NASA has always faced unique challenges among the federal community because of the nature of its mission. Now those challenges are extending to its IT modernization efforts.
“NASA’s ecosystem is rather complex, because we do serve humans not on this planet,” said Renee Wynn, NASA chief information officer. “For NASA, there’s a certain amount of IT that cannot be modernized because it’s still flying in asset, such as Voyager I and II. And you cannot remove satellites, give them a new operating system, and send them back out there.”
In 2014, NASA conducted a business services assessment for IT, and determined it needed to be treated as a strategic resource. Since then, they’ve strengthened the authority of the CIO and gotten her more involved in mission projects. They’ve also reduced desktop contracts. Now they’re doing what they can to upgrade and protect the assets in flight, while considering the rest of the ecosystem in a sustainable manner.
NASA does everything it can to ensure an asset is as secure as possible by the time it leaves, and tries to have a plan for the future. Sometimes the ground control systems for a particular asset can still be upgraded, which helps. But other times, it has to remain legacy to maintain functionality. In that case, they’re forced to wrap controls around the legacy systems to protect them, said Mike Witt, associate CIO for cybersecurity and privacy.
Sometimes NASA also has to separate entire networks, and strictly control who can access each particular enclave.
But another unique challenge NASA faces is that it cannot simply lock down its data indiscriminately.
“Security has to be a cross-functional partnership. It’s not a roadblock,” Witt said.
NASA has to ensure that, while its data is protected, it also remains available to the international scientific research community that relies on it.
One of the ways it’s trying to achieve the required balance is by leveraging the cloud.
“NASA really does understand and embrace the use of cloud, but we do take a very careful approach before we start putting our data in it to make sure the cybersecurity is up to federal standards. We want to make sure it’s easy for the public to get in and access our information because that’s what NASA is all about,” Wynn said.
It offers the best opportunity to quickly share data once it returns from space, while also protecting it. Cloud can also provide high-end computing for surge capability that NASA requires.
That’s why NASA is working with cloud providers to push the boundary of Trusted Internet Connections. The current TIC is legacy, based on the way networks were designed, Witt said, not cloud.
Wynn said NASA is also looking at authentication to the cloud.
“We’re taking a baseline of where we are today, and where we want to move to,” Witt said. “It’s looking at all aspects of the security operations center. Everything, if you will, is on the table as far as what technologies that we have, and what technologies we want to go to. But we’re trying to make sure we’re not married to a specific product.”