FEDTECH: What kind of threats was NASA vulnerable to?
WYNN:There was the typical nation-state threat that any federal agency faces. There are threats to steal the intellectual property. You have the direct threats to the enterprise of NASA itself. Then you have people wanting to get on networks to use our compute power, not to steal anything, but to plant a little bitcoin mining operation and run something for no cost.
And you have all the typical stuff every agency has — people injecting malware into email, then an innocent person clicks on a link and, oh, there goes your day. We’ve put a lot of tools in place to protect our users from what I call an ignosecond, the moment you click on something and you realize you shouldn't have. We've done a lot of work to address the ignosecond.
FEDTECH: NASA is one of the few agencies with two layers of IT — enterprise IT and space mission IT, much like the Defense Department has enterprise IT and warfighter IT. Talk about overseeing IT for an agency with that kind of dual infrastructure.
WYNN: It does present some interesting challenges. The first thing is to understand your network topography — you have to know where points are connected and depend upon each other. We’re on the path to fully map out our networks and where they intersect, not only with our mission networks, but also with what I call our physical networks. These are our ground systems as well as the systems that our HVAC systems ride on. In 2017, there was an a-ha moment when we went, “Wow, we really are interconnected between our mission systems, our corporate (which is largely what I run) and our ground systems and physical assets.” Folks said, “Oh, we might not be as protected as we thought we were because we hadn't anticipated being interconnected with all these other aspects of agency operations.” That a-ha moment was huge in turning the mindset around.
Then from 2017 on, we've been working with the missions across all of the centers to figure out the best protection for the activity or the mission. What does that mean? Let's take Voyager. Voyager was recently in the news because communication had been stopped, and we restarted it. Voyager 2 was mapped out and designed back in the mid to late 1960s, and it was launched in 1977. Imagine what we thought the threats were in 1977 when it came to IT or cybersecurity.
FEDTECH: Basically, all you could do in 1977 was shoot it down.
WYNN: Bingo. You would use the harsh environment of space and the distance as elements of protection. All great. Now it's 12 million miles away, but it still phones home, so to speak. Well, that phoning home, it's only as sophisticated as we had in the 70s. That presents a risk to the agency, and a risk to that operation. We've been working with the mission bit by bit to figure out the best protection strategy for that flying asset, because we're not going to upgrade the operating system — it’s more than 12 million miles away. We have to think of different strategies to look at in terms of protecting it as best we can knowing when it was launched, and what the technology was at the time. I think it is important for us to continue to capture the data that we do get for the benefit of humanity.
FEDTECH: What changes have you seen in terms of support for IT within the agency and within the government?
WYNN: I’ve seen a lot. We are in the process of establishing the full budget for the NASA CIO, and the final decisions on those resources will be in December 2020. I've done a lot of preliminary work to make those conversations maybe a bit more organized than they were a few years ago. In the meantime, the seat at the table here at NASA for the CIO has changed considerably. One of the things that I think that I led NASA to is that the CIO shop is a functional leader. The next step I would like to see the next CIO make is to become an absolute business partner. We're not there yet. We bounced between a business partner and a functional owner in terms of a leadership model here at the agency. It is time for us to be a business leader or a mission leader within NASA, and I believe that I've delivered it to the point where it's a good stepping stone.
FEDTECH: Are there any projects you would have liked to have finished?
WYNN: Oh gosh, that list is long. I came in as an outsider; I didn't even understand what people were telling me half the time. Within my team, for sure, I was embraced and treated as an equal and not as an outsider. Many of my mission partners also embraced me coming to the agency and saw me as a business partner. Not everybody did. The view of the White House and the Office of Management and Budget and Capitol Hill of NASA's ability to manage IT was pretty poor. I focused my attention there, and just didn't quite roll back around to create stronger partnerships with my mission colleagues here in the building where I exist.
I wrote back in early 2019 that 2020 would be the year of the customer experience, and we are putting things into place to do that. I wish I was going to be here for that, because I so wanted to bring it to NASA, but my time was spent on fixing our external reputation when it came to cyber and how we managed IT, as well as fixing our internal cyber security posture. With my great team, we've made a difference. But that meant we had to leave behind the customer experience because I just didn't have the bandwidth nor the focus to work on that at the same time. I think great things are going to happen for that customer experience.