NASA is just getting started on what many expect to be a transformational reorganization.
This transformation, executives hope, will set the space agency up to develop the next great rocket or space probe in a more coordinated, efficient and secure way.
Renee Wynn, the outgoing NASA chief information officer, said she challenged her staff to come up with a new strategy to improve how NASA manages its IT staff, resources and systems. Implementing this new strategy will be at the top of the next CIO’s to-do list.
Wynn is retiring after about 30 years in government. Her last day is now April 30 or thereabouts instead of her original plan of leaving on March 31, a NASA spokeswoman confirmed.
“We are really coming along in using a blank sheet to reimagine what we should look like,” Wynn said during an “exit” interview on Ask the CIO. “Then from the July to December timeframe, they will have to write that out as an organization, put the boxes on the piece of paper, and develop the implementation plan for how do we go from our current state to the to-be state after the agency blesses the to-be state.”
She said the implementation plan likely will take another 18 months after NASA management approves it.
Wynn kicked off this reorganization effort about a year ago trying to use the authorities under the Federal IT Acquisition Reform Act (FITARA) to get what she has called the “custody and control” of all IT across NASA.
One of the first steps was getting NASA leadership to sign off on the reorganization effort. Wynn said that happened in late 2019 so the real work is getting started this year.
She said part of the effort is to quantify current resources, including people, technology and money.
“The way we have been sharing this with our people is day one, say Jan. 6, 2021, is not going to be that different than say Dec. 15, 2020,” Wynn said. “It is not an immediate change. It’s a huge change as all of our centers will be affected. By month three, you should start to see those differences.”
Currently, NASA isn’t asking for any additional money in fiscal 2021 for the reorganization.
The overarching theme for the reorganization is setting up NASA for future success.
Wynn said that means having the right focus on making IT agile, customer focus, and delivering value, and move from being a functional area to being a business provider to the mission areas.
To that end, Wynn said another big priority for the next CIO will be to further a new effort she started in January around customer experience.
“We will be assigning an individual—yet to be named—who will lead an effort across our different program areas, applications, end user support, communications and other traditional CIO areas to work across that to deliver a much better, more value-added customer experience,” she said. “I’m very excited that we got this started and not waiting until our transformation project to rethink customer experience.”
Wynn said by understanding how the mission works helps any CIO be successful. She said this means having a strong connection to the mission centers and headquarters leaders and then building the trust that the IT department will deliver value.
One way Wynn said she built that trust early on was addressing long-standing cybersecurity problems at NASA.
In 2016, she decided not to sign off on the authority to operate for the systems and tools under the $2.5 billion Agency Consolidated End-user Services (ACES) contract. This set of systems had vulnerabilities that was putting data and users at risk.
“That was certainly an awakening or an enlightening moment,” Wynn said. “I couldn’t say I knew what the risks were [of the systems]. I decided not to sign it and told my bosses and I asked for a plan in two weeks to characterize the risks. That is what happened. I was able to after two weeks characterize the risks to know what I was signing based on the advice of professionals.”
She added she received strong support from then Administrator Charles Bolden and other executives because NASA understands what it means to take risks and mitigating them as best as they could.
Cyber remains a weakness
More than three years later, NASA’s inspector general still says cybersecurity remains a top management challenge.
“For almost 20 years we have identified securing NASA’s IT systems and data as a top management challenge,” the November 2019 report states. “Limited progress by the OCIO to mitigate systemic and recurring IT security weaknesses over the past decades have not kept up with the changing IT landscape. These weaknesses, which have included issues such as patch management and incident response, adversely affect the agency’s ability to protect the confidentiality, integrity, and availability of its critical data.”
Wynn said she hopes a new initiative around supply chain risk management will continue to improve NASA’s cyber posture.
“We have been able to take a look at our software and understand perhaps where it was coded and other things about it beyond the company it came from, but what happened in designing the software and how it functions,” she said. “We rely on other information in a classified environment. We are taking that information and turning it into a red, yellow or green dashboard approach. So if you are buying software, you can check the dashboard and if it has a ‘green’ light, then purchasers can proceed.”
Wynn added that just because a software title is in “green” today, it may not stay there and contracting folks need to pay attention to the changes to ensure they are making risk-based decisions.
“I can’t grow this program fast enough,” she said. “NASA chief information security officer Mike Witt has done a number of things to scale that capability, but it’s hard to keep up because everyone uses software.”