Inspector General Paul K. Martin released an audit report today examining NASA’s management of smartphones, tablets, and other mobile computing devices. The Office of Inspector General (OIG) review assessed whether NASA was appropriately managing costs associated with more than 11,000 Agency-issued mobile devices and security risks associated with more than 13,000 personal smartphones and tablets that connect to NASA networks.
Mobile electronic devices including smartphones and tablets are key components of NASA’s information technology (IT) strategy to provide its employees and contractors flexibility in accessing Agency networks from anywhere at any time. Although these mobile devices offer significant workplace flexibility, they are also susceptible to security compromise because of their size, portability, constant wireless connection, and location services. Further, the diversity of available devices, operating systems, carrier-provided services, and applications present the Agency with additional security challenges.
The OIG found that weaknesses in NASA’s mobile device management means the Agency is unable to ensure that it is not paying for a significant number of unused devices. Specifically, NASA lacks a complete and accurate inventory of Agency-issued smartphones, tablets, cellphones, and AirCards (used to provide internet access) because the information system NASA uses to order equipment from its main IT contractor is not fully functional or integrated with the database the Agency uses to track IT assets. For example, in 2013 the contractor reported that 2,280 (14 percent) of Agency-issued mobile devices went unused for at least 7 months. We were unable to determine the exact amount NASA paid for these unused devices because the information needed to match individual devices with related billings was often missing, incomplete, or inaccurate. However, we estimated that from June through December 2013 these unused devices cost NASA more than $679,000. Until NASA resolves its asset inventory and data quality issues and strengthens controls over Agency-issued mobile devices, it will continue to waste money on unused devices. We also found that while NASA has taken positive steps to mitigate security risks associated with personally owned smartphones and tablets accessing Agency e-mail systems, more work is required to reduce risks when these devices connect with other NASA networks.
The OIG made two recommendations to help improve NASA’s management of mobile devices, both of which NASA’s Chief Information Officer agreed to implement.
The full report is available on the OIG’s website at http://oig.nasa.gov/ under “Reading Room” or at http://oig.nasa.gov/audits/reports/FY14/IG-14-015.pdf
For more information, please contact Renee Juhans at firstname.lastname@example.org or at (202) 358 1220.