to http://www.nasa.gov/msl it redirects you to http://www.nasa.gov/mission_pages/msl/index.html at NASA HQ. If you go to http://mars.jpl.nasa.gov/msl you end up at a MSL website at JPL. The NASA HQ MSL site points to the JPL MSL site but the JPL MSL site does not point to the NASA HQ MSL site.

So, NASA is paying to maintain two MSL websites and the web addresses they give out are different than the actual web addresses - but they won't bother to put the actual addresses in press releases. Meanwhile, NASA is paying for 2 (or 3) MER websites - and again the links put in the press release are not the actual website address. And a website link that has "MSL" in it is listed as a place to get MER information. In total 5 links are included for 2 missions - and JPL PAO seems to think this is just fine. Meanwhile NASA PAO and SMD have the nerve to moan and complain about lack of education and public outreach funds? They are squandering their money on overlapping websites that don't even coordinate their content or links. I have raised this issue at several SMD media telecons. All they say is "we'll look into it". They don't. They just don't care about being efficient or coordinating. No - they just want more money and refuse to change the way that they operate. Clueless.

Oh yes --- did you know that NASA's Constellation Program is building the Altair Lunar Lander that will land on the moon by 2020? Moreover, the Altair will be launched on the Ares V rocket. HEOMD has an incredibly tangled web presence too.

- Why Does NASA Maintain Three (Four) Different MSL Websites?
- Why does NASA need multiple websites for the same mission?, earlier post
- NASA's Tangled Human Spaceflight Web Presence, earlier post
- NASA's Sprawling Web Presence, earlier post
- NASA's Inability To Speak With One Voice Online, earlier post

NASA, Harvard & TopCoder Partner to Develop a Secure Solar System Internet Protocol

"TopCoder, the world's largest professional development and design community, with NASA and the Harvard-NASA Tournament Lab (at Harvard's Institute for Quantitative Social Science), today announced the launch of a series of innovation challenges that will develop foundational technological concepts for disruption tolerant deep space networking. NASA has made significant progress in developing Disruption Tolerant Networking (DTN) protocols that aide in deep space communication. DTN protocols are an approach to network architecture that seeks to address the potential for lack of continuous connectivity in deep space. It is meant to aid NASA in the exploration of the solar system by overcoming communication time delays caused by interplanetary distances, and the disruptions caused by planetary rotation, orbits and limited transmission power."

Keith's note: This sounds pretty cool builds upon the Interplanetary Internet work that NASA has engaged in over the past decade or so. You'd think that extending the Internet (so to speak) to allow interaction between other worlds and spacecraft traversing our solar system would be something that all of NASA's IT and Technology, and Innovation people would want to crow about - especially since this effort is geared to engage the public via crowd sourcing. In this wired world, this is something that almost everyone in the public can relate to. Indeed, utilized crowd sourced efforts and making the results widely known is something that the Open Government Initiative is supposed to be promoting.

This effort is being coordinated by the NASA Tournament Lab at TopCoder. No specific sponsoring office or organization at NASA is mentioned. TopCoder put out a press release last week. Alas, despite the obvious nexus of interest you'd expect, NASA has been totally silent:

- NASA Public Affairs (no press release issued)
- NASA Chief Information Officer (no mention)
- NASA Space Technology Directorate (no mention)
- NASA - Office of the Chief Technologist (no mention)
- NASA Space Communications and Navigation (no mention - they also make no mention of LADEE's recent laser comms test)
NASA Open Government Initiative (no mention)

Curiously, NASA PAO did promote NASA's Interplanetary Internet efforts last year when someone commanded Robonaut to do something on the ISS. A week prior to this recently announced Interplanetary Internet challenge NASA posted this:

NASA Engages the Public to Discover New Uses for Out-of-this-World Technologies

"Now NASA has joined forces with the product development startup Marblar (www.marblar.com) for a pilot program allowing the public to crowd source product ideas for forty of NASA's patents. This initiative will allow Marblar's online community to use a portion of NASA's diverse portfolio of patented technologies as the basis of new product ideas."

Again, for the most part, NASA's Technology and Information organizations have been mostly mute:

- NASA Public Affairs (no press release issued - just an online feature)
- NASA Chief Information Officer (no mention)
- NASA Space Technology Directorate (no mention)
- NASA - Office of the Chief Technologist (posted a link)
- NASA Open Government Initiative (no mention)

Add in the curious case of innovate.nasa.gov which is apparently now "under construction, but we will be re-launching soon" after being online for a year and doing absolutely nothing to warrant its existence (or expense), and you really have to wonder what NASA is planning to do with all this Technology money that is heading their way. If the agency cannot internally coordinate a simple mechanism to organize this technology stuff - and then share it with the public - then maybe that technology money belongs elsewhere.

NASA, Harvard & TopCoder Partner to Develop a Secure Solar System Internet Protocol

"TopCoder, the world's largest professional development and design community, with NASA and the Harvard-NASA Tournament Lab (at Harvard's Institute for Quantitative Social Science), today announced the launch of a series of innovation challenges that will develop foundational technological concepts for disruption tolerant deep space networking. NASA has made significant progress in developing Disruption Tolerant Networking (DTN) protocols that aide in deep space communication. DTN protocols are an approach to network architecture that seeks to address the potential for lack of continuous connectivity in deep space. It is meant to aid NASA in the exploration of the solar system by overcoming communication time delays caused by interplanetary distances, and the disruptions caused by planetary rotation, orbits and limited transmission power."

Keith's 25 October update: Erika Vick and NASA PAO have declined to respond to a series of questions regarding this Twitter account. Perhaps that explains why @ExperienceNASA has been taken offline.

Keith's note: Apparently the operation of the @ExperienceNASA Twitter account is part of Erika Vick's official duties at NASA. It is not clear what NASA program(s) this activity supports or what the guidelines are for what is proper content for this Twitter feed. Despite repeated requests no one at NASA HQ including NASA PAO and Erika Vick at the NASA Advisory Council can give me a straight answer. @ExperienceNASA was silent during the shutdown - as were all other official NASA Twitter accounts. Its description says "Welcome to your one-stop shop for opportunities to participate in/contribute to NASA goals/missions! Need help? Ask me! Washington, DC · nasa.gov"

Another Official NASA Twitter Account That Isn't, earlier post

Keith's note: All websites hosted at NASA.gov addresses websites present this placeholder when you try and visit them since all websites hosted at ***.NASA.gov are supposed to be offline. But JPL.NASA.gov is online. It would seem that JPL folks are making an illegal/unauthorized expenditure of tax funds to keep their overtly official NASA.gov website online. JPL is just another NASA contractor and bills NASA for everything eventually w/overhead - just like all of the other contractors. Why does JPL run things when other contractors are shut down? Guess they did not get the memo - or they just ignored it. I'd ask JPL PAO but they 1. always ignore me and 2. are not at work today.

Oddly, while NASA.gov goes dark, JPL keeps all of its websites online and fully functional but then tweets this - the same thing NASA itself sent out:

Yet while JPL keeps its official website functional it uses its social media accounts to say that they will not be keeping these official accounts active. So which is it? Is JPL "NASA" or is it not? Is JPL staying online or going dark? Are webmasters "essential" personnel while tweeters are not? Why is it that JPL can easily leave its websites online albeit not updated with all content available -- but NASA.gov cannot? Does JPL know something about websites that NASA HQ does not?

These websites: lvis.gsfc.nasa.gov, weather.msfc.nasa.gov, thunder.nsstc.nasa.gov/, kepler.nasa.gov, and www.nas.nasa.gov are still online. Let's see if darkness falls over them as well. Please let us know if you find any survivors that are still online. So much for a consistent NASA IT policy.

JPL-related Twitter feeds, website to cease with shutdown, Pasadena Star News

"In line with NASA headquarters shutting down on Monday, JPL has put a hiatus to news releases, website and social media updates. "Information going out through the Twitter feeds and website, we coordinate with the program manager at NASA," said JPL spokeswoman Veronica McGregor. "Without that coordination, we're not releasing mission information during the shutdown." However, since JPL is privately run by Caltech and under contract to NASA, it is spared from being shut down with the rest of the space exploration organization. But the JPL Twitter feeds that are manned by NASA headquarters are already silent."

Keith's note: Ms. McGregor (who refuses to interact with NASA Watch - on any topic) fails to explain why the NASA JPL website (with NASA's logo on it and other official NASA Information) continues to stay online while all other official NASA websites are taken offline. If she wished to actually comply with what the agency is doing then her websites would go dark. They have not. Also, unless I am mistaken, a number of JPL Twitter accounts that have been shut off are actually maintained by JPL employees.

Keith's 11 Sep note: NASA was hacked yesterday by the BMPoC to protest U.S. cyberintelligence activities. One more reminder that everything everyone posts everywhere is seen by everyone. These NASA websites (at ARC) were affected and are currently offline:

kepler.arc.nasa.gov, amase2008.arc.nasa.gov, event.arc.nasa.gov, amesevents.arc.nasa.gov/sites, academy.arc.nasa.gov, planetaryprotection.nasa.gov, virtual-institutes.arc.nasa.gov, astrobiology2.arc.nasa.gov, nextgenlunar.arc.nasa.gov , lunarscience.nasa.gov, moonfest.arc.nasa.gov, iln.arc.nasa.gov, lunarscience.arc.nasa.gov

NASA ARC has this notice up if you try to reach these websites: "Down For Maintenance. The requested webpage is down for maintenance. Please try again later. Affected sites include but is not limited to:

* lunarscience.arc.nasa.gov
* kepler.nasa.gov
* nari.arc.nasa.gov"

Keith's 19 Sep note: More than half of these websites are still offline. Wow. NASA really does not have a lot of resiliency when it comes to responding to a hacking event, despite what PAO would have you believe.

Brazilian hackers confuse Nasa with NSA in revenge attack, The Telegraph

"At no point were any of the agency's primary websites, missions or classified systems compromised," said Nasa spokesman Allard Beutel. "We are diligently taking action to investigate and reconstitute the websites impacted during web defacement incident," he said."

NASA HEOMD Internal Memo on Personal Electronic Devices, NASA

"No one wants their personal property tampered with -- we understand that. If you complain loudly because your device does something you don't like as a result of the policies and settings pushed to your personal device as a result of our efforts to improve IT security, or if mistakes are made and you happen to be the unlucky victim of one, and it gets enough attention, either personal devices may be banned in the future from connecting to NASA email and non-public facing systems, or you'll have to officially request the ability to connect a personal device, take SATERN training, sign paperwork explicitly accepting the risks to your personal device or data, and so on. That will add more bureaucracy and obstacles and hassles to doing what should be a reasonable thing, which is enabling you to read and respond to email via your personal devices. It's up to you how you respond to these changes. If you don't want NASA making any changes to your personal devices, please do not connect your personal device(s) to NASA email or internal networks. This is a compromise that allows your flexibility and choice. And please note that these changes will help protect your personal data on the device, not just NASA data."

Keith's note: In other words NASA wants you to think that they are doing you a favor by allowing you to use a cellphone that you paid for to do government work. Also ... if you use your personal device to connect to NASA and something goes wrong you had better shut up and do not complain about it - or bad things will happen.

- Do You Really Trust NASA Not to Ruin Your Mobile Device?, earlier post
- NASA Bring Your Own Device Update, earlier post

NASA Internal Memo: Do Not Access Public Web Sites Containing Classified Information

"Individuals with a security clearance have agreed to certain restrictions regarding classified information. Accessing classified information on Wikileaks, even from home, constitutes a security violation. Viewing classified information from a computer that isn't authorized to access classified information, and/or viewing classified information that he or she is not authorized access to, is a security violation. And, use of official Government computers for other than authorized purposes is prohibited by federal ethics laws."

ActiveSync Security Policies to be Applied to Mobile Devices Connecting to NOMAD

"a. The use of your own mobile device (i.e., cell phone or tablet) to retrieve your NASA email/calendar or to conduct NASA business is entirely voluntary. Users should refrain from using a personal mobile device to access NASA information and systems if uncomfortable, unable, or unwilling to comply with these minimum security requirements. As the use of personal mobile devices is purely optional, employees cannot be expected to use their own devices to accomplish their assigned tasks if they choose not to do so. Your supervisor may not require you to do so. If a mobile device is required for you to perform your assigned duties, management will provide you with an appropriate NASA-owned device consistent with the Negotiated Agreement, unless you voluntarily choose to use your own device. You cannot be required to provide your personal email address or cell-phone number to management.

b. Employees using their own mobile device for downloading NASA email /calendar directly via their phone's mail client should be aware that NASA has the ability to access your device and to erase ("wipe") it. While the current NASA policy is that no such access or wiping will occur without the employee's explicit permission, it remains possible that such adverse events could nonetheless occur inadvertently. Therefore, employees should backup their personal phones often to reduce their vulnerability of data loss."

Do You Really Trust NASA Not to Ruin Your Mobile Device?, earlier post

Keith's note: I just got an email from [someone@nasa.gov] inviting me to an event on the 9th floor today. The email (from someone at Valador Inc. who works at NASA, uses a NASA.gov email account, sent this on official NASA business) had this rather odd disclaimer at the bottom (twice):

"Visit http://www.gov.uk/fco for British foreign policy news and travel advice and http://blogs.fco.gov.uk to read our blogs. Please note that all messages sent and received by members of the Foreign & Commonwealth Office and its missions overseas may be automatically logged, monitored and/or recorded in accordance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. We keep and use information in line with the Data Protection Act 1998. We may release this personal information to other UK government departments and public authorities."

Why is anyone at NASA (an American government agency) sending out official email with a disclaimer that suggests that people (most likely Americans) visit a foreign government's official website - and then warn these same Americans that "We may release this personal information to other UK government departments and public authorities"?

Keith's update: I am told that the person who sent me the email was forwarding it from someone who had forwarded it from the UK Embassy ...

Message from the Chief Information Officer: Bring Your Own Device and Mobile Computing at NASA, NASA CIO

"In the coming months, the NASA Office of the Chief Information Officer (OCIO) will be working to develop a formal policy to govern the use of personal devices, also known as "Bring Your Own Device (BYOD)". Until then, I have directed the OCIO to enroll every personal mobile device that accesses the NASA email system into a management profile that helps to secure NASA data, just like is currently done on NASA's government issued devices. This change, effective September 10, 2013, will enforce a minimum set of security requirements on your personal mobile device if you wish to directly access NASA's email and calendaring resources from your device's email client. This change will only affect mobile devices, i.e., those running a mobile operating system such as Apple's iOS, Google's Android, etc. It will not affect laptops, nor will affect any access to email via webmail."

Minimum Security Requirements for Personal Mobile Devices, NASA CIO

AFEU Memo: Message from the Chief Information Officer: Bring Your Own Device, Ames Federal Employees Union, IFPTE Local #30

"You should assume, if you connect your personal device in this manner, that the agency will be able to read and access any data you have on your personal device and that the agency will retain the ability to remotely erase everything on that device. The union has secured an agreement that employees' personal phones will not be remotely wiped without prior permission from the owner, and I will keep you posted if that policy is altered."

Keith's note: It is nice to see NASA slowly dragging itself into the 21st century. But based on the non-stop trail of IT blunders and damning OIG reports on NASA's chronic inability to get IT right, I'd be very leery of directly connecting any personal computer to NASA. Do you really trust the same group that allowed all of your personal info to sit on laptops that seem to be stolen on a regular basis?

Have a look at the NASA CIO security requirements that NASA wants to place on what you can and cannot do with your mobile device if you connect it to NASA and what NASA can do to it if you do. You might as well just give the phone to NASA.

- NASA is Taking More Servers Offline - With No Explanation, earlier post
- NASA OIG IT Report Highlights Governance Problems, earlier post
- OIG on Information Technology Security Tools, earlier post
- NASA Still Has Not Encrypted All Laptops, earlier post
- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- NASA IT Blunder Update, earlier post
- other postings

Keith's note: CASIS sent out a news release today by email to the news media. At the bottom of the email was a confidentiality clause i.e. "The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message."

I was never asked in advance by CASIS or anyone else if I wished to receive confidential information from CASIS nor do I desire to receive confidential information from CASIS. So I asked CASIS about this.

Keith's note: NASA has lots of Twitter accounts and websites - more than any other Federal agency - by far. But as NASA PAO AA David Weaver recently said at a NASA Advisory Council EPO Subcommittee (and I paraphrase) "clearly quantity does not always equal quality". Virtually every NASA project, program, center - and mission - has at least one (sometimes more) Twitter account and website. In the case of Mars Science Laboratory NASA pays to maintain 3 (or 4 depending on how you count) websites for MSL - and they do not seem to think this is wasteful.

But what about the New Horizons mission to Pluto?

NASA OIG: NASA's Progress in Adopting Cloud-Computing Technologies

"The OIG review found that weaknesses in NASA's IT governance and risk management practices have impeded the Agency from fully realizing the benefits of cloud computing and potentially put NASA systems and data stored in the cloud at risk. For example, several NASA Centers moved Agency systems and data into public clouds without the knowledge or consent of the Agency's Office of the Chief Information Officer (OCIO). Moreover, on five occasions NASA acquired cloud-computing services using contracts that failed to fully address the business and IT security risks unique to the cloud environment. Finally, one of the two moderate-impact systems NASA moved to a public cloud operated for 2 years without authorization, a security or contingency plan, or a test of the system's security controls. This occurred because the OCIO lacked proper oversight authority, was slow to establish a contract that mitigated risks unique to cloud computing, and did not implement measures to ensure cloud providers met Agency IT security requirements."

Previous IT Stories

NASA JSC PAO Internal Memo: Space Station Live Placed on Hiatus

"However, in order to have the time to ensure that our products align to our ERO BHAG and align with the desires of our partners, we can't just keep piling on additional work. To that end, after extensive discussions, we're placing Space Station Live on hiatus at the end of the week. And, we're working with the ISS Program to consider other things as well - using a new, regular meeting where leaders from ERO and ISS share updates and collaborate together. For example, we'd use this forum to discuss a pilot effort where we support uncrewed vehicle launches, dockings and undockings differently--perhaps providing commentary only through social media."

Keith's update: I just got a call from NASA JSC PAO to clarify things. They are not looking to shut down the ISS live App or website - (the email was a little confusing) rather they are looking to halt the creation of an hour long daily update about ISS events and the weekly posting of a summary thereof. I asked if they had metrics on what their viewership/readership was and they said that they were not allowed to track such information. This is odd given how much NASA just loves to crow about the number of people who visit their websites. No attempt has been - or apparently will be - made to ask users/viewers of these discontinued features as to whether they like things, if things can be improved - and how. Rather, they will just shut things off and see who (if anyone) complains. As for the use of the word "partners" JSC PAO tells me that this refers to internal partners at JSC.

To be certain, it is good that NASA periodically revisits the things that it does - especially when funds are tight - to see if they are offering the best value to their audience based on their needs and interests. I am just baffled as to why NASA spends so little time actually talking to - or consulting with - actual audience members before they make these decisions. Charlie Bolden loves to babble on about "metrics" when it comes to how he makes decisions about NASA education programs. But in reality NASA has very few audience metrics when it comes to its overall education and public outreach. And when they do have metrics, they just ignore them or bungle their interpretation of what the metrics are saying.

As for my rant about JPL's three websites for MSL. I still think that such efforts are wasteful. Back to my vacation.

NASA Hosts July 10 Online Media Briefing on Solar System Finding, NASA

"NASA will host its first Google+ Hangout news briefing at 1 p.m. EDT Wednesday, July 10, on a new finding from the Interstellar Boundary Explorer (IBEX) mission.

The briefing will be shown live on YouTube, NASA Television and the agency's website. Journalists may participate in the briefing and ask questions by phone by contacting Steve Cole at 202-358-0918 or stephen.e.cole@nasa.gov with their affiliation by 10 a.m. July 10."

Marc's note: I'm all for holding a news briefing by Google+ Hangout but why not allow questions using the Hangout features?


NASA Unveils New Web Site Design, SpaceRef

"Over the weekend NASA unveiled a new design for it's web site. The new look is only a partial update to the web site. There are more changes coming between now and September. As well NASA is planning a complete overhaul of the site early next year, it's first since 2007.

What do you think of the new interim look?"

Marc's note: There's definitely a transition ongoing here. Some sections, including the daily ISS status report, aren't to be found, yet. The old reports, in the old section are there, just no new ones and no link from the new HEO page. I'm waiting on word on the status of these reports. Have a look at the site and vote in our poll on SpaceRef from the link above.

UPDATE: The daily ISS reports have been moved to a new blog at http://blogs.nasa.gov/stationreport/. Of course you can always find the archived reports on SpaceRef.

NTRS News: The NASA Technical Reports Server has received an update!, NASA

"The update provided:

- A new fresh, clean look for users
- Enhanced record display that shows author affiliations, sponsorship, and document type
- A new Search History display that lists all searches conducted during a search session, and allows users to quickly recall a previous search for display or further refinement
- Ability to search organization names from the advanced search form
- Ability to flag multiple records of interest from a search-results display, and create a new set containing the flagged items
"

"On May 8, 2013, the NTRS was brought back on-line for public access, reloaded with the validated 966,460 documents and metadata records. A small subset of approximately 248,000 documents, largely consisting of older documents, such as National Advisory Committee on Aeronautics materials, remain to be reviewed and will not be restored to public access until a thorough review is completed."

Marc's note: While the site has been updated and as Keith had previously mentioned, there are still approximate 248,000 older records that still need to be brought back online. The June 15th update makes no mention on how the review is progressing. We will update you as soon as we know more.

NASA taps long-time employee to be new CIO, Federal News Radio

"NASA tapped a long-time employee from the field to become its new chief information officer. Government sources confirmed that Larry Sweet is moving to NASA headquarters from the Johnson Space Center.

Sweet replaces Linda Cureton, who retired in April. Richard Keegan, the associate deputy administrator, has been the acting CIO since Cureton retired.

"I think it's absolutely wonderful. Larry is a strategist and understands the culture of the agency as a center CIO," said Cureton, who now is president of Muse Technologies. "He will likely focus on increasing collaboration among the centers. In addition, he will be tough on instilling accountability and performance excellence in the contractor community. Enterprise services will be his high priority."

Related: NASA OIG IT Report Highlights Governance Problems

NASA's Information Technology Governance, NASA OIG

"The decentralized nature of NASA's operations and its longstanding culture of autonomy hinder the Agency's ability to implement effective IT governance. The Agency CIO has limited visibility and control over a majority of the Agency's IT investments, operates in an organizational structure that marginalizes the authority of the position, and cannot enforce security measures across NASA's computer networks. Moreover, the current IT governance structure is overly complex and does not function effectively. As a result, Agency managers tend to rely on informal relationships rather than formalized business processes when making IT-related decisions. While other Federal agencies are moving toward a centralized IT structure under which a senior manager has ultimate decision authority over IT budgets and resources, NASA continues to operate under a decentralized model that relegates decision making about critical IT issues to numerous individuals across the Agency, leaving such decisions outside the purview of the NASA CIO. As a result, NASA's current IT governance model weakens accountability and does not ensure that IT assets across the Agency are cost effective and secure."

Marc's note: There is no simple solution to this as long as the centers continue to butt heads with HQ and as long as NASA's CIO only controls a fraction of the IT budget with the centers controlling the majority.

150,000 cloud virtual machines will help solve mysteries of the Universe, Ars Technica

"OpenStack pools compute, storage, and networking equipment together, allowing all of a data center's resources to be managed and provisioned from a single point. Scientists will be able to request whatever amount of CPU, memory, and storage space they need. They will also be able to get a virtual machine with the requested amounts within 15 minutes. CERN runs OpenStack on top of Scientific Linux and uses it in combination with Puppet IT automation software."

NASA CIO Dumps NASA-Developed Open Stack

"Ray O'Brien, acting CIO at NASA Ames, when asked May 30 by InformationWeek about NASA's participation, used diplomatic language to say that NASA still endorsed the project, was proud of its founding role, and might be a user of OpenStack components in the future. "It is very possible that NASA could leverage OpenStack as a customer in the future," he wrote in his email response. ..."

Keith's note: The gutting of the NTRS continues. This report used to be on NTRS: "Distribution of pressure over model of the upper wing and aileron of a Fokker D-VII airplane, Fairbanks", A J, NACA, 1927: "This report describes tests made for the purpose of determining the distribution of pressure over a model of the tapered portion of the upper wing and the aileron of a Fokker D-VII Airplane. Normal pressures were measured simultaneously at 74 points distributed over the wing and aileron."

Thanks to Google, there is a cached version of its previous existence on NTRS. (larger screengrab). But when you click on the PDF link you get an error "This PDF file is no longer available from NTRS." This document is freely available here at the University of North Texas Digital Library, here at Cranfield University in the UK, here at the University of Delft, Netherlands, etc.

What purpose could possibly be served by Charlie Bolden and Frank Wolf in keeping this 86 year old document about World War I biplanes off of NTRS? It is utterly harmless (unless your air force still flies Fokker D-VII aircraft - or is threatened by them) and it is readily available (as is all NTRS stuff) around the world. This gutting of NTRS is tantamount to vandalism - and these actions are fueled by partisan paranoia on Wolf's part and lack of a backbone on Charlie Bolden's part. Moreover, these actions are in direct contradiction of what the agency is chartered to do:

The National Aeronautics and Space Act Pub. L. No. 111-314 124 Stat. 3328 (Dec. 18, 2010)

"Sec. 20112. Functions of the Administration (a) Planning, Directing, and Conducting Aeronautical and Space Activities.--The Administration, in order to carry out the purpose of this chapter, shall-- ... (3) provide for the widest practicable and appropriate dissemination of information concerning its activities and the results thereof;"

- Charlie Bolden is Erasing NASA's History, earlier post
- Charlie Bolden's Gutted Version of NTRS is Back Online, earlier post

Keith's note: NASA SP-125 "Design of Liquid Propellant Rocket Engines" was online for decades at NTRS. Not any more. (we have it online here) It was declassified on 30 Nov 1969. Here is an excerpt from the book's preface:

"This book intends to build a bridge for the student and the young engineer: to link the rocket propulsion fundamentals and elements (which are well covered in the literature) with the actual rocket engine design and development work as it is carried out in industry (which is very little, if at all covered in literature). The book attempts to further the understanding of the realistic application of liquid rocket propulsion theories, and to help avoid or at least reduce time and money consuming errors and disappointments. In so doing, it also attempts to digest and consolidate numerous closely related subjects, hitherto often treated as separate, bringing them up to date at the same time."

Oh yes, in the foreword, Wernher von Braun said: "As man ventures deeper into space to explore the planets, the search for perfection in the design of propulsion systems will continue. This book will aid materially in achieving that goal."

Not any more. Charlie Bolden took this half-century old book offline because Frank Wolf scared him into doing so.

- Charlie Bolden's Gutted Version of NTRS is Back Online, earlier post
- NASA Technical Reports Server Mysteriously Taken Offline, earlier post

Keith's note: Have a look at the Aerospace Research Information Center in South Korea. Do a few searches and you will see all sorts of NTRS material is hosted there. This makes things much easier for the folks in North Korea to access, one would assume. It has been there while NTRS was offline.

Meanwhile NTRS is apparently back online - for now. According to NASA sources, based on an analysis of the NTRS collection before it was taken offline and now brought back online, it is apparent that over a quarter of a million full-text NASA reports are no longer in NTRS. This missing set of data represents a full 85% of the NASA full-text reports. In addition, only 7% of the historical (but still technically relevant) NACA collection remains online (only about 1,000 of the roughly 14,000 that comprise the NACA collection).

Of course, NASA's response to all of this is to gut the staff of CASI, the contractor responsible for maintaining NTRS. Can NASA review and reload the missing quarter million reports? Will NASA be able to add new reports into the NTRS (and NA&SD) collections?

Having used NTRS for our Lunar Orbiter work at LOIRP I just did a quick check to see if some of the 45 year old documents I have downloaded from NTRS are still online. Guess what: these documents are no longer online. You can buy hard copies on eBay (as I have done) I wonder what sort of security risk these documents pose such that Charlie Bolden has taken them offline?

- Atlas and Gazetteer of the Near Side of the Moon, NASA SP-241
- Lunar Orbiter Photographic Atlas of the Moon, NASA SP-206
- The Moon as Viewed by Lunar Orbiter, SP-200
- Guide to Lunar Orbiter Photographs, SP-242

NASA Technical Reports Server Mysteriously Taken Offline, earlier post

U.S. Finds Porn Not Secrets on Suspected China Spy's Laptop, Business Week

"Bo Jiang, who was indicted March 20 for allegedly making false statements to the U.S., was charged yesterday in a separate criminal information in federal court in Newport News, Virginia. Jiang unlawfully downloaded copyrighted movies and sexually explicit films onto his NASA laptop, according to the court filing. A plea hearing is set for tomorrow."

NIA Statement On The Release Of Dr. Bo Jiang

"Dr. Douglas Stanley, president and executive director of NIA remarked, "From the beginning of this investigation, we have cooperated with federal authorities to ensure the facts came to light." He added, "We are very pleased that Dr. Jiang was exonerated on all charges and implications of export control violations, espionage and lying to federal officials. We were confident in his innocence and happy to see that our judicial system eventually reached the correct conclusion."

Chinese Spy Suspect Pleads Guilty to Violating NASA Rules

"None of the computer media that Jiang attempted to bring to the PRC on March 16, 2013, contained classified information, export controlled information, or NASA proprietary information," according to the statement of facts filed in Jiang's case. As part of the agreement, prosecutors dismissed the indictment and Jiang was ordered to leave the country within 48 hours."...

... "I remain concerned that neither the prosecutors nor NASA have addressed the original question of why a NASA laptop was inappropriately provided to a restricted foreign national associated with 'an entity of concern' and why he was allowed to take the laptop and all of its information back to China last December," Wolf said in an e-mailed statement."

Chinese "spy" caught with NASA laptop full of porn, not secrets, Ars Technica

"A press release issued by Wolf after the arrest and copy of Jiang's arrest warrant have since disappeared off the the congressman's website. In the release (cached by Google here), Wolf had said, "I am particularly concerned that (the) information (on Jiang's laptop) may pertain to the source code for high-tech imaging technology that Jiang has been working on with NASA. This information could have significant military applications for the Chinese Peoples Liberation Army."

Keith's note: Here is the press release Frank Wolf wants you to forget he never actually released. What sort of "imaging technology" was he referring to? Newsflash: you cannot make things disappear from the Internet by deleting them. What did we learn from this? Porn is being exported to China on a NASA laptop by some guy who got fired from NASA. Apparently the porn in question was unclassified. Frank Wolf now wants us to forget that he was ever concerned about this - for now.

Wolf Addresses Arrest at Dulles Airport of Chinese National Potentially Involved in NASA Langely Security Violations

Earlier posts

Keith's note: After a month and a half NTRS is apparently no closer to being online. But the paranoia is spreading. Now, when you go to the NASA Image Exchange, you get the same notice that greets frustrated NTRS users:

"The NASA technical reports server will be unavailable for public access while the agency conducts a review of the site's content to ensure that it does not contain technical information that is subject to U.S. export control laws and regulations and that the appropriate reviews were performed. The site will return to service when the review is complete. We apologize for any inconvenience this may cause."

Given the unclassified porn that was on Bo Jiang's laptop I guess NASA is now looking to see if there is porn - especially the classified and ITAR-sensitive variety - on their servers. Yes, I am being silly. But this makes no sense. Why is NASA taking servers with old NASA PAO photos offline in response to Jiang's laptop contents? NASA has known what was (and was not) on Bo Jiang's laptop for quite some time - well before this image server was taken offline. To be certain, using government computers to download porn is wrong and violators need to be dealt with. Were large NASA servers taken offline when previous cases arose concerning NASA personnel? No. Why now?

- NASA Technical Reports Server Mysteriously Taken Offline, earlier post
- NASA Blocks Everyone From Access To Everything on NTRS, earlier post

Judge: Chinese NASA contractor to be held till trial, Virginian Pilot

"Prosecutors argued that Jiang is a flight risk, saying he tried to leave the country abruptly after a Virginia congressman publicly identified him in connection with an investigation of NASA security procedures. Jiang worked for the National Institute of Aerospace, a Hampton-based NASA contractor. He was fired in January, two months after taking a NASA-owned laptop computer with him on a visit to China, an alleged violation of the space agency's security regulations. Jiang has admitted taking the laptop but says he had his supervisor's permission. Prosecutors acknowledged there is no evidence that Jiang possessed any sensitive, secret or classified material."

Earlier posts

NASA Internal Memo: Breach of Personally Identifiable Information Update

"As of now, there is no indication that any of the PII on the laptop has been used for fraudulent purposes as a result of this incident. However, we encourage anyone who receives a letter to take advantage of the services NASA is offering through ID Experts. The deadline to enroll in these services has been extended to May 31, 2013. Additionally, if you have registered with ID Experts and have experienced any suspicious activity, be sure to report it to ID Experts so they can help resolve it."

CASIS Media Advisory: Space, Cancer and Personalized Medicine Conference

"A live webcast of the Space, Cancer and Personalized Medicine Conference (8:00 a.m. - 4:00 p.m. EDT) will also be available for interested media and can be viewed via link at www.iss-casis.org.

"**Please note that in order to participate in the live stream, you may be directed to download various applications. Computers with MAC operating systems will not have the ability to view the live stream."

Keith's note: If CASIS had any actual IT smarts they'd use USTREAM, Livestream, or do a Google Hangout for things like this - like everyone else does. All you need is a laptop with a webcam, a microphone, and an Internet connection. Chris Hadfield can tell them how to set this up.

Oh yes: it is really nice of CASIS to give everyone less than 24 hours notice. There is no mention of this event on the ISS National Lab page, NASA's Calendar, or even CASIS' events page Fixed.

Keith's update: This just goofy. Now CASIS tells Mac users "**Please note that in order to participate in the live stream, you may be directed to download a "Scopia" codec. Computers with MAC operating systems: restart your browser after installing the codec and use this link to join the conference: http://us.tryscopia.com/scopia/entry/index.jsp?ID=7658112" Install a codec? Yea right - what a great way to install malware on your computer.

Google Hangout anyone? Is this a taste of things to come with regard to ISS utilization - convoluted instuctions for something as simple and routine as a webcast? More inept public engagement from CASIS - all while Chris Hadfield has managed to use just about every social media platform he can think of - IN ORBIT.

International Space Apps Challenge, NASA

"The International Space Apps Challenge is an international mass collaboration focused on space exploration that takes place over 48-hours in 80 cities around the world (in 42 countries) on the weekend of April 20-21, 2013. The event embraces collaborative problem solving with a goal of producing relevant open-source solutions to address global needs applicable to both life on Earth and life in space. NASA is leading this global collaboration along with more then 150 partner organizations."

Join The Movement: International Space Apps Challenge, ESA

"In April, you are invited to join thousands of enthusiasts to invent and create applications to help space exploration and improve life on Earth at the International Space Apps Challenge. During this app-jam, participants are challenged to use freely available data and rework them for new purposes or present them in new ways."

- NASA's Inconsistent Support of the International Space Apps Challenge, earlier post
- NASA Space App Challenge Yields Real Results, earlier post
- NASA Stumbles Again When It Comes To Its Cool Stuff (update), earlier post

Keith's note: It has been a month since NASA Education AA Leland Melvin complained about lack of promotion for the Space Apps challenge yet there is still no mention on NASA's Education website. Its not on the NASA.gov calendar either.

NASA Ames Internal Memo: NTRS Offline - Use NASA Aeronautics and Space Database (NA&SD)

"Employees who are used to relying on NTRS (which is currently unavailable) may want to obtain access to NA&SD where they can find all of the information contained within NTRS, plus quite a bit more. The tradeoff is that the access to the additional content in NA&SD comes with limitations on how the information can be used and shared, consistent with existing export control regulations and laws."

- NTRS Is Online Again - Sort Of, earlier post
- NASA Blocks Everyone From Access To Everything on NTRS, earlier post

Chinese ex-NASA worker to be released pending trial

"At a detention hearing today, U.S. Magistrate Judge Lawrence Leonard ordered Jiang released after a federal prosecutor acknowledged there is no evidence so far that he was in possession of any sensitive, secret or classified material. Jiang will be under supervision of the federal probation office, will be prohibited from traveling outside the Eastern District of Virginia, and will be tracked by an electronic monitoring system. He has surrendered his passport."

Ex-NASA Langley contractor released on bond, Daily Press

"Jiang's court-appointed attorney, Fernando Groene, said that Jiang didn't have access to sensitive or classified information when he worked at NIA. Groene says that Jiang did violate NASA's policy by taking the equipment out the country, but there was nothing classified on the laptop or hard drive. "NASA has looked at the computer up and down and can't find any information that violates the export control act," Groene said."

Former NASA Langley Research Center pleads not guilty to lying, judge OKs release on bond, Washington Post

"Groene has suggested that Jiang is only in jail and under investigation because U.S. Rep. Frank Wolf, R-Va., has inferred that Jiang may be a spy. Wolf has targeted Jiang in news conferences and congressional hearings about NASA security, saying the space agency is using contractors to get around rules prohibiting citizens of certain countries from working for NASA."

Bo Jiang To Plead Not Guilty; Will Ask For Jury Trial, earlier post

Paypal To Drop VMware From 80,000 Servers and Replace It With OpenStack, Forbes

"Backed by Intel and Dell, Mirantis has emerged as a clear leader in the OpenStack world heavily promoting and supporting the adoption of the platform originally developed by NASA and Rackspace."

NASA CIO Dumps NASA-Developed Open Stack, earlier post

"NASA's prestige and participation has been a selling point for advocates of the OpenStack open source cloud project, which NASA co-founded with San Antonio infrastructure-as-a-service provider RackSpace. Unfortunately, they'll have to get along without NASA from here on."

Earlier OpenStack postings

NASA's CIO is MIA

Keith's note: You would think that the NASA Chief Information Officer would at least have something to say about all of this IT hysteria. You would think. The CIO blog has been dormant since October 2012 (no mention of the laptop fiasco either). The incumbent NASA Chief Information Officer, Linda Cureton, is leaving - but she's still on the job until 4 April 2013 - and there is a staff at the CIO to do things like this. There's nothing on the NASA Scientific and Technical Information Program blog either. One has to wonder if the CIO is part of the problem or part of the solution.

NASA Tightens Security In Response To Insider Threat, Information Week

"NASA has closed down its technical reports database and imposed tighter restrictions on remote access to its computer systems following the arrest of a Chinese contractor on suspicion of intellectual property theft."

NASA Technical Reports Database Goes Dark, Secrecy News

"There is a HUGE amount of material on NTRS," said [National Academy of Sciences] space policy analyst Dwayne Day. "If NASA is forced to review it all, it will never go back online." ... "I'd also note that a large amount of historical Mercury/Gemini/Apollo documents that were previously available at NARA Fort Worth is now apparently withdrawn due to ITAR [export controls]," said Dr. Day."

Keith's note: There is a new notice on NTRS now: "The NASA technical reports server will be unavailable for public access while the agency conducts a review of the site's content to ensure that it does not contain technical information that is subject to U.S. export control laws and regulations and that the appropriate reviews were performed. The site will return to service when the review is complete. We apologize for any inconvenience this may cause."

How can we be certain that there isn't something posted on SAO/NASA Astrophysics Data System Abstract Service or at lanl.arXiv.org? If NASA was really trying to check on whether things have been posted that should not have been posted then shouldn't NASA lock down these sites too? What about NASATechBriefs? Look at all that technology transfer goodness on their site.

If NTRS is offline why are the JPL Technical Report Server, NASA Johnson Technical Reports Server and the NASA Engineering Network online? If you want to see the NACA material from 1917-1958 that NTRS has taken offline (1917? Yes, the Wright brothers built warplanes) you can still see it here. The University of Texas seems to have a lof NTRS stuff online as well.

NASA Technical Reports Server Mysteriously Taken Offline, earlier post

Former Huntsville NASA center boss Robert Lightfoot will lead foreign security probe, Huntsville Times

"NASA Associate Administrator Robert Lightfoot will lead a new in-house probe of foreign access to NASA field centers in the wake of the arrest of a Chinese national allegedly attempting to smuggle data out of the U.S. to China. Lightfoot was director of the Marshall Space Flight Center before being promoted in 2012 to the top civil service position in the agency."

Wolf Threatens To Call NASA Security Whistleblowers To Testify, Aviation Week

"Career civil servants" have been coming out of the woodwork with reports of lax security practices at NASA since Rep. Frank Wolf (R-Va.) raised the issue publicly, and the powerful committee chairman may call some of the whistleblowers to testify publicly about their charges."

Attorney: Former Chinese contractor at NASA's Langley Research Center to plead not guilty, Washington Post

"Jiang's attorney Fernando Groene said Jiang was unfairly targeted and is looking forward to being vindicated. He said he plans to ask for a jury trial and wants Jiang's side of the story coming out. Groene said Jiang was leaving the country because his work visa was about to expire and he had been unable to find other employment since losing his job in January."

Attorney: Former NASA contractor subject of 'witch hunt', Daily Press

"... But Jiang's lawyer, Fernando Groene -- a former federal prosecutor who now practices out of Williamsburg -- said he's not going to let Wolf misportray Jiang. ... Groene challenged Wolf to come to the trial in Newport News federal court to present his evidence against Jiang. If Congressman Wolf testifies as a government witness, Groene said, "We'll be glad to cross-examine him." Asked why Jiang was going to China, Groene said, "He was going home."

- Congress Vs NASA on China (Home Alone with Wolf and Bolden), earlier post
- NASA Technical Reports Server Mysteriously Taken Offline, earlier post
- Former NASA/NIA Employee Arrested by FBI Trying to Leave U.S., earlier post

NTRS Collections - NASA Technical Reports Server

"Until further notice, the NTRS system will be unavailable for public access. We apologize for any inconvenience this may cause you and anticipate that this site will return to service in the near future."

Keith's note: NASA just yanks this website offline. No press release, no official notice at NASA.gov. Why is this invaluable resource offline? NASA brags about all of its spinoffs and then one of the largest online repositories thereof is stealthily taken offline. Oddly these related NASA sites with linkage to NTRS are still online for "public access".

- JPL Technical Report Server
- NASA Johnson Technical Reports Server

Oh wait - there's this item from Rep. Wolf the other day. Coincidence?

Wolf: Chinese National Potentially Involved In NASA Langley Security Violations

"Second: NASA should immediately take down all publicly available technical data sources until all documents that have not been subjected to export control review have received such a review and all controlled documents are removed from the system."

Keith's update: According to a response from NASA HQ PAO this morning "It's down for review to ensure there is no sensitive content on the server." Why is it that NASA cannot be honest with people in the note on the NTRS website and explain why the site is offline? What is really baffling is how this site could have been online - for decades - and not have had a process to prevent inapproprate material from being posted. Did Rep. Wolf's office actually find something online - specifically at NTRS - that shouldn't have been there - or is this a knee jerk reaction - on both sides? Why aren't other NASA technical information websites offline? When I sent an inquiry to the person listed as the point of contact for NTRS he declined to reply and referred me to LaRC PAO.

OIG: NASA's Process for Acquiring Information Technology Security Assessment and Monitoring Tools

"NASA has not fully implemented a process for identifying its IT security assets, a necessity to meet federally mandated requirements and improve IT acquisition outcomes. Lack of such controls result in missed opportunities to capitalize on efficiencies and leverage purchasing power on critical IT security investments. NASA could use two internal management control processes Capital Planning and Investment Control (CPIC) and APM to improve visibility over purchases of IT security assessment and monitoring tools."

International Space Apps Challenge

"The International Space Apps Challenge is a technology development event during which citizens from around the world work together to solve challenges relevant to improving life on Earth and life in space. Join us in over 75 cities around the world or at home on April 20-21, 2013."

Keith's note: At the NASA Advisory Council Committee on Education and Public Outreach meeting on Tuesday, Leland Melvin, the AA for Education at NASA, lamented why people are not promoting the International Space Apps challenge and urged committee members to spread the word. Well ... have a look at the NASA Education website. No mention is made of the International Space Apps Challenge. No mention at the NASA CIO, NASA Open Government, or NASA.gov's calendar either. Yawn.

NASA's Inconsistent Support of the International Space Apps Challenge, earlier post

"I think it is inexcusable that NASA has not made more of an effort to promote things such as the International Space Apps Challenge - especially when the White House places such a priority on things like this. There is much risk in this ad hoc and dysfunctional public engagement policy at NASA. Now that the first apps challenge event was such a success, efforts like this could continue - without overt NASA involvement - thus making NASA less - rather than more relevant. If that happens NASA only has itself to blame."

Keith's update: Here's a related event that also gets zero mention on NASA's Education website - or on NASA's Space Technology Mission Directorate - the sponsor of the event itself.

Dark Side of the Jam: 'On March 8th, game developers around the planet will gather to make games about space and science. The Dark Side of the Jam is open to all, whether you're a veteran developer, hobbyist, or student. Ideally your games will not only be great achievements in coding prowess, but will help capture the public's interest in the real science and technology advancements being made in aerospace exploration. DSJ is an educational project of the Night Rover Challenge. Learn more about this $1.5 Million dollar NASA Centennial Challenge for advanced energy storage technology."

Testimony by Paul Martin NASA Inspector General

"Following the October 31 theft, the NASA Administrator accelerated the timetable to encrypt the hard drives of the Agency's laptop computers. As of February 15, NASA reported that it had encrypted 99.4 percent of Agency laptops identified as requiring encryption, had exempted 1,636 laptops from the requirement, and was determining whether another 2,947 laptops required encryption or also would be exempted."

DATA AT REST (DAR) Deployment @ HQ

"As mandated by Federal law and Agency policy, all NASA-issued laptops, as well as desktops with sensitive data, must have Data-At-Rest (DAR) whole-disk encryption software. The NASA OCIO directed that all Centers complete this activity by December 21, 2012."

- Did NASA Meet Its 21 Dec 2012 DAR Deadline?, earlier post
- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- Additional posts

NASA open source project back on track, FCW

"NASA's shift to open-source content management is back on after the incumbent contractor withdrew a bid protest on Feb. 4. The withdrawal of the protest, filed by e-Touch Federal Systems on Dec. 28 after NASA awarded Rockville-Md.-based InfoZen a $40 million blanket purchase agreement, allows InfoZen to begin replacing NASA's existing content management system with open source architecture to run its 140 websites and 1,600 web assets and applications."

NASA Website Upgrades Are On Hold, earlier post

Reader note: "Thought you might find this sadly amusing. I am NASA contractor. I just received notice today [29 Jan 2013] that my personal data was compromised in the Laptop theft from a NASA HQ employee on 10/31/12. The letter I received notes that NASA understands the 'seriousness' of this matter - so much so that it only took 3 months to notify me of this breach. Apparently the idiocy of their 'concern'is self-evident to all except the NASA bureaucracy."

- NASA CIO Cureton Is Leaving NASA, earlier post
- Did NASA Meet Its 21 Dec 2012 DAR Deadline?, earlier post
- They're Clueless at NASA CIO
- earlier posts

NASA CIO Linda Cureton plans exit, FCW

NASA CIO Linda Cureton is retiring from government, FCW has learned. Cureton, a 2011 Federal 100 winner, has held her current position since September 2009. Cureton had alluded to her plans at the Oct. 24 GCN awards gala, where she was recognized as the Civilian IT Executive of the Year. At the time, however, she and her aides said that no firm decision had been made. "It had always been in my plan to either retire or change jobs... after the election," Cureton told FCW when reached for comment. "Having been through transitions at the political level before, the timing to leave seemed appealing to me."

Mars Rover Curiosity's Team to Receive Space Foundation Award

"JPL, a division of Caltech in Pasadena, manages the Mars Science Laboratory for the NASA Science Mission Directorate, Washington. For more information about the mission, visit: http://www.jpl.nasa.gov/msl , http://www.nasa.gov/msl and http://mars.jpl.nasa.gov/msl."

Keith's note: Why does NASA spend money to maintain three different MSL websites - websites that do not even link to one another? I can (sort of) understand if there is a turf war of sorts going on (there is) but this press release admits by default that NASA is incapable of coordinating its websites. At a time when Congress is looking for examples of taxpayer dollars being wasted, this is just begging to be investigated - especially when NASA advertises the fact that it is maintaining 3 websites simultaneously. I hear constant complaints from within NASA that they do not have enough funds to maintain their websites. When I see ongoing nonsense like this, those complaints begin to ring hollow. It looks like NASA has more than enough website money.

Oh yes - There's also http://marsprogram.jpl.nasa.gov/msl/ which is the same as http://mars.jpl.nasa.gov/msl/. That makes 4 website addresses - one of the multiple websites actually has a duplicate. Why?

To summarize: JPL runs two MSL websites that overlap/duplicate one another but don't cross link - and JPL has an extra copy of one of these sites for good measure. Yet none of these JPL sites interact with the site at NASA HQ - and yet they all cater to the same audience. According to formal NASA policy, this is not supposed to happen. But it still does. NASA enacts NPDs and other policies and then ignores these same policies. Why bother having procedures if they are simply ignored?

- Why does NASA need multiple websites for the same mission?, earlier post
- NASA's Tangled Human Spaceflight Web Presence, earlier post
- NASA's Sprawling Web Presence, earlier post
- NASA's Inability To Speak With One Voice Online, earlier post

NASA Internal Memo: Breach of Personally Identifiable Information (PII) Update

"NASA has reallocated resources and has been working overtime to achieve the goal of 100 percent laptop encryption as quickly as possible and has made tremendous progress. In the past few weeks, more than 11,000 laptops have been encrypted, and, as of December 17th, NASA had encrypted 32,500 laptops, or about 85 percent of the laptops requiring encryption."

Keith's note: I wonder if NASA met its 21 Dec DAR installation deadline across the agency. Are all NASA laptops now equipped with DAR?

- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- NASA's One Size Fits All DAR Solution Stumbles, earlier post
- earlier posts

Protest slows NASA open source project, FCW

"The National Aeronautics and Space Administration's plans to transition to a content management system with open source architecture are on hold for a little while. The agency awarded a $40 million blanket purchase agreement in mid-December to Rockville, Md.-based InfoZen to replace the agency's existing CMS - operated for several years by eTouch Federal Systems LLC - with open source architecture to run its 140 websites and 1,600 web assets and applications. But that contract has come under protest from eTouch Federal Systems LLC, which filed a formal bid protest on Dec. 28 against NASA's new deal with InfoZen."

NASA Selects Internet Services Agreement

"NASA has selected InfoZen Inc. of Rockville, Md., for the Web Enterprise Service Technologies prime blanket purchase agreement to support agency websites."

NASA LaRC Internal Email: 2,498 laptops later: The Miracle Has Occurred

"As you all know, today is the Agency deadline for all laptops to be fully encrypted. I am happy to report that as of 10:30 this morning Langley reached our goal by completing the DAR encryption of 2,498 government and ACES systems."

DAR Implementation Email from LaRC Center Director Lesa Roe, earlier post

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment"

Keith's note: Of course, Lesa Roe had to explicitly warn her employees of possible disciplinary action from her office if this deadline was not met. She seems to have forgotten all about that. She, in turn, felt that Charlie Bolden had issued a similar warning to senior agency management. Something is seriously broken when you have to say things like this to your employees. Happy Holidays y'all.

NASA Internal Memo: Breach of Personally Identifiable Information (PII) Update

"NASA has reallocated resources and has been working overtime to achieve the goal of 100 percent laptop encryption as quickly as possible and has made tremendous progress. In the past few weeks, more than 11,000 laptops have been encrypted, and, as of December 17th, NASA had encrypted 32,500 laptops, or about 85 percent of the laptops requiring encryption."

Keith's note: Today is 21 Dec i.e. the deadline set for complete laptop encruption. They have had more than a month to do this - and they expect to complete encryption of 15% of NASA's laptops in just one day - just before the Christmas/New Year holidays when everyone is disappearing on annual leave?

- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- NASA's One Size Fits All DAR Solution Stumbles, earlier post
- NASA's Stolen Laptop and Data Problem Just Got Worse, earlier post
- earlier posts

NASA's Efforts to Encrypt its Laptop Computers, NASA OIG

"NASA Unlikely to Meet December 21 Encryption Deadline: As a result of the October 31 laptop theft, NASA accelerated the deadline by which all ACES- managed laptop computers were to be equipped with a DAR solution from March 2013 to December 21 , 2012. The Agency estimates that this expedited encryption effort will cost at least $259,000, not including the time civil servants have devoted the project. The Agency also established the same deadline for encrypting non-ACES machines. In our judgment, it is extremely unlikely that the Agency will meet its December goal primarily because the Agency does not have a full account ofthe number of ACES and non-ACES laptops in its possession. Without knowing the full universe of laptops that require encryption, the Agency cannot be sure that all of its laptops are protected with whole-disk encryption software."

Keith's note: According to NASA PAO: "NASA takes information technology security very seriously and thanks the Inspector General for its recommendations for further strengthening NASA's systems. Most recently, NASA has accelerated its commitment to encrypting all agency laptops, encrypting more than 11,000 agency laptops in just the last few weeks. NASA has also implemented new policies and processes that will prevent future losses of personally identifiable information, such as directing that no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted."

DAR Implementation Email from LaRC Center Director Lesa Roe, earlier post

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment"

- NASA's One Size Fits All DAR Solution Stumbles, earlier post
- NASA's Stolen Laptop and Data Problem Just Got Worse, earlier post
- earlier posts

"The Administrator has told all of his direct reports that he expects 100 percent completion by the 21st or it will be reflected in our performance. For clarity, I will do the same with each of you. I think you all know this but I will state it clearly ... this isn't an option ... it is mandatory for employment" ...

... "Let me be clear, there are NO exceptions to the Agency-wide directive and it applies to every employee and every laptop. I am directing supervisors to ensure that employees take whatever steps are required, including adjusting employee leave schedules if necessary, the ensure that every laptops is DAR encrypted, waived, or excessed by next Friday, December 21st. Employees who do not comply are in violation of clear Agency direction aan coud face disciplinary action up to and including removal from Federal Service."

Larger image

Internal NASA LaRC memo: "Once again with DAR the NASA CIO's office has developed a well-thought-out and reasonable plan that effectively covers 90% of NASA computing resources beautifully, then is attempting to apply it to 100% of all computer systems in spite of the consequential damages. This is made worse by the bizarre deadline imposed during the Christmas holidays ...

... Risks? Plenty: this is what happens when a good policy made by smart people wh have looked at all the options is implemented by inflexible fool[s] who don't understand how people use computers and who do not weigh the consequences."
Larger image

- NASA's Stolen Laptop and Data Problem Just Got Worse
- earlier posts

Reader note: "This evening I received a second letter from NASA, stating that I'm also "one of a small number of individuals whose personal data was contained in the hard copy documents stolen with the laptop in the laptop bag." Now there's no question about whether my PII data has been exposed. Now more than ever, the one year offer of identity and credit monitoring that is being provided free of charge seems hardly a sufficient amount of time. I plan on 1) contacting NASA requesting additional duration of monitoring and 2) contacting my Representative, Adam Schiff, requesting for a Congressional inquiry as well. The redacted version (my personal info and NASA contact info have been removed) of the latest letter is attached."

Keith's note: NASA CIO Linda Cureton: please define "small number" given that over 11,000 employees had their personal information on this laptop due to your office's inept mismanagement of IT security. Is there any mention - in any memo to employees - of the fact that hard copies of employee information were also stolen? No. Do you post anything about this on the NASA CIO website? No.

NASA is just begging for a class action lawsuit by virtue of their inept response on this matter.

Oh yes - we blurred Richard Keegan's signature. Wonder why?

- NASA's CIO Anticipated The Laptop Theft, earlier post
- Data-at-Rest Is Not A New Requirement at NASA, earlier post
- Calls for Congressional Inquiry into Laptop Data Theft, earlier post
- JPL Employees Want Congressional investigation Over PII Laptop Theft, earlier post
- Agencywide Message to All NASA Employees: Breach of Personally Identifiable Information (PII), earlier post
- other posts

Data-at-Rest (DAR) at NASA HQ

"This page contains important information for employees regarding the Data-at-Rest (DAR) Encryption project at Headquarters. As mandated by Federal law and Agency policy, all NASA-issued laptops must have Data-At-Rest (DAR) whole-disk encryption software. The NASA OCIO has directed that all Centers complete this activity by December 21, 2012. Per the Agency directive dated November 13, 2012, no NASA-issued laptops containing sensitive information may be removed from a NASA facility unless DAR encryption software is enabled OR any sensitive files are individually encrypted (using Entrust PKI)."

Recommendation to Fund and Deploy Agency Data-at-Rest (DAR) Solution, NASA CIO, 21 Feburary 2008

"Based on an evaluation of NASA's requirements for encryption of data at rest and of the solutions currently available, I recommend that your office fund the implementation and deployment of an integrated, interoperable NASA DAR solution in the amount of $2.0M for Fiscal Year 2008. Details of the recommended solution, based on McAfee's Safeboot product suite, and the evaluation that produced this recommendation are in the attached presentation."

Keith's note: Looks like there was direction executed within the CIO in early 2008 - before the current CIO even arrived on the job. Four years later and NASA is only getting around to taking its own decisions seriously. Note: there is no date on this PDF file but it was created on 21 Feb 2008.

JPL workers seek federal probe into stolen NASA laptop, Pasadena Star-News

"Rep. Schiff, who oversees NASA funding through the Appropriations Subcommittee and whose district includes JPL, issued a statement criticizing NASA security. "I will be calling on the agency to report on and accelerate its efforts to maintain data Advertisement security," he said. "The low-tech theft of a laptop is troubling enough, but it only scratches the surface of potentially greater data vulnerabilities." A NASA spokesman didn't return a call for comment Wednesday."

JPL employees demand probe of NASA's data security measures

"Rep. Judy Chu (D-Monterey Park) said in a statement she would push the agency to improve data security. "NASA has previously had security breaches of sensitive information," she said. "It has to stop."

Losing in Court, and to Laptop Thieves, in a Battle With NASA Over Private Data, NY Times

"In a 2009 report titled "NASA Needs to Remedy Vulnerabilities in Key Networks," the Government Accountability Office noted that the agency had reported 1,120 security incidents in fiscal 2007 and 2008 alone."

They're Clueless at NASA CIO

Keith's note: If you go to the NASA CIO webpage or the CIO's blog you will see absolutely no mention of this stolen laptop or the activities that followed. Some of the individuals affected by this event have not worked for NASA for more than a decade. As such, you would think that there would be somewhere at NASA.gov to get information as to what they should do. The CIO page is a logical place to look. Yet another example as to how the entire CIO organization is simply clueless and tone deaf when it comes to the interests of the agency's employees - past and present.

Media Advisory JPL Employees Call for Congressional Investigation into NASA Privacy Breech

"Employees at the National Aeronautics and Space Administration's Jet Propulsion Laboratory in Pasadena have called for an immediate Congressional investigation into NASA's behavior in handling their personal data following the October 31 theft of a NASA laptop computer left unattended in a parked car in Washington DC. NASA waited two weeks before informing its employees that their personal information had been compromised and that they have been placed at risk of identity theft. The data on the stolen NASA laptop was not encrypted."

Press Conference on NASA Data Breach JPL Employees Call for Congressional Investigation into NASA Privacy Breech

"We warned of this possibility five years ago when we filed our lawsuit. We were ignored by the courts. Now, unfortunately, by virtue of the cavalier behavior of a NASA bureaucrat our argument has been proven. Our nightmare of five years ago has become a reality. We therefore are asking Congress to conduct an investigation into NASA's behavior in this unsavory affair and to develop new standards which protect the privacy of federal employees."

- Questions Remain About Information on Stolen NASA Laptop, earlier post
- NASA IT Blunder Update, earlier post
- Yet Another NASA IT Blunder, earlier post

Keith's note: One NASA Watch reader writes: "I too received a letter warning of my PII being comprimised by the stolen laptop but there are two things that I find odd. 1) As was the case in the image of the letter posted on NASAWatch, the return address is a NASA emblem with the address of the retained security contractor's Portland address (since when can a contractor use an offical US gov emblem?); and 2) why does a NASA laptop have my PII considering I left the Agency in May 2009?"

Another reader writes: "I too received "the letter" about the stolen laptop and I retired from GSFC in mid-2003 - ten years ago! And it is my responsibility to take the necessary steps to protect myself?! Why after ten years would my PI be anywhere but at OPM let alone on someone's (NASA) unencrypted laptop?! Please keep their feet to the fire on this one Keith; NASA needs to be as well-steamed as I am."

NASA Personally Identifiable Information (PII) Update 20 Nov 2012

"The data analysis on the entire file has not yet been completed, but if data beyond SSN, date of birth and birthplace is found for individuals, we will send them another letter. Affected individuals identified to date include people who have applied for access to NASA information or facilities for which a background investigated is required."

NASA Internal Memo: Immediate Restriction on Laptops Leaving Ames

"Effective immediately, NO NASA LAPTOP may be taken off the Ames Research Center campus unless Whole Disk Encryption is enabled. I am fully aware that this is a more restrictive than the November 14, 2012 directive from the Agency Chief Information Office and Administrator, however, since that email, Ames has had two laptops stolen that we are now handling."

- NASA IT Blunder Update, earlier post
- Yet Another NASA IT Blunder, earlier post

How the government can turbocharge private-sector innovation, Gigaom

"Traditionally, NASA attempts to commercialize and otherwise transfer the good work done in its research labs to the public by two means: directly auctioning its patents to the private sector, or maintaining the patents but actively choosing not to enforce them if doing so would impede innovation. NASA claims over 1,200 success stories in this regard, and there's plenty to show for it. But arguably no single NASA patent has had the same kind of market-disrupting effect that OpenStack has had merely by opening the doors to the community and letting the market drive development and adoption. That's food for thought."

Keith's note: Of course, NASA's response to the potential of OpenStack? NASA CIO Linda Cureton walked away from OpenStack - while industry has embraced it. And you wonder why NASA cannot figure out how to keep sensitive data off of laptops that are continually stolen? Clearly some management changes are needed in this regard. Check out her blog - its full superficial treatment of important IT issues and pop management babble. Clueless.

- NASA CIO Dumps NASA-Developed Open Stack, earlier post
- Previous IT posts

Help Redesign NASA.gov

Welcome to the NASA.gov Forum

"We're starting on the next go-round of what NASA.gov looks like and want to know what you think. The digital universe has changed radically since we overhauled www.NASA.gov in 2007. Everyone's use of social media and smartphones has exploded. Visits to NASA's web sites dropped for a couple of years, then set records in 2011 and this year. How are you making sense of all this? How do you think we here can apply what you've learned? Do you like something you've seen? Is something missing? How do you interact with NASA online? Where else do you get your NASA news from? We've opened this forum to take your feedback. You can offer ideas of your own or comment and vote on others' suggestions. The forum will be open for new ideas until Dec. 19. We'll consider all the suggestions and do some prototyping, then see what you think."

- NASA Claim About MSL Internet Effects Called Into Question - By NASA, previous post
- Why does NASA need multiple websites for the same mission?, previous post
- NASA's Tangled Human Spaceflight Web Presence, previous post
- NASA's Baffling, Redirecting Links, previous post
- NASA's Inability To Speak With One Voice Online, previous post

Keith's 8:20 am EST note: Last evening, JSC PAO's Amiko Kauderer tweeted via @amikokauderer "Wonder about breaking bread for Thanksgiving in space? Talking to @NASA food scientist tomorrow. Got Qs? Tweet me w #askStation!" She claims that this is her personal account and replied "@NASAWatch This is my personal Twitter account. I tweet about my life & interests, which includes my work. Official tweets @NASA_Johnson".

OK, then why is this official NASA event only being made available to the 1,936 followers of the @amikokauderer personal account but not to the 89,640 followers of the official @NASA_Johnson account? This is a rather poor decision inasmuch as the potential audience of @amikokauderer is dwarfed by that of @NASA_Johnson which commands 46 times the number of followers across a much broader range than does @amikokauderer.

As NASA upgrades its Internet presence, it needs to re-examine the use of personal employee Twitter accounts Vs official Twitter accounts to make certain that the most effective means (a combination thereof) is used to alert taxpayers as to what NASA is doing - and that taxpayers are not put in the position of trying to separate personal tweets from business tweets. Most people get separate Twitter accounts to solve this problem.

Keith's 11:30 am EST update: @NASA_Johnson just tweeted mention of this official event (at the last minute) some 12 hours after it first appeared - exclusively - on @amikokauderer - a personal Twitter account. As such only Amiko Kauderer's pals and followers knew about this event well in advance - as opposed to the 89,640 followers of @NASA_Johnson . I am not sure what sort of social media game plan she's following - this approach makes no sense whatsoever.

NASA IT Blunder Update

NASA Suffers "Large" Data Breach Affecting, IEEE Spectrum

"Why it has taken so long for NASA to finally decide to fully encrypt its laptops remains a mystery, given its long-time poor record on IT security. As noted at NASA Watch, NASA has a history of laptops with personally identifiable information being stolen, one as recently as March. Maybe NASA decided to act this time because it involved a NASA Headquarters' person who in all likelihood is very senior and should have known better than to possess a laptop with no data encryption."

NASA finally demands encryption on employee machines after another laptop is stolen, The Verge

"Why the concern? Well, the laptop's hard drive wasn't encrypted, and nor were any of its sensitive documents. The theft, which was revealed to employees in an agency-wide email obtained by SpaceRef, is being spun as a wake up call for NASA to beef up its security standards on employees' laptops."

NASA scrambles to encrypt laptops after major breach, Computer World

"Gant Redmon, general counsel and vice president of business development at Co3 Systems, an incident management company, said the issue is why NASA didn't take measures to encrypt all of its systems sooner. "I have two questions. Why didn't they have it before the [March] incident? Why didn't they have it after that first breach?"

NASA Says Staff Information Was on Stolen Laptop, New York Times

"This is not the first time NASA has suffered a serious breach. The agency has long been a target for cybercriminals looking to pilfer sensitive research."

Laptop with NASA workers' personal data is stolen, Reuters

"The laptop theft is the latest in a string of NASA security breaches over the past few years. In March, a Kennedy Space Center worker's laptop that contained personal information on about 2,300 employees and students was stolen."

Yet Another NASA IT Blunder, earlier post

Yet Another NASA IT Blunder

Agencywide Message to All NASA Employees: Breach of Personally Identifiable Information (PII)

"On October 31, 2012, a NASA laptop and official NASA documents issued to a Headquarters employee were stolen from the employee's locked vehicle. The laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors, and others. Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals. We are thoroughly assessing and investigating the incident, and taking every possible action to mitigate the risk of harm or inconvenience to affected employees."

Keith's note: Look at the links below from the past several years. When things like this happen again and again you have to wonder whether the people entrusted with sensitive information - and/or the people who manage these individuals - are required to exhibit common sense in the performance of their duties. For that matter, you have to wonder if the people running NASA's IT security actually know what they are doing. This advisory contains "changes and clarifications in NASA policy". How many times do things like this have to happen before NASA finally figures out how to fix this obvious problem? Why was information like this on a laptop to begin with?

Lets just hope this laptop doesn't contain any inappropriate emails to U.S. Army soccer moms or socialites ...

- Stolen KSC Laptop Has Employee Personal Info On It (Update), earlier post
- NASA IT Security is a Mess - Stolen Laptops and Hacking JPL, earlier post
- OIG: NASA Information Security Does Not Fully Meet DHS Requirements, earlier post
- NASA OIG: Facilities and Spacecraft Vulnerable to Attack, earlier post
- OIG Finds Problems in NASA IT Management and Implementation, earlier post
- NASA OIG: Audit of Cybersecurity Oversight of [A NASA] System, earlier post
- GAO Cites Ongoing NASA IT Security Vulnerabilities, earlier post

Keith's 29 Oct note: The @NASA_SDO twitter account just noted "Due to the impact of Hurricane #Sandy @NASA_Goddard the @NASA_SDO website is down. Sorry for the inconvenience We will have it up again ASAP".

This is baffling. The most weather we have here in the DC/Baltimore area right now is steady rain. No hurricane effects are being felt yet. But none the less a GSFC website is offline? I wonder what would happen during a solar storm when the website is actually needed. Hasn't NASA learned how to prepare for such simple contingencies i.e. placing its websites (or at least a back up mirror) in the cloud? Maybe if the SDO folks spent a little more time on routine web support and less time on their dead rubber chicken mascot this wouldn't happen.

But wait: since NASA is incapable of having one official SDO website (due to a chronic organizational inability to adopt a simple website plan) there is another official NASA SDO website online here but it has nothing to do with this equally official SDO website here (which is offline) except that it loads images from the site that is offline right now.

Keith's 30 Oct update: It has been 24 hours. The hurricane is gone. All of NASA's websites seem to be working just fine - none seem to have been knocked offline - except for the SDO website at GSFC which was taken offline. The other (competeting) official NASA SDO website that relies on this downed GSFC server for images shows blank space where the "Latest SDO AIA Image" should be.

Keith's 31 Oct update: The website is back online. What is really odd is this notice they posted:

"The SDO Website is Down Mon, 29 Oct 2012 Due to anticipated power grid problems caused by Hurricane Sandy the SDO website has been shutdown. We regret the inconvenience. The website should return tomorrow. All SDO data is sent to the ground and stored at the data centers."

Think about this for a second. They posted this notice on 29 October on a website that no one could see on 29 or 30 October. Who did they expect to read this notice? You would have had to actually be able to see the website in order to see the notice that the website was offline. Only at NASA.


Keith's 24 Sep 11:45 am note: According to a Tweet by @RPISciDean (Laurie Leshin): "From Jim Green at #CAPS: Traffic on the ENTIRE INTERNET increased by 30% during landing of @MarsCuriosity -- wow! Go #MSL!" I have asked NASA PAO if they can confirm Jim Green's claim - as relayed by Laurie Leshin.

Keith's 24 Sep 6:30 pm update: No answer yet. This would be a rather remarkable accomplishment for NASA - rivaling the ~ 1 billion TV audience for the Apollo 11 landing. As such, one would think that the agency would be much more vocal about the impact of Curiosity's landing on global Internet traffic - if this claim is true, that is.

Keith's 25 Sep 10:38 am update: According to NASA PAO: "NASA Public Affairs does not know where Jim Green got this information nor can we confirm it." Now that NASA has officially cast doubt on the veracity of this claim, It would be nice if Jim Green would explain where he got this information - or admit that he made a mistake.

Keith's 25 Sep 7:00 pm update: According to NASA PAO, Jim Green was mistaken in referring to a "30% increase in traffic on the ENTIRE INTERNET". Instead, there was a traffic spike on Akami around 2 am EDT on 6 Aug 2012 of "31% above normal" with regard to what traffic would normally be on certain portions of Akami (not the entire Internet). Akami handles a large portion of global Internet traffic at any given time. That said, NASA PAO says that during the Curiosity landing that thy doubled their previous high for peak webcast stream traffic. Indeed, in 48 hours they distributed more than 1 petabyte of data. But Jim Green's claim that the entire Internet surged by 30% due to Curiosity-related traffic was simply inaccurate.

Keith's note: The following is put at the bottom of most press releases issued regarding Mars Curiosity.

"More information about Curiosity is online at: http://www.jpl.nasa.gov/msl , http://www.nasa.gov/msl and http://mars.jpl.nasa.gov/msl."

Why does NASA pay to maintain three separate websites (two run by JPL) - all of which are out of synch with one another? NASA is constantly complaining that they never have enough money to run all of their EPO and PAO operations. Yet they can afford multiple websites when only one is needed? If you ask NASA about this (it happens with virtuallky every mission), you either get no answer, a shrug and/or sigh, or something really stupid. So, I am asking (again) ...

Keith's update: There's also http://marsprogram.jpl.nasa.gov/msl/ which is the same as http://mars.jpl.nasa.gov/msl/ - that makes three web addresses, two of which point to identical but parallel websites, and one that points to another, different website - all at JPL.

- NASA's Tangled Human Spaceflight Web Presence, earlier post
- NASA's Sprawling Web Presence, earlier post
- NASA's Inability To Speak With One Voice Online, earlier post

Review of NASA's Computer Security Incident Detection and Handling Capability

"In general, we found that the SOC has improved NASA's computer security incident handling capability by providing continuous incident detection coverage for all NASA Centers. ... However, we also found that the SOC does not currently monitor all of NASA's computer networks. Even though networks we reviewed had their own incident management program that included network monitoring, dedicated staff to respond to incidents and documented processes the networks' management programs do not provide the centralized continuous monitoring coverage afforded by the SOC. In addition, NASA needs to increase its readiness to combat sophisticated but increasingly common forms of cyber attack known as Advanced Persistent Threats (APTs)."

NASA's Mars Rover Crashed Into a DMCA Takedown, Vice.com

"This isn't the first time that a claim by Scripps News Service has grounded a NASA video on YouTube. According to Bob Jacobs, NASA's Deputy Associate Administrator for Communications, such claims happen once a month, and tend to be more common with popular videos. If claimed videos aren't blocked, they are slapped with ads from the fraudulent claimant. In April, Scripps also claimed ownership for a video of one of NASA's Space Shuttles being flown atop a 747, causing it to briefly disappear from NASA's account."

NASA Announcement for Partnering Opportunities for Delivery of NASA Content To The Public

"In the existing infrastructure without our delivery partners, NASA may have to cap the number of visitors and hours of web streaming coverage or eliminate it entirely for particular peak activities. This would force visitors to seek content from other venues that may or may not cover NASA missions. To avoid this situation, NASA seeks to broaden its ability to reach new audiences and numbers of people through access to multiple venues."

IT Reform at the National Aeronautics and Space Administration, NASA CIO

"Finally, NASA shifted to a new web services model that uses Amazon Web Services for cloud-based enterprise infrastructure. This cloud-based model supports a wide variety of web applications and sites using an interoperable, standards-based, and secure environment while providing almost a million dollars in cost savings each year.

NASA Drops OpenStack For Amazon Cloud

"Ray O'Brien, acting CIO at NASA Ames, when asked May 30 by InformationWeek about NASA's participation, used diplomatic language to say that NASA still endorsed the project, was proud of its founding role, and might be a user of OpenStack components in the future. "It is very possible that NASA could leverage OpenStack as a customer in the future," he wrote in his email response. ... [NASA CIO Linda] Cureton's reference to "an interoperable, standards-based environment" could have been taken from the OpenStack playbook. Amazon Web Services, to which Cureton was actually referring, uses proprietary Amazon Machine Images as the basis for workloads that run in its Elastic Compute Cloud ... But nowhere in her references to an open environment was there any mention of OpenStack. At the same time, OpenStack has gained the backing of 175 other companies--including IBM, HP, Red Hat, Del,l and Intel--as the primary open source cloud offering."

Nebula, NASA, and OpenStack, Open NASA

"Recently, on May 15, NASA announced a new cloud computing strategy for the Agency at the Uptime Institute's symposium in Santa Clara, CA. Among its facets is a reduction to our OpenStack development efforts in favor of becoming a "smart consumer" of commercial cloud services."

IT Reform at the National Aeronautics and Space Administration, NASA CIO Blog

"Improved investment management practices, the use of cloud services when appropriate, and the use of shared services as a provider and consumer are core tenets in our IRM Strategic Plan released in June 2011. To underscore the importance of this shift, I identified a Deputy CIO for IT Reform, Gary Cox, in 2012 to provide an integrated focus on IT innovation and service delivery to ensure that our services are effective and efficient from our customers' perspectives."

Did NASA ditch OpenStack for Amazon?

"What she did not mention was anything about OpenStack, the infrastructure as a service platform that grew out of initial work by NASA and Rackspace. OpenStack is being pushed as an alternative to Amazon Web Services by several tech heavyweights including Hewlett-Packard, IBM, and Red Hat. This blog piqued my interest because, in late March, another NASA official said publicly that the agency is backing off additional OpenStack development."

Marc's note: The short answer, yes.

Iranian 'Cyber Warriors Team' takes credit for NASA hack, MSNBC

"A group of Iranian student hackers known as the Cyber Warriors Team claims to have stolen the personal information of thousands of NASA researchers. The Cyber Warriors Team boasted in a May 16 Pastebin post that it exploited a secure sockets layer (or SSL) vulnerability in the space agency's website to swipe "information for thousands of NASA researcher[s] with emails and accounts of other users." In the hackers' poorly worded English message, "How and reasons to Hack NASA SSL Certificate," the group said the security glitch still exists, and leaves the agency open to more malicious attacks."

NASA denies Iranian cyberattack, CSO Data Protection

"NASA said it discovered the Pastebin post within hours and launched an investigation of the claims. "Although the investigation is ongoing, all results thus far indicate that the claims are false... At no point were any sensitive, mission, or classified systems compromised," Beth Dickey, a NASA spokeswoman, said in an email."

NASA's Inconsistent Support of the International Space Apps Challenge

"Several weeks ago NASA and a number of sponsors held the International Space Apps Challenge. The intent was to enlist people from all across the world to create solutions to problems and issues associated with spaceflight. The participants were truly spread out across our planet including Antarctica with support from the crew aboard the International Space Station. ... I think it is inexcusable that NASA has not made more of an effort to promote things such as the International Space Apps Challenge - especially when the White House places such a priority on things like this. There is much risk in this ad hoc and dysfunctional public engagement policy at NASA. Now that the first apps challenge event was such a success, efforts like this could continue - without overt NASA involvement - thus making NASA less - rather than more relevant."

NASA Hacked Again

NASA, ESA confirm hacks; The Unknowns says systems patched, ZDNet

"For the NASA hack, the group also decided to leak one of the research center's databases. They released names, employers, home addresses, and e-mail addresses of 736 victims on Pastebin. ESA is the other organization for which they also leaked more data, also via Pastebin. Both NASA and ESA have now confirmed the attacks. NASA security officials detected an intrusion into the site on April 20 and took it offline," a NASA spokesperson said in a statement. "The agency takes the issue of IT security very seriously and at no point was sensitive or controlled information compromised. NASA has made significant progress to better protect the agency's IT systems and is in the process of mitigating any remaining vulnerabilities that could allow intrusions in the future."

Keith's note: One night in January I got frustrated trying to find something on NASA's Human Spaceflight website(s). So, I decided to map them. As you can see from this chart (enlarge), NASA's HSF web presence - like much of NASA's sprawling cyber infrastructure - is an unorganized mess. Yet despite this convoluted web structure, people often manage to find things simply because a lot of what NASA does is so compellingly cool. People find this stuff despite the convoluted and confused way that NASA organizes things (Google).

As I have already noted, most missions at NASA have two, often three (or more) official websites and web addresses. The websites are often out of synch with each other and yet also duplicative - at the same time. NASA also has multiple entry points for the same topic, dead ends, and pages that reflect programs that are dead. I sent this chart over to NASA. They agreed: its a mess. 5 months later. No change. So I thought I'd share it with y'all.

NASA's Inability To Speak With One Voice Online, earlier post

International Space Apps Challenge Is Happening This Weekend

"The International Space Apps Challenge will take place this weekend, April 21-22, 2012. Nearly 2,000 people are registered to attend in 24 cities around the world. NASA is working with 8 other government agencies and over 100 organizations world wide to host the two-day technology development event. Solutions to over 60 challenges related to open source software, open hardware, citizen science platforms, and data visualization will be worked on throughout the event, including an opportunity to launch your code to space on NASA's phonesat!"

NASA Internal Memo: Spacebook Being Decommissioned

"On June 1 Spacebook, NASA's social network site, will be decommissioned. All data will be archived and all user accounts will be closed. Spacebook was implemented in 2009 as a social network for civil servants and contractors to collaborate and share information. Unfortunately participation has not been as high as anticipated. On average, only 14 users log on per weekday and zero on the weekends. There are alternate internal social media tools, such as Yammer..."

Keith's note: Another reinvented wheel that needed to be uninvented. I can only imagine what they spent to create and maintain this bad copy of Facebook.

NASA Releases New Open Government Plan

"NASA today released version 2.0 of its Open Government Plan, which includes a flagship initiative to build a new web architecture and a renewed focus on open data sharing, open source development and a variety of technology acceleration efforts. The plan also features a directory of more than 100 participatory, collaborative and transparent projects, offering citizens opportunities to understand, support and engage with the agency. Throughout the next year, NASA will continue to add projects to the directory."

NASA Memorandum for the Record: Protection of Sensitive Agency Information

"This memorandum reinforces NASA policy regarding the protection of Sensitive but Unclassified (SBU) information. The memorandum applies to all Centers, Mission Directorates and their supporting commercial contractors that process NASA information. Individuals responsible for handling SBU information should be cognizant of the requirements outlined within this memorandum to ensure the protection of all SBU data."

- Stolen KSC Laptop Has Employee Personal Info On It (Update), earlier post
- NASA IT Security is a Mess - Stolen Laptops and Hacking JPL, earlier post

The Secret History of OpenStack, the Free Cloud Software That's Changing Everything, Wired

"So [Federal CIO Vivek] Kundra summoned Chris Kemp to the White House, and he eventually used NASA Nebula to launch USAspending.gov -- a site that shared the government's spending with the world at large -- while drawing up plans to expand the platform to other agencies as well. The problem was that certain U.S. lawmakers and NASA bureaucrats were intent on killing the project. Chief among them was Senator Richard Shelby, the chairman of the Senate Appropriations Committee, according to Kemp. Shelby's office didn't respond to an inquiry from Wired, but Kemp says that the senator saw Nebula as a jobs-killer. "Whenever I would talk in Washington about this cloud technology enabling data centers to run without people, this was interpreted as jobs going away," Kemp says. "There was a serious political challenge to the project...and I was called before the NASA administrator -- of the whole agency -- to explain it."

NASA KSC internal Memo: NASA KSC Laptop Theft

"On March 5, 2012, a NASA laptop computer containing sensitive Personally Identifiable Information (PII) was stolen from a NASA KSC employee. We have verified that personal information was contained in the files that were on this laptop at the time it was stolen."

NASA KSC Response to Employee Laptop Theft

"Originally, a limited number of employees and less sensitive personal data were thought to be on the stolen computer. But as part of the investigation and response to the theft, NASA IT, security and human resource personnel confirmed (through backed-up records of the stolen computer stored on protected agency servers) more precisely what information was contained on that laptop, and it was learned on March 14 that many more employees and more sensitive data, including social security numbers, were involved. NASA is sending "letters of notification," first in the email below, to provide faster notification, and then by paper letter by March 19, to affected employees."

Hearing Notes: Charles Bolden Testifies on NASA's FY 2013 Budget

"When Wolf mentioned the recent NASA IG report on computer security and the spate of incidents, Bolden said that he was going to sign a directive and that all portable devices would use encryption. He said he should have known better and that it was his fault that this had not been implemented sooner. Bolden said that he had talked to his staff and that when compared to other agencies' IT security, that NASA was "woefully deficient"."

NASA Launches International Competition to Develop Space Apps

"NASA, governments around the world and civil society organizations will co-host the International Space Apps Challenge on April 21-22 with events across seven continents and in space. The apps competition will bring people together to exploit openly available data collected by space agencies around the world to create innovative solutions to longstanding global challenges. An initiative of the U.S. Open Government National Action Plan, the challenge will showcase the impact scientists and citizens can have by working together to solve challenging problems that affect every person on Earth. Events will take place in San Francisco; Exeter, U.K.; Melbourne, Australia; Sao Paulo; Nairobi, Kenya; Jakarta, Indonesia; Tokyo; McMurdo Station, Antarctica; and the International Space Station."

iPads Would Be Great in Space, Astronaut Says, TechNews Daily

"NASA astronaut Dan Burbank, who commands the space station, said that while he doesn't own a new iPad -- or any other tablet -- he definitely could use one in space. "I don't have an iPad yet, and I most certainly don't have one up here on the space station," Burbank said today while answering a question from a student in San Jose, Calif., via a video link. "At some point I think that would be a really good tool to have up here because it would be a lot easier to have a single tablet, a single screen, to take with you to do procedures and science experiments instead of having a big laptop with you."

The iPad and an Angry Bird Head to Space, iPad News (28 Oct 2011)

"The next unmanned resupply vehicle headed for the International Space Station next month will be loaded with much needed propellant, oxygen, water, thousands of pounds of crew equipment and 2 iPads all ready to entertain the Russians who will receive them."

Keith's note: So I guess the Russians won't let their American crew mates use their iPads.

Testimony by NASA IG Paul Martin: NASA Cybersecurity: An Examination of the Agency's Information Security

"Between April 2009 and April 2011, NASA reported the loss or theft of 48 Agency mobile computing devices, some of which resulted in the unauthorized release of sensitive data including export-controlled, Personally Identifiable Information (PII), and third-party intellectual property. For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station...."

"...In one of the successful attacks, intruders stole user credentials for more than 150 NASA employees - credentials that could have been used to gain unauthorized access to NASA systems. Our ongoing investigation of another such attack at JPL involving Chinese-based Internet protocol (IP) addresses has confirmed that the intruders gained full access to key JPL systems and sensitive user accounts."

Testimony by NASA CIO Linda Cureton: NASA Cybersecurity: An Examination of the Agency's Information Security

"The NASA IT Security program is transforming and maturing. The real-world requirement is to protect NASA's information and information systems at a level commensurate with mission needs and information value. Therefore, NASA is increasing visibility and responsiveness through enhanced information security monitoring of NASA's systems across the Agency."

Space station control codes on stolen NASA laptop, CNet

"A laptop stolen from NASA last year contained command codes used to control the International Space Station, an internal investigation has found. The laptop, which was not encrypted, was among dozens of mobile devices lost or stolen in recent years that contained sensitive information, the space agency's inspector general told Congress today in testimony highlighting NASA's security challenges."

NASA's Misaligned PR Machine

John Kelly: NASA needs to power up PR machine, Florida Today

"The solution is for NASA to use its broad, and well-funded, public relations arm to make sure that the public does hear about its successes and its progress. NASA must make it known that the new super rocket is being built, tests are being completed, and progress is being made toward test flights."

Keith's note: I am a chronic critic of NASA PAO, but this throwaway line by John Kelly begs a response. NASA's "public relations arm" is anything but "well-funded". Quite the contrary: overall PAO resources have been reduced nearly 75% since 2006. That does not mean NASA does not spend a lot of taxpayer's dollars on various communications activities. As the agency's corporate communications ability shrinks (thanks in large part to a $10 million OMB mandated reduction for a project wrongfully credited to NASA PAO), individual NASA projects and mission directorates make up the difference through independent PR efforts executed under an umbrella known as "public outreach".

However, those public outreach efforts are rarely coordinated with each other or with the agency's corporate communications arm at NASA PAO. As such, PAO often watches in frustration as money is spent on websites, philanthropic efforts, videos, and toys that have little overall value to NASA while resources for the agency's primary communications efforts dwindle due constant Congressional cuts.

If you want to send a message to the managers of SLS and Orion and other spaceflight projects, tell them to worry about completing their projects on time and on budget, and stop trying to figure out how to make these vital programs popular with the American people. They may be terrific engineers but they often make lousy decisions when it comes to executing PR activities and almost always ignore in-house expertise, thus duplicating efforts and wasting money.

Instead, the programs and projects should turn over the resources, responsibility, and accountability to the agency's communications professionals and empower them to execute the kind of coordinated and strategic efforts suggested in Kelly's article. And of course, if NASA gets too good at the sort of PR Kelly would like to see, then he and the rest of the news media will invariably start to dump on NASA - but this time for spending too much money on PR.

Analysis of DNSSEC Validation Failure Comcast - DNS Engineering, Comcast"

"How Did Users Interpret the Failure? The DNSSEC-related misconfiguration of the NASA.GOV domain unfortunately occurred on the same day that some Internet websites such as Wikipedia and Reddit blacked out their sites in protest over the proposed SOPA and PIPA bills in in the U.S. Congress. ... Despite this, a website that discusses NASA-related news and information, called NASA Watch (http://www.nasawatch.com) accused Comcast of blocking access to the NASA.GOV domain, seemingly on purpose."

Keith's note: Despite multiple tweets by @NASAWatch about this problem on 18 January 2012 - tweets that were responded to by @Comcast employees - no one at Comcast ever bothered to contact NASA Watch about the cause - until this report was issued. Yet they seem to place some importance on the fact that NASAWatch (and MSNBC) gave this issue prominence. We had to figure it out for ourselves. If Comcast wants people to know why things are not working for their customers, then they need to take the initiative to respond to public inquiries promptly - and not complain about things well after the fact.

Keith's note: Comcast has decided to block customer access to *.NASA.gov due, I am told, to an issue involving how NASA maintains its DNS records. Why these geniuses at Comcast chose the SOPA/PIPA protest day to do this is curious to say the least. Right now, if you are a Comcast customer, you are being purposefully denied access to one part of your government's services.

Keith's update: I have confirmed this via IT professionals at NASA and in several places across the U.S. that Comcast DNS is broken - but only for NASA.gov, it would seem.

Keith's update: Alan Boyle from MSNBC tweeted some good advice - change your DNS setting to Google's Public DNS. Info here.

Keith's update: Everything works again. Apparently NASA provided an update key for DNS and the new key did not match the Comcast key. So Comcast simply cut off DNS access for all of its customers to everything at NASA.gov. The old key has been sent by NASA and everything works again - so far.

Fifty-Seven Student Rocket Teams to Take NASA Launch Challenge

"For a complete competitor list and more information about the challenge, visit: http://education.msfc.nasa.gov/sli and http://education.msfc.nasa.gov/usli."

Keith's note: Simple, yes? Not when NASA's multiple webmasters get into the act. If you go to http://education.msfc.nasa.gov/sli you are redirected to another URL (link) that blinks too fast to copy down and then quickly redirects you again, this time to this link http://www.nasa.gov/offices/education/programs/descriptions/Student_Launch_Initiative.html. Why have the intermediary redirect? Why not just have http://education.msfc.nasa.gov/sli redirect to http://www.nasa.gov/offices/education/programs/descriptions/Student_Launch_Initiative.html?

If you go to the other link provided in this press release, http://education.msfc.nasa.gov/usli the same intermediate redirect happens and you end up at http://www.nasa.gov/offices/education/programs/descriptions/University_Student_Launch_Initiative.html

The answer you get about dueling URLs from NASA is that NASA wants to make it simple for people. I understand that and totally agree. But when you start with a simple URL, jump to another, longer URL, and then end get tossed again to the final (long) URL - that long URL is the one that you are going to save in your browser, cut and paste and share with others, go back to, etc. Why not stick with the short URL in the first place? Baffling.

NASA's Sprawling Web Presence, earlier post

"There is no uniform agency-wide process for ensuring content on the other NASA sites is accessible, updated, accurate or routinely improved. Individual programs and projects at the Centers and offices at NASA Headquarters manage their own content and are responsible for accuracy and accessibility."

NASA's Inability To Speak With One Voice Online, earlier post

"I hear constant complaints from within NASA that funds for websites, education and public outreach, and PAO are limited - and likely to be cut further. Yet the agency continues to waste money on dueling websites - and they use multiple web addressses to send people to the same website."

NASA OIG: NASA's Real Property Master Planning Efforts

"NASA's development of the Agency's first integrated master plan is a positive step toward better managing its diverse real property assets. However, we found deficiencies within the individual Center master plans the Agency is using to develop the integrated Agency plan that may limit the Plan's usefulness for making strategic real property decisions. Specifically, we found that NASA is developing its initial master plan based on Center master plans that (1) were developed using funding assumptions for the recapitalization program that are no longer realistic and (2) are missing essential information needed to make objective Agency-wide real property decisions. In addition, 5 of the 10 Centers did not develop master plans to reduce their real property footprint in accordance with Agency goals because of uncertain mission requirements."

Keith's note: According to State of the Federal Web Report, issued 16 Dec 2011 by the .gov Reform Task Force

"Some agencies, such as NASA, have a relatively small number of domains compared to other agencies, yet NASA reported the highest number of public websites, with 1,590."

NASA is quoted in this document as saying:

True number of systems unknown: Several agencies admitted that it was not clear how many CMS [Content Management System] are in use: "This number is a guess. No one at NASA knows the number with certainty."

"There is no uniform agency-wide process for ensuring content on the other NASA sites is accessible, updated, accurate or routinely improved. Individual programs and projects at the Centers and offices at NASA Headquarters manage their own content and are responsible for accuracy and accessibility."

"There is no agency-wide process for reporting the results of these center processes or establishing any of them as best practices."

Dawn Obtains First Low Altitude Images of Vesta

Keith's note: This press release says "More information about the Dawn mission is online at: http://www.nasa.gov/dawn and http://dawn.jpl.nasa.gov." That's two separate websites at NASA for the same mission. But wait - there's yet another here. But you also reach this site if you go to http://www.nasa.gov/dawn. Two websites and three web addresses.

Then there are the multiple official Kepler websites: http://www.nasa.gov/kepler/, http://kepler.arc.nasa.gov/, http://www.nasa.gov/mission_pages/kepler/main/index.html , http://www.seti.org/kepler, and http://kepler.nasa.gov/ as well as the multiple official Cassini websites: http://www.nasa.gov/cassini , http://www.nasa.gov/mission_pages/cassini/main/index.html, and http://saturn.jpl.nasa.gov/, and so on. Virtually every NASA mission has more than one "official" NASA.gov website - and in each case the websites are regularly out of synch with one another.

Probably the most blatant example whereby NASA simply cannot make its mind up as to where an official mission website is has to do with Hubble - here are the official websites: http://hubble.nasa.gov/, http://www.nasa.gov/mission_pages/hubble/main/index.html, http://hubblesite.org/, http://heritage.stsci.edu/, http://www.nasa.gov/hubble, and http://www.spacetelescope.org/. This recent hubble press release is typical. NASA offers 3 links - on three different official Hubble websites - for the same image.

I hear constant complaints from within NASA that funds for websites, education and public outreach, and PAO are limited - and likely to be cut further. Yet the agency continues to waste money on dueling websites - and they use multiple web addressses to send people to the same website. If you gave NASA more money would the number of websites decrease and efficiency of overall NASA website design increase? Doubtful. In a time when budgets are being cut, one would think that increased efficiency would be the focus - and that the number of duplicative websites would decrease and efficiency of NASA's overall website design would increase. Again, doubtful since the agency simply does not want - or care - to try and speak with one consistent, coordinated, efficient voice.

NASA OIG on IT Monitoring

NASA Faces Significant Challenges in Transitioning to a Continuous Monitoring Approach for Its Information Technology Systems

"NASA Inspector General Paul K. Martin today released a report that found significant challenges with NASA's ongoing transition from an information technology (IT) security oversight approach that relied on periodic, static assessments to one that emphasizes ongoing and continuous monitoring of Agency systems."

apps@NASA Now Online

NASA Launches apps@NASA

"NASA launched apps@NASA, a website where NASA employees and contractors can download mobile apps that securely access NASA systems. These apps enable our users to perform critical job functions at anytime from anywhere via personal and NASA mobile devices."

NASA Launches Mobile Apps Store, Information Week

"The agency was at the forefront of the feds' adoption of cloud computing, building its own cloud infrastructure, Nebula, that it is using internally to host applications and services. Mobile applications are another area in which NASA has been an early adopter, offering apps for both iPhones and Android devices. However, its mobile apps store for employees is a bit thin at the moment; the site currently has only two applications available in its apps store, but NASA plans to add more in the future."

NASA on Google+

Government Agencies Go Google+, Information Week

"Most of the agencies thus far have been posting news, multimedia, and information of the type one might expect to be posted on their Facebook pages or Twitter feeds. For example, with the exception of a post introducing itself to Google+, the Marine Corps' Google+ posts have thus far been carbon copies of its posts on its official Facebook page. Since joining Google+, NASA has been the most active of the new entrants with almost two dozen posts, mostly images and multimedia, and many of them different from information shared on other social media platforms. The page already has more than 18,000 followers."


United States Attorney Southern District of New York Press Event with NASA Inspector General

"A press conference will be held today to announce charges against seven individuals who engaged in a sophisticated, international Internet fraud scheme that infected more than four million computers in over 100 countries and manipulated online advertising.

- Preet Bharara, U.S. Attorney for the Southern District of New York
- Janice K. Fedarcyk, Assistant Director-In-Charge of the New York Office of the Federal Bureau of Investigation
- Paul Martin, Inspector General of the National Aeronautics and Space Administration, Office of Inspector General"

U.S. Attorney Charges Seven Individuals For Engineering Sophisticated Internet Fraud Scheme, Department of Justice

"Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA; educational institutions; non-profit organizations; commercial businesses; and individuals."

NASA Internal Memo: Goddard Libraries Transition to Electronic Services

"Beginning January 1, 2012, the NASA Goddard libraries at Greenbelt and Wallops will transition to an all-electronic activity. In response to changes in the research environment and to Center-driven resource priorities, we will no longer maintain a physical presence but will focus on supporting the research needs of the Goddard community electronically. ... Closing of the physical libraries is a strategic move to repurpose resources and refocus efforts toward enhanced electronic collections and new services vital for Goddard to continue to be productive and competitive in scientific research. "

Keith's note: So what does this mean with regard to the books and other printed items that already exist in the GSFC library i.e. "Closing of the physical libraries"? Is GSFC going to just get rid of everything? And if a book or journal is not in electronic format ... too bad. I am sure historians will just love this. And this is a "strategic move"?

iPads in Space?

Keith's Note: If you watch the live video from the Aquarius undersea habitat you can see that the NEEMO-15 crew are currently using tablet computers. According to an interview I did a few minutes ago, NEEMO-15 crew member Astronaut Shannon Walker says that they use these tablet computers to track their mission tasks. Walker also said that there will be several tablet computers aboard the next Progress cargo flight to the International Space Station. When asked, she was not able to say what brands of tablets would be going up.

Keith's update: According to NASA Public Affairs, the Russians plan to fly two iPads on the December Progress mission as a replacement for the iPod they currently have on the ISS The only use for these two iPads will be for entertainment. The Russians have no plans to use them operationally. NASA is still reviewing other tablet systems and plans to fly at least one more next year although the brand that they will fly is still TBD.

NASA OIG Annual Report: Federal Information Security Management Act: Fiscal Year 2011 Evaluation

"Overall, the Agency established and is maintaining a program for each of the 11 areas listed above. However, the Agency's programs for risk management, configuration monitoring management, and POA&M need significant improvements as they do not include all required attributes identified by the Department of Homeland Security."

data.nasa.gov API

data.nasa.gov API Now Available

"The data.nasa.gov API allows a machine-readable interface to return metadata from the site organized by category, tag, date, or search term. We're hoping this allows new and creative visualizations of the data resources NASA provides to the public. Additionally, it is a learning experience for us as we work to expand transparency, participation, and collaboration at NASA through new uses of technology. You can view documentation on the API directly on data.nasa.gov."

NASA Announces International Space Apps Competition

"NASA is announcing the International Space Apps Competition to support the Open Government Partnership (OGP), which President Barack Obama announced Tuesday. The challenge will culminate with a two-day event next year that will provide an opportunity for government to use the expertise and entrepreneurial spirit of citizen explorers to help address global challenges. During the event, NASA representatives and officials from international space agencies will gather with scientists and citizens to use publicly-released scientific data to create solutions for issues, such as weather impact on the global economy and depletion of ocean resources."

NASA Seeks to Communicate, Engage Public Better, TMCnet.com

"[Bolden] also said he was "disappointed" at the lack of fresh faces - "those in the back, who haven't been around for the last 10 to 20 years" - in the audience, but did not discount the attendees either. "We need your help - your ideas, your energy and your passion. What you're doing here today is very important, and I look forward to hearing more from you," Bolden said in closing, tying into the broader themes of the Future Forum, with panel discussions between academia, NASA officials, and private industry representatives featuring technology and innovation, commercial technology transfer, and inspiring education. Broader interaction with the public also came up during a question and answer session after the first panel discussion. A member of the audience suggested that the biggest problem NASA has is "preaching to the choir" - established supporters - via Twitter and the web. A discussion of broadening the base ensued. "If we have a more loud choir, more people look at what's going on in the church," NASA Chief Scientist Dr. Waleed Abdalati suggested."

Keith's note: NASA has lots of transmitters to throw things out into the media and at the public - but it has very few receivers with which to capture input from the real world. And when it does get input, it often hasn't a clue what to do with the information. There is more to this than constantly asking for input, Charlie. You need to instigate a culture shift inside your agency wherein the input NASA gets from outside itself is incorporated into how your people run the agency. NASA needs to admit that it doesn't know everything and that 'change is an option' when public input does not mesh with what the agency thinks it is supposed to be doing. As for loud choirs, Waleed, NASA often confuses momentary amplitude with real public interest. It can be difficult to hear subtle messages when all you have is a bullhorn at your disposal.

Keith's note: So ... this is the new NASA Buzzroom? If so, NASA needs to replace the responsible website contractor JESS3 ASAP. This is just a crappy Facebook feed wherein anything that people post appears on this NASA.gov website with zero moderation. One post says "NASA takes down buzzroom after too much revealed about Comet Elenin trajectory." At least this new version of Buzzroom no longer features utterly off-topic videos that featured including lynchings and 80's hair bands (see earlier stories on this failed experiment)

The NASA IT Summit is an open forum of all the best that IT offers. Members of the IT community - NASA, Federal, Industry & Academia - will gather to exchange ideas, share best practices, and learn what is new and cutting edge on the internal and external IT landscape. NASA CIO Linda Cureton will host the 2011 IT Summit at the Marriott Marquis in San Francisco - August 15-17. To chat during the session, please go to the session on the IT Summit Remote Engagement Site: http://open.nasa.gov/itsummit/

Livestreaming webcast

More information

Keith's note: Facebook's CIO Tim Campos is the opening speaker today at the IT Summit. Alas, NASA blocks access to Facebook (and Google+ etc.) NASA has multiple internal attempts to copy (badly) some of what Facebook does so there is some appreciation for the utility of these tools. Campos makes many good points. Indeed, I think Tim Campos and NASA CIO Linda Cureton need to have a serious chat during the lunch break. He says interesting things but NASA blocks access to his company's product. So how can his lessons be applied? Why can't NASA civil servants and contractors use Facebook (or Google+) or both? And please don't throw "firewall" or "ITAR" nonsense back at me in the comments section. If NASA can reprogram 30+ year old Voyager spacecraft outside our solar system surely they can figure out how to offer employees the same tools that the rest of the world uses.

Working at NASA in 2011 is like driving a car that only has an AM radio - with only one speaker.

Keith's clarification: While some people can clearly access (and interact with) Facebook and other social media sites from their desks at NASA others tell me that they cannot. Due to the retaliatory mindset at NASA I am not going to identify where these people are. Suffice it to say, there is no consistent, agency-wide policy as to what people inside NASA can or cannot access out in the real world.

Keith's note: NASA's Webb Space Telescope Twitter account is promoting AURA JWST lobbying materials:

"We've just added a link on our site to this page from AURA which has a collection of statements of support for JWST: bit.ly/okj0Cr"

Reader note: Read the following on the Direct TV web site regarding NASA TV. So they now want to charge $10.00 extra but not deliver HD. "Is NASA TV still available on DIRECTV? Yes, DIRECTV will still offer NASA TV on Channel 289. However, starting August 3, 2011, NASA TV will only be available to customers who have DIRECTV HD equipment and are subscribed to HD Access ($10/month). But please note: NASA TV will remain a standard definition channel. Upgrade to HD online or call us at 1-800-531-5000."

NASA Launches New Open Government Blog

"The site is a collaborative blog for the open government community to highlight the ways that transparency, participation, and collaboration are being embraced throughout the agency. "NASA is committed to experimenting with and embracing new participatory ways of collaboration," said Linda Cureton, the agency's chief information officer. "The launch of open.NASA is a new chapter in NASA's culture of openness and an exciting new way to engage citizens in our activities."

White House Announces Plans to Shut Down Hundreds of Duplicative Data Centers as Part of Campaign to Cut Waste

"To date, agencies have closed 81 data centers and will close 114 more during this calendar year for a total of 195 in 2011.This represents an increase in both planned and actual closures from the data released in April 2011. As agencies have continued to update their data center inventories, they have increased their planned closures, demonstrating the seriousness in which they are attacking waste."

Keith's note: 15 10 centers at NASA have been or will be closed (list)

NASA Open Source Summit Proceedings Online

"On March 29 & 30, NASA hosted its first Open Source Summit at Ames Research Center in Mountain View, California. The event brought engineers and policy makers from across NASA together with well-respected members of the open source community together to discuss current challenges with NASA's open source policy framework, and propose modifications that would make it easier for NASA to develop, release, and use open source software."

NASAWhy Do You Have to Type out 'www' to Get to our Website?, NASA

"It seems really simple - just three letters. But they seem to annoy some of our users, who have let us know: "Why do I have to type www.nasa.gov and not just nasa.gov? Don't you people even know the basics of running a web site?"

Marc's Note: I read this blog post and my jaw dropped. I've complained before that I didn't understand why I couldn't just type nasa.gov in any browser to get to NASA's web site. After all, technically it's a simple change to the domains Domain Name System (DNS) entry. Now I have the answer, NASA says it's an expensive move. Huh! Ok, sure NASA is a very popular web site. But changing the DNS entry so that queries typed in a browser as http://nasa.gov get redirected to http://www.nasa.gov shouldn't add prohibitive costs. No way.

NASA Internal Memo: Transformation of Agency Information Technology (IT) Services

"The Office of the Chief Information Officer (OCIO) is integrating and consolidating many IT services throughout the Agency. This new effort is called the IT Infrastructure Integration Program, or I3P. It will affect every employee who uses IT services such as: desktops, laptops, networks, etc. The scope of I3P is broad, entailing consolidation, improved governance, and central management of IT services in the areas of service desk and ordering, Web services and technologies, enterprise business and management applications, integrated communications/network services, and end-user services. Roll-out schedules will vary by each Center. Each Center's Chief Information Officer will send out more detailed information, but below you'll find a high-level summary of the new program."

SMD and Webex Typos

Keith's note: I just got an email complaint from SMD regarding this calendar listing for the NASA Advisory Council Science Committee Planetary Science Subcommittee Meeting. NASA claims that I "typed" the webex passwords wrong. I did not "type" anything. I copied the notice VERBATIM from the Federal Register here which says "PSS--Apr18" and "PSS--Apr19". I have corrected the passwords, per the NASA SMD email, to read "PSS_Apr18" and "PSS_Apr19". It would seem from the email complaint I got that NASA JPL uses my site to update its staff (thanks guys!) but I find it to be a little curious how people seem to find out about these important advisory meetings via NASA Watch and SpaceRef - and not from NASA SMD itself ...

"As part of the NASA Open Government plan released on April 7, 2010, NASA announced more than 150 milestones related to integrating Open Government into the agencies programs and projects. To celebrate the one year anniversary of our plan, we've released a new infographic to communicate our first year of progress toward becoming more transparent, participatory, and collaborative. While we've set high goals, we're committed to incorporating open government into every facet of our mission. We have made great progress in some areas; others have taken longer than we anticipated and extra time is required to fully realize the goals. We hope this will clearly communicate our progress and keep you informed of new and exciting things within NASA. All of these goals are fluid - you'll see growth and movement as we work to determine the best path toward openness. If you have any questions or comments, we encourage you to visit our new NASA Open Government Initiative website at http://www.nasa.gov/open and share your ideas."

View the project status infographic.

NASA Open Source Summit

NASA To Host Open Source Summit March 29-30 In California

"NASA will host a summit about open source software development on March 29-30 at the agency's Ames Research Center in Moffett Field, Calif. The event runs from 9 a.m. to 5 p.m. PDT on both days. NASA's first Open Source Summit will bring together engineers, policy makers and members of the open source community. Participants will discuss the challenges within the existing open source policy framework and propose modifications to facilitate NASA's development, release and use of software."

Register as a remote participant.

Live streaming of the event can be found here.

NASA OIG: Inadequate Security Practices Expose Key NASA Network to Cyber Attack

"The OIG review found that six computer servers associated with information technology (IT) assets that control NASA spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable. Moreover, once inside the Agency-wide mission network, the attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA operations. We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers."

NASA spacecraft vulnerable to cyber-attack, Nature

"Gail Robinson of the OIG's office tells Nature the IG can't say publicly which systems are affected for security reasons, but that it has told NASA the information. Although only six examples were documented, the IG report makes clear that up to 130 systems could be affected by the inconsistent oversight."

Houston, We Have a Problem: Critical NASA Systems Vulnerable, PC World

"Anup Ghosh, founder and chief scientist for Invincea, noted that events like the recent attacks against HBGary, RSA, and Comodo, and this audit report from NASA might lead IT admins to ask: "If it is happening to organizations like these, can it happen to us?" But, Ghosh says the better question to ask is: "If it is happening to the top security companies, is it happening everywhere?" Ghosh volunteers the answer to that question, saying it is undoubtedly "yes"."

NASA Computer Servers Insecure, Open to 'Catastrophic' Attack, PC Magazine

"What's the problem? The OIG said NASA has been slow to act on a recommendation it made in May 2010 that NASA secure its networks. At that point, the OIG told NASA to immediately establish an IT security oversight program for its mission network, but as of February 2011, NASA had done nothing."

Space Mission Networks at Risk of Major Breach, Govinfosecurity

"NASA CIO Linda Cureton, in a letter to the IG, generally concurred with the IG's recommendations, saying she will work with mission directorates and centers to develop a comprehensive approach by Sept. 30 to ensure that Internet-accessible computers on NASA's mission networks are routinely identified, vulnerabilities are continually evaluated and risks are promptly mitigated. In addition, Cureton said she will develop and implement a strategy for conducting an Agency-wide risk assessment by Aug. 31."

NASA CIO staff continue to make their own rules when it comes to setting up websites outside the NASA firewall for official purposes - websites with no security in place, according to postings on the NASA Forward Maker Camp website.

Keith's note: According to NASA GSFC's Jon Verville (@jonverve): "We are following the precedent set by OSTP/GSA here: http://expertnet.wikispaces.com/Getting+Started Please cite the NPR/NPD requirement which restricts the use of non-NASA websites." My response: "Your group is not operating this website according to NASA policy per NASA HQ. Precedents in other agencies do not count. Otherwise all NASA NPDs can be ignored since someone somewhere else always does things differently. Why have any rules at all?"

I wonder what would happen if CIO staff were to randomly walk around the agency and ask people what would happen if they went out and set up their own website outside the firewall for a project they were working on - or ask management what their reaction would be if their staff just went off and did this. The answer should be obvious. It would certainly be nice if NASA were much more open in this regard - but it is not there yet. Instead of breaking the rules (or making them up ad hoc) these CIO staffers need to set an example and follow their own rules. And if the rules are not working, they need to cite the problems, and then then change the rules. Otherwise having rules of any sort is pointless.

I fail to understand why NASA CIO sets standards that the entire agency has to follow when it comes to website hosting, security etc. and then their own staff can go do whatever they want in this regard. Why should anyone else at NASA bother to adhere to these rules - or pay attention to what the CIO says? Does the "precedent" that Verville mentions have any official bearing on NASA rules and regulations? If so, then where is the NPR/NPD that says so? Otherwise you can't just assume that you can do something simply because someone else did it.

Mixed Messages From NASA CIO Staff, earlier post

NASA's Chief Technology Officer for IT Chris Kemp Is Leaving The Agency

"Deciding to leave NASA has not been easy, and is something I've been struggling with for the past few months. About a month ago, I mentioned to one of my mentors that "it's a very difficult time to be an entrepreneur at NASA." She responded "is it ever a good time to be an entrepreneur at NASA?" Reflecting on this, I realized that most of my accomplishments at NASA were not at Headquarters, but out in the field where I could roll up my sleeves and work on projects and get stuff done. Whereas I thought I had the best of both worlds being a Headquarters employee stationed in Silicon Valley, I actually had the worst of both worlds... no influence when I can't be in all of those meetings at NASA HQ, with no mandate to manage projects at Ames. As budgets kept getting cut and continuing resolutions from Congress continued to make funding unavailable, I saw my vision for the future slowly slip further from my grasp. So, today, I am announcing that I am leaving the place I dreamed of working as a kid to find a garage in Palo Alto to do what I love."

Keith's note: NASA employees Nick Skytland @skytland, Chris Gerty @gerty, Stephanie Schierholtz @schierholz. VeronicaMcGregor (JPL) @VeronicaMcG , and Doug Ellison (JPL) @doug_ellison (and others) are currently attending SXSW (South by Southwest), an "Annual music, film, and interactive conference and festival held in Austin.". There are several panels and sessions (like this one chaired by Nick Skytland) that deal directly or partially with space exploration. It will be curious to see if any of these NASA folks write travel reports or make blog postings that describe what they saw - and what they learned - or if they will simply post a few scattered Tweets instead. Indeed, NASA's social media experts spend far too much time talking to each other - and less actually interacting with the public and other co-workers which (so I thought) was the whole point to begin with.

One would hope that they'd share what they learned - in some detail - (along with their presentations at SXSW) with the rest of the agency and the public. Curiously, Skytland et al only post their presentations (like the one for today's session) made as NASA employees at opennasa.com - never at NASA.gov. Even though Skytland is travelling as a NASA representative, he uses his personal website address and not NASA's. Many of the sites he discusses are not NASA-sponsored at all. You'd think that a NASA person would be giving a NASA presentation.

In addition, Skytland's presentation is not Section 508 compliant - a requirement for all NASA presentations posted online.

WALLOPS: Comment sought on moving main gate of NASA, Delmarva.com

"NASA is seeking comments from the public on its draft Environmental Assessment (EA) of potential impacts from proposed improvements at the Wallops Flight Facility main base entrance. NASA is proposing to improve the main base entrance to increase personnel safety and decrease congestion. .... The draft EA is available on the internet at: http://wff.nasa.gov/code250/MERP_DEA.html A description of means for submitting comments may be found on the website. Public comments on the draft EA are requested by April 12, 2011."

Keith's note: I am not sure how the "public" would ever know about this if it were not for newspapers since Wallops makes no mention of this on their website. I guess the locals are happy that they have newspapers with websites that do NASA's PR work. Oh yes, the web link from Code 250 in this article does not seem to be working.

Reader note: "For future reference, most if not all of NASA's URL's must have "www" prepended (e.g., nasa.gov doesn't work, www.nasa.gov does). Until this gets fixed by the Wallops' webmaster, try www.wff.nasa.gov/code250/MERP_DEA.html."

Keith's note: Looks like Beth Beck has finally decided to fix some major problems with NASA Buzzroom. When you visit now you get this message: "We're in the process of making Buzzroom better for our users. We appreciate your patience. Please check back in the future." The sad thing is that it took people outside the agency to notice these problems and bring them to NASA's attention before they took action. Virtually no one inside the agency seemed to have problems with the goofy, off-topic, and sometimes reprehensible content that this website's managers approved for posting - or simply did not notice.

- NASA Buzzroom Is Broken. Please Fix It. (Updated with SOMD Response), earlier post
- Pseudoscience and Profane Videos Featured Online at NASA.gov, earlier post
- Today's NASA Buzzroom Video Pick: Bowling For Soup US Tour, earlier post

Keith's note: Right now a featured video on NASA Buzzroom is "Bowling For Soup US Tour". (original on YouTube). Is this appropriate? No mention of outer space. So ... what do you do? If you go to NASA Buzzroom, and scroll to the bottom of the page you will see this notice: "This site collects community content about NASA. We invite you to join the conversation! If you find something you don't think belongs, please let us know! Page Last Updated: March 6th, 2011; Page Editor: JESS3; NASA Official: Beth Beck" One small problem: they do not provide a link or an email address. So ... how does one "let them know"?

Keith's note: Yesterday I made note of a broken website - NASA Buzzroom's video page. One feature of this site is to grab videos posted on YouTube - automatically - and post them on a nasa.gov webpage and add a comment feature. Nice idea - it lets people see what others think about NASA. One small problem - humans are not in the loop at NASA. At one point I found a video that had been on nasa.gov for weeks that depicted a bloody lynching and featured a non-stop stream of profanity. NASA eventually got around to deleting it - once I complained (Google cached version).

I complained about lots of other videos that simply had no reason whatsoever to be on a taxpayer-funded space agency website. Eventually, once someone at NASA saw these videos mentioned by me, they were removed. This process seems to be working backwards. I find these videos simply by looking at the video page. NASA deletes them - but only when I make public note of their location. The NASA folks seem to be utterly incapable of making a decision as to what is in appropriate on their own - or identifying inappropriate videos that have been on their site for weeks (or longer). Nor are they able to fix the problem inherent in this website's design in the first place. Given the way they set up this site, it would seem that no one in SOMD's crack Internet squad ever tested this website before putting it online.

To compound things, they simply take videos off of their webpage because one person (me) complains. That's not right. As such, they clearly don't have any established guidelines for removal of videos either.

Right now a clip from the notoriously horrid Howard the Duck from the 1980s is gracing a nasa.gov page. It is harmless but pointless when it comes to space exploration. The NASA SOMD Internet guys will eventually delete it (this is the video on YouTube). But they will only delete it because I complained. FAIL.

Curiously, while NASA told me - officially - that the NASA lawyers had told them - that they could not link to this rather popular video "NASA - The Frontier Is Everywhere" that went viral a month or so ago, this NASA Buzzroom website links to it. So ... there is a bright side to the way this page works. Too bad the people who run this site do not take its design or upkeep seriously.

Pseudoscience and Profane Videos Featured Online at NASA.gov, earlier post

Keith's update: Beth Beck from SOMD sent me this in response to an inquiry as to how content is approve for posting on NASA Buzzroom. She is responsible for this page at NASA.gov. The full exchange is below. In a nutshell whoever is responsible for this website is incompetent and should be relieved of this responsibility. You see, this is the sort of material that the current process allows to be posted and approved:

All I want for Christmas (for NASA), NASA LaRC CTO Rich Antcliff

"My grown up Christmas list for NASA:

- A budget (seriously another three months on last year's budget). It is disappointing that the congress cannot fulfill its duties in a timely fashion.

- An inspiring vision. I just can't get excited about visiting a NEO. Up until a couple of months ago, I had never heard of one. I know what the moon is and I know what Mars is but a NEO? Seriously?

- A serious challenge. Am I back talking about a NEO again, I'll try to move on.

- Some hard decisions. As long as we continue to make everyone feel good about what NASA is doing for them, we will never do anything bold again. We need some bold leadership in the agency, in the executive office and in the congress. Is this too much to ask?

- Engagement with the international community. NASA arrogance is keeping us from partnering with foreign entities in all but political arrangements. We always have to be king and others (China, etc...) are asking who do you think you are?

- ULA and Charlie Brown's football. They hung it out in front of us just to make us salivate and than quickly took it back when the political pressure warmed up - gutless reaction. This is micromanagement at its worst."

... Plus some cogent comments on NASA IT.

NASA JSC Solicitation: Open Innovation Support Services for Internal Collaboration Support Platform and Intermediary

"NASA/JSC has a requirement for Open Innovation Support Services for internal collaboration support platform and intermediary to provide the capability for NASA employees to collaborate within and across the NASA organizations promoting internal collaboration and the identification of solutions to internal challenges by internal personnel and expertise. NASA/JSC intends to purchase the items from InnoCentive, Inc. InnoCentive, Inc. has the required infrastructure and personnel required to support the internal based platform and has an experience base that included an internet based ".com" and an internal based platform. Use of any other system would require duplication of work and loss of existing infrastructure that has already been designed for NASA, tested, validated and approved. The loss of infrastructure cannot be recovered through competition without substantial duplication of time, costs and risk to timely and successful implementation."

What Is Open Innovation at JSC?, Previous Post

NASA Innovation Pavilion, Innocentive

Keith's note: Hmm ... a sole cource contract for "open innovation support". Shouldn't there be multiple paths to "open innovation"? Is this a JSC-only product? The solicitation says "NASA/JSC has a requirement ..." yet the "NASA Innovation Pavilion" mentions JSC, GRC, and LaRC (not not other field centers). Additional solicitations also point to NASA/JSC requirements - not the agency as a whole. Confusing.

- NASA JSC Solicitation: Open Innovation Support Services for a Consortium Network Builder Platform Provider
- NASA JSC Solicitation: Open Innovation Support Services for an External Crowd Sourcing Platform

Keith's note: Someone in charge of the automatic email distribution list for NASA NSPIRES needs to fix the settings such that everyone cannot send email to everyone else complaining about the email that everyone is sending to everyone else.

Update from NSPIRES: "This morning, we encountered an issue where an individual replied back to an email notice about a 2011 EPSCoR Research Announcement. Unfortunately, all individuals on the mail list were able to see this person's reply. Please be advised that the technical issue that allowed this email response to occur has been addressed and no further 'mass replies' should occur. This situation has caused confusion and concern among many of the recipients of this email, and for that, the NSPIRES group extends its apologies to all."

NASA's ExplorNet

Keith's note: According to a Tweet by @KevinDJones, a NASA MSFC-associated social networking consultant, "Recording videos for NASA's soon-to-be ExplorNet. I love this!"

I'll be willing to bet that most of NASA knows nothing about "NASA's soon-to-be ExplorNet". Expect some confusion, though: the name is already is use elsewhere. But this domain is for sale.

Preparing for the Space Shuttle Program's Retirement: A Review of NASA's Disposition of Information Technology Equipment

"NASA Inspector General Paul K. Martin today released a report that found significant weaknesses in the sanitization and disposal of NASA computers and hard drives used in the Space Shuttle Program. These weaknesses resulted in information technology (IT) equipment being sold or prepared for sale even though it still contained sensitive NASA data. This Office of Inspector General (OIG) audit examined IT sanitization practices at four NASA Centers - Kennedy and Johnson Space Centers and Ames and Langley Research Centers - and found serious issues at each. We concluded that NASA did not ensure the proper sanitization of excess IT equipment before releasing it outside Agency control."

Keith's note: Here's the premise: Random Hacks of Kindness (RHoK) - a series of long workshops (often known as "Hackathons") are held in multiple locations around the world wherein people come together to share their skills and create things (software etc.) that can be of use to others locally and globally. Wonderful idea. NASA becomes involved - thus offering the potential to bring its resources to bear - and ingest ideas from external and novel resources. Doubly wonderful - I can smell the synergy. Add in NASA's Deputy Administrator, the Secretary General of the United Nations at the opening session and there's an emergent property - one of heightened visibility for the concept and the participants. I'm sold. Marvelous concept. Gimme more.

NASA sends representatives from the Chief Technologist's and Chief Information Officer's organizations. What are they doing? Well, that's uncertain. NASA civil servant participants Robbie Schingler (NASA HQ CTO Chief of Staff) and Nick Skytland (NASA HQ CIO office) and perhaps others are big fans of social media tools yet they did little to use these tools other than to retweet several generic items about the event as a whole. They made no mention of what they - or NASA - were actually doing at this event. Were they coding? Organizing? What? So much for being "open and transparent". This is especially ironic given that Schingler and Skytland work on NASA's Open Gov efforts, often serving as agency evangelists in this regard.

NASA Internal memo: Message to Headquarters Employees Regarding WikiLeaks and Government Requirements on Handling Classified Information

"This is a reminder for all employees that classified information, even if posted in the public domain, remains classified and should not be accessed, downloaded, copied, or retransmitted utilizing Government IT resources or equipment. Although information posted to WikiLeaks is in the public domain, the information remains classified. The NASA Headquarters Information Technology and Communications Division (ITCD) has initiated temporary blocks to the WikiLeaks sites. The purpose of the block is to protect NASA's administration network from inadvertently storing spilled "classified" data."

NASA Launches Open Gov Status Dashboard

"Some ideas, on the other hand, have taken a little longer than we anticipated and need some extra time in order to be done correctly. To articulate the status of all of these milestones, we're launching the new Open Government Status Dashboard, which details the status of all 39 three-month goals in an easy-to-read format. We'll work to keep this status page updates as milestones are achieved."

Keith's note: Of course, as eager as this group is, they never seem to get press releases out to tell people what they are doing. This item was posted a month ago at NASA.gov.

NASA, the White House and People for the Ethical Treatment of Animals Lead Government, Non Profit and Industry Trade Groups in Social Media, Online Strategy

"NASA, the White House and People for the Ethical Treatment of Animals (PETA) outpace other public sector organizations when it comes to social media savvy and online strategy, according to the first annual Digital IQ Index(R) for the Public Sector."

Keith's update: Here we go again. One tweet and a retweet from several NASA civil servants. That's it. Yet again, no press release, or coordinated NASA.gov use of social media to promote a study that recognizes NASA's social media prowess. How ironic.

Keith's 3:30 pm Update update: NASA finally got around to issuing a press release at 3:00 pm EST 15 hours after it was released by others - and thus missed a whole news cycle. So much for making the best use of "social media and online strategy".

Annual Report Federal Information Security Management Act: Fiscal Year 2010 Report from the Office of Inspector General

"Although our audit work identifies challenges to and weaknesses in NASA's information technology (IT) security program, we believe that the Agency is steadily working to improve its overall IT security posture. Our report to OMB cited that NASA established a program for certification and accreditation, security configuration management, incident response and reporting, security training, Plans of Actions and Milestones, remote access, account and identity management, continuous monitoring, business continuity/disaster recovery, and overseeing systems operated by contractors. However, we found that internal controls for these areas needed improvements."

Chinese Computer Trumps US One as World's Fastest, CNBC

"A Chinese scientific research center has built the fastest supercomputer ever made, replacing the United States as maker of the swiftest machine, and giving China bragging rights as a technology superpower. The computer, known as Tianhe-1A, has 1.4 times the horsepower of the current top computer, which is at a national laboratory in Tennessee, as measured by the standard test used to gauge how well the systems handle mathematical calculations, said Jack Dongarra, a University of Tennessee computer scientist who maintains the official supercomputer rankings."

Chinese Supercomputer Likely to Prompt Unease in U.S., WS Journal

"But Mr. Dongarra and other researchers said the machine should nevertheless serve as a wake-up call that China is threatening to take the lead in scientific computing--akin to a machine from Japan that took the No. 1 position early in the past decade and triggered increased U.S. investment in the field."

Foursquare On-Orbit

Astronaut Doug Wheelock Checks In With Foursquare From International Space Station


"NASA astronaut and International Space Station Commander Doug Wheelock became the first person to "check in" from space Friday using the mobile social networking application Foursquare. Wheelock's check in to the space station launches a partnership between NASA and Foursquare to connect its users to the space agency, enabling them to explore the universe and discover Earth. The partnership also features a customized section of the Foursquare website for NASA, where the agency will provide official tips and information about the nation's space program in locations throughout the United States."

Announcing the Launch of IaaS, powered by Nebula

"Today, the pre-release of NASA Cloud Services, powered by Nebula is available to all NASA personnel. Plans call for the pre-release to be seamlessly transitioned to production after the Operational Readiness Review (ORR) is completed in the coming weeks."

NASA wants to run space missions, not data centers, ComputerWorld

"NASA CTO Chris Kemp said he believes that compute resources are fundamentally a utility, no different than electric power. And "we don't own power plants right now - we don't own other services that are provided as utilities," he said "I don't see why NASA needs to operate any infrastructure," said Kemp. "We can build space probes, we can build deep space networks, we can stay out on the frontiers, where the American public wants us to be and not spend over $1 billion a year on it infrastructure."

OpenStack: An Open Cloud Initiative Makes its 1st Release, ReadWrite Cloud

"It's official. Open Stack has made its first release. It's a major moment for the nascent open cloud initiative, a service that combines the Rackspace object storage capabilities with NASA's Nebula, the open computing effort from the U.S federal space agency."

NASA Open Government Summit Emphasized Data Exchange

"NASA is working to publish more of its data sets online and create more opportunities to engage with the public using digital tools. This was a major part of the discussion during the monthly Open Government Community Summit at NASA Headquarters in Washington last week. NASA's Office of the Chief Information Officer and Office of the Chief Financial Officer hosted the meeting. The event brought leaders from both government and public sectors together to discuss transparency, participation and collaboration in an era of emerging new technologies, maturing systems and increased generation of open data."

"The Open Government Community Summit Series is an inter-agency collaborative event hosted by a different agency each month. Several working groups have formed out of previous workshops, and the focus for the final two workshops of 2010 is to actually build-- not just talk about-- the infrastructure (i.e. collective knowledge resources and standard operating procedures) necessary to sustain the open government community over the long haul. This month's summit is generously hosted by NASA and facilitated by the Open Forum Foundation."

Hokey smokes, Bullwinkle! NASA.gov Beat Google!

"So how are we doing? Pretty well it seems. Our scores for September and for the third quarter of 2010 were the highest we've ever gotten. We continue to outpace web sites generally and most other federal-government sites, and we remain fairly close to some of the most widely used commercial sites. Our September score of 83 wasn't too far behind Netflix and Amazon, and it was well ahead of some others. And, heck yeah, we were higher than Google last month. I can only recall one other month that we were even; Google is usually the highest rated site of all that use this particular service. Most likely it's a one-month aberration, and the more interesting question is what caused them to drop so precipitately. But you'll have to ask them."

NASA And Univision Team Up

NASA And Univision Collaborate To Engage Hispanic Students

"NASA and Univision Communications Inc. are teaming up to launch an on-air and online initiative to help engage Hispanic students in science, technology, engineering and mathematics (STEM) education. NASA is committed to preparing the next generation of scientists, engineers and technologists. Univision, a leading Spanish-language media company with television, radio, online and interactive assets focused on improving graduation rates and preparing Hispanic students for college."

Status of NASA's Transition to Internet Protocol Version 6 (IPv6), NASA OIG

"As of March 2010 the Agency did not have an updated or complete IPv6 transition plan as required by OMB. This occurred, in part, because the Agency has ample IPv4 addresses to meet its current and future requirements and because the individual who was leading the IPv6 transition effort left NASA in November 2006 and no one has been assigned to replace him. As a result, the Agency does not have adequate assurance that it has considered all necessary transition elements or that the security and interoperability of its systems will not be affected as other Government agencies and entities transition to IPv6. Accordingly, even if NASA can continue meeting its communication needs using IPv4 addresses, it should ensure that its systems are prepared as other Internet users transition to IPv6."

Information Technology Security: Improvements Needed in NASA's Continuous Monitoring Processes, NASA OIG

"Although the Agency concurred with that recommendation, NASA decided to implement a single Agency-wide inventory instead of Center-level inventories, which delayed implementation until at least September 2010. In this review, we found that the lack of complete and up-to-date inventories is a barrier to effective monitoring of IT security controls. Accurate inventory lists increase the effectiveness of an IT security program by providing a means to verify that 100 percent of the computers in the Agency's network are subject to configuration, vulnerability, and patch monitoring. Until NASA establishes a complete inventory of its network resources, Centers will be unable to fully implement these key IT security controls and NASA's IT security program will not be fully effective in protecting the Agency's valuable IT resources from potential exploitation."

Review of NASA's Management and Oversight of Its Information Technology Security Program, NASA OIG

"We found that NASA's IT security program had not fully implemented key FISMA requirements needed to adequately secure Agency information systems and data. For example, we found that only 24 percent (7 of 29) of the systems we reviewed met FISMA requirements for annual security controls testing and only 52 percent (15 of 29) met FISMA requirements for annual contingency plan testing. In addition, only 40 percent (2 of 5) of the external systems we reviewed were certified and accredited."

Reader note: I took interest in Nmap Developers Release a Picture of the Web from slashdot.org. The article says: "The Nmap Project recently posted an awesome visualization of the top million site icons (favicons) on the Web, sized by relative popularity of sites. This project used the Nmap Scripting Engine, which is capable of performing discovery, vulnerability detection, and anything else you can imagine with lightning speed. We saw last month how an Nmap developer downloaded 170 million Facebook names, and this month it's a million favicons; I wonder what they'll do next?"

So I took the liberty of searching for our beloved icon. Here is the link which finds the NASA logo in the mix.

According to the article, "the area of each icon is proportional to the sum of the reach of all sites using that icon. ... The smallest icons--those corresponding to sites with approximately 0.0001% reach--are scaled to 16x16 pixels." The NASA.gov came up at 232 232 pixels which, if I understand it correctly NASA reach = ((232^2)/(16^2))*(0.0001%) = 0.02%

Again, if I understand right, this means that 0.02% of the people who surfed the web in 2010 have visited www.NASA.gov. As a check on my interpretation of "reach", Google is stated as 11,936 x 11,936 and therefore has a reach of ((11,936^2)/(16^2))*(0.0001%) = 55.6516% ...or >1/2 of all users use Google. Which is certainly a believable calculation.

Another Reader notes: I think it came up as 464 464 pixels. Not 232 X 232.


Loading

 



Monthly Archives

About this Archive

This page is an archive of recent entries in the IT/Web category.

ISS News is the previous category.

Moon is the next category.

Find recent content on the main index or look in the archives to find all content.