Keith’s 4:38 pm update: As it happens this commuter bus tweet was not even made by Renee Wynn but rather by someone else who has access to the @NASACIO Twitter account (even though the face on the Twitter page is Renee Wynn’s). This error went unnoticed for more than 5 hours hours until NASAWatch pointed it out. And it took another 5 hours before an indirect message was sent to […]

NASA OIG: Cybersecurity Management and Oversight at the Jet Propulsion Laboratory “Multiple IT security control weaknesses reduce JPL’s ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals. … We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended […]

Renee Wynn, CIO, NASA, GovernmentCIO “Renee Wynn has an astronomical responsibility in managing a mix of new and legacy systems to manage NASA’s vast amount of data across its programs that include missions back to the Moon and to Mars.” Overhauling NASA’s Tangled Internet Presence, earlier post “One thing NASA needs to do as part of this effort to fix its public and internal cyber infrastructure is to totally overhaul […]

NASA Internal Memo: Website Modernization and Enhanced Security Protocols (PDF) “Currently there are an estimated 3,000 public-facing NASA Web sites, yet the top 10 sites receive 80 percent of all Web traffic. Additionally, some NASA partners operate Web sites on our behalf outside of the Agency, creating redundancy and accumulating unnecessary costs. Not only does this duplication of information cause confusion, each Wen site provides potential access for a cyber-attack […]

Keith’s note: The last two times there was a data breach I was directly affected since I am a former NASA civil servant even though I left the agency 25 years ago. I also underwent a FBI security scan to get a press badge at NASA HQ 15 years ago. I sent an email to NASA HQ PAO, Human Resources, and CIO yesterday asking how media and former employees are […]

Keith’s note: If you go to this NASA CIO page “Security Requirements & Policies” you will see that they list all of their directives and memos but you cannot download any of them since there are no links. Lets focus on the first one on the list: “NPR 1382.1A, NASA Privacy Procedural Requirements, July 10, 2013”. If you go to NASA NODIS (NASA Online Directive Information System) and enter the […]

Audit of NASA’s Information Technology Supply Chain Risk Management , NASA OIG “While NASA has improved its supply chain risk management efforts since the process was first mandated in 2013, we identified pervasive weaknesses in the Agency’s internal controls and risk management practices that lead us to question the sufficiency of its current efforts. NASA’s risk assessment process, when followed, often consists of a cursory review of public information obtained […]

A US-born NASA scientist was detained at the border until he unlocked his phone, The Verge “Seemingly, Bikkannavar’s reentry into the country should not have raised any flags. Not only is he a natural-born US citizen, but he’s also enrolled in Global Entry — a program through CBP that allows individuals who have undergone background checks to have expedited entry into the country. He hasn’t visited the countries listed in […]

Final Memorandum, Federal Information Security Modernization Act: Fiscal Year 2016 Evaluation (IG-17-002; A-16-009-00)* “*In preparation for public release, selected portions of this report containing sensitive security information have been redacted under exemption (b)(7)(E) of the Freedom of Information Act (FOIA). NASA received 27 out of 100 possible maturity level points, indicating that overall it has not yet implemented an effective information security program.”

Follow-up Evaluation of NASA’s Implementation of Executive Order 13526, Classified National Security Information, NASA OIG “Although NASA has taken steps to implement our prior recommendations, we continued to identify inconsistencies in the Agency’s application of CNSI policies and procedures that led to improper marking of classified documents. This occurred because of insufficient identification and training of classifiers. Further, implementation of the Agency’s self-inspection program was not fully effective because NASA […]