Any time. Before i deliver my opening remarks, i want to note today the committee is meeting virtually and announce a couple of reminders to the members about conduct of this hearing. First, members should keep their video feed on as long as theyre present in the hearing and members are responsible for their own microphones. Please keep your microphones muted unless youre speaking. If members have documents they wish to submit for the record. Please email them to the Committee Clerk whose email address was committed prior to the hearing. Good morning, id like to welcome our distinguished panel of witnesses, members and those viewing remotely. Todays subcommittee hearing, cybering security at nasa. Ongoing challenges and increased telework during covid. In early 2020 the world was caught off guard with the rapid and dramatic onset of the coronavirus. Nasa and many agencies and consistent with the committee of budget. To ensure the health and safety of more than 17,000 Civil Servant employees and extensive contractor work force. For its credit nasa prepared for the transition having held an agencywide telework in early march, the expanded telework operations and today, 75 to 80 of nasas Civil Servants continue to work remotely, development work, engineering analysis and other activities. The shift to increased telework at nasa raises many questions, front and center Cyber Security. What is the increase and extended use of telework mean for protecting nasas intellectual property, identifiable information and how is does the cyber challenge affect the risk postures and what steps is nasa taken during the pandemic and beyond . These are some of the questions todays hearing will explore because whats clear is that nasa is a target and i want to pause here for a moment to note an article in the hill today, where the Justice Department has brought charges against iranian nationals for hacking u. S. Satellite companies, so, i think this is incredibly timely. In a recent nasa i. D. Report stated that given nasas mission and valuable technical and information it produces the information maintained in the i. T. Infrastructure is a target for hackers and individuals. And Jim Bridenstine stated at a town hall, nasa is the most attacked agency in the federal government when it comes to cybersecurity. Past data breaches and system intrusions at nasa and its facility have resulted in large apartments of stolen data. Installation is now aware, copying, modifying, and deleting Sensitive Files and accessing nasa servers, including those supporting missions. The department of homeland securitys Cybersecurity Security agencies, which is a mouthful of course, its related to telework and encouraging organizations to adopt a heightened state of cybersecurity. In june 2020, media articles reported that malicious actors congratulated nasa and spacex on a crude demonstration flight and then announced they had allegedly breached and infected a nasa contractor. Specifically one that provides Information Technology, cybersecurity, and cybersecurity information to the agency. If true, thats a concerning report and part of why were here today. Protecting nasas i. T. And data during the pandemic demands vigilance. However, nasas cybersecurity doesnt end with the crisis. Theyve identified weaknesses and ongoing concerns with nasas Information Security. Further, theyve ranked this as a top agency challenge. Ensuring cybersecurity at nasa becomes even more pressing, given Rapid Advances in the supply change risk. The open partnerships, and overall increase in space activity. Nasa is a national treasure. Its Missions Continue to inspire young and old and cutting edge space technology, research and space flight experiences are the envy of the world. Nasas accomplishments wouldnt be possible without computers, software, and Information Systems. Will nasa or any organization be 100 free from risk and cyber threat . Probably not. Is there room for improvement . There is. And the na the bottom line we need to ensure that nasa has the tools it needs to r and takes the necessary actions for success and safety and security during covid19 and beyond and i look forward to our witnesss testimony today. So i think we are there he is. Hey. Ranking member babin, im glaed you were able i know that technology can sometimes speaking of technology, be a little bit of a challenge, but glad you made it through so the chair now recognizes Ranking Member babin and my good friend from texas for an opening statements. Absolutely. Thank you. We have three computers here we couldnt get on, but i got on with my telephone. So any way we can do it, im glad to be with you. Innovation and ingenuity, i love it. Absolutely, okay, well, thank you so much. Nasa is one of the best known organizations in the entire world. Its successes with the mercury, gemini, apollo shuttle and International Space station programs along with its breathtaking scientific discoveries and jawdropping robotic probes attract worldwide attention. Unfortunately, that attention comes with many challenges. The technologies that nasa develops are also sought after by criminal entities, unscrupulous foreign governments and destructive and because they have civil and military applications these challenges are particularly grave. And this is a topic that this committee is focused on for decades. Mr. Martin testified before the excuse me, before the investigations and oversight subcommittee almost 10 years ago on the topic of Information Security. At that hearing he testified that an unencrypted laptop was stolen from nasa that resulted in the loss of the algorithms, quote, unquote, used to control at space station as well as personally identifiable information and intellectual property. Similarly, the u. S. China economic and Security Review Commission noted in its 2011 report to congress, that the terror and landset 7 satellites experienced at least two separate incidents of interference apparently Cyber Security with their command and control systems. Recently nasa ig released the yearly report that found that Information Systems throughout the agency faced an unnecessarily high level of risk that threatens the confidentiality, the integrity availability of nasas information, unquote. The report concluded that its imperative the agency continue its efforts to strengthen its Risk Management and governance practices to safeguard its data from Cyber Security threats. While these may seem startling, there are specific reasons that many of the recommendations remain open. For instance, agencywide guidelines and best practices are often general rules and principles that are not optimized to specific agencies unique capabilities, expertise and challenges. Her instance now sit is the world leader in designing, building, operating and communicating with spacecraft this expertise resides within the Mission Directorates and that the centers of cultivated this expertise over many decades. In some instances they develop the software, Information Systems that underlying technologies that industry and the rest of the government adopted and embraced. And even more extreme circumstances they continue to use one off operating systems that, while perhaps not compliant with omb derived governmentwide guidance, are arguably more secure because of their uniqueness and their obscurity. Efforts to bring the systems and technologies into compliance with a onesizefitsall cookiecutter approach developed for commercial enterprise systems could actually introduce more risk into the system. This isnt to excuse nasas cybersecurity shortcomings as identified by the ig and gao over the years. Lost laptops, and secure devices, unauthorized access to systems and lapsed acos alterations operate, and for Inventory Management all cause or concern. Which brings us to the situation that nasa currently faces. The covid19 challenge requires most of nasas employees and contractors to work remotely. While bass has embraced teleworking for years, the expansion of this practice introduces a larger target and more vulnerabilities from malicious actors to exploit. An addition to teleworking challenges i am interested in understanding what level of insight nasa has on contractor for cybersecurity as nasa moves more to publicprivate partnerships. And finally its worth noting that President Trump recently issued space policy directive number five, focus on Cybersecurity Principles for space systems. And while it is not focused is not covid focus specifically, it is particularly timely given todays hearing and demonstrates the administrations forwardlooking leadership on this very topic. I look forward to hearing more about these important issues, and what nasa plans to do to mitigate as well as what congress and the administration can do to help. With that, madam chair, i yield back. Iq, Ranking Member babin come for your opening statement. I think its safe to say we share many of the same concerns in this area, and excited and grateful for the opportunity for this hearing today. If there are any members who wish, at this point if there any of us who wish to submit additional statements, statements will be added to the record at this point. Now i would like to introduce our witnesses. Our first witness today is mr. Jeff seaton. In april 2020 mr. Seaton was named nasas chief acting chief information acting chief Information Officer. Lets see if i can get that outright. Prior to his position he served as nasas deputy chief Information Officer and spent seven years at the chief Information Officer at Nasas Langley research center. He began his career with nasa in 1991 as as a research engineer, designing robotic systems for spacebased applications and also served as lengthways chief Technology Officer and deputy cio. He received a bachelors degree and master degree in Electrical Engineering from firm from virginia. Ill compare were glad youre with us today. Our next witness is mr. Paul martin, specter general for the National Aeronautics and space administration. Mr. Martin has been the nasa Inspector General sense 2009 and pride his appointment at nasa he served as the deputy Inspector General at the department of justice. He also spent 13 years as you sent Commission Clean six years as the commissions deputy staff director. Mr. What received a bachelors degree in journalism from Pennsylvania State university at a juris doctorate from Georgetown University law center. Welcome, mr. Martin. Our third and final witness today is dr. Diana burley. In july 2020 dr. Burley was appointed as vice provost for research and professor of Public Administration at American University. Prior to her current position dr. Burley spent 13 years as a professor of human and organizational learning at George Washington university where she was the inaugural chair of the human and Organizational Learning Department and the direct of executive leadership doctoral program. Shes also managed a multimillion dollar Computer Science education and resource portfolio for the National Science foundation. Dr. Burley received a bachelors degree in economics from the Catholic University of america, a masters in Public Management and policy from Carnegie Mellon university, and a masters and doctoral degrees in organizational sites and information policy also been from Carnegie Mellon university. Welcome, dr. Burley. As our witnesses you should know you each have five minutes for your spoken testimony. Your written testimony will be included in the record for this hearing. When you have completed your spoken testimony will begin with questions and each member of what happened five minutes to question the panel. We will start today with mr. Seaton. Mr. Seaton, you are recognized for five minutes. Thank you, chairwoman horn, Ranking Member babin and members of the subcommittee on space and aeronautics. For allowing me to appear before you today talk but about nasas Information Technology infrastructure and efforts to manage and protect that infrastructure during the covid19 pandemic. Thankfully due to Strategic Investments made over the last several years nasa was wellpositioned to get our mission moving for by shifting the majority of the workforce to telework last march. Nasa has never been close and a workforce has continued to work remotely in a productive and often creative manner despite the highly contagious covid19 virus. With strict safety protocols in place nasa is no now graduate t more employees onsite based on factors such as local conditions and guides from the cdc and other federal partners. Let me assure you the safety of our workforce remains our top priority. At the same time, protecting a effectively operating our i. T. Infrastructure continues to be another top nasa focused. I keep plays a role in every aspect of nasas missions. However, effective i. T. Management is not an easy task. As nasas acting chief Information Officer is my job to balance implement Innovative Mission enabling i. T. Capabilities with Operational Efficiency and effective cybersecurity to guard against evolving threats. During the pandemic the demands and expectations placed on nasas i. T. Infrastructure been incredibly high and the threats of extra actors remain an ongoing concern. However, with hard work, dedication and innovation nasas cio team is risen to the challenge of keeping our missions moving forward. For example, we help rapidly to help software to exposure of also meeting all security and privacy requirements. Additionally, with help nasa can desire and onboard nucleus, contractors and interns with integrated approaches to provisioning and maintaining i. T. Systems and tools remotely. The pandemic has dramatically change the way we work. While many employees already telework at least occasionally before the pandemic, having 90 of employees teleworking at the same time has been game changing. Nasa employees have significantly increased their use of virtual Collaboration Tools such as webex and Microsoft Teams so we can interact with each other facetoface while sharing virtual collaborative workspaces. Employees are dependent on nasas Virtual Private Network to connect securely to internal networks and systems. Before the pandemic our highest vpn connection rate was about 12,000 users in a single day. Today are vpn is supporting almost 40,000 daily users within the availability of exceeding 99 . Thanks architectural and capacity improvements implemented over the past 24 months. Like other federal agencies nasas i. T. Infrastructure is under constant attack from well resourced and highly motivated domestic and foreign adversaries, and would remain a popular target today. Therefore the continued strength of our technical and procedural capabilities to proactively defend and protect our systems and data. While the reported number of attempted Cyber Incidents continue to increase part of because with greater visibility into our Network Today im confident nasa is appropriate addressing and strengthening our response to these threats. In fiscal year 2020 nasa develop a continuity of operation capability to further enhance our Security OperationsCenter Located at the Ames Research center. If stock operation would disrupt a read of limited bills identify and respond incidents. Today nasas stock operations allow us to maintain 24 x seven stock operations at all times even if there is an isolated disruption. With strength and the tools and capabilities nasa is transitioning from a largely reactive to a more proactive cybersecurity posture. As the pandemic worse and enablement nasa moved if stock remote operation suture employee safety and did so without negatively impacting our network or are cybersecurity capabilities. In closing i i want to personay thank natalie my staff and leadership but the entire nasa workforce for the hard work and the personal sacrifices theyve made during this challenging time. Our employees are finding new ways to keep missions moving forward, support each other, balance work and family pressures and even dedicate their expertise and personal time to developing technologies that are aid