Management
ware and software that move, process and store data.
She has said that “once it leaves orbit, it’s no longer IT,” thereby narrowing her office’s responsibility to only the technology and data that exists within Earth’s orbit. Some programs have his- torically drawn their boundaries more broadly to keep the CIO’s office out of certain systems, but agency leaders made it clear to Wynn that FITARA gives her authority over all NASA IT.
The CIO’s office sits at “the intersec- tion between cybersecurity and inno- vation,” she said. “And we’re working with folks to really give them the right tools and really taking a look at the right tools.... Are we coding in a way that’s the best practice for cybersecurity and protecting the information flowing through that software?”
The key to squaring those mandates with NASA’s federated realities is com- munication. Because so much innova- tion happens at the center level, Cureton said it is important for the agency’s top CIO to visit those centers.
“At HQ, it’s sort of on an island. It’s easy to get pretty far removed,” she said. “As the agency CIO, your only conduit is the center CIOs. If you don’t have a good, open relationship with them, you’re sort of in the dark.”
Wynn’s travel schedule in the 17 months since she stepped into the CIO job suggests that she agrees, although she has not limited herself to the cen- ters’ CIO shops. As a NASA newcomer who had spent 25 years at the Environ- mental Protection Agency, she told FCW in a 2016 interview that she was trying to learn about end-user needs in virtu- ally every corner of the agency.
In an interview for this article, Wynn stressed that “anyone can come up with a fabulous idea on how to run IT better, but what it boils down to is...working with the cores and having people on board” with the management goals.
Cureton, who retired from the CIO post in 2013, readily acknowledged that the balance between governance and NASA’s decentralized structure “could work a lot better...if there’s some
accountability on those aspects of the infrastructure that’s decentralized.”
Some of the agency’s world-class scientists and engineers value their technical achievements above all else, so “it’s difficult for them to understand that tech needs to be managed,” Cure- ton said. “I think they pretty much get security. I’m not sure they see IT as anything more than incidental to their mission.”
That attitude, combined with so many one-of-a-kind mission needs, puts the CIO in a tricky situation when it comes to laws like FITARA.
On the four FITARA score cards that have evaluated risk management and efforts to empower CIOs and drive down IT maintenance costs, NASA has received two failing grades and two C-pluses. The category that has most consistently dragged down NASA’s over- all grade is enhancement of the agency CIO’s authorities.
Wynn has been steadfast in her sup- port of FITARA and her vow that the agency will continue to improve. At one oversight hearing, she told legislators the law “has been a gift to current and future NASA CIOs.”
Cureton, however, said she is not convinced that FITARA is a panacea for NASA’s IT management challenges.
“FITARA sort of implies there is a best kind of governance for govern- ment, and I don’t think that’s neces- sarily so,” she told FCW. “That’s not an easy thing to explain, especially if you’re sitting in front of Congress answering questions. But I think NASA certainly finds itself in a position to say, ‘Hey, we’ve got something...here that works, and give us a chance to make it work in a scientific environment.’”
A diverse team of specialists
One challenge the agency faces with FITARA’s requirement for a well-trained IT workforce is the assumption that such teams only consist of IT special- ists, she said. At NASA, IT management also includes physicists, electrical engi- neers and program managers.
“It misses one of the fundamen-
tal things, which is the IT workforce doesn’t look like they think it looks,” she said.
And more broadly, Cureton added, it’s difficult to make FITARA’s authorities a practical reality. As the head of IT man- agement, the CIO is accountable under the law, “but it really is not the CIO’s fault because they have to operate in an environment with poor governance.”
Watchdog investigations into NASA’s IT — which have dinged the agency for cloud, shadow IT and information security issues — corroborate that challenge, and efforts to improve gov- ernance are ongoing.
Wynn steered clear of specific gov- ernance and authority questions but said she sees IT management as part of a broader risk management strategy while protecting what makes NASA a world-class innovator.
“Everybody at the top of any agen- cy would recognize that IT needs to be managed,” she said, adding that navigat- ing the balance is part of her manage- ment strategy “to reshape the culture.”
“NASA’s culture is an inventive, fix- it, problem-solving culture,” she said. “So now you’ve got this level of inde- pendence within the culture of ‘I can do it myself,’ which is great. But now with IT, why don’t you go do the rocket science and let the folks that work in the CIO world do the IT part on the enterprise side?”
Part of her pitch to NASA stakehold- ers is that there’s “a healthy tension” between innovation and IT, but it’s impossible to sever the relationship, especially when it comes to informa- tion security.
“We need to...go back to being at the table when they’re inventing things and make sure they have the tools to make them so that it’s safe,” Wynn said. “Cybersecurity is a huge threat, and pro- tecting NASA’s intellectual property” is paramount.
Although NASA is known for its open-data and open-source practices, “there’s a time and place for sharing intellectual property and for sharing inventions, and there’s a time and place
30 July 2017 FCW.COM