IT/Web: September 2020 Archives

Hearing link, Hearing on Cybersecurity Infrastructure and Information Technology Management, Policies, and Practices at NASA

Prepared statements

- Rep. Kendra Horn
- Rep. Eddie Bernice Johnson
- Rep. Brian Babin
- Jeff Seaton, Chief Information Officer (Acting) National Aeronautics and Space Administration
- Diana L. Burley, Vice Provost for Research, American University

- Paul K. Martin, Inspector General, National Aeronautics and Space Administration

"Our concerns with NASA's IT governance and security are long-standing and reoccurring. For more than two decades, NASA's OCIO has struggled to implement an effective IT governance structure that aligns authority and responsibility commensurate with the Agency's overall mission. Specifically, we have found that the Agency Chief Information Officer (CIO) and IT security officials have limited oversight and influence over IT purchases and security decisions within Mission Directorates and at NASA Centers. The decentralized nature of NASA's operations coupled with its long-standing culture of autonomy hinder the OCIO's ability to implement effective enterprise-wide IT governance. For example, in an August 2020 audit we found OCIO's visibility into the process Centers use to authorize and approve IT systems and devices to access Agency networks remains limited.4 Although the NASA CIO is responsible for developing an Agency-wide information security program, OCIO relies on Center-based CIOs and IT security staff to implement and enforce the Agency's information security policies. This practice has allowed Centers to tailor processes to meet their own priorities, which has in turn led to inconsistent implementation of NASA's enterprise-wide IT security management. Such a decentralized approach to cybersecurity management limits OCIO's ability to effectively oversee NASA's information security activities and make informed decisions related to project timelines, costs, and efficiencies as well as realistically assess the overall security of NASA's numerous IT systems."

- Earlier posts on NASA IT

Keith's note: When most people hear the phrase "space science" it is logical to expect that they think of "science" in "space". Maybe its astronomy or planets. Maybe its studying how humans live in space. Perhaps its analyzing samples from another world or looking for life in the universe. It might even include looking down at Earth from space. But "space science" simply refers to "science" - and not any one discipline or sub-discipline.

But at NASA "space science" it has been used for decades to refer to missions that do astronomy, astrophysics, heliophysics and to some extent planetary and Earth science. ISS would never be mentioned unless it is for some astronomy or astrophysics payload on board. And there'd be no mention of any "science" done in "space" by NASA's Human Exploration, Technology or Aeronautics Directorates - even if the science was done in space. Since NASA people use a subset of the English language that reflects the NASA phone book and budget plans - and power point lingo - and not how the rest of the world sees things - its websites tend to reflect these distinctions peculiar to NASA. Advisory bodies, OMB, and Congress fall into the same trap. "Space Science" at NASA is not what the phrase probably means to English speakers who hear the two words used together.

Google's top link from a search for "space science" is to a Wikipedia page "outline of space" which defines it this way: "Space science encompasses all of the scientific disciplines that involve space exploration and study natural phenomena and physical bodies occurring in outer space, such as space medicine and astrobiology." Sounds like they mean all science done in - and about - space. Makes sense. Sometimes the top link from Google goes to "Space Science" at the National Air & Space Museum which says "Space science--science performed from vehicles that travel into Earth's upper atmosphere or beyond--covers a broad range of disciplines, from meteorology and geology, to lunar, solar, and planetary science, to astronomy and astrophysics, to the life sciences."

But use the phrase "space science" to a NASA person and the defintion is much smaller and limited. The first NASA link to come up from a Google search for "space science" is "Space Science & Astrobiology @ Ames" which offers this de-facto definition of their piece of space science as:

"The Division will pursue primary leadership roles in NASA missions and mission support activities, based on our current capabilities in the following key strategic focus areas: Life Detection Research and Technology, Mission-Driven Analog Research and Mission Concept Operations, Radiative Transfer Modelling, Laboratory Astrophysics Research, (Exo)planetary Formation, Evolution, Characterization, and Technology Studies"

That is somewhat smaller than the top search result. But it is the first time something from NASA shows up. Not everyone is going to understand the whole field center organizational aspect of NASA. They will simply see "NASA". The next search result you get us is "Space Science" - a PDF reflexting the FY 2003 budget plan that says:

"NASA's Space Science Enterprise will continue to address these four profound questions: How did the universe begin and evolve? We seek to explain the earliest moments of the universe, how stars and galaxies formed, and how matter and energy are entwined on the grandest scales. How did we get here? We investigate how the chemical elements necessary for life have been built up and dispersed throughout the cosmos, evidence about how the Sun affects Earth, similarities between Earth and other planets, and how comets and asteroids in our solar system affect Earth. Where are we going? Our ultimate place in the cosmos is wrapped up in the fate of the universe. Humanity has taken its first steps off our home world, and we will contribute to making it safe to travel throughout the solar system. Are we alone? Beyond astrophysics and cosmology, there lies the central human question: Are we on Earth because of an improbable accident of nature? Or is life, perhaps even intelligent life, scattered throughout the cosmos? Now, in support of the President's new vision of space exploration, orbiting observatories and planetary probes will be joined by human explorers in seeking answers to these questions. Robotic scouts will blaze the trail, reconnoitering the planets, moons, asteroids, and comets of the solar system in advance of human expeditions, as observatories monitor the sun and its effects on its planetary retinue. The Space Science Enterprise will work with the new Exploration Systems Enterprise to develop and deploy new technologies, first on automated spacecraft and then on human missions."

That is much more expansive and seems to include pretty much everything that the Wikipedia definition describes. But there is no mention of Artemis. Oh wait: that is because it is from the FY 2003 era "Vision for Space Exploration" era under President George W. Bush. This is 2020. A 17 year old page like this showing up in a Google search result is easily found and easily remedied. But NASA does not seem to care. Nowhere in the top pages of search results for "space science" is there a link to a NASA page other than the one to the division at Ames. NASA is the pre-eminent space agency when it comes to space science so this is a little odd when a search for "space science" results in one page from a field center and another from 2003.

So lets make the Google search a little more specific for "NASA Space Science". The first search result we get - which is highlighted by Google is the one mentioned above describing a division at NASA Ames. The second result is Science at NASA - - the main NASA Science Mission Directorate page at If you click "about us" you get some pictures but no definition of what Space Science is. The link on that page to "NASA's Science Vision" gets you to this:

"NASA's science program seeks answers to profound questions that touch us all: How and why are Earth's climate and the environment changing? How and why does the Sun vary and affect Earth and the rest of the solar system? How do planets and life originate? How does the universe work, and what are its origin and destiny? Are we alone?"

No mention is made of studying humans in space or other science done on ISS. But if you go down several links you get "Space Station Research & Technology" which talks about the science done in space on the ISS with lots of useful links to other resources. Alas, there is no link to this page from nor does this page link to - so anyone landing at will not know that there is a resource for ISS research unless they dig around for a while. Conversely people arriving at this ISS science page might not get a full appreciation of the vast scope of NASA's various science programs.

If you take the route of skipping Google and just going directly to you see these categories at the top of the page: "Humans in Space, Moon to Mars, Earth, Space Tech, Flight, Solar System and Beyond, STEM Engagement, History, Benefits to You"

The "Earth" and "Solar System and Beyond" pages point to content outside of the official NASA Space Science page at and do not point to Conversely does not point to the "Earth" and "Solar System and Beyond" pages. So you have two independent and inconsistent lines of communication. But wait there's more: The "Humans in space page" page linked to from does not point to the "Space Station Research & Technology" page. So you have a similar redundant path in NASA's overall web strategy that is duplication and unnecessary.

Google cannot improve on bad website design. Its algorithms simply bring forth results on how things are arranged on websites and how people find and link to these resources. NASA could easily delete old information like the 2003 space science page (or replace it with current information); cross link pages that merit cross linking and delete duplicative pages. If need be referral or redirect pages at old links can send people to the right location. A good web design will also allow Google's search spiders to find pages more easily and, if done properly, find them along the lines of topic organization that make sense when someone uses Google to find something. People using a revised NASA website design which is built with an eye on how search engines find things would also find things more easily.

NASA was tasked by its Administrator more than a year to fix this sort of mess. They have not. One of the problems, IMHO is that NASA is only used to being in transmission mode. They do not listen very much. They are used to being providers of information about NASA but they seem to lack any real input from actual users of information about NASA. If they did then their websites would look a lot different. I was once told by a former NASA AA that NASA is popular in spite of itself and its bad outreach coordination simply because its stuff is so compelling and cool. They are quite correct. And NASA is not only stuck in transmission mode, everyone uses a different frequency on incompatible systems to transmit.

NASA people are forever talking about how NASA benefits everyone else and how frustrated they are that more people do not see this. But these same NASA people are hampered by a system of stovepipes and competing fiefdoms at every organizational level at NASA that make a coherent and consistent story impossible to tell. It has been like this for decades. That said, NASA's cool stuff reaches around the world in spite of the internal roadblocks. Imagine what the agency could do if it finally fixed its outreach mechanisms online so as to facilitate - not hinder - this spread of massive NASA coolness?

Form follows function, NASA.

Keith's note: Today the White House is releasing Space Policy directive 5 (SPD-5) "Cybersecurity Principles for Space Systems" according to a media briefing with senior administration officials. This is the first policy for space systems to apply key cybersecurity principles to protect space systems for government and commercial operators. SPD-5 promotes SPD-3 "Space Traffic Management" including space debris issues and other government defense and security directives. SPD-5 notes that cybersecurity practices that apply to terrestrial systems also apply to space systems. Promotes a culture of prevention, risk management, and best practices. SPD-5 Further defines best practices, establishes norms, and will apply across our industrial base and calls for space systems software to be developed using risk based cyber security engineering cybersecurity. SPD-5 calls says that space system developers should protect against unauthorized access, jamming, spoofing, infiltration of ground systems, cybersecurity hygiene, and supply chain risks. SPD-5 says that developers should leverage widely adapted best practices and norms of behavior, and that operators should make appropriate risk trades appropriate to their systems cybersecurity.

President Trump Signs Space Policy Directive Establishing America's First Comprehensive Cybersecurity Policy For Space Systems

"Today, President Donald J. Trump issued Space Policy Directive-5 (SPD-5), the Nation's first comprehensive cybersecurity policy for space systems. SPD-5 establishes key cybersecurity principles to guide and serve as the foundation for America's approach to the cyber protection of space systems."



Monthly Archives

About this Archive

This page is an archive of entries in the IT/Web category from September 2020.

IT/Web: August 2020 is the previous archive.

IT/Web: November 2020 is the next archive.

Find recent content on the main index or look in the archives to find all content.