NASA will be implementing the IT security measures described in the attached memo this week. I am sending this note to all of HEOMD so that you have a clearer understanding of what this means to you and any personal devices you connect to NASA's email / NOMAD ActiveSync service, and so you aren't taken by surprise if or when your personal device starts asking you to do things, like setting an unlock code.
- ActiveSync is the primary means of connecting a device such as an iPhone, iPad, Android or other type of device to NOMAD so that you can access your NASA email on the device. ActiveSync has the ability to 'push' certain policies to any device that uses ActiveSync to connect to NASA's email system. When you configure and connect your device to NASA's email system, though you may select "Microsoft Exchange" as the connectivity option, ActiveSync is the actual service and protocol that does the work to create and maintain the connection and to get and send your email.
- Understand that NASA has not banned use of your own personal devices to access NOMAD / NASA email, though NASA does have the authority and ability to do so. The phrase "Bring Your Own Device", or "BYOD" is used to denote such devices that are not issued by NASA or the Government, but which are instead personally owned.
- For some odd reason, there are a significant number of non-NASA issued and non-Government devices that are accessing NOMAD via ActiveSync. Even more odd is that the number of new non-NASA devices that connect to NOMAD increases significantly in the days and weeks immediately after Christmas. (Yeah, I know why, but I want to add a sense of mystery here).
- Accessing email and other NASA information that is not for public release via personal devices does pose some risk to NASA data; implementing certain security precautions on a device helps reduce that risk significantly should that device be lost or stolen, regardless of whether it is a government-owned or personally owned device. Connecting to NOMAD via a personal device is a privilege, not a right. With the privilege come some restrictions, and some risks. By connecting your personal device to NOMAD or the NASA internal network, you are implicitly accepting those restrictions and risks.
- The attached policy is a compromise between allowing use of personal devices and banning personal devices entirely from connecting to NOMAD. The goal here is to ensure that some minimum security is enabled on any device that NASA does not manage and that is connecting to NOMAD.
- The policies that NASA's NOMAD / ActiveSync server will be pushing to your personal device at a minimum will enable several capabilities on your device to improve its security. First, the policies will ensure that a PIN or passcode is set and that must be used to unlock the device so that if it is lost or stolen, it will not be easy for an unauthorized individual to gain access to your email. Second, where a device can implement this, the policies pushed will set the device to be auto-wiped if there are more than 10 failed attempts to unlock the device; this is to reduce the likelihood of a brute-force guessing of the unlock code. Third, the policies will ensure that encryption capabilities for data-at-rest are turned on for your personal device.
- Each device is different, so I'm not certain what the effects will be on every type of device. I do know that for iOS devices such as iPhones or iPads the changes won't be too onerous. iOS uses data-at-rest encryption by default, so that is already turned on. If you do not have an unlock code set on your iOS device, once the policies are pushed, you will be prompted to set at minimum a 4 digit unlock code, and your device will auto-lock after 15 minutes being idle. Also, failure to input the correct unlock code after 10 tries will auto-wipe the device. Also, the option is there for a remote wipe of your device from ActiveSync, but that option will not be used without the device owner's direct permission and by their request. Again, I am not certain what you will see or how other devices will react to the policies being pushed.
- Contrary to the nonsense you've been reading at nasawatch or elsewhere, NASA does not obtain control of your personal device; NASA cannot remotely read the contents of your device; NASA does not know your unlock code; and NASA will not remotely trigger a wipe of your personal device without your direct authorization to do so. We are NASA, not NSA. Don't drop the first 'A', eh?
- Please be sure to back up your device regularly through whatever mechanism is available to you based on your device's capabilities. This protects your configuration and your data should you lose your device or should it be wiped because someone else attempted to unlock your device (you should probably explain to your kids or other family members that they should not attempt to guess the unlock code), or because you requested that NASA remotely wipe your device for some reason. It is also possible for mistakes to happen; there is some risk that your device could be remotely wiped by accident, though that risk, I think, is very small. That is one of the risks you are accepting by connecting your personal device to NASA's email system.
- If you do not like or agree with any of the changes being pushed by NOMAD / ActiveSync, you should not configure your personal device to connect to NASA's email system; if you are already connecting to NASA email with your personal device and you don't agree with these changes being pushed, you should delete your NASA email account from your personal device immediately so that these policies are not pushed to your personal device. If the changes have already been pushed to your device, you may still delete your access to NASA email from the device, and then manually remove whatever policies and restrictions were placed on the device by ActiveSync.
- No one wants their personal property tampered with -- we understand that. If you complain loudly because your device does something you don't like as a result of the policies and settings pushed to your personal device as a result of our efforts to improve IT security, or if mistakes are made and you happen to be the unlucky victim of one, and it gets enough attention, either personal devices may be banned in the future from connecting to NASA email and non-public facing systems, or you'll have to officially request the ability to connect a personal device, take SATERN training, sign paperwork explicitly accepting the risks to your personal device or data, and so on. That will add more bureaucracy and obstacles and hassles to doing what should be a reasonable thing, which is enabling you to read and respond to email via your personal devices. It's up to you how you respond to these changes. If you don't want NASA making any changes to your personal devices, please do not connect your personal device(s) to NASA email or internal networks. This is a compromise that allows your flexibility and choice. And please note that these changes will help protect your personal data on the device, not just NASA data.
I hope this message has allayed any fears or concerns regarding these changes. Understand that without these changes it is likely that, at some point, NASA would have to ban the use of all personal devices entirely. If anyone has questions or concerns not addressed here, or if I've not been clear or have made a mistake anywhere in this message, feel free to send me a note and I'll get back with you as soon as I can.
Chief Technology Officer
Human Exploration and Operations Mission Directorate
National Aeronautics and Space AdministrationWashington, DC