ZIFFPAGE TITLEDAY 1By David F. Carr | Posted 2005-10-01 Email Print
NASA has 80,000 employees, and works with more than twice as many scientists and other outsiders. The problem: Those log-ins could be used to access the agency's computer systems after the users have left, retiredor died.: The Review Panel">
DAY 1: The Review Panel
Starting at 8:30 a.m. on a Monday morning in May, we embark on 2 1/2 days holed up in the windowless conference room of a Residence Inn across the street from NASA's Washington, D.C., headquarters. After listening to briefings on every aspect of the project from more than a dozen managers, and asking our questions, our seven-member review panel will present its findings Wednesday afternoon.
For me, this represents a rare opportunity to get in on the planning phase of a major information systems project. The e-mail invitation from NISE project manager Sharon Ing arrived in late April. She had read a story I'd written on federated identity management, a technique for integrating user log-ins between otherwise separate systems, in the November 2003 issue of Baseline .
I'm joined by Dave Kearns, an identity management expert who writes a column on the topic for Network World magazine and also consults on product design with firms such as Microsoft and Novell. A gray-bearded bear of a guy, he asks the most probing questions about NASA's technology infrastructure. Another of the attendees, Daniel Greenwood, is an MIT Media Lab professor and director of its E-Commerce Architecture Program, an academic think tank that looks at legal, political and technical input to information architecture. He has counseled the state of Massachusetts on information-technology issues, and has testified before Congress several times on issues related to electronic commerce, contracts and privacy.
A last-minute cancellation by one other outsider, an information manager at an Army engineering center, left us with more than half of the members of our panel coming from inside NASAfour agency people, including regional CIOs from the Kennedy, Goddard and Langley space centers and a scientific computing manager. That came as a surprise, given that this was originally described to me as an "external review." At some point, it got relabeled a "project technical assessment."
But although these regional information systems managers weren't external to NASA, I learned that they felt like outsiders to the project, which was being run out of headquarters.
This is something I'd been warned to expect when I called up Baseline columnist Paul Strassmann, NASA's acting CIO in 2002 and 2003. The project pitfalls, he said, were likely to be more about politics than technology, and particularly about the challenge of trying to impose central authority about information security on a highly decentralized organization.
But our panel wasn't here to reorganize NASA, just to review the NISE project plans. On Sunday night, when Greenwood and I met briefly in the hotel lobby to compare notes about what would be expected of us the following morning, I passed on Strassmann's remark that our job was basically to say whether the project passed the "smell test."
On day one of the review, Greenwood is still wondering what kind of feedback would be useful. He tells our hosts he's puzzled because, in the process of reading the project documentation provided to us in advance, he noticed NASA seems to have already made many key decisions. For example, it has already chosen a suite of products from Sun Microsystems as its tools for asserting control over computer account management across the agency. So how much room is there for NASA to change course, based on the feedback we provide?
"We're really looking for a sanity check on where we've gone to date," Santiago says. It might have been more useful to have done this review sooner, he concedes, "but we're looking to you for any issues where we can make course corrections so we have the best implementation possible."
In July 2002, then-NASA administrator Sean O'Keefe started something called the "One NASA" initiative, aimed at reining in far-flung fiefdoms and implementing more coherent policies across the agency. Yet information management remains highly decentralized, with CIOs at each center who report to the director of that center and only indirectly to agency CIO Pat Dunnington.
As the review gets underway, the center CIOs emerge as the panel's most aggressive inquisitors. Foremost on their minds: How will this integration initiative impact them and their budgets? Several other regional CIOs, who aren't officially part of the panel, also show up because they want to understand what this project has in store for them.
One reason for their concern is the way they get most of their fundingindirectly, as a percentage of the budget for the space programs in which each center participates, like flying the shuttle or sending robots to Mars.
As Bruce Hevey, a retired Air Force colonel and the Kennedy Space Center's CIO, explains it, most of the other managers at Kennedy "would rather buy a rocket or put another instrument on the satellite" than spend money on I.T.
To an outsider, this budgetary arrangement seems a little dysfunctional, and the insiders aren't crazy about it, either. But for the sake of this review, we accept it as a given.
Ing, the NISE project manager, is our ringmaster, providing the overview and introducing the leaders of the different subprojects, more than a dozen of them, as they step into the ring one at a time and launch their PowerPoint slides. From behind a horseshoe-shaped bank of banquet tables, the review panelists watch, listen and fire off questions.
Agency CIO Dunnington puts in an appearance, and tries to set the project in the context of NASA's broader strategic goals. "We fly things, but the ultimate product is information," she says. A skilled workforce, unencumbered by location because of electronic workplace tools, can help make NASA better. Proper information security, she says, "is an enabling capability so people can exchange information freely around the network."
Although Dunnington talks in general about better collaboration, Greenwood notes that he hasn't heard much about any specific, compelling applications that will be linked to the NISE architecture. He says that for financial services companies collaborating in the search for "big-game institutional investors," secure instant messaging is the key application that proves the value of the underlying infrastructure. The value is in simply being able to know who else is online at any given moment, and communicate with them quickly and without fear that the message will be intercepted.
Maybe the NISE project needs its own key app, he says.
Originally, there were a few separate projects going down parallel paths related to different aspects of identity. NISE was created to tie them together.
Among them was the Identity Management System (IDMS), created to hold the master records of personally identifying information, including sensitive data such as Social Security numbers. In the age of identity theft, NASA wants to get away from routinely storing an individual's Social Security number in many different systems. However, because many applications had been written to use the Social Security number as a lookup key (that is, a unique identifier to distinguish between two individuals who might both be named "John Smith"), they had to have something to replace it with. So NASA began generating its own nine-digit unique identifiers, which fit in the same database field as a Social Security number.
The databases that support IDMSprotected behind layers of firewalls--retain the Social Security number for applications that really need it, like payroll and physical security, and track its relationship to the NASA unique identifier.
Meanwhile, the NASA Account Management System (NAMS) was created to assert control over how accounts are created and deleted, while the Cyber Identity Management System (CIMS) will establish an enterprise directory and set new standards for user authentication. Then there is the Common Badging and Access Control System (CBACS), which encompasses the issuance of security badges and the use of smart card-enabled badges for physical access to NASA facilities.
Even for an agency as acronym-crazy as NASA, this alphabet soup could spell trouble if the projects were managed separately, so NISE was created to unify these divergent but related efforts. For instance, while the security badge initiative remains officially under NASA's physical security organization, it's being implemented cooperatively with the CIO's office so that physical and logical access can be coordinated. Ultimately, the badge that gets you past the guards will also be a key to open doors and a smart card for access to computer systems. Santiago says he is spending about a third of his time on physical security issues to achieve that goal.
"And that's a good thing," Ing tells us. Previously, the physical security organization would have made its own separate plans.
As the core of the NISE project, NASA picked the Sun Java System Identity Manager suite, which includes a Lightweight Directory Access Protocol (LDAP) directory server as well as Sun's Identity Manager, which will control the creation, deletion and synchronization of user accounts.
LDAP is "lightweight" in the sense of working over Internet protocols, making it a good back end for Web applications. It's also somewhat simpler than the older directory standard it is based on, known as X.500. A directory server is a specialized database, optimized for fast retrieval of information about users and devices on a network, that can be used to verify log-in credentials and also as a lookup service for details about an individual, such as e-mail, phone number and location.
NASA will also maintain its investment in Microsoft's Active Directory. Active Directory servers at each center will still fill the essential role of authorizing network access for desktop computers; many applications, particularly from Microsoft, are written to work best with Active Directory rather than LDAP standards.
"It's just a fact of life that we're going to have Active Directory," Santiago says.
In fact, even though NASA settled on Sun's product as the best choice for maintaining an agencywide directory of users, Active Directory will still play a key role in authorizing access to systems. Even when an employee logs in to a Web-based system that's integrated with the Sun LDAP directory, the system will use pass-through authentication to verify, through Active Directory, that the user has provided the correct digital credentials.
As the new identity management system comes online, the profile for every individual will be assigned a verification code, starting at zero for accounts downloaded from an older directory or application. Virtual users, whose identification has never been established in person, will never get more than a "1," while verification code "2" will be reserved for individuals whose identity has been verified by a full background check and the collection of biometrics, including fingerprints and a photo. Meanwhile, by whittling away at the zeros, the NISE project aims to get rid of those troublesome orphan accounts.
"I know there are deceased people in the X.500 directory," Ing tells us, referring to the older directory service in place at NASA. There are "very few" of those ghosts, but there shouldn't be any, she says: "So we're trying to clean up our data as we go through this process."