Hearing link, Hearing on Cybersecurity Infrastructure and Information Technology Management, Policies, and Practices at NASA Prepared statements – Rep. Kendra Horn – Rep. Eddie Bernice Johnson – Rep. Brian Babin – Jeff Seaton, Chief Information Officer (Acting) National Aeronautics and Space Administration – Diana L. Burley, Vice Provost for Research, American University – Paul K. Martin, Inspector General, National Aeronautics and Space Administration “Our concerns with NASA’s IT governance and […]

OIG: NASA’s Policy and Practices Regarding the Use of Non-Agency Information Technology Devices “NASA is not adequately securing its networks from unauthorized access by IT devices. Although OCIO has deployed technologies to monitor unauthorized IT device connections, it has not fully implemented controls to remove or block these devices from accessing NASA’s networks and systems. The initial December 2019 target date for NASA to complete installation of these controls has […]

NASA OIG: Evaluation of NASA’s Information Security Program under the Federal Information Security Modernization Act for Fiscal Year 2019 “NASA has not implemented an effective Agency-wide information security program. SSP documentation for all six information systems we reviewed contained numerous instances of incomplete, inaccurate, or missing information. We also performed a limited review of the Agency Common Control (ACC) system, which aggregates and manages common controls across all Agency information […]

Jeff Seaton Named Acting NASA Chief Information Officer “NASA Administrator Jim Bridenstine has named Jeff Seaton as the agency’s acting Chief Information Officer, following the retirement of Renée Wynn on April 30. Previous to this appointment, Seaton served as the Deputy Chief Information Officer where he supported the leadership and integration of NASA corporate and mission critical IT functions and capabilities, as well as oversaw NASA’s annual IT spending of […]

NASA Internal Memo: Website Modernization and Enhanced Security Protocols 15 May 2019 (PDF) “Currently there are an estimated 3,000 public-facing NASA Web sites, yet the top 10 sites receive 80 percent of all Web traffic. Additionally, some NASA partners operate Web sites on our behalf outside of the Agency, creating redundancy and accumulating unnecessary costs. Not only does this duplication of information cause confusion, each Wen site provides potential access […]

NASA Internal Memo: NASA’s Authorized Internal and External Collaboration Tools, NASA CIO “The NASA CIO has worked for the past several years to establish a consistent and modern set of tools to support both internal and external collaboration. While there is still work to do to support some of the more complex use-cases, such as sharing sensitive data with foreign partners, many others are met through Agency approved collaboration tools. […]

NASA CIO Renee Wynn Set to Retire “NASA Chief Information Officer Renee Wynn is retiring on April 30, 2020, after 30 years in Federal service. She is one of the longest-serving departmental CIOs at NASA and in the Federal Government. Before coming to NASA, Wynn spent 25 years at the Environmental Protection Agency (EPA), where she served in several executive roles, including as acting CIO and deputy CIO. During her […]

Keith’s 4:38 pm update: As it happens this commuter bus tweet was not even made by Renee Wynn but rather by someone else who has access to the @NASACIO Twitter account (even though the face on the Twitter page is Renee Wynn’s). This error went unnoticed for more than 5 hours hours until NASAWatch pointed it out. And it took another 5 hours before an indirect message was sent to […]

Raspberry Pi used to steal data from Nasa lab, BBC “An audit report reveals the gadget was used to take about 500MB of data. It said two of the files that were taken dealt with the international transfer of restricted military and space technology. The attacker who used the device to hack the network went undetected for about 10 months. The malicious hacker won access to the Jet Propulsion Lab […]

NASA OIG: Cybersecurity Management and Oversight at the Jet Propulsion Laboratory “Multiple IT security control weaknesses reduce JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals. … We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended […]