Testimony by Paul Martin NASA Inspector General


image Top Challenges for Science Agencies: Report from the Inspectors General - Part 1

Statement of Paul K. Martin Inspector General National Aeronautics and Space Administration

The Office of Inspector General (OIG) is committed to providing independent, aggressive, and objective oversight of the National Aeronautics and Space Administration (NASA), and we welcome this opportunity to discuss the major challenges facing the Agency.

The successful landing of the Curiosity rover on the surface of Mars in August energized the public about NASA's activities in a way not seen since the final Space Shuttle flight. Similarly, the first commercial resupply mission to the International Space Station (ISS) in October by Space Exploration Technologies Corporation's (SpaceX) Dragon spacecraft marked a milestone toward NASA's goal of fostering development of a commercial space transportation capability to low Earth orbit.

The past year was not without its challenges, however, including the need to reprogram funds from several Agency initiatives to accommodate cost overruns in the James Webb Space Telescope (JWST) and other projects. This shift contributed to developmental delays in several ongoing projects and cancellation of others, including a joint project with the European Space Agency for planned missions to Mars in 2016 and 2018.

Moreover, receipt of less than half its requested budget extended the earliest date that NASA expects to obtain commercial crew transportation services to the ISS to 2017 - a date uncomfortably close to the Station's currently scheduled 2020 retirement. At the same time, NASA is moving forward with development of a new rocket, capsule, and related launch infrastructure to enable crewed missions to an asteroid, the Moon, or Mars - expensive and technically complex undertakings in an increasingly austere budget environment.

Declining budgets and fiscal uncertainties present the most significant external challenges to NASA's ability to successfully move forward on its many projects and programs. NASA began the current fiscal year under a 6-month continuing resolution that funds the Agency at last year's level of $17.8 billion. Along with the rest of the Federal Government, NASA is poised to tumble over the "fiscal cliff" on March 1, with sequestration cuts that reduce its spending authority by $894 million. Against this bleak budgetary backdrop, Agency managers continue to face significant challenges managing NASA's diverse portfolio of science, exploration, and aeronautics projects. Specifically, each year we identify the Top Management and Performance Challenges facing NASA and our most recent list highlighted the following five issues:

- The Future of U.S. Human Space Flight;
- Project Management;
- Infrastructure and Facilities Management;
- Acquisition and Contract Management; and
- Information Technology Security and Governance

A detailed description of these challenges and the ongoing and completed work by our office examining them is contained in the Top Challenges document appended to this statement.

In my testimony this morning, I will highlight three issues: 1) project management; 2) NASA's aging infrastructure; and 3) information technology (IT) security.

Project Management

Over its 50-year history NASA has been at the forefront of science and space exploration and rightly takes credit for numerous scientific and technological discoveries and innovations. However, in addition to their significant achievements, many NASA projects share another less positive trait - they cost significantly more to complete and take much longer to launch than originally planned.
Last September, the OIG issued a report that examined NASA's project management practices to identify the primary challenges to achieving its cost, schedule, and performance goals. Cost and schedule increases on large projects like the JWST can have a cascading effect on NASA's entire portfolio. To illustrate, in fiscal year (FY) 2012 NASA moved $156 million from other Science Mission Directorate projects and its Cross Agency Support account to cover cost increases in the JWST project. In addition, the Wide-Field Infrared Survey Telescope and several other missions have been postponed to make funding available for JWST. Moreover, as previously noted, NASA has pulled out of an agreement with the European Space Agency on two future Mars missions and is reevaluating its Mars exploration strategy to accommodate a more restricted funding profile.

Our project management review identified four factors that present the greatest challenges to successful project outcomes at NASA: 1) the Agency's Culture of Optimism; 2) Underestimating Technical Complexity; 3) Funding Instability; and 4) Limited Opportunities for Project Managers' Development. The September audit report and the 2012 Management Challenges document discuss each of these factors in detail.

One of NASA's largest ongoing project is its new "heavy-lift" rocket known as the Space Launch System or SLS. The NASA Authorization Act of 2010 set a goal for the Agency to achieve operational capability for the SLS and the accompanying Multi-Purpose Crew Vehicle (MPCV) by December 31, 2016. NASA's current plan is to launch an uncrewed test flight of the SLS and MPCV in 2017, followed by the first crewed flight in 2021.

Establishing realistic long-term budgets for the SLS, MPCV, and associated ground support programs is difficult, as illustrated by an August 2011 independent cost assessment for the program that concluded NASA's estimates are reasonable for near-term budget planning but do not support establishment of long-term budgets or detailed baselines. Constrained budgets also impact the pace of NASA's development efforts. For example, because the MPCV program is anticipating a "flat" budget profile for at least the next 10 years, NASA has adopted an incremental developmental approach that concentrates on systems needed to meet specific mission objectives for each test flight rather than an approach under which work on all MPCV systems progresses concurrently. The OIG is currently examining NASA's efforts to develop the MPCV and will continue to focus resources on NASA's launch and crew transportation development efforts in the years to come.

NASA's Aging Infrastructure

NASA is the ninth largest Federal Government property holder, controlling approximately 4,900 buildings and structures with an estimated replacement value of more than $30 billion. In addition, more than 80 percent of the Agency's facilities are 40 or more years old and beyond their design life. Under its current policy, NASA is required to maintain these facilities either in an operational status or, if they are not being used, in sufficient condition that they do not pose a safety hazard. However, NASA has not been able to fully fund required maintenance costs for its facilities and in 2012 estimated its deferred maintenance costs at $2.3 billion.

One way NASA could reduce its facilities maintenance costs is to reduce the amount of unneeded infrastructure in its inventory. To be successful in this effort, NASA must move beyond its historic "keep it in case we need it" approach of managing its facilities. In an audit we issued earlier this month, the OIG identified 33 wind tunnels, test stands, thermal vacuum chambers, airfields, and launch-related facilities that NASA was not fully utilizing or for which Agency managers could not identify a future mission use. These facilities cost the Agency more than $43 million to maintain in FY 2011 alone.

We found that NASA's efforts to reduce its underutilized facilities have been hindered by several longstanding and interrelated challenges: 1) fluctuating and uncertain strategic requirements; 2) Agency culture and business practices; 3) political pressure; and 4) inadequate funding. To its credit, NASA is undertaking a series of initiatives aimed at "rightsizing" the Agency's real property footprint. However, we noted that many of these efforts are in the early stages and may ultimately be insufficient to overcome the cultural and political obstacles that have impeded past efforts to reduce unneeded infrastructure. Accordingly, an independent outside process similar to the Department of Defense's Base Realignment and Closure Commission may be necessary.

Leasing offers NASA another means to help address maintenance costs associated with its aging and underutilized facilities. However, Federal law and policy prohibit NASA from leasing facilities for which it has no current or future mission-related use. For these facilities, the Agency should consider other options, such as demolition or reporting the property to the General Services Administration for sale or transfer to another entity. The challenge for NASA is to use leasing when appropriate to generate revenue to offset facilities operations and maintenance costs while not using it as a way to hold on to facilities it does not need.

Information Technology Security

One year ago today, I sat behind this same witness table and testified alongside NASA's Chief Information Officer (CIO) about the state of IT security at NASA. Among other things, I mentioned that at the time only 1 percent of NASA's laptop computers were fully encrypted compared to a Government-wide rate of 54 percent.

On October 31, 2012, a NASA laptop containing the Social Security numbers and other personally identifiable information (PII) for more than 40,000 individuals was stolen from the vehicle of a Headquarters employee. Although the laptop was password protected, neither the laptop itself nor the individual files were encrypted. As a result of this theft, NASA contracted with a company to provide credit monitoring to the affected individuals and the Agency estimates that these services could cost up to $850,000.

Following the October 31 theft, the NASA Administrator accelerated the timetable to encrypt the hard drives of the Agency's laptop computers. As of February 15, NASA reported that it had encrypted 99.4 percent of Agency laptops identified as requiring encryption, had exempted 1,636 laptops from the requirement, and was determining whether another 2,947 laptops required encryption or also would be exempted.

NASA's portfolio of information technology assets includes more than 550 information systems that control spacecraft, collect and process scientific data, and enable NASA personnel to collaborate with colleagues around the world. Hundreds of thousands of NASA personnel, contractors, academics, and members of the public use these IT systems daily and NASA depends on them to carry out its essential operations. Overall, NASA spends more than $1.5 billion annually on its IT-related activities, $58 million of that for IT security. NASA remains a target of cyber intruders both because of the large size of its networks and because of the technical and scientific information it maintains. Over the years, NASA has increasingly become a target of a sophisticated form of cyber attack known as advanced persistent threats (APTs). The individuals or nations behind these APTs are typically well organized and well funded.

Our investigation of a series of APT attacks at the Jet Propulsion Laboratory (JPL) involving Chinese-based Internet protocol addresses between November 2011 and February 2012 confirmed that cyber attackers were successful in achieving control over much of JPL's network for several weeks and used this access to steal or attempt to steal NASA-funded data. While data theft appears to be the primary motive, the level of access gained by the intruders positioned them to have caused significant operational disruption had that been their goal.

Through our audits and investigations, we have identified systemic and recurring weaknesses in NASA's IT security program that adversely affect the Agency's ability to protect the information and information systems vital to its mission. In particular, the CIO's inability to ensure that NASA's mission computer networks implement key IT security controls continues to put these critical IT assets at risk of compromise. For example, the Agency has not yet implemented two recommendations from a May 2010 OIG audit report to monitor its mission networks for the presence of critical software patches and technical vulnerabilities.

Achieving the Agency's IT security goals will require sustained improvements in NASA's overarching IT management practices. Effective IT governance is the key to accommodating the myriad interests of internal and external stakeholders and making decisions that balance compliance, cost, risk, and mission success. Effective IT governance also helps ensure that public funds are efficiently spent by coordinating spending across NASA when purchasing IT products and services.

We are completing a review examining NASA's IT governance structure and anticipate making several recommendations for improvement. Such a reexamination is particularly timely given that NASA is currently seeking a new CIO.

Conclusion

The National Research Council (NRC) recently concluded that there is a "significant mismatch between the programs to which NASA is committed and the budgets that have been provided or anticipated." In other words, too many programs are chasing too few dollars. I am hopeful that the NRC's report, together with the ongoing work of the OIG and Government Accountability Office, will contribute to a dialogue between the Administration and the Congress about NASA's future priorities and lead to enactment of a realistic budget that will enable the Agency to accomplish its multifaceted missions. We look forward to continuing our cooperative working relationship with NASA, this Subcommittee, and other congressional committees as we conduct audits and investigations that focus on the Agency's top management and performance challenges.

Please follow SpaceRef on Twitter and Like us on Facebook.