Recently in Security Category

Keith's note: On 21 February 2020 a memo titled "Unauthorized Unmanned Aircraft Systems (UAS) Flights Over NASA Centers/Facilities", written by Joseph S. Mahaley, Assistant Administrator, Office of Protective Services, was sent to the entire NASA workforce. It opens with:

"This communication is forwarded at the direction of NASA Associate Administrator Steve Jurcyzk to educate all employees, contractors, tenants, and others having access to NASA properties on the threat posed to people, facilities and operations by unauthorized UAS/drone flights over NASA Centers/Facilities."

OK, this is a perfectly reasonable thing to advise employees about. Drones are problematic for many reasons. After going into the damage that can be caused by - and punishment for violations of NASA drone use policy, the author goes on to describe the various uses of drones:

"UAS/drones are used to film weddings, properties, inspect power lines, and to identify fires in remote forests. Criminals use them to "peep" into windows and to deliver contraband to prisons. U.S. Law Enforcement officials are concerned that terrorists may use UAS/drones in future attacks. Soon, UAS/drones will deliver packages to homes, ferry people to and from their destinations and for purposes not yet imagined: all with the help of NASA UAS traffic Management Systems!"

This is a weird train wreck of strange word capitalizations (editor needed), a list of the benefits of drone use, and the bad uses of drones - and they are all apparently benefiting from the NASA UAS traffic technology. Its like a list of NASA spinoffs for good guys and/or bad guys. The author then goes further to list the dangerous uses of drones:

"The Department of Defense very successfully uses UAS/Drones to conduct Intelligence, Surveillance, Target Acquisition, and Reconnaissance. In January of this year, U.. Forces using an MQ-9 Reaper UAS, at the direction of President Trump, eliminated top Iranian terrorist Qassem Soleimani (leader of the Iranian Revolutionary Guard Force) under whose direction scores of U.S. Forces were killed or maimed and who was in Iraq to plan more attacks against Americans. UAS/drones can be used for good or ill; depending on the skill/intent of the operator."

To be clear this evil b*stard deserved no mercy. Full stop. You can debate whether or not it should have been done this way but not in a NASA memo. This paragraph reads like some political talking points and election year arm waving sent directly from the White House spin office. Why is NASA using an internal memo to employees to brag about a military attack mentioning the President by name - unless, perhaps, this is also a spin off of NASA UAS traffic management technology? I think we all doubt that this is the case. So why is it even mentioned?

This memo would be just fine without this overtly political paragraph. And to mix NASA benefits in the middle of a memo designed to warn people of certain dangers is a goofy place to try and promote NASA technology. Save that for a separate memo and focus on the risks. I hope someone in Jurcyzk's office pays a little more attention to incendiary and politically-tanted verbiage being sent out in official memos.

Get an editor, Steve.

I sent these questions to PAO etc. to see if someone can explain this: "Can someone explain why overt mention of a specific military action in Iraq was deemed necessary to mention in a memo designed to warn NASA employees about drones flying over NASA facilities?" and "Why was a memo used to warn employees about drone risks also used to promote the benefits of drone use?"

Full memo.

Keith's update: This is NASA PAO's non-answer answer: "Hey Keith. As you know, NASA is involved in the development of unmanned aircraft, and drone technologies and traffic management systems. The intent of the phrasing was to point out to employees that there are positive and negative uses of these technologies, and to give examples of both. The communication was intended to convey the risks to people, facilities, and operations posed by unauthorized flights over NASA Centers and facilities. The mention of the military drone strike was included, as this was a very recent example of the potential power and lethality of drones."

NASA OIG: NASA's Security Management Practices

"While overall security policy and oversight are managed by OPS at the Agency level, implementation and funding of protective services operations remains a responsibility of Center leadership who used their resources to pursue Center- based priorities. As a result, OPS authority is marginalized and Centers, at times, develop and implement strategies that conflict with the intent of Agency directives. As part of MAP, OPS was to assume funding and day-to-day operational responsibility for protective services across the Agency. However, in August 2019 NASA changed its plans to centralize management of the physical security portion of the Agency's protective services operations and as of the time of this report the impact of this decision on the Agency's overall approach to security management remains unclear. Despite our concerns that OPS was not well positioned to manage such a change because it currently lacks an organizational or governance structure to implement and oversee such enterprise-level responsibilities, we do believe several planned initiatives, if properly implemented, could leverage economies of scale and improve protective services operations."

Keith's note: From "Me and my colleagues are out of work during this shutdown with no prospect for ever getting back our lost wages. The federal government has a hard time recruiting people in my field because of a large salary difference with private sector companies. We choose a career with federal agencies because we believe in the mission of protecting the United States. NASA is going to lose a lot a talent in cyber security as workers like myself seek more stable employment elsewhere."

Follow-up Evaluation of NASA's Implementation of Executive Order 13526, Classified National Security Information, NASA OIG

"Although NASA has taken steps to implement our prior recommendations, we continued to identify inconsistencies in the Agency's application of CNSI policies and procedures that led to improper marking of classified documents. This occurred because of insufficient identification and training of classifiers. Further, implementation of the Agency's self-inspection program was not fully effective because NASA Centers did not consistently review documents to verify the accuracy of classified markings. Improved identification and training of classification officials and effective self-inspections would help ensure classified information at NASA is managed in accordance with Federal requirements."

Information Security: NASA Needs to Improve Controls over Selected High-Impact Systems. GAO-16-688SU, September 23, GAO (Restricted report)

Keith's 11 Aug update: Sources report that the person (referenced below) who was told that they could not attend the JPL Planetary Science Summer School has now been told by NASA HQ that they can attend after all.

Keith's 7 Aug 10:11 am note: The following is posted in a Closed Facebook page "Young Scientists for Planetary Exploration". The group has 1,549 members. I was made aware of this issue last night in great detail before I asked to join the group. When my membership was approved just now I was confronted with a warning that I would be banned for life if I posted anything from this group. I was not aware of this restriction when I asked to join - only after the fact. This is an important issue that needs to be surfaced. I will not identify the individual who posted this. I expect to be banned momentarily. Oh well.

Keith's 7 Aug 8:11 pm note: I have been kicked out of the group (one would assume) for raising this issue. You're welcome. What is really odd is that Andy Rivkin, one of the people who run this Facebook group, violates their own rules with regard to publicly discussing content from within the group.

"I've been participating in this year's JPL Planetary Science Summer School for the past 9 weeks, and was told only today that I have been declined further participation in the program, and will be withdrawn from next week's session at JPL. The reason I was given was that my place of birth was in Hong Kong, regardless of the fact that my citizenship is Canadian. NASA regards all persons born in Hong Kong as Chinese Nationals, including those like myself who were born prior to the 1997 handover, were never granted Chinese citizenship, and have immigrated to other countries like Canada. After contacting some people to try to understand why I was informed of this so late, it has come to my attention that this is a NASA-wide issue (not just JPL or PSSS) that was enacted just today by the NASA HQ Security Branch."

- Hong Kong Policy Act Report, State Department
- Designated Countries List, NASA HQ Security



Monthly Archives

About this Archive

This page is an archive of recent entries in the Security category.

Safety is the previous category.

Shutdown is the next category.

Find recent content on the main index or look in the archives to find all content.