Security – Future of Work

Confidentiality, Integrity, Availability

Let’s talk about the CIA. The CIA is such an incredibly important part of security, and it should always be talked about. You’re probably thinking to yourself “but wait, I came here to read about NASA!”- and you’re right. While the CIA is a pretty cool organization too, I’ll be talking about the CIA triad – and what it means to NASA.

The CIA triad, not to be confused with the Central Intelligence Agency, is a concept model used for information security. CIA stands for confidentiality, integrity, and availability. It is common practice within any industry to make these three ideas the foundation of security.

When we consider what the future of work looks like, some people will ambitiously say “flying cars” and “robots taking over”. More realistically, this means teleworking, or working from home. When you’re at home, you need access to your data. How can an employer securely share all that data? That’s the million dollar question that, if I had an answer to, security companies globally would be trying to hire me.

How does the workforce ensure it is prepared to shift to this future mindset, and where does the CIA triad come into the picture?

Every company is a technology company. Even NASA. Especially NASA! In fact, NASA relies on technology to complete their vision to “reach for new heights and reveal the unknown for the benefit of humankind”. Imagine doing that without a computer. That would be a little ridiculous, right? Furthering knowledge and humankind requires data!

One of NASA’s technology related missions is “to enable the secure use of data to accomplish NASA’s Mission”. Let’s break that mission down using none other than the CIA triad.

C – Confidentiality. Confidentiality essentially means privacy. Making sure only the people who require access to data have access, while also making sure that everyone who needs the data is able to access it. In a NASA example: we need to make sure software developer Joe can access his important work regarding the International Space Station from home, while janitor Dave is never allowed to access this data.

I – Integrity. Is this data the correct data? That’s what integrity means. Making sure no bits were lost, making sure no web address was changed, and even making sure that unauthorized people cannot change your data. Another NASA example: software developer Joe asked his friend, janitor Dave, to save his code for him. In the process, Dave maliciously saved some other piece of code with the name of what Joe needed. The next time Joe opened his “code”, he was locked out of his computer.

A – Availability. This one seems pretty self-explanatory; making sure your data is available. Remember last week when YouTube went offline and caused mass panic for about an hour? In a perfect iteration of the CIA triad, that wouldn’t happen. Things like having the correct firewall settings, updating your system regularly, backups of your data, documenting changes, and not having a single point of failure in your network are all things that can be done to promote availability. A last NASA example: software developer Joe really wants to eat lunch on his center, but he cannot access the website that tells him what food options there are. He is frustrated by the lack of availability of this data.

NASA (and any other organization) has to ensure that the CIA triad is established within their organization. Whether it’s a small business personally implementing their policies or it is a global network of many IT employees, data is crucial. Without data, humankind would never be the same. Imagine a world without computers. No more gas pumps, cash registers, ATMs, calculators, cell phones, GPS systems… even our entire infrastructure would soon falter. Electricity, plumbing, hospitals, and air travel all rely on a computer- even many cars do! Without data, or with data in the wrong hands, society and culture would change so drastically that you and I would never be able to recognize it.

This is why designing for sharing and security is such a paramount concept. The data needs to exist; there is no question. Data must be shared. But if data falls into the wrong hands, janitor Dave might just steal your data and crash the International Space Station… in your name.

About the Authors

Emma Kanning is an intern at NASA’s Johnson Space Center working in the Avionic Systems Division focused on Wireless Communication; specifically the integration of IoT devices with LTE. Emma attends Kent State University and will graduate in 2021 with a degree in Digital Sciences. Emma is passionate about STEM education and cyber security. She participates in Civil Air Patrol and FIRST Robotics, and loves photography and writing.

Nick Skytland | Nick has pioneered new ways of doing business in both government and industry for nearly two decades. He leads the Future of Work initiative at NASA and is the Agency Talent and Technology Strategist in the Talent Strategy and Engagement Division within the Office of the Chief Human Capital Officer (OCHCO).

Valuing Sharing and Security

At the intersection of the forces of technology and place is NASA’s need to architect and implement secure sharing in a data-first organization. The ability of organizations to leverage data to drive insights to action is the fuel of the future. And yet data access is often extremely limited due to underlying tensions between sharing and security, role-defined versus open data, and a decentralized operating model. As more work is conducted anywhere and anytime, protecting sensitive data and keeping systems secure is critical. At the same time, ensuring the ability to share information via dashboards, portals, and online reports, as well as offering self-service options, are just as vital.

INSIGHTS

As the Presidential Management Agenda observed, the use of data is transforming society, business, and the economy. As more work is conducted virtually, keeping sensitive data and systems secure, sharing information, and offering self-service options will be critical to ushering in a modern government. Technology modernization initiatives and data access are the backbone to improving accountability to taxpayers and achieving mission results.

Further, there is a well-known tension in government: the requirement for protection and security competes with the mandate for openness and accessibility. For the emerging generation of knowledge workers, this tension manifests itself when these workers are challenged to access the data needed to inform decision-making. As a consequence, relevant information is siloed in highly insulated systems that only few can access and usable self-service options for sharing data securely do not exist or are not ace universally available.

CHALLENGES

Striking a balance between data sharing and security remains an organizational strain and is particularly difficult for NASA. The Agency requires an integrated approach to using data to deliver on mission goals, serve customers, and steward resources. The tension between sharing and secure solutions, combined with increasing self-service demands, creates a unique challenge in government, where budgets and expertise are often more limited than in the private sector.

OPPORTUNITIES

As NASA seeks to manage tensions and steer toward more self-service options, the Agency must design and implement an integrated workforce data management strategy that defines a common data architecture to allow for the secure integration and sharing of data, inclusive of “data-first” standards and practices. The strategy requires the development of shared standards and policies around basic issues like password strength, multi-factor authentication, social engineering, and network security to inform its workforce of cybersecurity risks. NASA may consider moving towards a risk-based approach for securing systems that places emphasis on data-level protections and that fully leverages modern virtualized technologies (President’s Report on Federal IT Modernization NASA, 2018). This approach requires a modern data architecture as well as an aligned management structure to balance risk and security.

Along with risk come the element of trust: erasing boundaries within and beyond the information technology sector means that cybersecurity risk must become the concern of everyone. A baseline level of training regarding effective IT security, data security, and systems management must not only be offered, but embraced by users at all levels.

As NASA prepares for the Future of Work, the Agency must intentionally design for increased self-service. A self-service approach provides previously unavailable direct access to data and platforms that employees can use to more efficiently deliver government services anywhere at any time. Online self-service capabilities will provide the workforce round-the-clock access to real-time information, reducing the time employees need to navigate siloed systems and refocusing time saved to pursue mission objectives.

About the Authors

The Future of Work Framework

NASA’s Office of the Chief Human Capital Officer (OCHCO) has undertaken research to understand the disruptors driving the future of work and implications for NASA so that it can evolve talent strategies aligned with the new work, workforce and workplace of tomorrow. The result is the Future of Work – a report and framework, which reveals eight major themes that highlight insights, challenges and tangible opportunities for NASA. The Future of Work acts as a foundational compass as NASA embarks on a new journey toward a future that enables its workforce to be adaptable, resilient, productive and bold.

The eight themes emerged from research findings categorized into four major, overlapping meta forces: mission, people, place and technology. Themes range from fundamentally rethinking the roles of organizations and individuals, to embracing the role technology increasingly serves to augment and enable the workforce. The eight themes are:

Theme 1: Designing for Agility, Focusing on Impact
For organizations to thrive in today’s world, it is imperative to move faster, adapt quickly, facilitate rapid learning, and embrace the dynamic needs of an increasingly diverse workforce. Work today requires fluid talent to meet ever increasingly complex work, requiring multidisciplinary skills, delivered by teams of people, networked together that have overarching goals tied to organizational performance and productivity.

Theme 2: Redefining Talent
To attract top human talent, organizations must embrace the new dynamic human talent pool that enters the organization through all manner of new work arrangements, (e.g., traditional employment contracts to citizen scientists); and at the same time strategic workforce planning, acquisition and management practices must enable a workforce that is resilient to shifting mission priorities. Redefined talent runs along a continuum ranging from the traditional full-time employee to part time workers and supplemented by machine talent (e.g., artificial intelligence and robotics).

Theme 3: Learning and Developing for a Lifetime
Rising life expectancies and an aging global workforce present organizations with unprecedented challenges and untapped opportunities. Organizations with a science and technology forward mission must highly value and provide learning and development for its workforce to ensure continued relevance and competitiveness.

Theme 4: Deploying Talent, Mobilizing Careers
Success depends on providing employees with experiences that inspire and challenge them throughout their career. Organizations need well trained, experienced leaders and professionals that can be matched with mission needs through the use of temporary assignments, internal rotations, reassignments and reinstatements, details in place and external engagement.

Theme 5: Embracing Modern Workspaces and Collaboration
Work can now be conducted anywhere and anytime through making information, data and tools available to an increasingly mobile workforce. Workplaces must also adapt as the work and workforce evolves. Modern workspaces are being redesigned for flexibility, autonomy and collaboration and to enable an increasingly remote, agile workforce.

Theme 6: Designing for Sharing and Security
The ability of organizations to leverage data to drive insights to action is critical. Yet data access is often prohibited due to the underlying tension between sharing and security. An enterprise data management strategy and modern, common data architecture is critical to securely share information and data.

Theme 7: Prioritizing Digital Transformation
Digital transformation that leads to more informed decisions and operational efficiencies is occurring in every industry and remains an ongoing process across the federal government.

Theme 8: Unleashing Automation, Analytics, Algorithms and Artificial Intelligence (AI)
Advances in technology will allow organizations to better organize and distribute work tasks to qualified individuals, replacing or outsourcing others and generally augmenting the existing workforce. As machines start to think and act humanly, organizations will be able to more efficiently assess real-time data, assign responses, allocate tasks based on assessment, streamline knowledge driven processes, and enable more objective decision-making.

Each theme includes insights gleaned from the research and analysis, and highlights corresponding challenges and opportunities based on NASA’s position today. Upcoming blog posts will focus on the eight themes in more detail.

—