Larry Sweet is the former CIO of our National Aeronautics and Space Administration (NASA). During his tenure at NASA, he focused on increasing collaboration among the agency's geographically dispersed centers and with other federal agencies, strengthened the security of NASA's IT infrastructure, identified and addressed inefficiencies, reduced costs in current programs, and maximized the use of enterprise and shared services.
He will join InfoSystems Chief Strategist Mike Caffrey February 25, for Part 3 of the Don't Let Your CEO Lose Sleep Over This series: "NASA Knows Best: Handling a Daunting Attack Surface."
The NASA we know today is, in many ways, a product of budget cuts. The completely federally funded programs that most of us grew up with-from Gemini to Apollo and the space shuttle-have since vanished due to continual cuts. Everyone wants more with less, even NASA! After 30 years, even our beloved shuttle program fell victim to the cutbacks.
For the last 4 to 5 years, NASA has had to work with a variety of international as well as commercial domestic partners, like SpaceX. International partnerships with the European Space Agency, German Aerospace Center (DLR), and Japanese Aerospace Exploration Agency (JAXA) are just a few. Make no mistake: these partnerships are a good thing. NASA needs partners to help fund its greatest projects, to share the expense and the risk.
Look at the high level activity leading up to a Manned Mission to Mars - incredibly complex and expensive…
Liken this to creating a shared risk/reward relationship with your sometime-competitor to further your strategic business plan. How much would you be willing to share? How much can you share and still know your data is safe and secure? How much would you risk knowing that, without partnerships, you wouldn't have the resources to compete with your better-funded competitors?
The pressure of limited budgets has energized the space "business." It has changed the way we think about space exploration, experimentation, and the value of aerospace organizations to society as a whole. These partnerships aren't just there to bring astronauts safely to and from the international space station. They are there to, like a business, drive the cost down and realize revenue in excess of cost. (Note: NASA is a non-profit!)
How should this influence our approach to security?
You can't control everything. Use the proposal process and the data protection requirements to provide a defined level of security.
Be as open as possible with your vendors and partners; in doing so, you have to accept some level of risk. No risk, no reward!
Retain in-house command and control for critical projects.
NASA, as a space agency, is no different from the typical private sector company out there fighting for both relevance and survival. Financial pressures have given way to new business models that require partnerships - vendors doing what they are uniquely qualified to do. And in some cases - coop-etition.
Admitting that total control is an illusion paves the way to a better understanding of your data and what you CAN control. We must all learn to better-manage risk rather than kidding ourselves with an impossible fight to avoid it.