This week at the Operations Management Council (OMC) meeting, a significant portion was dedicated to the work we are doing to improve information technology (IT). In 2007, the Strategic Management Council, approved strategic initiatives to: (1) clarify the role of the Chief Information Officer (CIO) as stated in NPD 1000.3 and define core IT services that shall be provided by the CIO; (2) realign the NASA IT organization to reflect the role of the CIO and better connect with customers; (3) create a governance structure and processes to engage key stakeholders, inform IT investment decisions, and apply project management discipline to IT projects; (4) increase visibility into IT budgeting and spending through management controls and fund base IT services through a combination of Corporate and Center Management and Operations funding; (5) improve integration, security, and efficiency of IT by consolidating infrastructure and management control; and (6) assign ownership of application portfolios and create a CIO-facilitated process to drive application standardization and efficiencies.
With nearly $1.9 billion in annual IT spending, it’s critical that these initiatives succeed to ensure that IT enables the mission, is integrated, secures our information and systems, and helps improve efficiency. Each NASA Center has submitted an implementation plan for improving IT management based on the SMC decisions. Although this degree of change may be difficult for those involved, the status quo is not an option for the agency.
For instance, in the OMC meeting, Jerry Davis, the Deputy CIO for IT Security reported that for March 2008 alone, there were over one billion scans of NASA systems by external entities. These would-be hackers are scanning for vulnerabilities in NASA systems that they can quickly exploit. Because of the ever-increasing threats, NASA’s new IT Strategy and Investment Board recently approved an investment to establish a central Security Operations Center (SOC) for the agency, which I strongly support. The SOC’s initial operations will begin at the start of calendar 2009, and will provide improved agency-wide capabilities to prevent, detect, and respond to security incidents in a more rapid fashion.
Another initiative underway to improve security is the implementation of Mission Focus Review (MFR) 137, which calls for increased use of the Outsourcing Desktop Initiative for NASA (ODIN) contract to provide laptops and desktops. While originally intended to reduce costs, the main value of this change will be improved patch management and maintenance of core configurations required by the Federal government. For example, the implementation of smart cards to access NASA systems will be much smoother on ODIN-managed equipment. I recognize that this might be a difficult change for some NASA workers, but it is an important initiative that we must continue to implement.
These initiatives represent only a few of the many activities being pursued by NASA’s CIO community. The goals include increased security, enhanced integration, and cost savings.
I am very encouraged at the steps underway and the progress made in transforming the NASA IT environment and capabilities. Leadership at every level will be required to manage and bring about the changes we are undertaking. These changes will take time to complete and will be difficult; however, they are important and necessary in order for the agency to pursue and achieve our missions.
I would like to thank Jonathan Pettus, CIO, for his contribution to this week’s blog.