Transcripts For CSPAN2 House Hearing On NASA Cybersecurity D

CSPAN2 House Hearing On NASA Cybersecurity During Coronavirus July 12, 2024

From, prior to the hearing. We welcome our distinguished panel of witnesses and those viewing dramatically with Cyber Security at nasa. Increase telework during covid19. In early 2020 the world was caught offguard by the coronavirus. The office of management and budget rapidly shifted to telework operations. 17,000 Civil Servant employees and extensive contractor work. To its credit nasa prepared for the transition having held in agencywide telework exercise in early march. It expanded telework operations and today 75 percent80 of nasa silver servants work remotely, with project oversight and inspections, development work, engineering analysis and other activities. The shift to increased telework raises many questions, front and center cybersecurity. The increase and extended worth of telework means for protecting nasas intellectual property, personally identifiable information and mission operations. How do cyber challenges relate to increase telework affect the agencys overall Cyber Security risk and what steps is nasa taking to assure the effectiveness of its fiber security efforts during the pandemic and beyond. These are some of the questions todays hearing will explore because what is clear is nasa is a target. I want to pause for a moment to note an article in the hill today where the Justice Department has brought charges against internationals for packing Us Satellite Company so this is incredibly timely. Recent nasa report stated given nasas mission and intellectual capital it produces the information maintained in the it infrastructure presents a highvalue target for hackers and criminals. In 2019 nasa administrator Jim Bridenstein said nasa is the most attacked agency in the federal government when it comes to cybersecurity. Past data breaches at nasa facilities result in stolen data, installation of malware, copying, modifying and deleting Sensitive Files and accessing nasa servers including those supporting missions was the department of Homeland Security Cyber Security infrastructure security agency, which is a mouthful, a very Important Agency has issued vulnerabilities related to telework during the pandemic to adopt a heightened in cybersecurity. The agencys chief Information Officer notified employees of increased hacking attempt on the Agency Systems and in june of 2020, media articles recorded that malicious actors on a crude demonstration and announced they had allegedly breached and infect a nasa contractor specifically one that provides Information Technology, Cyber Security and Cyber Security services to the agency. Of true, concerning report and part of the reason we are here today. Protecting nasas it and data demands vigil but nasa Cyber Security challenges dont begin and end with the covid19 crisis was multiple nasa reports have identified weaknesses and ongoing concerns with nasas Information Security. Further they ranked this as a top agency challenge. In ensuring cybersecurity at nasa becomes more pressing given Rapid Advances in it supply chain risks. Nasas culture of openness and the increase in space activity. Nasa is a national treasure, its missions inspire young and old and nasas cuttingedge research and spaceflight experiences are the envy of the world. Nasas a competence wouldnt be possible without computers, software, and Information Systems. Nasa or any organization be risk free, probably not. In todays hearing, an understanding of the challenges and risks posed by increased telework. The bottom line is nasa has the tools it needs and takes an effort to take the action to ensure safety and security in 2019 and beyond that look forward to our witnesses testimony. I am glad, speaking of technology, Ranking Member babin in texas. It is all about telephones. Any way they can do it im glad to be with you. Ingenuity, i love it. Nasa is one of the best known organizations in the world, mercury, gemini, apollo, shuttle and International Space station and breathtaking scientific discoveries, to attract worldwide attention. That comes with many challenges. The technologies nasa develops are sought after by criminal entities, unscrupulous foreign governments and destructive vandals, civil and material applications these challenges are particularly grave and this is focused for decades. The oversight subcommittee, with Information Security, at that hearing he testified the unencrypted laptop was stolen from nasa that resulted in the loss of the algorithms, quote, used to control the space station as well as personally identifiable information and intellectual property. Similarly the us China Economic and Security Review Commission noted in its 2011 report to congress that the landsat 7 satellites experienced two separate instances of interference consistent with cyberactivities against the command and control systems. More recently the nasa it issued its yearly report in july that was found with, quote, Information Systems throughout the agency faced an unnecessarily high level of risk that threatens the confidentiality, integrity and availability of nasas information. The report concluded that it is imperative the agency continue its efforts to strengthen its Risk Management and governance practices to safeguard its data, cyberSecurity Threats and last month the ig issued another report on nasas use of it devices and found that nasa is not adequately securing its networks, for it devices. There were 25 recommendations for the office of the chief Information Officer that do not include it and security recommendations to Mission Directorates or other organizations in the nasa enterprise. This may seem stormy there are specific reasons many of the recommendations were open, agencywide guidelines and best practices are general rules and principles are not optimized to specific agencies, unique capabilities, expertise and challenges with nasa is the world leader in designing, building, operating and communicating with spacecraft. This expertise is in the Mission Directorates and centers who cultivated the expertise over many decades. In some instances they developed software Information Systems and underlying technologies, that they embraced. Even more extreme circumstances, they use one off operating system is that while perhaps not compliant with guidance, arguably more secure because of their youth weakness, efforts to bring these systems into compliance with 1sizefitsall cookiecutter approach for commercial enterprise systems, and the system. The sink nasas Cyber Security shortcomings identified by the ig and ig oh, unauthorized access, the authorization to operate and poor Inventory Management for cause or concern which brings us to the situation nasa currently faces. The covid19 challenge requires most of nasas employees to work remotely. While nasa has embraced teleworking for years the expansion of this practice introduces a larger target and more vulnerabilities for actors to exploit. In addition to teleworking challenges im interested in understanding what level of insight nasa has on cybersecurity as nasa moves toward the publicprivate partnerships. Finally, it is worth noting that donald trump recently issued space policy directive number 5 focused on Cybersecurity Principles for Space Systems and while it is not focused not covid19 focused specifically it is particularly timely given todays hearing and demonstrates the administrations forwardlooking leadership on this topic. I look forward to hearing more about these important issues and what nasa plans to do to mitigate as well as what congress and the administration can do to help. With that i yield back. Thank you for your opening statement. We share the same concerns and are excited and grateful for the opportunity. If there are any members who wish at this point to submit additional opening statements, the statements will be added to the record at this point. Now i would like to introduce our witnesses. Our first witness is mister jack seaton. In april of 2020 Mister Seaton was named nasas chief Information Officer, acting chief Information Officer. Prior to his current position he served as nasas deputy chief Information Officer, spent 7 years as the chief Information Officer and Nasas Langley research center. He began his career in 1991 at as a Research Engineer with robotic systems for spacebased applications and served as langleys chief Information Officer and deputy cio. He received a masters degree and masters degree in Electrical Engineering from virginia tech. Welcome, we are glad you are with us today. Our next witness is mister paul martin, Inspector General for the National Aeronautics and space administration. Mister martin has been the nasa Inspector General since 2009 and prior to that appointment he served as deputy Inspector General at the department of justice. He also spent 13 years at the Us Commission including six years as the commissions deputy staff director. Mister martin received a bachelors degree in journalism from Pennsylvania State university and a doctorate from Georgetown University law center. Welcome, Mister Martin. Our third and final witness is doctor diana burley. She was appointed as professor of Public Administration at American University. Prior to that position she spent 13 years as a professor of human and organizational learning at George Washington university where she was the inaugural chair for the human and Organizational Department and director executive leadership doctoral program. She managed a multimillion dollar Computer Science education and resource portfolio for the National Science foundation, doctor burley received a National Degree from Catholic University of america, masters in Public Management and policy from Carnegie Mellon university and masters in doctoral degrees from organizational science and information policy from Carnegie Mellon university. Welcome doctor burley. As witnesses, you have 5 minutes for your spoken testimony. Your written testimony will be included in the record for this hearing. We will begin with questions and each member will have five minutes to question the panel. We will start today with Mister Seaton. You are recognized for five minutes. Members of the subcommittee on space and aeronautics, thank you for allowing me to appear you want talk about nasas information infrastructure and efforts to manage and protect that the structure during the covid19 pandemic. Due to Strategic Investments over the last several years nasa was wellpositioned to keep our mission moving forward by shifting our workforce to telework last march. As a result nasa has never enclosed and our workforce has continues to work remotely in a productive and creative manner despite highly contagious covid19 virus. With strict safety protocols in place nasa is allowing more employees on site based on factors like local conditions and guidance from cdc another federal partners. Let me assure you the safety of our workforce remains our top priority. At the same time protecting and operating our it infrastructure continues to be another top nasa focus was it plays a Critical Role in every aspect of nasas missions. Effective it management is not an easy task. Is chief Information Officer it is my job to balance implementing it capabilities with Operational Efficiency and effective Cyber Security to guard against evolving threats. During the pandemic demanded expectations placed on nasas it is incredibly high and threats from external actors, but with hard work, dedication, innovation, nasas team has written to the challenge of keeping our mission moving forward. We rapidly developed software for covid19 exposures while all security and privacy requirements. Additionally nasa continues to higher on board employees, contractors and interns with approaches to provisioning and maintaining it systems and tools remotely. The pandemic has dramatically changed the way we work. Many employees telework before the pandemic, having 90 of employees working at the same time has been game changing. Nasa employee cyclically increase their use of virtual Collaboration Tools like webx to interact facetoface while sharing virtual collaborative workspaces. Employees are dependent on natural private network to connect security to internal networks and systems. Before the pandemic our highest vpn connection rate was 12,000 users in a single day. Our support is 40,000 users with an availability of 99 , architectural capacity improvements implemented in the past 24 months. Like other federal agencies nasas it infrastructure is under constant attack from well resourced and highly motivated domestic and foreign adversaries and we remain a popular target for them. We continue to strengthen our technical and procedural capabilities to proactively protect our systems and data. The recorded number of Cyber Incidents continues to increase partly because we have greater visibility into our network i am confident that nasa is addressing and strengthening our response to these threats. In fiscal year 2020 nasa developed continuity of operation to enhance our Security Operations Center Located at the Ames Research center. The stock operations were disrupted we had the ability to identify and respond to incidents. Today nasa stock operations allow us to maintain 24 by 7 stock operations at all times even if there is not isolated distraction. With isolated tools and capabilities nasa is transitioning to a more proactive cybersecurity posture. Nasa move remote operations to ensure employee safety without negatively impacting our network or cybersecurity capabilities. In closing i want to thank staff and leadership and the entire nasa workforce for their hard work and the personal sacrifices they made during these challenging times, new ways to keep Missions Moving Forward and support each other and balance work and family pressures and dedicate their expertise and personal time to developing technologies that are aiding in the National Response to the coronavirus. No one is sure what the future holds but nasa leaders including myself are committed to keeping the nasa workforce safe and providing the it tools and infrastructure they need to continue executing our missions. I want to assure you protecting any evolving nasas it infrastructure is and will remain a top agency priority. Thank you for the opportunity to testify before you today and i look forward to answering your questions, thank you. Mister martin, you are recognized for your testimony. Thank you, members of the subcommittee. The nasa office of Inspector General has conducted a significant amount of oversight work to help nasa improve its Information Technology governance while securing networks and data from cyber attacks. Over the past five years we should 60 not reports with 72 recommendations related to it governance and security. During the same period we conducted 120 investigations involving intrusions, denial of service and data breaches on nasa Network Several of which resulted in criminal convictions. My testimony today is informed by this body of investigative work. The soundness and security of its data and it systems is central to nasas success. The agency spends more than 2. 2 billion a year on a portfolio of it assets that include hundreds of

© 2025 Vimarsana