NASA’s $3B Safety, Security, & Mission Services Budget will Address OIG High-End Computer Findings

NASA earmarked $628.6M of its $3B FY 2025 Safety, Security, and Mission Services budget for its Mission Services and Capabilities (MSaC) Information Technology program that will address recommendations in the recent Office of the Inspector General (OIG) Audit of NASA’s High-End Computing Capabilities.

The audit focused on relevant policies, processes and controls, capacity planning, stakeholder engagement, and cybersecurity of systems used for critical missions for more than 30 years. NASA is using these systems now to develop models for the Artemis mission to return humans to the Moon’s surface and send crews to Mars in 2030.

The audit findings include:

• Lack of a centrally managed HEC system leads to cybersecurity issues. While the Science Mission Directorate (SMD) oversees the agency’s HEC resource requirements, the main HEC facilities are the NASA Center for Climate Simulation at Goddard Space Flight Center (GSFC) and the NASA Advanced Supercomputing Facility at Ames Research Center. Users at all NASA centers and authorized external partners can use the data and resources from these facilities via the cloud and remote access capabilities.
• Lack of direct OCIO oversight and involvement leads to increased spending on HEC resources due to duplicating items like software licenses, systems, etc. There is also an absence of guiding documents and frameworks such as a plan for managing the HEC portfolio.
• Securing the HEC systems is challenging due to the size, performance requirements, complex hardware, software, and applications, the different security requirements, and the nature of their shared cyber resources.
• Current HEC systems cannot keep up with demands as directorates request more computing time than they can provide. Hardware issues cause job failures and schedule delays. Long queue times and lack of available resources result in various centers purchasing their own HEC resources.
• Lack of a comprehensive strategy on when users will use the on-site assets, or the cloud computing options and a lack of understanding about the costs associated with the cloud computing inhibit the use of the remote cloud capabilities.
• Lack of adequate user monitoring and security review process for the extensive use of foreign national parties accessing the system increases cybersecurity risks.
• Mandated cybersecurity controls are often ignored or bypassed because users view them as too strict, incompatible, or disruptive. The users prefer to maintain the processing speed and system capabilities necessary for their research.
• “NASA is not keeping up with technological developments and advanced research computing requirements, in part due to these organizational and funding constraints.”

Based on these findings, the OIG provided nine recommendations to enable NASA’s HEC systems to meet the Agency’s unique requirements and position it to securely support successful future missions. Those recommendations are:

1. Appoint executive leadership to determine the appropriate definition, scope, ownership, organizational placement, and structure for NASA’s HEC. Additionally, the IG recommended that the Associate Administrator establish a tiger team to collaborate and strategize on HEC issues, including: 
2. Develop enterprise-wide stakeholder requirements to validate commitment agreements as required by policy.
3. Identify technology gaps essential for meeting current and future needs and strategic technological and scientific requirements.
4. Develop a strategy to improve prioritization and allocation of HEC assets, including on-premises versus cloud resources.
5. Evaluate cyber risks to determine oversight and monitoring requirements.
6. Implement an HEC classification designation for identifying HEC assets.
7. Develop an inventory of enterprise-wide HEC assets.
8. Document risk impact, classification, and categorization for all HEC jobs; and
9. Identify and mitigate gaps in the foreign national accreditation access process.

NASA management agreed with recommendation #1 and part of #2 with plans to establish the Tiger Team. Within the $3B FY 2025 NASA Budget for the Safety, Security, and Mission Services Directorate, the agency requested $628.6M for the MSaC Information Technology program, which will address these recommendations. According to the NASA Budget in Brief, the agency plans to:

• Deploy new tools and implementation of a modernization and network improvement strategy
• Transform the IT business services through Artificial Intelligence (AI), cloud adoption, and robotic process automation
• Improve authorized agency-wide collaboration capabilities including transition to hybrid workspaces allowing remote and virtual work through investment in high-tech tools
• Appoint a Chief AI Officer and establishment of AI governance IAW Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence and other Federal directives, and
• Improve cybersecurity detection and response, accelerate cybersecurity assessments, and lead the adoption of AI use cases to support advanced mission outcomes.

These modernization efforts will span multiple agencies as NASA looks toward centralizing HEC operations, purchasing high-tech tools and equipment, and implementing cybersecurity mandates. Large and small businesses will have opportunities to grab a piece of this pie.