NASA OIG Audit of the Space Network’s Physical and Information Technology Security Risks
Audit of the Space Network’s Physical and Information Technology Security Risks (IG-14-026, July 22, 2014)
In April 2014, the Office of Inspector General (OIG) completed an audit of NASA’s Space Network Project. [1] During the course of our work, we identified information technology (IT) security, IT resources, and physical security issues associated with the Space Network and the White Sands Complex that require management’s attention.
With regard to physical and IT security, we found NASA has not ensured security controls are in place on certain wide area network infrastructure, needs to clarify waiver requirements for IT security controls and mitigations, and should take additional steps to ensure that long-standing physical security risks are addressed. We also found that the Space Network is not using NASA’s Agency Consolidated End-User Services (ACES) contract to obtain administrative computers and associated end-user services and therefore may be spending more than necessary for equipment and services without realizing the operational and security benefits of systems provided through ACES.
However, in past reviews we have highlighted a series of challenges stemming from the decentralization of Agency IT operations, ineffective IT governance, and shortcomings in the Agency’s IT security. [2] Each of these conditions is an aspect of the larger management challenges NASA faces with its IT security, governance, and acquisition practices.
To address these issues, we made four recommendations to the Agency which generally agreed with our recommendations and proposed corrective actions that we consider responsive.
The full version of this report includes material NASA considers Sensitive but Unclassified information that, if distributed widely, could pose a security threat to NASA computer systems.
[1] NASA OIG, “Space Communications and Navigation: NASA’s Management of the Space Network” (IG-14-018, April 29, 2014).
[2] NASA OIG memorandum, “2013 Report on NASA’s Top Management and Performance Challenges,” December 2, 2013.
