National Aeronautics and Space Administration IT Talk January - March 2013 Volume 3 • Issue 1 Connecting Anywhere, Anytime www.nasa.gov IT Talk In this Issue Jan - Mar 2013 Volume 3 • Issue 1 Office of the CIO NASA Headquarters 300 E Street, SW 3 Message from Washington, D.C. 20546 the CIO Chief Information Officer Linda Y. Cureton Editor and Publication Manager Eldora Valentine Editor and Writer 4 AMES IT Security Lab Sarah Rigdon and NASA FedScoop Graphic and Web Design Michael Porterfield Awards IT Talk is an official publication of the Office of the Chief Information Officer of the National Aeronautics and Connecting Space Administration, Headquarters, Anywhere, Anytime: Washington, D.C. It is published by the OCIO office for all NASA NASA’s Virtual employees and external audiences. 6 Executive Summit For distribution questions or to suggest a story idea, email: [email protected] NEACC Support for To read IT Talk online visit: nasa.gov/offices/ocio/ittalk NASA’s 2012 Virtual 8 Executive Summit For more info on the OCIO: v www.nasa.gov/ocio v insidenasa.nasa.gov/ocio (Internal NASA network only) v www.nasa.gov/open/ 12 Enterprise Licensing facebook.com/NASAcio Management Team twitter.com/NASAcio (ELMT) Is There for You! Cybersecurity Begins Message and Ends with You! By Meredith Mengel, OCIO IT Security Division from the “Laptop with NASA workers’ personal CIO data is stolen”—NBC News Stories alerting the public to NASA’s most recent security By Linda Cureton breach dominated headlines over the last several weeks. All civil servants and contractors play a major role in NASA’s ability to safeguard IT assets from cybercriminals, hackers, and other groups. By creating a united front, As we flip our calendars and embrace 2013, I think about the NASA employees can protect, prevent, and preserve challenges ahead and the rapidly evolving pace of technology. NASA data and information systems—the key to beginning the cybersecurity transformation at NASA. One of the greatest challenges I face as NASA’s Chief Information Officer (CIO) is how to empower the NASA community’s use How well are you protecting the information you use on a of emerging technologies while ensuring that use does not daily basis? Here are some tips for keeping your identity compromise NASA’s mission. This balancing act is a critical part and data safe—and the world’s focus on NASA’s good work. of the decisions I make in leading the organization forward. ҆ Complete NASA’s Annual IT Security Awareness So with this in mind, this year, just like all the rest, I have some proposed Training. This training is required for all Federal and key goals. Here are several of my 2013 New Year’s resolutions: contractor employees, and for good reason. It covers the protection of your desktop and home computers, 1. IT Security is our top priority. Ensuring that NASA data is more safeguarding your identity and data, and privacy secure is critical for our Agency. Our equipment and information best practices. Be sure to complete this training as must be protected against vulnerabilities and breaches. soon as you can; it’s an important first step toward 2. Embrace mobile technologies. learning how to protect and safeguard information. 3. Firm up policies on bring-your-own-device (BYOD). ҆ Know how to protect your laptop and the 4. Remove the stigma out of “remote” and encourage more Centers information on it in case a loss or theft occurs: to feel comfortable in embracing the concept of telework. 1. Lock your laptop when you’re not using it. 5. Use collaborative technologies more. Recently, we launched a 2. When transporting your laptop, Virtual Executive Summit that had over 600 executives Agency- keep it with you at all times. wide gather remotely using collaborative technologies. This helped 3. Laptops should be taken into your home put us one giant leap closer to implementing Administrator Charlie or office, immediately. Do not leave them Bolden’s vision of an anywhere, anyplace, anytime organization. in the trunk or back seat of your car. 6. Improve service delivery. 4. Laptops are required to be updated with Data-At-Rest We will no doubt face challenges in meeting some of these goals. (DAR) encryption before leaving Government facilities. We must all learn to do more with less and live with it. Budget cuts 5. Use strong passwords that are not easy to guess, are here to stay! But if we work smarter and more strategically, and store them separately from your laptop. I believe there is nothing we as a team cannot accomplish. ҆ Avoid clicking on unfamiliar links or downloading —Linda files from email, Facebook, or other popular communication tools, regardless of who sent them. Destructive malware uses these environments to spread and weaken your computer’s security. NASA is depending on all employees to help keep all data and systems safe! If you have questions, suggestions, or tips for improving cybersecurity at NASA, please send them to [email protected]. v NASA OCIO IT Talk January-March 2013 3 Happy New Year from the staff in the NASA OCIO Ames’s IT Security NASA FedScoop Innovation Lab Team Wins 2012 U.S. Award Winners FedScoop recently honored Federal Congratulations to all our NASA winners. National Cybersecurity technology leaders, innovators, and Golden Gov—Federal Executives Innovation Award rising stars at the first annual FedScoop ҆ 50 Awards on November 28, 2012, of the Year: Linda Cureton The IT Security Innovation Lab team developed in Washington, DC. More than 150 ҆ Federal IT Program of the and implemented a tool that identifies, attendees from the White House, U.S. Year: NASA IT Labs monitors, and raises the visibility of IT Security Department of Defense, civilian agencies, vulnerabilities at a very low cost across multiple and industry were in attendance.The ҆ FedMentors of the Year: Emma NASA Centers. Team members Matt Linton (IT 50 awardees were nominated by their Antunes, Web Manager, NASA; and security operations lead) and Chris and Matt peers throughout Government and Antoun (Web developers) developed, tested, Nicholas Skytland, Program Manager, and launched the tool quickly and efficiently. then voted on by FedScoop’s readers. Open Innovation Program, NASA More than 8,000 votes were cast The team modified Ames’s vulnerability for the awards that honored Federal For more information, visit detection program to bring responsibility directly executives, Federal leaders, industry http://fedscoop.com/fedscoop- to system administrators and technical staff— leaders, Federal IT programs, Federal 50-awards-honor-top-federal- those who can fix the problems. By normalizing and tabulating Common Vulnerability Scoring innovations, mentors, and up-and-comers. it-innovators-of-2012/ v System values for each host and cross- referencing hosts to our asset inventory, Centers are now able to produce a “scoreboard” showing which hosts are security heroes and which are security problems. The scores are further modified by constantly scanning the Center from a truly external server and adjusting scores upward when vulnerable hosts have services exposed beyond Agency firewalls. This win would not have been possible without an Agency-wide team effort that includes Jon Davis at Goddard Space Flight Center, Howard Whyte at Headquarters, and many Ames Research Center systems administrators and IT security personnel who tested and provided input on the tool. To view the full details of the innovation award, visit the NASA Ames News and Events site at: http://www.nasa.gov/ centers/ames/news/releases/2012/ rel_cybersecurity-innovation-award.html. v Ames’s IT Security Innovation Lab Team: (l–r) Allison Wolff, Linda Cureton, and Nick Skytland. Chris Antoun, Matt Linton, Matt Antoun. Photo by Nicholas Theodore 4 www.nasa.gov NASA OCIO and JAXA Representatives Meet in Maryland By Lynn Heimerl, STI Program Manager The NASA Office of the Chief Information achieve its nation’s policy objectives. A large JAXA harvests the metadata via the Open Officer (OCIO); the Agency-wide Scientific portion of the JAXA Aerospace Information Archives Initiative (OAI) from the public and Technical Information (STI) Program; and Reports Exchange (AIREX) System is interface to the NASA STI repository, which and its contractor, the NASA Center for composed of NASA STI information. is called the NASA Technical Reports Server. AeroSpace Information (CASI), recently The OAI is an initiative funded by the The NASA STI Program, which has been in hosted personnel from the Japan Aerospace Andrew Mellon Foundation, the Coalition for existence since the 1960s, is chartered to Exploration Agency (JAXA). The meeting took Networked Information, the Digital Library collect, organize, disseminate, and preserve place at the CASI facility in Hanover, MD. Federation, Microsoft, and the National NASA’s published research and development Science Foundation. For more information, STI and JAXA have an information exchange information defined as STI. The STI Database visit http://www.openarchives.org. agreement. This exchange has been (“Organize STI”) has the NASA Technical extremely beneficial for both organizations Reports Server (NTRS) for public use and the STI ensures dissemination to mandatory in helping to expand aerospace research and NASA Aeronautics and Space Database (NA&SD) Federal organizations and to commercial development information for their personnel. for internal NASA use. The program is also search engines. STI also disseminates chartered to provide the Agency with technical information to Google Scholar, which Meeting participants included Deborah publications policy and ensure that all STI is provides citation analysis for NASA Diaz, NASA Deputy Chief Information Officer reviewed and approved for technical quality authors and researchers. (CIO); Karen Petraska, Associate Deputy, and restrictions and limitations prior to release. Tech Integration & SE Computing Services CASI is the STI Program contractor that In addition, STI collects and makes available at Headquarters; Lynn Heimerl, STI Program handles the day-to-day implementation to NASA international STI from noncommercial Manager; Gerald Steeman, STI Program of the NASA STI charter.