Washington D.C. – The Subcommittee on Investigations and Oversight today held a hearing to examine the state of information security at the National Aeronautics and Space Administration (NASA).  Witnesses discussed the details of recent NASA Office of the Inspector General (IG) reports concerning information security, the steps NASA is taking to address the recommendations contained in those reports, and future challenges to the Agency’s information security posture.

“As Washington debates the government’s appropriate role in private-sector cybersecurity activities, we should remember that the government is already responsible for securing its own networks and information – a task that it has executed with mixed success,” said Subcommittee Chairman Paul Broun (R-GA).  “Many of the technologies developed and utilized by NASA are just as useful for military purposes as they are for civil space applications.  While our nation’s defense and intelligence communities guard the ‘front door’ and prevent network intrusions that could steal or corrupt sensitive information, NASA could essentially become an unlocked ‘back door’ without persistent vigilance.”

NASA relies on information technology (IT) systems and networks to control spacecrafts like the International Space Station, conduct science missions using orbiting satellites like the Hubble Space Telescope, as well as for common institutional needs like email and data sharing. The threat of cyber attack to Agency satellite operations, mission support, and technology research is increasing in sophistication and frequency.

NASA Inspector General Paul Martin said “Until NASA incorporates IT security policy into its Agency-wide IT governance model and fully implements related IT security programs, it will continue to be at risk for security incidents that can have a severe adverse effect on Agency operations and assets.”

“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our Nation’s competitive technological advantage,” Martin continued.  Demonstrating this threat, Mr. Martin testified that the “March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station.”  Similarly, Chairman Broun cited the recently released U.S. China Economic and Security Review Commission report that noted that the Terra and Landsat-7 satellites “have each experienced at least two separate instances of interference apparently consistent with cyber activities against their command and control systems.” 

Chairman Broun acknowledged that NASA has taken actions to adopt the recommendations included in the NASA IG report, but also said that more must be done.  “Despite this progress, the threat to NASA’s information security is persistent, and ever changing.  Unless NASA is able to constantly adapt - their data, systems, and operations will continue to be endangered.”

The following witnesses testified today before the Subcommittee:
Ms. Linda Y. Cureton, Chief Information Officer, NASA
The Honorable Paul K. Martin, Inspector General, NASA