Keith’s note: According to this GAO report: “Chief Information Officer Open Recommendations: National Aeronautics and Space Administration“: “NASA needs to take additional steps to secure the information systems it uses to carry out its mission, including improving its risk management program.” … “we recommended that the agency develop an implementation plan with time frames to update its spacecraft acquisition policies and standards to incorporate essential controls required to protect against cyber threats.” “NASA needs to better manage and track its IT resources” “In addition to GAO’s recommendations, the NASA Inspector General also has multiple open recommendations in the area of cybersecurity.”

Keith’s note: the following was sent out by NASA CIO Jeff Seaton to the OCIO workforce today: “OCIO, I want to personally thank those of you who supported the Agency in a variety of capacities during the shutdown and welcome back those of you who were unable to work. As this shutdown ends I appreciate your resilience and professionalism during this time. I know this has been challenging — both personally and professionally — and I appreciate the commitment you always show to this Agency and to public service. You are what makes NASA great.”

OCIO Team, I wanted to provide an update on our current situation and related planning efforts as we navigate significant organizational changes, first starting with my plans. As many of you may have heard, after 35 years at NASA, I have decided to bring my career to a close – but this is not happening immediately. I’ll be here through the end of the calendar year to support the many challenges we are working and enable an effective transition while continuing to partner with you in doing great things for NASA. Now about some of those challenges…

Keith’s note: here we go again. A new GAO report: Cybersecurity: NASA Needs to Fully Implement Risk Management is out. Yawn. Once a year GAO, NASA OIG, or some other authoritative body does a review of NASA IT security and they come back and say that NASA is dragging its feet and not dealing with the ever-growing plethora of cyber events that confront us all. NASA writes a letter back saying yea, we’re sorry, I guess you are right but we have an action item to look into this. See you next year. Here are some examples of the past few years: (More below)

NASA OIG: NASA’s Cybersecurity Readiness, NASA OIG “The Chief Information Officer (CIO) has struggled to implement an effective IT governance structure that aligns authority and responsibility with the Agency’s overall mission. … In FY 2020, the OCIO spent $278 million on IT, $74 million of which was budgeted for institutional cybersecurity. Separate from the OCIO, mission offices in FY 2020 invested $169 million on missionbased cyber management at locations around […]

Keith’s note: Earlier today I posted NASA CIO’s Open Data Thing Is Still Screwed Up. I went back to to the CIO’s data.nasa.gov page to see if their data collection is accessible to the public. I went to the “Technical Report Server” pull down menu and clicked on “Public Search” which sent me to NTRS – NASA Technical Reports Server. I searched for “astrobiology” and the top search result is […]

Keith’s note: In my 27 March 2021 posting about yet another mess at the Chief Information Office “The NASA CIO OpenNASA Website Has Expired – Further” (updated on 19 April 2021) I documented how out of date the NASA CIO’s website on open data was. This is what it looked like on 23 April 2021 – showing an update of 2 April 2021 and a responsible official who left NASA […]

The NASA CIO OpenNASA Website Has Expired Keith’s update: It has been 3 weeks since this post and not much has changed – except that the page was supposedly updated on 2 April 2021 (but shows a responsible NASA official who retired several years ago). And if you go to the Datanauts link you get a broken link error “Not Found The requested URL /explore/datanauts/ was not found on this […]

Keith’s note: The NASA Office of the Chief Information Officer is charged with lots of things and has dabbled over the years in “Open Government” – something that the Obama Administration championed and the Trump people ignored. There is a website called OpenNASA that is supposed to be a focal point for NASA’s engagement in Open Government. When you click on the NASA Open Government Plan (the “most recent” report […]

NASA OIG: Fiscal Year 2020 Federal Information Security Modernization Act Evaluation – An Agency Common System “… We found that NASA had not assessed the Agency common control entitled SI-04, Information System Monitoring, since April 2015. Moreover, the control was classified in 2015 as “other than satisfied,” but system security officials still had not taken appropriate action to address the control deficiency by developing either a POA&M or Risk-Based Decision […]