Information Technology Update October 2008

Improving Integration, Security, and Efficiency of NASA’s Information Technology

When I gave you an Information Technology (IT) update last May, I described several strategic IT initiatives. Today, I’m focusing on one of them: improving integration, security, and efficiency of IT by consolidating infrastructure and management control.

As background, we now have a decentralized approach to managing much of our IT infrastructure, particularly for local area networks, data centers, IT security services, and Web services. Industry best practices, OMB analysis, NASA’s Program Analysis and Evaluation studies, and business cases from NASA’s Office of the Chief Information Officer have all indicated that there are significant efficiencies and advantages to consolidation and central management of NASA’s IT infrastructure. Achieving such strategic change, NASA expects to (1) better integrate the Agency’s people, processes, and information; (2) improve IT security; and (3) realize cost savings.

Currently, we have five Agency-wide procurements under way which, collectively, are a significant step toward NASA’s IT consolidation efforts. I’m pleased to report that in the first quarter of 2009, we will issue the draft requests for proposals (RFP) for these procurements, which are identified and assigned to Centers as follows:

Agency Consolidated End User Services (ACES)
NASA Shared Services Center at the Stennis Space Center

NASA Integrated Communications Services (NICS)
Marshall Space Flight Center

NASA Enterprise Data Center (NEDC) Services
Kennedy Space Center

Enterprise Applications Service Technologies (EAST)
Marshall Space Flight Center

Web Services Technologies (WEST)
NASA Headquarters

These five acquisitions will address NASA’s top-level initiatives for infrastructure integration. These initiatives are:

1. Define network perimeter and consolidate network management.

2. Establish Agency network visibility of IT assets and consolidate Agency security monitoring and management.

3. Enable cross-Center collaboration and strengthen user authorization.

4. Migrate systems to physically secure and properly managed data centers.

5. Make NASA’s information easier to find, access and share.

6. Standardize and consolidate the management of end-user devices.

    NASA’s IT infrastructure consolidation will mean some culture change at NASA, especially where we have operated independently in the past and need to work more collaboratively in the future. While it is generally easy to use IT services at a single Center, we intend to enable seamless collaboration across Centers by providing people with a common user experience regardless of location or organizational alignment. By providing tools such as a common help desk, an online catalog for ordering IT services, and an integrated Agency-wide network, NASA will transition to systems and data with modular, interoperable services that support the efficient execution of NASA’s missions. At the same time, we will secure NASA data and resources while we’re making them more readily available.

    In the future, we will be able to easily share data, using sophisticated collaboration tools without the awkward “workarounds” we experience today. It will also be even easier to work at a Center other than your own because we’ll have a common way to “plug into” NASA’s network.

    We will move systems to physically secure and properly managed data centers. Currently, NASA has approximately 75 data centers that are serviced by multiple vendors with inconsistent availability of information and disaster recovery services. Data center consolidation will significantly improve access to information and will reduce cost.

    NASA plans to approach the data center consolidation in phases. Consolidation will start with applications that need immediate improvement in disaster recovery and continuity of operations support, such as NOMAD, which is our e-mail and calendar tool. Follow-on activities will include Agency-wide applications [e.g., Integrated Enterprise Management Program (IEMP)], multi-Center applications, Center back office support, and program and project applications for which it makes technical, financial, and logical sense to consolidate.

    When these procurements are completed, we will have the following advantages.

    • Systems can be seamlessly deployed, used and secured across Center boundaries.
    • Smarter investments in the right IT solutions provide the greatest benefit to the NASA mission.
    • We’ll have a reliable, efficient, secure, and well-managed IT infrastructure that enables NASA’s mission.

    In closing, I want to thank the NASA employees who are working on the acquisition teams. Thanks to their efforts, we should have new contracts in place by early 2010 and be on our way to consolidating NASA’s IT infrastructure.

    Information Technology Management

    Information Technology — A Key Tool

    My posting on July 13 listed Information Technology (IT) management as one of NASA’s six cross-cutting strategies of mission support. IT Management ensures the Agency aligns information system investments with its mission needs; efficiently implements, operates and integrates its information systems; and appropriately assures the confidentiality, integrity and availability of the information within these systems.

    NASA has long relied on IT as a key tool to enable the achievement of its mission. However, our processes for selecting and managing IT investments and implementation traditionally have been focused on the accomplishment of individual programs with limited focus on ensuring that IT supports the integration of information and processes across programs and Centers. This approach to managing IT has led to (1) inefficiencies, (2) challenges in information security, and (3) stovepiped IT infrastructures that make it difficult for people to work across organizational boundaries.

    For example, our current model for protecting the networks at each of our Centers is not consistently implemented. This adversely affects our mission as it makes it extremely difficult for engineers working at different Centers to collaborate on designs using automated tools.  Also, you have probably noticed cases where different IT tools have been implemented by different organizations in order to solve similar or duplicative problems. We need to leverage existing tools to eliminate unnecessary duplication. This will save the Centers and NASA money and reduce integration complexity.

    Collaboration across Centers

    Our ability to succeed in the future requires that we maximize our capability or capacity to work collaboratively across Centers, drive efficiencies, and to adequately secure our information and information systems. Because IT is so important to our future success, we are placing significant attention on transforming our current IT management processes and IT infrastructure to meet the emerging needs of the Agency.

    The NASA CIO, Jonathan Pettus, has developed an overall strategy for improving IT. The strategy is centered on a governance model that allows for alignment of IT solutions with mission needs, a framework and management model for the collective IT infrastructure going forward, a portfolio approach for organizing and managing applications and integration standards at multiple levels, a strategy to create better visibility into the IT budget and allow for improved decision making, and a plan for improving IT security. I have asked the CIO to provide updates over the next several months on the IT strategy based on the work of several teams he has in place working the detailed implementation plans and frameworks.

    Implementing the IT management strategy likely will require some organizational changes in how NASA delivers IT services. We already are in the process of merging the Integrated Enterprise Management Program (IEMP) office with the Office of the CIO to better align the management of IT within the Agency.  IEMP is an Agency-wide transformation of NASA’s business systems and processes to improve NASA’s fiscal and management accountability. This is the first organizational realignment aimed at placing IT management authority under the CIO. Similar to engineering being performed by Mission Directorates, procurement conducted by contracting officers under procurement organizations, legal matters being handled by general counsel, etc., I feel it is important for information technology to be provided by the CIO and for the CIO to be held accountable for providing it in a manner that meets NASA’s mission and federal regulations. The CIO will be the institutional authority for NASA IT.  

    Key Initiatives Underway

    I also want to take this opportunity to reiterate my support for some key initiatives underway that will improve the state of IT security within the Agency, provide efficiencies for NASA, and better enable the IT infrastructure to support the mission.

    1. The IT system certification and accreditation (C&A) effort is progressing very well and I expect nearly all of NASA’s systems to achieve C&A by October 1, 2007. This process is designed to ensure that our IT systems are categorized according to their criticality and that the appropriate security controls are documented and in place to protect each system based on its criticality.  Further, C&A is required by the White House Office of Management and Budget.
    2. The work under Homeland Security Presidential Directive (HSPD)-12 will greatly enhance IT security by eventually allowing badges to be used to access critical IT systems.
    3. The migration of all Agency email systems to the NASA NOMAD system is progressing well and will provide efficiencies and improved collaboration capability for the Agency. Our existing e-mail infrastructure was implemented as if NASA consisted of at least ten separate companies. NOMAD changes that by providing one, integrated e-mail system for all of NASA. The e-mail system is based on commercial off-the-shelf software that has sufficient capability to filter spam and viruses and protect personally identifiable information, and has other features needed for large government organizations.

    Although these initiatives can be difficult because they represent a change from the status quo, they are intended to move us forward toward the goals of integration, information, and improved security — all critical to the achievement of our ultimate mission.  

    Goddard Space Flight Center (GSFC) Groundbreaking

    On July 16, I participated in the GSFC Exploration Sciences Building groundbreaking ceremony with House Majority Leader Steny Hoyer, GSFC Director Ed Weiler, and Director, GSFC Sciences and Exploration Directorate Laurie Leshin. The Exploration Sciences Building is a major component of the Goddard Space Flight Center Facilities Master Plan.  It was built, not with funding from a construction of facilities account, but a very small tax over several years on all the programs that would benefit from such a building. This was done without sacrificing science, raising overhead, or breaking the bank.  

    This “green building” will consist of a two-story laboratory wing and a three-story office wing. When the Exploration Sciences Building is completed in 2009, this state-of-the-art facility will house more than 500 scientists and administrative personnel performing research in earth science, astrophysics, heliophysics and solar system exploration. The goal of the building is to bring scientists together for purposes of teamwork and research. The layout of this “green building” will allow for collaboration areas for scientists to perform cutting-edge research, prototype and instrument development.

    This is NASA’s largest “green building” and is slated for a silver rating in the U.S. Green Building Council’s Leadership in Energy and Environmental Design certification. This rating signifies NASA’s high level of commitment to incorporating environmentally friendly design and construction practices.


    Information Technology Update

    This week at the Operations Management Council (OMC) meeting, a significant portion was dedicated to the work we are doing to improve information technology (IT). In 2007, the Strategic Management Council, approved strategic initiatives to: (1) clarify the role of the Chief Information Officer (CIO) as stated in NPD 1000.3 and define core IT services that shall be provided by the CIO; (2) realign the NASA IT organization to reflect the role of the CIO and better connect with customers; (3) create a governance structure and processes to engage key stakeholders, inform IT investment decisions, and apply project management discipline to IT projects; (4) increase visibility into IT budgeting and spending through management controls and fund base IT services through a combination of Corporate and Center Management and Operations funding; (5) improve integration, security, and efficiency of IT by consolidating infrastructure and management control; and (6) assign ownership of application portfolios and create a CIO-facilitated process to drive application standardization and efficiencies.  

    With nearly $1.9 billion in annual IT spending, it’s critical that these initiatives succeed to ensure that IT enables the mission, is integrated, secures our information and systems, and helps improve efficiency. Each NASA Center has submitted an implementation plan for improving IT management based on the SMC decisions. Although this degree of change may be difficult for those involved, the status quo is not an option for the agency.  

    For instance, in the OMC meeting, Jerry Davis, the Deputy CIO for IT Security reported that for March 2008 alone, there were over one billion scans of NASA systems by external entities. These would-be hackers are scanning for vulnerabilities in NASA systems that they can quickly exploit. Because of the ever-increasing threats, NASA’s new IT Strategy and Investment Board recently approved an investment to establish a central Security Operations Center (SOC) for the agency, which I strongly support. The SOC’s initial operations will begin at the start of calendar 2009, and will provide improved agency-wide capabilities to prevent, detect, and respond to security incidents in a more rapid fashion.  

    Another initiative underway to improve security is the implementation of Mission Focus Review (MFR) 137, which calls for increased use of the Outsourcing Desktop Initiative for NASA (ODIN) contract to provide laptops and desktops. While originally intended to reduce costs, the main value of this change will be improved patch management and maintenance of core configurations required by the Federal government. For example, the implementation of smart cards to access NASA systems will be much smoother on ODIN-managed equipment. I recognize that this might be a difficult change for some NASA workers, but it is an important initiative that we must continue to implement.

    These initiatives represent only a few of the many activities being pursued by NASA’s CIO community. The goals include increased security, enhanced integration, and cost savings.
    I am very encouraged at the steps underway and the progress made in transforming the NASA IT environment and capabilities. Leadership at every level will be required to manage and bring about the changes we are undertaking. These changes will take time to complete and will be difficult; however, they are important and necessary in order for the agency to pursue and achieve our missions.

    I would like to thank Jonathan Pettus, CIO, for his contribution to this week’s blog.