Personnel News: November 2020 Archives

Keith's 18 Nov update: NASA wants to transmit their stuff to you. But they really don't want you to talk to their people about it.

Once upon a time - actually for more than a decade - you could go to people.nasa.gov to find out how to contact a government employee at NASA. Not any more. Here is what the site looked like on 28 October 2020. You used to be able to type in names and find out their email address and phone number. Now all you get is a statement that says "This site and its contents are no longer available. Visitors are encouraged to learn more about space and NASA's mission by visiting the NASA homepage. NASA employees visiting this site should refer to internal directory services for employee information."

I just got another response from NASA PAO to my five follow-up questions regarding the shutdown of NASA's online employee directory. In a nutshell they are afraid that letting people see email and phone numbers of government employees puts the agency at risk so that is now stopping. OK, phishing and scams are on the rise so you cannot fault them with being responsive to that. But many - most - other Federal agencies still let citizens, the media, other government employees, researchers, and congressional staff query their agency's websites to find employees. They will no longer be able to find the people who work on various NASA programs.

Instead, everyone outside of the NASA firewall will now have to go to a "Contact Page" at NASA with high level links to everything except a personnel search. Instead of finding the person you need you will have to hope that these generic links will send you some where where someone will decide that maybe you can contact someone else. Given the glacial speed at which it took CIO to fix simple errors in their own directory takedown you can imagine how slow it will be for NASA to get back to you when you are looking for someone. If they even respond, that is.

But OK, they have their "Contact" page. Is this Contact page mentioned at NASA.gov? Answer: It is a small little link at the lower right at the bottom of the home page where most people will never think to see it. How do you contact NASA if the Contact page itself is more or less hidden from view? Shouldn't it be a prominent link in all of the top menus? Seriously, doesn't NASA want to interact with actual human people while it blasts all the space stuff put on the Internet? NASA complains about not being able to do enough outreach and why people often do not understand what NASA does. So what does NASA do? It continues to shrink the ability for the public - the people who pay for the whole party - to interact with NASA. NASA's big cosmic radio is set on "TRANSMIT". It is never set on "RECEIVE".

We should all be concerned. This is another example of dumbing down NASA's public functionality and reducing overall transparency. Hopefully this will change after 20 January 2021.

NASA PAO Response:

1. Why am I still able to access that database via a rather elementary work around a day after I posted mention that the database is still accessible?

NASA Answer: The Lightweight Directory Access Protocol (LDAP) database is a service that enables secure email to be exchanged with our partners and other federal agencies. Reconfiguration is being implemented in phases in order to ensure sufficient testing is performed to not disrupt current operational services. You noticed that the main search page for the public directory was disabled. Additional changes are planned that will address other ways of obtaining this information.

2. Why are other Federal agencies not adopting your "industry standard" i.e. why are their employee directories still openly accessible by the public?

NASA Answer: With respect to other federal agencies, it is certainly up to them to determine what risks they face and how they will address those risks.

3. When was the determination made that long-standing publicly available information now presents a risk to NASA?

NASA Answer: When people.nasa.gov was established over 20 years ago, the risks of sharing internal official communication email addresses and phone numbers was significantly lower than it is today. Since then, internet-facing organizations have had to adapt to a vastly different threat environment by changing how they present and protect their services. Examples of these types of infrastructure service changes include transitioning to Secure HTTP servers, replacing passwords with multifactor authentication, and closing down insecure internet-facing services like NFS and telnet.

The NASA CIO team is working to strengthen cybersecurity across the agency, and this is part of that process. Spear phishing attacks, which are targeted email-based social engineering threats to an organization, are a very common form of attack. NASA is simply trying to prevent attackers from easily obtaining the information needed to facilitate these phishing attacks. You noticed that the main search page for the public directory was disabled. Additional changes are planned that will address other ways of obtaining this information. With respect to other organizations, it is certainly up to them to determine what risks they face and how they will address those risks.

4. Can you provide me with the specific "industry best practices" that NASA is using as a basis for this action?

NASA Answer: NASA is simply trying to prevent attackers from easily obtaining the information needed to facilitate these phishing attacks. Keith's note: in other words they actually do not have any standards even though they claim to be following them. I hope someone sends in a FOIA on this)

5. Are members of the media and general public at legal risk if they post information that can be readily accessed from this database or post the way in which this database can still be accessed by the public?

NASA Answer: The public may certainly access information that NASA makes publicly available. While the main search page for the public directory was disabled, additional changes are planned that will address other ways of obtaining this information. The public can find information about contacting NASA at: https://www.nasa.gov/about/contact/index.html

Earlier post

Keith's note: Here is the text of the comments - the number in front of each was the number of times it was voted up when this text was grabbed at 2:05 pm EDT on 13 November 2020 from "JSC Virtual Town Hall online" at https://jsc.cnf.io/sessions/35018/#!/dashboard (link may become inactive) Update: about 10-15 minutes after this was posted on NASAWatch JSC made the page's contents disappear .

"Please submit questions for the JSC Virtual Town Hall and vote for other questions that you would like to see answered. Top questions will be addressed by Mr. Geyer, Ms. Wyche, and Dr. Taddeo on Nov. 17th. Submissions will be accepted until 2 p.m. on Nov. 13th."

Social Q&A Ask Vote by clicking / tapping the arrow

268 Biden's NASA transition team has been announced and they have made several statements. They support moving the moon landing to 2028. How will this and their desire for NASA to primarily focus on Climate Change impact JSC?

160 What-a-Burger of Chick-fil-A?

148 Found it pretty shocking at last townhall that there was not yet any criteria for what would cause a move back to stage 3. This is incredibly important and was brought up in townhall questions before transition where you all agreed it would be important so what happened and why?

143 What is JSC doing to proactively prepare for a presidential transition?

142 Bridenstine recently warned of a gap between ISS retirement and future commercial space station to take over LEO operations. What is being done currently to ensure we don't have a long gap like we just experienced at the end of the Shuttle retirement.

Keith's note: You would think that after Joe Biden's win that hearings on Trump Administration appointees would be moot. I guess not. Senators could be off focusing on pandemic-related legislation that has stalled - you know, something far more pressing. Instead, they prefer to waste their time rearranging deck chairs on the Titanic. This hearing for three Trump nominees includes former Trump Landing Party member Greg Autry who has been nominated to become NASA CFO is still going ahead today at 2:30 pm EST. You can watch the pointlessness here.

Michael Mishchenko


Loading

 



Monthly Archives

About this Archive

This page is an archive of entries in the Personnel News category from November 2020.

Personnel News: October 2020 is the previous archive.

Personnel News: December 2020 is the next archive.

Find recent content on the main index or look in the archives to find all content.