NASA wrestles risk

NASA has a new mindset when it comes to protecting information, officials and vendors say.

The space agency, traditionally open and promotional, has been testing myriad security systems recently. A NASA security official called electronic risk management a philosophical change, since most scientists think that all their work should be shared with the public. But national security and intellectual property are at risk, the official said.

"All our information is not available to the rest of the world," he said, adding that otherwise, unauthorized users could tap satellite, telecommunications and aeronautics information and use it for weapon systems building or black market sales to other countries.

NASA tests many types of risk management software to prevent electronic information from leaving NASA networks unmonitored. But most companies package extraneous functions into their security appliances, the official said. "The problem with security today is that too many companies come in with a Mercedes, when we only need a Ford," he said.

As a result, the agency may ask for modifications from would-be security vendors. Customizing and combining an offer to conduct security assessments with a proposal related to a secured data software package for e-mail saved about $15 million, the official said.

Technology vendors say they can see the difference in NASA’s new take on intellectual property and security. "They seem to be moving from the defensive posture to more offensive posture," said Kevin Cheek, vice president of marketing for Reconnex, whose iGuard network appliance is currently being used in a NASA pilot program.

Content that leaves the networks of Ames Research Center, Marshall Space Flight Center and NASA headquarters is stored by iGuard for real-time document scanning and network forensics, which involves analyzing network events to discover the source of security attacks or other problems.

The agency has been evaluating Reconnex's for two months and plans to test it for at least six more months, the NASA security official said.

Employees for the space agency must physically monitor the application’s data sheets and logs, regularly, to prevent leaks. While it is natural to share data with universities and aeronautics contractors, who possess passwords, sometimes, mistakes occur.

"Most leaks are not intentional. They’re just sloppy," the official said, adding that NASA will not turn into an armed camp. "We don’t want to wait for the leak to occur, we’re trying to fortify the firewalls."

A product from technology and services company Strategic Thought is being used for NASA's redesigned exploration projects. The Exploration Systems Mission Directorate has mandated that Strategic Thought's Active Risk Manager -- a Web-based, commercial, off-the-shelf product -- be used by all programs to help mitigate mission problems.

"If they continued to have cost overruns, budget overruns or kill people, their reputation was not going to be enhanced," said Karl Pringle, Strategic Thought general manager. "With the new directorates, they are taking risk very seriously."


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected