[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]




                 NASA SECURITY: ASSESSING THE AGENCY'S

                EFFORTS TO PROTECT SENSITIVE INFORMATION

=======================================================================

                             JOINT HEARING

                               BEFORE THE

                        SUBCOMMITTEE ON SPACE &
                       SUBCOMMITTEE ON OVERSIGHT

              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                             JUNE 20, 2014

                               __________

                           Serial No. 113-81

                               __________

 Printed for the use of the Committee on Science, Space, and Technology


       Available via the World Wide Web: http://science.house.gov




                  U.S. GOVERNMENT PRINTING OFFICE
89-410                    WASHINGTON : 2015
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001


              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY

                   HON. LAMAR S. SMITH, Texas, Chair
DANA ROHRABACHER, California         EDDIE BERNICE JOHNSON, Texas
RALPH M. HALL, Texas                 ZOE LOFGREN, California
F. JAMES SENSENBRENNER, JR.,         DANIEL LIPINSKI, Illinois
    Wisconsin                        DONNA F. EDWARDS, Maryland
FRANK D. LUCAS, Oklahoma             FREDERICA S. WILSON, Florida
RANDY NEUGEBAUER, Texas              SUZANNE BONAMICI, Oregon
MICHAEL T. McCAUL, Texas             ERIC SWALWELL, California
PAUL C. BROUN, Georgia               DAN MAFFEI, New York
STEVEN M. PALAZZO, Mississippi       ALAN GRAYSON, Florida
MO BROOKS, Alabama                   JOSEPH KENNEDY III, Massachusetts
RANDY HULTGREN, Illinois             SCOTT PETERS, California
LARRY BUCSHON, Indiana               DEREK KILMER, Washington
STEVE STOCKMAN, Texas                AMI BERA, California
BILL POSEY, Florida                  ELIZABETH ESTY, Connecticut
CYNTHIA LUMMIS, Wyoming              MARC VEASEY, Texas
DAVID SCHWEIKERT, Arizona            JULIA BROWNLEY, California
THOMAS MASSIE, Kentucky              ROBIN KELLY, Illinois
KEVIN CRAMER, North Dakota           KATHERINE CLARK, Massachusetts
JIM BRIDENSTINE, Oklahoma
RANDY WEBER, Texas
CHRIS COLLINS, New York
BILL JOHNSON, Ohio
                                 ------                                

                         Subcommittee on Space

               HON. STEVEN M. PALAZZO, Mississippi, Chair
RALPH M. HALL, TEXAS                 DONNA F. EDWARDS, Maryland
DANA ROHRABACHER, California         SUZANNE BONAMICI, Oregon
FRANK D. LUCAS, Oklahoma             DAN MAFFEI, New York
MICHAEL T. MCCAUL, Texas             JOSEPH P. KENNEDY III, 
MO BROOKS, ALABAMA                       Massachusetts
LARRY BUCSHON, Indiana               DEREK KILMER, Washington
STEVE STOCKMAN, Texas                AMI BERA, California
BILL POSEY, Florida                  MARC VEASEY, Texas
DAVID SCHWEIKERT, Arizona            JULIA BROWNLEY, California
JIM BRIDENSTINE, Oklahoma            FREDERICA WILSON, Florida
CHRIS COLLINS, New York              EDDIE BERNICE JOHNSON, Texas
LAMAR S. SMITH, Texas
                                 ------                                

                       Subcommittee on Oversight

                   HON. PAUL C. BROUN, Georgia, Chair
F. JAMES SENSENBRENNER, JR.,         DAN MAFFEI, New York
    Wisconsin                        ERIC SWALWELL, California
BILL POSEY, Florida                  SCOTT PETERS, California
KEVIN CRAMER, North Dakota           EDDIE BERNICE JOHNSON, Texas
BILL JOHNSON, Ohio
LAMAR S. SMITH, Texas
                            C O N T E N T S

                             June 20, 2014

                                                                   Page
Witness List.....................................................     2

Hearing Charter..................................................     3

                           Opening Statements

Statement by Representative Steven M. Palazzo, Chairman, 
  Subcommittee on Space, Committee on Science, Space, and 
  Technology, U.S. House of Representatives......................    11
    Written Statement............................................    12

Statement by Representative Dan Maffei, Ranking Minority Member, 
  Subcommittee on Oversight, Committee on Science, Space, and 
  Technology, U.S. House of Representatives......................    13
    Written Statement............................................    14

Statement by Representative Paul C. Broun, Chairman, Subcommittee 
  on Oversight, Committee on Science, Space, and Technology, U.S. 
  House of Representatives.......................................    15
    Written Statement............................................    16

Statement by Representative Eddie Bernice Johnson, Ranking 
  Member, Committee on Science, Space, and Technology, U.S. House 
  of Representatives.............................................    17
    Written Statement............................................    17

                               Witnesses:

Mr. Richard Keegan, Associate Deputy Administrator, National 
  Aeronautics and Space Administration
    Oral Statement...............................................    18
    Written Statement............................................    20

Ms. Belva Martin, Director, Acquisition and Sourcing Management, 
  Government Accountability Office
    Oral Statement...............................................    31
    Written Statement............................................    33

Ms. Gail A. Robinson, Deputy Inspector General, National 
  Aeronautics and Space
    Oral Statement...............................................    48
    Written Statement............................................    50

Mr. Douglas Webster, Fellow, National Academy of Public 
  Administration and Principal, Cambio Consulting Group
    Oral Statement...............................................    57
    Written Statement............................................    59

Discussion.......................................................    75

             Appendix I: Answers to Post-Hearing Questions

Mr. Richard Keegan, Associate Deputy Administrator, National 
  Aeronautics and Space Administration...........................    90

Ms. Belva Martin, Director, Acquisition and Sourcing Management, 
  Government Accountability Office...............................   112

Ms. Gail A. Robinson, Deputy Inspector General, National 
  Aeronautics and Space..........................................   119

Mr. Douglas Webster, Fellow, National Academy of Public 
  Administration and Principal, Cambio Consulting Group..........   126

            Appendix II: Additional Material for the Record

Submitted statement for the record by Representative Donna F. 
  Edwards, Ranking Minority Member, Subcommittee on Space, 
  Committee on Science, Space, and Technology, U.S. House of 
  Representatives................................................   142

Responses submitted by NASA for information requested by Chairman 
  Broun during the course of the hearing.........................   144

 
                 NASA SECURITY: ASSESSING THE AGENCY'S

                EFFORTS TO PROTECT SENSITIVE INFORMATION

                              ----------                              


                         FRIDAY, JUNE 20, 2014

                  House of Representatives,
                           Subcommittees on Space &
                                                  Oversight
               Committee on Science, Space, and Technology,
                                                   Washington, D.C.

    The Subcommittees met, pursuant to call, at 10:01 a.m., in 
Room 2318 of the Rayburn House Office Building, Hon. Steven 
Palazzo [Chairman of the Subcommittee on Space] presiding.

[GRAPHIC] [TIFF OMITTED] 

    Chairman Palazzo. This joint hearing of the Subcommittee on 
Space and the Subcommittee on Oversight will come to order.
    Good morning. Welcome to today's hearing titled, ``NASA 
Security: Assessing the Agency's Efforts to Protect Sensitive 
Information.'' In front of you are packets containing the 
written testimony, biography, and truth-in-testimony disclosure 
for today's witnesses.
    Before we get started, since this is a joint hearing 
involving two Subcommittees, I want to explain how we will 
operate procedurally so all Members understand how the 
question-and-answer period will be handled. We will recognize 
those Members present at the gavel in order of seniority on the 
full Committee, and those coming in after the gavel will be 
recognized in order of arrival.
    I recognize myself for five minutes for an opening 
statement.
    Welcome to today's joint hearing on NASA's ability to 
protect sensitive information. Recent events have reminded us 
that protecting sensitive aerospace information is more than a 
matter of national pride; it is also a matter of national 
security. Yet NASA continues to struggle with the protection of 
sensitive information, even as the agency is persistently 
targeted by our adversaries.
    Today, we discuss the reports that have shown that NASA's 
casual and negligent approach to foreign national access and 
failure to control sensitive information is allowing our 
nation's prized aerospace technology to be compromised. The 
purpose of today's hearing is to ensure that NASA follows 
through on addressing these failures.
    On March 16, 2013, Federal agents conducted a search of a 
foreign national contractor from the Langley Research Center 
before departure to China. This search was prompted by concerns 
that the individual was inappropriately granted access to 
sensitive information. Despite the fact that the individual 
pled guilty to a misdemeanor offense, the nature of the 
information on his computer and how he obtained it remains 
under investigation.
    Also, a multiyear investigation dating back to 2009 showed 
that foreign nationals were granted inappropriate access to 
information and facilities at NASA's Ames Research Center. As a 
result, NASA's Office of the Inspector General issued a 
detailed 41-page report highlighting troubling cases where 
improper access was granted under direction from senior center 
leadership.
    Today's hearing is one in a series of Congressional actions 
to address these matters. In addition to a hearing held last 
Congress in this Committee, Dr. Paul Broun, Chairman of the 
Oversight Committee, requested a GAO review of NASA's export 
control processes. And Representative Frank Wolf petitioned 
NASA to work with the National Academy of Public Administration 
to conduct an independent review of NASA's Foreign National 
Access Management. Unfortunately NASA has only released a 
summary of this report.
    These reports confirm our worst fears: that the incidents 
at Langley and Ames are not isolated incidents. Among 
conclusions from these reports we find most centers continue to 
release scientific and technical information that has not been 
reviewed for export control purposes. NASA lacks both clear 
export control policies and the oversight necessary to enforce 
them. The NASA network has indeed been compromised and these 
vulnerabilities could have significant impacts on national 
security.
    And finally, a troubling trend we have seen across agencies 
in this Administration: the failure or the willingness--
unwillingness to hold accountable those responsible for these 
errors.
    Congress has also continued addressing these matters in the 
NASA Authorization Act that recently passed the House by an 
overwhelming bipartisan vote of 401 to 2. Our bill directs NASA 
to give a timely report on compliance efforts in response to 
the recommendations of the NAPA report. It also calls for a GAO 
review of NASA's compliance and directs NASA to take national 
security into consideration when conducting technology 
transfers.
    My goal as Chairman of this Committee is to hold NASA 
accountable while working with the agency to correct these 
serious matters. I understand that NASA has its challenges. The 
original Space Act directed the agency to simultaneously 
``provide for the widest practicable and appropriate 
dissemination of information concerning its activities'' while 
also directing the agency to protect classified, trade secret, 
and confidential information.
    Additionally, NASA, like other Federal agencies, is subject 
to the requirements of the Arms Export Control Act and the 
Export Administration Act. Too often, enforcement is left to 
the discretion of center leadership in a NASA culture that 
``has a tendency to lapse back into old habits once the 
spotlight is off the area under review.'' I will point out that 
this is more than my personal assessment; it is the independent 
opinion as expressed in the NAPA report.
    I am pleased that NASA's Office of the Inspector General is 
here today to discuss these two reports, as well as their 
yearly report to Congress on NASA's compliance with Federal 
export controls laws. I am also pleased that two other outside 
groups have also reviewed the topic, the National Academy of 
Public Administration and GAO.
    While much of the focus of today's hearing will be to 
identify the failures within NASA's current structure, it is 
also an opportunity to identify ways Congress can improve and 
clarify its own roles in providing oversight and accountability 
over NASA activities. I believe this is in the best interest of 
all involved as we look to the future in a world where our 
nation's space interests are impacted by both the cooperation 
and competition of international players.
    [The prepared statement of Mr. Palazzo follows:]

              Prepared Statement of Subcommittee on Space
                       Chairman Steven M. Palazzo

    Welcome to today's joint hearing on NASA's ability to protect 
sensitive information.
    Recent events have reminded us that protecting sensitive aerospace 
information is more than a matter of national pride; it is also a 
matter of national security. Yet, NASA continues to struggle with the 
protection of sensitive information, even as the agency is persistently 
targeted by our adversaries. Today we discuss the reports that have 
shown that NASA's casual and negligent approach to foreign national 
access--and failure to control sensitive information--is allowing our 
Nation's prized aerospace technology to be compromised. The purpose of 
today's hearing is to ensure that NASA follows through on addressing 
these failures.
    On March 16, 2013 federal agents conducted a search of a foreign 
national contractor from the Langley Research Center before departure 
to China. This search was prompted by concerns that the individual was 
inappropriately granted access to sensitive information. Despite the 
fact that the individual pled guilty to a misdemeanor offense, the 
nature of the information on his computer, and how he obtained it, 
remains under investigation.
    Similarly, a multi-year investigation dating back to 2009 showed 
that foreign nationals were granted inappropriate access to information 
and facilities at NASA's Ames Research Center. As a result, NASA's 
Office of the Inspector General issued a detailed 41 page report 
highlighting troubling cases where improper access was granted under 
direction from senior center leadership. Today's hearing is one in a 
series of congressional actions to address these matters. In addition 
to a hearing held last Congress in this Committee, Dr. Paul Broun, 
Chairman of the Oversight Committee requested a GAO review of NASA's 
export control processes. And Rep. Frank Wolf petitioned NASA to work 
with the National Academy of Public Administration (NAPA) to conduct an 
independent review of NASA's foreign national access management. 
Unfortunately NASA has only released a summary of this report.
    These reports confirm our worst fears: that the incidents at 
Langley and Ames are not isolated incidences. Among conclusions from 
these reports we find: most centers continue to release Scientific and 
Technical Information that has not been reviewed for export control 
purposes. NASA lacks both clear export control policies and the 
oversight necessary to enforce them.The NASA network has indeed been 
compromised, and these vulnerabilities could have significant impacts 
on national security. And finally, a troubling trend we've seen across 
agencies in this Administration: the failure or the unwillingness to 
hold accountable those responsible for these errors.
    Congress has also continued addressing these matters in the NASA 
Authorization Act that recently passed the House by an overwhelming 
bipartisan vote of 401 to 2. Our bill directs NASA to give a timely 
report on compliance efforts in response to the recommendations of the 
NAPA report. It also calls for a GAO review of NASA's compliance and 
directs NASA to take national security into consideration when 
conducting technology transfers.
    My goal as Chairman of this Committee is to hold NASA accountable 
while working with the agency to correct these serious matters. I 
understand that NASA has its challenges: the original Space Act 
directed the agency to simultaneously ``provide for the widest 
practicable and appropriate dissemination of information concerning its 
activities'' while also directing the agency to protect classified, 
trade secret, and confidential information. Additionally, NASA--like 
other federal agencies--is subject to the requirements of the Arms 
Export Control Act and the Export Administration Act. Too often, 
enforcement is left to the discretion of center leadership in a NASA 
culture that ``has a tendency to lapse back into old habits once the 
spotlight is off the area under review.'' I will point out that that is 
more than my personal assessment- it is the independent opinion as 
expressed in the NAPA report.
    I am pleased that NASA's Office of the Inspector General is here 
today to discuss these two reports, as well as their yearly report to 
Congress on NASA's compliance with federal export controls laws. I am 
also pleased that two other outside groups have also reviewed the 
topic--National Academy of Public Administration (NAPA) and GAO. While 
much of the focus of today's hearing will be to identify the failures 
within NASA's current structure, it is also an opportunity to identify 
ways Congress can improve and clarify its own roles in providing 
oversight and accountability over NASA activities. I believe this is in 
the best interest of all involved as we look to the future in a world 
where our nation's space interests are impacted by both the cooperation 
and competition of international players.
    Thank you.

    Chairman Palazzo. I now recognize Mr. Maffei, who--are you 
going to be doing Ms. Edwards' statement or are you just going 
to go straight into your statement?
    Mr. Maffei. I am just going to go straight into mine, I 
think.
    Chairman Palazzo. Yes. Okay. Good.
    Mr. Maffei. Thank you, Mr. Chairman. Thank you Chairman 
Palazzo. Ms. Edwards does apologize. She was unavoidably 
detained and will be a little late. I for one though am pleased 
to see two Italian-American names up here, so, you know, a lot 
of our space technology has a lot to owe to Italy and history 
there.
    I won't talk long and actually I ask unanimous consent to 
put my full statement in the record. I want to put my full 
statement in the record by unanimous consent and then I will 
just talk for a minute.
    Chairman Palazzo. Without objection.
    [The prepared statement of Mr. Maffei follows:]

            Prepared Statement of Subcommittee on Oversight
                   Ranking Minority Member Dan Maffei

    Thank you Chairman Palazzo and Chairman Broun for holding this 
hearing today.
    Ensuring that America's sensitive technical designs and security 
related research is not intentionally pilfered or inappropriately 
exported is important to this nation's economic and national security. 
Each year the U.S. loses billions of dollars' worth of advanced 
technologies, innovative scientific research, and other sensitive data 
due to economic espionage and data theft.
    This impacts U.S. businesses as well as U.S. government 
laboratories and research centers. NASA is no exception. The National 
Aeronautics and Space Administration (NASA), like other federal 
agencies, is a prime target of foreign agents and global cyber 
criminals.
    The agency has a lot to offer. NASA leads the world in space 
exploration, aeronautics research, and other key scientific areas. 
Controlling the inadvertent release of sensitive information or 
intentional theft of export controlled technologies has always been a 
difficult task. This is particularly true when that sort of data 
resides in an environment that depends upon international 
collaborations and access to foreign scientists and facilities. Over 
its history NASA has had more than 3,000 international cooperative 
agreements and currently maintains an estimated 600 international 
agreements with more than 100 foreign countries. Last year NASA 
approved more than 11,000 foreign national visits to its facilities. At 
a time of constrained federal budgets and reductions in investments in 
science and technology, NASA is dependent upon these global 
interactions to ensure its continued success.
    Unfortunately, NASA has suffered from several security incidents in 
recent years that sparked reviews of its security policies and 
practices. These reviews by the Government Accountability Office (GAO), 
NASA's Office of Inspector General and the National Academy of Public 
Administration (NAPA) have all identified poor practices in protecting 
sensitive NASA technologies, organizational issues that may undermine 
NASA's security protocols, and financial constraints that may 
contribute to the inadvertent release of export restricted data. NASA 
was fortunate, however, that the incidents themselves do not appear to 
have resulted in major losses of sensitive data.
    In one of the most high profile cases involving Chinese national Bo 
Jiang, who was accused of attempting to take a NASA laptop to China 
without proper authorization while working at NASA's Langley Research 
Center in Virginia, federal prosecutors found that, ``none of the 
computer media that Jiang attempted to bring to [China] on March 16, 
2013, contained classified 2 information, export-controlled 
information, or NASA proprietary information.'' In a separate incident 
involving two foreign nationals working at NASA's Ames Research Center 
in California a NASA Inspector General report released in February, 
``uncovered no evidence to support allegations that any foreign 
nationals at Ames were provided classified information during the 
period covered by our review.''
    NASA was lucky it did not sustain a serious loss of critical data 
or technology, but the space agency has unique national assets, 
innovative technologies, and valuable scientific data that must be 
properly protected from global economic competitors, foreign 
adversaries, or individual theft by those seeking to cash in on the 
agency's valuable research and innovative discoveries.
    Being able to detect and deter these security threats while at the 
same time supporting important international scientific collaborations 
is a delicate and often difficult balance to achieve. I look forward to 
our witnesses helping us to better understand these issues, evaluating 
these often conflicting objectives, and recommending ways to maintain 
an appropriate balance.

    Mr. Maffei. Ensuring that America's sensitive technical 
designs and security-related research is not intentionally 
pilfered or inappropriately exported is extremely important to 
this nation's economic and national security, and that is why I 
am so grateful to Chairman Palazzo and Chairman Broun for 
holding this hearing today. It is an extremely important issue.
    Each year, the United States loses billions of dollars 
worth of advanced technologies, innovative scientific research, 
and other sensitive data due to economic espionage and data 
theft, and this impacts U.S. businesses as well as government 
laboratories and research centers. And NASA, like other Federal 
agencies, is a prime target for this type of espionage. Being 
able to detect and deter these security threats while at the 
same time supporting important international scientific 
collaboration is a delicate and often difficult balance to 
achieve.
    And I particularly look forward to hearing from our 
witnesses to help us better understand these issues, how we set 
that balance, and evaluate sometimes conflicting objectives to 
recommend the right way to do it.
    So thank you very much, and with that I will yield back.
    Chairman Palazzo. Thank you, Mr. Maffei.
    I now recognize Dr. Broun, Chairman of the Oversight 
Committee.
    Mr. Broun. Thank you, Chairman Palazzo.
    I would like to add my welcome to all of you all witnesses 
that are here today as well. I am looking forward to hearing 
from you about this important matter of which I have been 
concerned for a number of years now.
    This Committee and the Oversight Subcommittee in particular 
have held multiple hearings examining the state of information 
security at NASA. A hearing two years ago highlighted the 
unique cybersecurity challenges that NASA continues to face 
with constant and ever-changing threats and adversaries. Just 
last year, the Oversight Subcommittee, which I Chair, held a 
hearing to focus on the broad intersection of two very 
important issues at stake here today: finding the appropriate 
balance between scientific openness and protecting our national 
security.
    We have learned that NASA should not only worry about 
sensitive information going out of the back door through cyber 
intrusions and lax protocols but also out of the front door by 
its inability to protect sensitive technology and information 
from foreign nationals who may have unauthorized access to 
NASA's facilities.
    In October of 2012, I wrote to the GAO regarding these 
front-door concerns and requested a review of NASA's export 
control program. While I was glad to see the completed GAO 
report released last month, I was troubled by many of the 
report's findings. For example, it is very troubling to learn 
that although NASA's oversight tools have identified 
deficiencies, NASA headquarters has not addressed them at all 
as far as I can tell.
    The GAO report states specifically that ``at NASA's 2013 
annual review, the Center Export Administrators presented NASA 
HC export control officials with a list of comments regarding 
the export control program. However, NASA headquarters' export 
control officials acknowledged that they have not fully 
addressed the CEA concerns from the most recent program review 
in March of 2013 and have not developed specific plans to do 
so.'' This is intolerable. This is not because of any 
disagreement between NASA headquarters' staff and NASA centers' 
staff; in fact, the GAO report explains that NASA headquarters 
export control officials agree with issues raised by the CEAs, 
yet they have failed to develop an approach to address them. 
This is wholly inadequate for protecting our valuable assets. 
NASA needs suitable accountability and oversight in order to, 
at the very least, make certain the agency's own audit findings 
and suggestions are implemented.
    Further troubling, the report states the GAO ``identified 
instances where NASA security procedures for foreign national 
access were not followed, which were significant given the 
potential impact on national security or foreign policy from 
unauthorized access to NASA technologies.''
    NASA relies on new and sophisticated technology to 
accomplish its mission. Given the sensitivity of these 
technologies, many are subject to export controls, which 
restrict the transfer of military and dual-use technologies. In 
order to protect our leadership in technological innovations, 
we must ensure that there is adequate and consistent oversight 
and management of NASA's export control program. It is in our 
national interest. It must be done.
    I look forward to hearing from our witnesses on their 
insight and recommendations on these matters, and I hope that 
NASA will do everything in its power to address all of the 
shortcomings discussed today to ensure our nation's space 
agency can securely support and appropriately protect cutting-
edge research and technology.
    Thank you, Chairman Palazzo, for holding this very 
important hearing, and I yield back the balance of my time.
    [The prepared statement of Mr. Broun follows:]

  Prepared Statement of Subcommittee on Oversight Chairman Paul Broun

    Assessing the Agency's Efforts to Protect Sensitive Information 
Chairman Broun: Thank you Chairman Palazzo. I would like to add my 
welcome to all of our witnesses here today as well. I am looking 
forward to hearing from you all on this important matter of which I 
have been concerned for a number of years now.
    This Committee and the Oversight Subcommittee, in particular, have 
held multiple hearings examining the state of information security at 
NASA. A hearing two years ago highlighted the unique cybersecurity 
challenges that NASA continues to face with constant and ever-changing 
threats and adversaries. Just last year, the Oversight Subcommittee 
held a hearing to focus on the broad intersection of two very important 
issues at stake here today - finding the appropriate balance between 
scientific openness, and protecting our national security.
    We have learned that NASA should not only worry about sensitive 
information going out of the back door through cyber intrusions and lax 
protocols, but also out of the front door by its inability to protect 
sensitive technology and information from foreign nationals who may 
have unauthorized access to NASA's facilities.
    In October of 2012, I wrote to the GAO regarding these front door 
concerns and requested a review of NASA's export control program. While 
I was glad to see the completed GAO report released last month, I was 
troubled by many of the report's findings. For example, it is very 
troubling to learn that although NASA's oversight tools have identified 
deficiencies, NASA headquarters has not addressed them. The GAO report 
states specifically that ``at NASA's 2013 annual review, the Center 
Export Administrators presented NASA headquarters export control 
officials with a list of comments regarding the export control 
program.However, NASA headquarters' export control officials 
acknowledged that they have not fully addressed the CEA concerns from 
the most recent program review in March 2013 and have not developed 
specific plans to do so.'' This is intolerable. This is not because of 
any disagreement between NASA headquarters' staff and NASA centers' 
staff; in fact the GAO report explains that NASA headquarters export 
control officials agree with issues raised by the CEAs--yet, they have 
failed to develop an approach to address them.
    This is wholly inadequate for protecting our valuable assets. NASA 
needs suitable accountability and oversight in order to, at the very 
least, make certain the agency's own audit findings and suggestions are 
implemented.
    Further troubling, the report states that GAO ``identified 
instances where NASA security procedures for foreign national access 
were not followed, which were significant given the potential impact on 
national security or foreign policy from unauthorized access to NASA 
technologies.''
    NASA relies on new and sophisticated technology to accomplish its 
mission. Given the sensitivity of these technologies, many are subject 
to U.S. export controls, which restrict the transfer of military and 
dual-use technologies. In order to protect our leadership in 
technological innovations, we must ensure that there is adequate and 
consistent oversight and management of NASA's export control program. 
It is in our national interest. It must be done!
    I look forward to hearing from our witnesses on their insight and 
recommendations on these matters, and I hope that NASA will do 
everything in its power to address all of the shortcomings discussed 
today to ensure our nation's space agency can securely support and 
appropriately protect cutting edge research and technology.
    Thank you again Chairman Palazzo for holding this very important 
hearing, and I yield back the balance of my time.

    Chairman Palazzo. Thank you, Dr. Broun.
    I now recognize the Ranking Member of the full Committee 
for a statement, Ms. Johnson.
    Ms. Johnson of Texas. Thank you very much, Mr. Chairman. 
And let me say good morning to all.
    In the interest of saving time, I will be brief so that our 
distinguished panel of witnesses will have time to present 
their views.
    I will say that civil R&D requires openness, collaboration, 
and sharing of results to be successful. NASA's R&D portfolio 
has benefited from the culture of openness, but the benefits of 
that culture of openness, collaboration, and sharing must be 
balanced with appropriate security limit and protections. This 
can be a constructive hearing, especially if we can find ways 
to enable NASA to strike a reasonable balance between 
information sharing and the need to safeguard any sensitive 
information and technologies from inadvertent disclosure.
    I look forward to discussing this and other issues with our 
expert panel since the issues being addressed today are many of 
the same challenges that confront the other science agencies 
under the Committee's oversight umbrella. And so with that, Mr. 
Chairman, I yield back.
    [The prepared statement of Ms. Johnson follows:]

                 Prepared Statement of Full Committeee
                  Ranking Member Eddie Bernice Johnson

    Good morning. In the interest of saving time, I will be brief so 
that our distinguished panel of witnesses will have time to present 
their views.
    Civil R&D requires openness, collaboration, and sharing of results 
to be successful. NASA's R&D portfolio has benefitted from that culture 
of openness. But the benefits of that culture of openness, 
collaboration, and sharing must be balanced with appropriate security 
limits and protections.
    This can be a constructive hearing, especially if we can find ways 
to enable NASA to strike a reasonable balance between information 
sharing and the need to safeguard any sensitive information and 
technologies from inadvertent disclosure.
    I look forward to discussing this and other issues with our expert 
panel, since the issues being addressed today are many of the same 
challenges that confront the other science agencies under the 
Committee's oversight umbrella.
    With that, I yield back.

    Chairman Palazzo. Thank you, Ms. Johnson.
    If there are Members who wish to submit additional opening 
statements, your statements will be added to the record at this 
point.

    Chairman Palazzo. At this time I would like to introduce 
our witnesses.
    Our first witness, Mr. Richard Keegan, is the National 
Aeronautics and Space Administration's Associate Deputy 
Administrator and Associate Administrator for Mission Support. 
Our second witness, Ms. Belva Martin, is the Director of 
Acquisition and Sourcing Management at the Government 
Accountability Office. Our third witness, Ms. Gail Robinson, is 
the Deputy Inspector General of the National Aeronautics and 
Space Administration. And our final witness, Mr. Douglas 
Webster, is a Fellow of the National Academy of Public 
Administration and the Principal at Cambio Consulting Group.
    As our witnesses should know, spoken testimony is limited 
to five minutes each after which the Members of the Committee 
will have five minutes each to ask questions. It is the 
practice of the Subcommittee on Oversight to receive testimony 
under oath. If you would now please stand and raise your right 
hand.
    Do you solemnly swear or affirm to tell the whole truth and 
nothing but the truth, so help you God?
    Please sit.
    Let the record reflect that all witnesses participating 
have taken the oath.
    I now recognize Mr. Keegan for five minutes.

                TESTIMONY OF MR. RICHARD KEEGAN,

                ASSOCIATE DEPUTY ADMINISTRATOR,

         NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

    Mr. Keegan. Mr. Chairman and Members of today's respective 
Subcommittees, I am pleased to have this opportunity to discuss 
NASA's efforts to manage and safeguard the agency's export-
controlled technologies and information from unauthorized 
access and use. This is a topic which we agree is of great 
importance to our Nation.
    As the world's premier aerospace agency with expertise in 
space launch vehicles, satellites, aircraft, and other advanced 
technologies, NASA takes our responsibility for securing 
sensitive export-controlled information at our facilities very 
seriously. To be clear, all NASA employees have a 
responsibility to comply with export control regulations and 
Foreign National Access Management requirements. That is why 
the NASA Administrator himself has communicated to every 
employee that these requirements are critically important and 
that there will be appropriate consequences for those who fail 
to appropriately safeguard sensitive technologies and 
information.
    The recent independent reviews that will form the basis of 
today's hearing have already provided invaluable guidance to 
the agency in our efforts to protect sensitive information and 
to improve our Information Technology Security, Foreign 
National Access Management, and Export Control Management 
programs. Therefore, NASA is working to implement these 
recommendations in an expeditious manner, beginning 
immediately. In parallel, NASA will continue to improve and 
implement appropriate policy and process changes that we 
ourselves identify during our own internal audits and reviews.
    Cooperation with other nations is one of the agency's 
founding principles and thus we would like to thank the GAO and 
NAPA for recognizing this core principle during their recent 
reviews about NASA security issues. In doing so, these 
independent reviewers also highlighted the need for NASA to 
strike the right balance between protecting sensitive export-
controlled technologies from unauthorized access and the need 
for the agency to share important scientific information to 
further our public and international partnerships. In striking 
the appropriate balance, NASA recognizes that the agency must 
have clear export control policies and procedures and that all 
NASA employees must understand and abide by those policies and 
procedures.
    NASA is redoubling our efforts to ensure that we are doing 
all we can to safeguard the sensitive and valuable resources 
entrusted to us. As specific examples, NASA is working to 
improve training for employees who deal with export control and 
foreign nationals. We have established a new Foreign National 
Access Management program office. We are strengthening our 
foreign national access and export control policies and 
procedures. We are augmenting the civil service staff dedicated 
to counterintelligence activities. And we are increasing 
collaboration with other Federal agencies to share intelligence 
on threats and vulnerabilities to our information technology 
and other assets.
    In conclusion, let me assure you that NASA takes seriously 
our responsibility to secure sensitive export-controlled 
information. Additionally, the agency's security issues and 
threats will continue to have the focused attention of NASA's 
most senior managers, including the Administrator himself.
    Lastly, NASA will continue to follow through on the 
valuable recommendations made by the GAO, NAPA, and our own 
Inspector General with regard to these issues.
    Thank you for the opportunity to testify before you today 
and for your ongoing support for NASA's missions and its 
workforce. I would be pleased to answer any questions you may 
have.
    [The prepared statement of Mr. Keegan follows:]

    [GRAPHIC] [TIFF OMITTED]     
x
    Chairman Palazzo. Thank you, Mr. Keegan.
    I now recognize our next witness, Ms. Martin.

            TESTIMONY OF MS. BELVA MARTIN, DIRECTOR,

              ACQUISITION AND SOURCING MANAGEMENT,

                GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Martin. Thank you, Chairmen Palazzo, Broun, and Ranking 
Member Maffei, and Members of the Subcommittee for this 
opportunity to participate in this hearing. I will summarize my 
written testimony and ask that the entire statement be placed 
in the record.
    Mr. Keegan has summarized actions that NASA is taking or 
plans to take to address recommendations from GAO, the IG, and 
NAPA. GAO issued its report in April. Today, I will focus on 
one area: developing a risk-based approach to compliance where 
NASA can leverage existing resources to make improvements that 
can help it to effectively balance its mission of protecting 
sensitive technologies and information and supporting 
international agreements on the one hand and disseminating 
important scientific information as broadly as possible.
    But in order to develop a risk-based approach, NASA needs 
to know where technologies it is trying to protect and where 
they are located. We found that NASA headquarters officials and 
some of the front-line managers, the Center Export 
Administrators, or the CEAs, lack a comprehensive inventory of 
the types and locations of export-controlled technologies at 
the centers, severely limiting their ability to identify and 
internal and external risks to compliance. This is not a new 
issue. The NASA IG identified this issue as early as 1999.
    While acknowledging the benefits of obtaining comprehensive 
knowledge of export-controlled technologies, NASA headquarters 
officials state that doing so is resource-intensive. But as I 
have just stated, NASA has an opportunity to leverage existing 
resources. So absent a NASA-wide initiative, three centers 
began recent efforts to identify export-controlled technologies 
at their centers. At one of these centers the 
Counterintelligence Office collaborated with the CEA to 
identify the most sensitive technologies and develop protective 
measures. This is one example of a risk-based approach that 
could be implemented NASA-wide to enable NASA to target 
resources to first identify the most sensitive technologies and 
then ensure the location of these are known to staff and are 
protected. NASA concurred with our recommendations in this 
area.
    As I mentioned, the export-control--I am sorry, the Export 
Center Administrators are the front-line managers. These 
professionals are responsible for ensuring that all center 
program activities comply with U.S. export control laws and 
regulations. However, our review found wide variations across 
the centers in position and resource allocation for these 
professionals.
    For example, seven of ten CEAs are at least three levels 
removed from the center director. We were told by some CEAs 
that such placement makes it difficult to maintain authority 
and visibility to staff and to obtain the resources necessary 
to carry out their responsibilities. We found variations among 
centers and resource allocation and in particular found 
indications that the resources assigned to export controls at 
centers did not always appear to be commensurate with the 
export control workload. NASA concurred with our 
recommendations to define the appropriate level and placement 
for the CEA function and to assess workload to determine 
appropriate resources needed at each center.
    In closing, ensuring compliance with export controls is 
important because just one instance of unapproved foreign 
national access to NASA information or unapproved release of 
scientific and technical information increases the risk of harm 
to national security. Therefore, it is important that NASA 
leverage existing resources to identify export control items 
and assess vulnerabilities in adopting a risk-based approach to 
ensuring compliance. Effective oversight is also important to 
ensure consistent adherence across NASA centers. Moreover, it 
will be important for NASA to be vigilant in assessing actions 
taken to help ensure effective implementation and to avoid a 
relapse into former practices. Unless this is done, NASA will 
remain at risk of unauthorized access to its export-controlled 
technologies.
    Mr. Chairman, Ranking Members, this concludes my oral 
statement. I will be happy to address any questions you may 
have. Thank you.

    [The prepared statement of Ms. Martin follows:]

    [GRAPHIC] [TIFF OMITTED]     

    Chairman Palazzo. Thank you, Ms. Martin.
    I now recognize our next witness, Ms. Robinson.

               TESTIMONY OF MS. GAIL A. ROBINSON,

                   DEPUTY INSPECTOR GENERAL,

         NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

    Ms. Robinson. Thank you, Mr. Chairman, Members of the 
Subcommittee. Thank you for the opportunity to testify today 
about our work examining NASA's management of foreign national 
access, compliance with export control laws, and related 
security issues.
    As you mentioned, in January of each year the OIG submits 
to the House and Senate Appropriations Committees a letter 
describing the audits and investigations we conducted the 
preceding year that shed light on the extent to which NASA is 
complying with Federal export control laws. In our most recent 
letter we cited four audits examining security controls for 
NASA's information technology assets, many of which contain 
data subject to export control laws; and also a special review 
examining a Chinese national's access to Langley Research 
Center, which has also been mentioned.
    Subsequent to that letter, we also completed our review 
involving foreign national access and export control issues at 
Ames. I summarized those reviews in my written testimony and 
also described several of our audits.
    In my oral statement, I would like to highlight several 
themes from our oversight work that echo findings that the GAO 
and NAPA made as well. First, our work leads us to conclude 
that NASA needs to take a more standardized and systematic 
approach to its management of both foreign national access and 
export control. In the Langley matter, we were struck by the 
highly bureaucratic nature of NASA's process for reviewing 
foreign visit requests. For example, we noted that many 
individuals involved in the process appeared to view their 
roles in isolation with little consideration or understanding 
of the role played by others.
    Similarly, in the Ames review we found a lack of early 
coordination between project and export control personnel as 
well as deep disagreement between those groups regarding 
whether work performed by foreign nationals involved export-
controlled technology. Indeed, the issue only surfaced when the 
Ames scientists sought to publish a paper many months after 
work on the project had begun. In addition, it appeared that 
NASA lacked an efficient mechanism to resolve the dispute. We 
believe that NASA needs to work towards a model that encourages 
agency scientists and engineers to consult with export control 
professionals when projects involving foreign nationals are 
initiated and develop a mechanism for resolving disputes in a 
timely manner.
    Second, we believe export control professionals at the 
various NASA Centers should improve their understanding of the 
type and location of export-controlled technology and 
information at their Centers and at other facilities under 
their control. For example, in the course of a recent 
investigation we learned that a Center Export Control 
Administrator was not aware that an off-site lab under his 
responsibility contained export-controlled equipment and data. 
Center export control personnel need this information to ensure 
that foreign nationals do not have access to those areas.
    Third, we encourage NASA to study the best practices noted 
in the GAO and NAPA reports and adopt them at all of their 
Centers. As we have learned through our oversight work in other 
areas, NASA Centers often work independently from one another 
and do not consistently learn about or benefit from successful 
practices developed at other locations. We were particularly 
intrigued by the discussion about the Jet Propulsion 
Laboratory's success with using engineers and scientists as 
Export Control Representatives to work with the Lab's export 
control staff, a model that could help address the lack early 
interaction between project managers and export control staff 
we observed at Ames as well as provide a mechanism for dispute 
resolution.
    Finally, we agree that NASA needs to improve and expand 
training to provide its scientists and engineers with a deeper 
understanding of the importance of complying with the rules and 
regulations governing export control and foreign national 
access.
    That concludes my remarks and I would be pleased to answer 
any questions. Thank you.
    [The prepared statement of Ms. Robinson follows:]

    [GRAPHIC] [TIFF OMITTED] 

    Chairman Palazzo. Thank you, Ms. Robinson.
    I now recognize our final witness, Mr. Webster.

           TESTIMONY OF MR. DOUGLAS WEBSTER, FELLOW,

                   NATIONAL ACADEMY OF PUBLIC

                 ADMINISTRATION AND PRINCIPAL,

                    CAMBIO CONSULTING GROUP

    Mr. Webster. Good morning, Mr. Chairman and members of the 
Committee. I thank you for the opportunity to present the 
National Academy of Public Administration's assessment of 
NASA's Foreign National Access Management.
    NASA's charter to work cooperatively and share information 
with other nations while safeguarding its classified and 
proprietary information and assets can prove to be a 
challenging task. Security incidents involving foreign 
nationals at NASA research centers have led to justifiable 
scrutiny by NASA, the media, and Congress. Having a well-run 
Foreign National Access Management, or FNAM, program is in the 
best interest of NASA both in terms of protecting vital U.S. 
security and proprietary information, as well as capitalizing 
on the talents of foreign nationals.
    The panel report describes a number of important steps the 
agency can take to improve Foreign National Access Management 
and has proposed 27 specific recommendations which I will 
summarize under six topic areas, the first of which is a 
recommendation to manage Foreign National Access Management as 
a program.
    There is no systematic approach to FNAM at NASA. It is not 
managed as a program but rather in a more stove-piped 
organizational fashion. Individual headquarters elements 
produce program requirements which are in turn subject to 
broadly varying interpretations by NASA centers. Additionally, 
headquarters has inadequate means for determining the overall 
efficacy of these processes with a resulting broad range of 
outcomes, many of which are unsatisfactory.
    The second topic area is to reduce the flexibility given to 
centers to interpret FNAM requirements. The panel believes that 
NASA FNAM directives are overly broad and subject to too much 
interpretation in the field combining too much flexibility for 
interpreting largely procedural processes with a stove-piped 
organizational structure that produces organizationally 
specific directives, results in inconsistent, ineffective, and 
often fundamentally flawed outcomes.
    The third topic area is for NASA to determine critical 
assets and build mechanisms to protect them. NASA needs to 
improve how it protects all of its valuable technical--excuse 
me, technical data and proprietary information, not simply the 
proprietary sensitive and/or classified information potentially 
exposed to foreign nationals. The panel recommended that NASA 
strengthen its risk management capability by building on 
existing agency risk review processes to compile a 
comprehensive assessment of risks and threats.
    The fourth topic area concerns information technology. The 
panel believes that NASA needs to correct long-standing 
information technology security issues. During this review, 
NASA IT professionals expressed strong concerns about the 
security of the agency's non-classified systems with some 
believing that these systems have already been compromised. 
This finding is reinforced by other reviews of NASA's 
information technology, including those done by the NASA IG.
    The fifth topic area concerns NASA organizational culture, 
which in many ways is exemplary, but when considering FNAM, 
NASA needs to change several aspects of its culture. The first 
aspect of NASA culture involves unnecessary competition between 
NASA field centers. Some centers struggle to solve problems 
that other centers have already resolved, wasting time and 
money. NASA also needs to approach its current budget situation 
in an organizationally united fashion.
    A second aspect concerns accountability. The belief that 
individuals are not held accountable for ignoring or 
deliberately failing to comply with FNAM requirements is 
widespread at NASA and includes both managers and rank-and-file 
employees.
    A third aspect of NASA culture that needs to be addressed 
is the organizational tendency to revert back to prior lax 
habits once a problem has been solved and the tension of the 
moment has passed.
    The sixth and final topic area involves communicating the 
importance of these FNAM changes clearly, firmly, and 
consistently. The importance of security, the existence of 
real-world threats to NASA assets, and the need for 
improvements in handling foreign national issues have not been 
clearly and consistently communicated throughout NASA. Senior 
leaders must communicate their total commitment to an effective 
Foreign National Access Management program.
    In closing, Mr. Chairman, let me note that I believe the 
Academy has provided NASA with a good template for building a 
more robust and effective FNAM program and that the agency has 
the right leadership and commitment to make that happen. The 
Academy is in a prime position to assist NASA and this 
Committee in implementing the panel's recommendations and 
providing the Committee with information to the extent to which 
NASA has complied with the recommendations. With the 
Committee's support and oversight, I am certain this program 
will continue to provide NASA with the foreign talent it needs 
to fulfill its mission while capably safeguarding sensitive 
information.
    Thank you for providing me this opportunity to share these 
findings with you.

    [The prepared statement of Mr. Webster follows:]

    [GRAPHIC] [TIFF OMITTED] 

    Chairman Palazzo. Thank you, Mr. Webster. I thank the 
witnesses for their testimony.
    Reminding Members that Committee rules limit questioning to 
five minutes, the Chair will at this point open the round of 
questions. The Chair recognizes himself for five minutes.
    The NASA IG report on Bo Jiang stated Jiang admitted that 
the laptop computer he carried with him when he attempted to 
leave the United States in March contains some NASA 
information. According to these Department of Justice 
officials, the nature of the information on Jiang's computer 
and how he obtained it remains under investigation. The OIG 
report also states that Jiang had access to a NASA employee's 
computer that specialized in technology that would allow for 
real-time video image enhancement to improve aircraft safety by 
making it easier for pilots to fly in poor visibility 
conditions.
    Ms. Robinson, are you aware of the status of this 
investigation? Has anyone looked into whether Jiang transferred 
any information electronically prior to being stopped at the 
airport since he had access to NASA information long before he 
attempted to leave the country?
    Ms. Robinson. Mr. Chairman, to my knowledge the 
investigation is still open. The FBI is the cognizant law 
enforcement agency in that regard.
    Chairman Palazzo. So it is ongoing and active?
    Ms. Robinson. As far as I am aware, it is still open.
    Chairman Palazzo. Okay. The IG's report on Bo Jiang 
incident states that from an individual perspective, the 
preponderance of the evidence available to us suggest that one 
of Jiang's sponsors inappropriately authorized Jiang to take 
the laptop to China. Mr. Keegan, has that individual been 
reprimanded, and if so, how?
    Mr. Keegan. We appreciate the Office of Inspector General--
--
    Chairman Palazzo. Your mike, please.
    Mr. Keegan. We appreciate the Office of Inspector General's 
report on the entire Bo Jiang incident and we have concurred 
with all those recommendations.
    With respect to personnel actions, I can't discuss them 
here, but I can assure you that that report got the personal 
attention of the Administrator and appropriate actions have 
been taken or will be taken at the appropriate time.
    Chairman Palazzo. Will you be able to provide some of that 
information to professional staff, Committee staff?
    Mr. Keegan. I don't think I can discuss specific 
individuals with respect to personnel actions. I would also 
note because of the ongoing investigation, there are some 
actions that NASA could not have appropriately taken until that 
investigation is concluded.
    Chairman Palazzo. Okay. Thank you.
    The IG's Ames report states that a foreign national working 
at Ames inappropriately traveled overseas with a NASA-issued 
laptop containing ITAR-restricted information. The report also 
stated, ``we believe several Ames managers exercised poor 
judgment in their dealings with foreign nationals.'' With 
respect to ITAR issues, we found that several foreign 
nationals, without the required license, worked on projects 
that were later determined to involve ITAR-restricted 
information. In addition, on two occasions, a senior Ames 
manager inappropriately shared documents with unlicensed 
foreign nationals that contained ITAR markings or had been 
identified as containing ITAR-restricted information by NASA 
export control personnel.
    Mr. Keegan, similar to the other question, were any of 
these individuals reprimanded, and if so, how?
    Mr. Keegan. As noted in Ms. Robinson's opening statement, 
there was a great confusion and disagreement at Ames about what 
was the appropriate roles and responsibilities and whether 
export-controlled information was involved or not, and those 
pointed to weaknesses in our guidance and in our policy and 
procedures, and we have concurred with the recommendations to 
improve those items and we are moving to implement those 
changes.
    Again, with respect to personnel actions, I can't discuss 
those but I will say in that case, again, the Administrator 
personally got involved with that report in response to it and 
appropriate actions have been taken.
    Chairman Palazzo. Okay. Thank you, Mr. Keegan. And we 
respect the fact that you are not going to be able to directly 
talk about personnel actions. That is private in nature. We may 
delve more into it at a later time but, you know, it goes back 
to the culture of, you know, just kind of shrugging off these 
incidents, not taking them seriously. And if senior officials 
don't reprimand, you know, the parties that are allowing this 
sensitive information to possibly be compromised, it sends the 
wrong message across the entire institution. So we hope you 
will continue taking these recommendations and not just 
concurring with them but actually implementing them and then 
punishing those going forward if they continue to violate ITAR 
restrictions.
    My last question, the GAO report states that NASA 
headquarters export control officials and Center Export 
Administrators lack a comprehensive inventory of the types and 
location of export-controlled technologies and centers limiting 
their ability to identify internal and external risks to export 
control compliance. This is not new. The GAO report also 
recognized that NASA's lack of comprehensive inventory of its 
export-controlled technologies is a long-standing issue that 
the NASA Inspector General identified as early as 1999. I know 
Ms. Martin's testimony touched on this.
    So Mr. Keegan, how can NASA protect what it doesn't know it 
has?
    Mr. Keegan. I think the reports that you cited pointed out 
opportunities for NASA to improve its sort of centralized 
approach to categorizing the risk and the vulnerable 
technologies in our system. NASA has concurred with those 
recommendations and is consulting with our own internal Chief 
Technologist Office, Protective Services and the Mission 
Support Directorate to identify existing catalogs of 
technologies that would prove useful in implementing a risk-
based assessment of Key technologies. We are also working to 
improve our internal reviews and audits in both export control 
and Foreign National Access Management and to strengthen 
compliance and accountability mechanisms to address the issue 
you raised in your comment that individuals need to be held 
accountable for knowing their responsibilities and for 
fulfilling those responsibilities.
    Chairman Palazzo. Well, I appreciate that. You know, the 
issue has been out there for 15 years. You know, Congress wants 
to trust NASA that they are going to take corrective action 
this time and fix the problem.
    At this time I recognize the Ranking Member, Mr. Maffei.
    Mr. Maffei. Thank you, Mr. Chairman.
    It seems to me that we are just lucky that even more 
sensitive information hasn't been compromised. I will ask Mr. 
Keegan, why is international collaboration so critical to 
NASA's mission and should we just suspend international 
cooperation until these security concerns are addressed?
    Mr. Keegan. Cooperation with international nations is 
actually part of the NASA's foundational legislation, the Space 
Act, and NASA has derived great benefits from our international 
cooperation. Over half the operational science missions have 
significant international participation and contributions. The 
International Space Station obviously depends heavily on 
international contributions, and humans have inhabited that 
facility continuously for 13 years. So a lot of NASA's best, 
greatest accomplishments have depended on international 
contributions and cooperation.
    Given those benefits, we need to balance that with our duty 
to protect sensitive export-controlled information, and that 
is, you know, a balance that has been mentioned by a number of 
the reports we are talking about today. And when the 
Administrator first became aware of issues, that sort of shook 
his confidence that we were able to fulfill that 
responsibility. Therefore, he took immediate action to stand 
down, for example, to issue a moratorium on foreign national 
access until each center director could validate their 
compliance with existing rules and policies through internal 
reviews, and he also took down a NASA website, the NASA NTRS 
website, which is the website through which we share publicly 
the results of NASA's scientific and technical research until 
we could validate that all the documents, over a million on 
that website, had proper internal controls.
    And as a result of these actions and other actions we are 
taking in response to the reports we are discussing here today, 
NASA is confident that we can assure the security of sensitive 
export-controlled information.
    Mr. Maffei. All right. Thank you, Mr. Keegan.
    Mr. Webster, are you satisfied that NASA is making due 
progress in addressing the concerns of your organization?
    Mr. Webster. Well, I can say that they were very receptive 
and very cooperative with the study. The study has not reviewed 
the progress that they have made since our recommendations, and 
so that progress remains to be seen.
    Mr. Maffei. Ms. Martin and Ms. Robinson, can you comment on 
the progress since the study?
    Ms. Robinson. We have not gone to see what NASA has done 
since the study in terms of an audit or anything like that, but 
I agree that they have been very receptive to our 
recommendations and I believe they are working hard on the 
matter.
    Ms. Martin. Likewise, NASA agreed with all seven of our 
recommendations. We were certainly encouraged that the 
Administrator issued a memo to all staff reiterating the 
importance of export controls and also met with the Center 
Export Administrators. So that is an example of the tone from 
the top. But again, we have not fully evaluated all of the 
actions.
    Mr. Maffei. Mr. Keegan, Mr. Webster talked about, in his 
testimony, some cultural changes that would need to take place 
at NASA. Those are very challenging for any Administrator to 
implement. Do you feel if the current Administrator is able to 
change some of the culture at NASA? How are you approaching 
that?
    Mr. Keegan. In a couple ways. NASA is looking at our whole 
competition model as to the advantages and to the drawbacks of 
that model and we acknowledge that that sometimes creates 
incentives not to share information across centers in a way 
that is helpful to NASA as a whole. I think the Administrator 
has emphasized directly both to me and Associate Administrator 
Robert Lightfoot and to the Center Directors and Mission 
Directors who report to Mr. Lightfoot that they will be held 
accountable for implementing the actions in response to these 
reports and for emphasizing and complying with the requirements 
in these areas and for seeing that that is done in their 
organizations.
    Mr. Maffei. I thank the witnesses and yield back.
    Chairman Palazzo. I now recognize Dr. Broun for five 
minutes.
    Mr. Broun. Thank you, Mr. Chairman.
    Mr. Keegan, I am a little perplexed--actually a little more 
than perplexed about NASA's priorities toward protecting 
sensitive or secure information. Chairman Palazzo has called 
this hearing because of multiple points highlighting NASA's 
poor oversight and management in protecting sensitive 
information, yet your written statement discusses a request for 
``new'' statutory authority for--to allow NASA to withhold from 
the public certain technical data requested under FOIA.
    It is also my understanding that NASA has resisted the 
Committee's efforts to make public the NAPA report even with an 
offer for the agency to redact it.
    Now, don't get me wrong; I am certainly not encouraging 
NASA to release sensitive information. But to be clear, it is 
NASA's position that the entire NAPA report, the entire NAPA 
report, is sensitive and that no aspect whatsoever can be 
released without compromising security vulnerabilities.
    If so, would you please provide this Committee a detailed 
list of the specific passages and concerns NASA is worried 
about releasing? For instance, I find it hard to believe that 
the background section has anything of concern within it.
    Mr. Keegan. NASA appreciates the comprehensive, thorough, 
and detailed analysis that the NAPA panel did on our security 
vulnerabilities and problems with our systems and processes, 
internal deliberations, IT assets, and so forth. We also 
appreciate the fact that they rank-ordered their 27 
recommendations with an assessment of risk associated with each 
one so that we could prioritize our actions and response. But 
the combination of that information would serve to make 
vulnerable the very information that we are trying to protect 
by improving our processes in these areas. The information that 
would provide--you know, too much information about our 
vulnerabilities--is interwoven throughout the report, so to 
meaningfully and thoroughly redact it, to take that out, would 
in our opinion make the report no more useful than the 
executive summary which summarizes the six areas of 
recommendations and at the same time still pose a risk to 
security. So NASA has no plans to publicly release that report, 
although we have provided a copy of the full report--an SBU 
full report to the Committee Chairman at his request.
    Mr. Broun. Mr. Webster, do you believe there is any 
specific information in the NAPA report that is sensitive, and 
if so, could it be redacted that the entire--that the public 
could read the rest of the report? We have just heard what Mr. 
Keegan said.
    Mr. Webster. I do believe that there is some information in 
there that is sensitive and I do understand the basic 
underlying premise that you can take individually--information 
that is standing on its own is not sensitive, but when you 
piece it together with other related pieces of information, it 
can provide insight to an adversary that might be useful they 
would otherwise not gain. So I understand the philosophy. I am 
not in a position to judge if you will because we haven't done 
that analysis and we don't really have that charter to provide 
that type of analysis, but I do understand the basic logic.
    Mr. Broun. Ms. Robinson, ironically, it appears that--as 
though NASA is more concerned about protecting this report 
rather than its own sensitive information. As this hearing 
demonstrates, this Committee is very aware of the impact of 
releasing sensitive information. I am worried, however, that 
NASA is suppressing this report not because it would compromise 
security but because it would embarrass the agency. Would the 
NASA Office of Inspector General be willing to conduct a review 
of the decision to classify this report as sensitive but 
unclassified?
    Ms. Robinson. Well, I have to admit I haven't thought of 
that. We certainly could take it under advisement.
    Mr. Broun. I hope you will do so because I am very 
concerned about this. And as Chairman of the Oversight 
Subcommittee, it is my responsibility in our Committee to make 
sure that we have all the information, and it seems to me that 
NASA has been more--has let sensitive information out.
    Mr. Chairman, I have got a question if you would allow me 
to go over my time a half-minute.
    But, Mr. Keegan, without divulging personal information, 
how are the individuals that have allowed these compromises 
been punished, reprimanded, or dealt with? Now, you can tell us 
that in open session like this. And I realize that also we can 
go into closed session. We can go into whatever means it takes 
to protect a personal--a person's identity, et cetera. 
Certainly I am not asking you to divulge any personal 
information here today, but can you tell us how have these 
individuals been reprimanded, punished, or dealt with?
    Mr. Keegan. Their management has certainly spoken with the 
responsible individuals about the incidents and the facts 
underlying the report and I would say taken appropriate 
personnel action for which the----
    Mr. Broun. Mr. Keegan, that is not an answer. If you would 
just please--whatever--would you provide that to our Committee 
or the Committee staff?
    Mr. Keegan. I don't--I believe as a matter of privacy we 
can't provide information about employee discipline.
    Mr. Broun. Well, I think you can provide how--individuals, 
that is true. You cannot tell us how an individual particularly 
has been reprimanded, punished, or dealt with, but I think you 
can give us an idea. People need to be reprimanded. What I have 
seen over and over again in this Oversight Subcommittee, not 
only in this Committee but others, is people violate what they 
are supposed to be doing, they violate security, and nothing 
ever happens. And I am sick of it. And I hope that you all will 
provide this Committee some information.
    Mr. Chairman, my time is expired. Thank you.
    Chairman Palazzo. I now recognize the Ranking Member, Ms. 
Edwards.
    Ms. Edwards. Thank you, Mr. Chairman. And thank you to our 
witnesses today.
    You know, when you look back at NASA and the establishment 
of the Space Act in 1958, it is an important consideration to 
look at NASA's mission and the complications of balancing both 
the openness that is expected in the scientific and research 
innovation community and cooperation around the world with 
these really important security interests, and so for me it 
really, you know, raises a question about intent of the agency 
and the civil servants versus a culture that we need to work to 
change and shape so that there is more consideration of 
security, still respecting the overall mission of the agency. 
And I want to thank the witnesses for their testimony today.
    I especially want to commend Ms. Martin. I know that you 
are here and you are in your waning days after 36 years of 
public service, and so I want to thank you for that. I am 
reminded all the time, especially as one who represents a local 
Congressional District here in the Metropolitan Washington 
region in Maryland about all of the important and valuable work 
of our civil servants, wherever they fall.
    And so it leads me to the question about what is going on 
at the agency. And so, Ms. Martin, I would like to address this 
to you if you would, and other witnesses, please chime in. I 
wonder if, in looking at the conclusions of your three reports, 
whether you conclude that the security weaknesses that you 
found stem from an inconsistent application of policies and 
guidance on protecting sensitive information, technologies, and 
other assets of the agency and centers rather than from a 
conscious disregard of security measures by NASA personnel?
    Ms. Martin. Well, first, Ms. Edwards, I would like to thank 
you for your very kind remark, and it is indeed a pleasure to 
have this opportunity to testify before this Committee, the 
Subcommittees, a week before I am actually due to retire. It 
has been indeed an honor and a pleasure to serve the Congress 
and the American public for 36 years. So thank you very much 
for that.
    And to your question, we certainly did not find any 
widespread indications of overt attempts to circumvent policies 
and procedures. As we state in our report, there were certainly 
some lack of clarity in terms of the policies and procedures, 
and as you well know, NASA devolves a lot of responsibility to 
its centers, and so we found variations across those centers in 
terms of how they implemented policies and procedures. And no 
doubt accountability is important, but there was not any 
widespread indication in terms of our work that someone went 
about, you know, deliberately trying to circumvent policies and 
procedures.
    Ms. Edwards. Thank you very much for clarifying that. And 
it then leads me, Mr. Webster, to a question for you, and that 
is around the culture at NASA and what you are doing because it 
strikes me--and I worked at Goddard Space Flight Center, so I 
know this--the importance of devolving a lot of 
responsibilities to the agency because in part that is what 
creates an environment of innovation and creativity. And so how 
do you then balance security concerns and preventing breaches 
of release of sensitive information with a culture in which you 
want to encourage innovation and creativity? What can you do to 
bring a lot more consistency to the application of these issues 
within the agency?
    Mr. Webster. I believe that the cultural issue is perhaps 
one of the largest challenges being faced as a result of this 
review because unlike information technology or policies that 
can be changed and so on, changing the culture is a long-term 
effort. It may be that NASA and the workforce looks at its 
mission as a set of objectives and then the rest of what NASA 
has to do is sort of what they have to do in order to be able 
to execute the mission. And that would be unfortunate. And I 
suspect that is the case in many cases because instead, the 
housekeeping types of things that need to occur needed to be 
viewed as part of the mission so it is not this balancing what 
do we have to put up with in order to achieve the mission? It 
is recognized as part of the mission.
    And going back to your earlier question, I would say that 
in my perception, and I believe it is reflected in our study, 
is that NASA has consistent policy but it is inconsistently 
applied, and so that is where I think getting the culture to 
understand that as part of their mission is important.
    Ms. Edwards. Thank you. Mr. Chairman, if you can indulge me 
with Mr. Broun's 30 seconds, I would appreciate it.
    Chairman Palazzo. I will.
    Ms. Edwards. So I want to go to Mr. Keegan. I mean there 
has been some discussion about an oversight body such as the 
internal Asset Protection Oversight Board that has been 
advocated by NAPA to oversee safety concerns. What is your view 
about the necessity and how NASA would view the necessity of 
standing up such a board?
    Mr. Keegan. We think that is a valuable recommendation and 
we agree that that function would be useful to help us address 
challenges in this area and we are looking to set up something 
along those lines that would then report up to the agency's 
Mission Support Council to implement that recommendation.
    Ms. Edwards. Thank you very much.
    Thank you, Mr. Chairman.
    Chairman Palazzo. I now recognize Mr. Brooks.
    Mr. Brooks. Thank you, Mr. Chairman.
    Dick Thornburgh, panel chair, testified before Congress on 
April the 8th of 2014 that the National Academy of Public 
Administration, or NAPA, as we have been referring to it, found 
that ``there is little accountability for noncompliance when 
identified through specific incidents or periodic assessments. 
This validates the identified perception among NASA personnel 
that 'mandatory compliance' means little as there are few if 
any consequences for deliberate or inadvertent violations of 
the mandates.'' NAPA further found that ``NASA headquarters 
officials and center directors have not adequately communicated 
that strict compliance was and is required for a foreign 
national hosting, sponsoring, and escort policy and 
procedures.'' Finally, NAPA also found that ``a number of NASA 
leaders also noted that the agency tends not to hold 
individuals accountable even when they make serious preventable 
errors. Whenever an example of such an error was mentioned 
during interviews, Academy staff would follow up with: what 
happened to those responsible for the error? In almost every 
instance, the answer was either 'nothing' or 'I don't know'.'' 
Mr. Keegan, who at NASA is responsible for ensuring 
accountability for protecting sensitive information at NASA?
    Mr. Keegan. Ultimately--the ultimate accountability for 
that is the Administrator and I think the Administrator has 
made it clear through his actions in response to these reports 
that he takes that responsibility very seriously. He or the 
Associate Administrator has traveled to every center to 
emphasize that every employee has the responsibility in this 
area. His message that Ms. Martin mentioned earlier that he 
sent to every employee at NASA said he wanted to--I am 
quoting--``I also want to remind each of you of your 
responsibility to comply with all export control regulations 
and our foreign national management requirements. This is a 
serious matter and penalties for noncompliance can include 
fines and imprisonment, as well as administrative personnel 
actions such as reduction in grade or even termination.'' And 
he has directed us, as we improve the internal audit functions 
for both export control and foreign national access, to address 
strengthening compliance and accountability mechanisms.
    Mr. Brooks. Well, inasmuch as it is clear that there are 
many NASA employees who are not doing their jobs protecting 
NASA's sensitive technology and information or protecting 
America's national security by protecting information of a 
national security concern, why haven't these individuals been 
fired or otherwise seriously punished?
    Mr. Keegan. I am not sure the specific incidents to which 
you are referring.
    Mr. Brooks. Well, you just testified that you have got the 
NASA Administrator, Associate Administrator talking to these 
individuals who apparently aren't following our sensitive 
information and national security interest, and that there is a 
problem in NASA according to the NAPA report. How many of them 
have been fired, the employees who have not been in compliance 
with NASA's own rules and regulations concerning protection of 
sensitive information and protection of our national security?
    Mr. Keegan. I am not aware of any findings of intentional 
misconduct on the part of NASA employees but rather problems 
with understanding the roles and responsibilities as spelled 
out by the policies and procedures.
    Mr. Brooks. So if the employees are just not doing their 
jobs, they are not paying attention, they are negligent, 
grossly negligent, NASA doesn't terminate them because they are 
doing a bad performance job?
    Mr. Keegan. We have--we acknowledge that we have 
shortcomings in this area of accountability and I think the 
Administrator has taken strong actions to address those 
shortcomings.
    Mr. Brooks. And does that strong action include the threat 
to terminate the NASA employees who intentionally or 
negligently or through gross or reckless misconduct fail to 
protect sensitive NASA material, thereby also failing to 
protect America's national security? Do we have assurances that 
in the future these people will be fired if they risk our 
country's sensitive information and national security?
    Mr. Keegan. Well, you have NASA's assurance we will take 
the appropriate disciplinary actions, the most serious of which 
include termination.
    Mr. Brooks. Well, I hope in the future that termination 
will be an option that NASA will utilize because I can assure 
you in the private sector those folks are gone. And in the 
public sector we should treat employees who fail to do their 
jobs similarly. Thank you for your responses.
    Chairman Palazzo. I now recognize Ms. Bonamici.
    Ms. Bonamici. Thank you very much, Mr. Chairman.
    Thank you to all the witnesses for your testimony, for 
being here today. This is an important topic. Of course it has 
national security implications but also we are pondering 
whether the recommendations made by the reports that we are 
discussing here today, whether they could impact some of the 
core elements of NASA's mission.
    Also, I have to say that the public is really looking to us 
to find the right balance, and we heard that word this morning, 
balance, quite a lot, between of course keeping our country 
safe and protecting sensitive research and data, maintaining 
our country's leadership role, but also understanding that 
there is importance in NASA publicly disseminating the results 
of research and the scope of its scientific activities. I have 
to say that that is important for many reasons but especially 
to help educate the public about the benefits of NASA's work. 
So it is finding that right balance.
    I do want to point out that, Dr. Webster, you said in your 
testimony that NASA provided complete cooperation for this 
review and NASA interviewees were candid, cooperative, and 
eager to offer both suggestions and be involved in problem-
solving, and I just wanted to point that out, that you 
recognized that when you did your assessment. And that is so 
important.
    We look at the report from the NAPA, National Academy of 
Public Administration, and they acknowledge that foreign 
national participation in NASA programs and projects is an 
inherent and essential element in NASA operations. So 
considering the implications that the OIG and the NAPA reports 
have on these areas, I am interested in whether our witnesses 
see any potential to improve international collaboration 
through the recommendations of these reports if they are all 
implemented. Might there be a possibility that international 
collaboration is improved? If you just want to each state 
briefly whether you agree that there is any potential there?
    Mr. Keegan. I think the thoughtful recommendations from all 
three of the reports that we are talking about here this 
morning offer the opportunity for NASA to strengthen its 
foreign national participation by having clear guidance and by 
assigning roles and responsibilities that everyone understands 
and complies with. This will sort of make it easier for 
involving foreign nationals as appropriate in our research.
    Ms. Bonamici. Does anyone disagree with that? Ms. Martin?
    Ms. Martin. No. I would agree that it is not an either/or, 
and obviously foreign participation, international agreements 
are important to NASA's work, as Mr. Keegan and others have 
said, but it is important to have those clear policies and 
procedures and we think that risk-based approach to compliance 
is really one way that can help NASA with that balance.
    Ms. Bonamici. Ms. Robinson, Dr. Webster, do you agree 
with----
    Ms. Robinson. Yes.
    Mr. Webster. I do as well. I believe it is a risk-based 
approach and it is a balancing act. I mean you can obviously 
have more collaboration by ignoring security, but there is a 
cost to be paid for that.
    Ms. Bonamici. Right. And thank you. I want to follow up on 
questions that were just asked. It seems listening to the 
testimony and reviewing what you have submitted that the core 
problems described in the reports are because individual NASA 
employees did not appropriately follow existing policies or 
procedures. So I want to start with Mr. Keegan. Do you see that 
as resulting from inadequate training, ineffective 
organizational structure, or a lack of resources, or some of 
each?
    Mr. Keegan. I think that it is a combination, and we are 
taking action. One of the earlier reports mentioned that there 
was confusion and bureaucracy in the implementation of these 
requirements, so we are trying to address that through 
clarified policy, through clarified training. And also we have 
detailed a full-time person who is a project engineer who can 
sort of put these export control requirements in language and 
in the training sort of in terms of the process that flight 
project folks understand in terms of what their 
responsibilities are. So we think there are improvements to be 
made in all three areas.
    And we are allocating, as I mentioned in my opening 
statement, increased resources to this area as well. And I 
think the Foreign National Access program will pull together, 
you know, the coordination of the various elements in this area 
of responsibility across the agency.
    Ms. Bonamici. And the recommendations that NASA is 
implementing, do you see those as realistic fixes? Once 
implemented, will they resolve the problems that were brought 
to light by the assessment?
    Mr. Keegan. Absolutely realistic fixes and we hope they 
will address all of the issues, but in my 32 years at NASA I 
have never seen a strong external review that has failed to 
identify some areas where we could continue to improve as well.
    Ms. Bonamici. Thank you.
    And I yield back the balance of my time. Thank you, Mr. 
Chairman.
    Chairman Palazzo. I now recognize Mr. Posey.
    Mr. Posey. Thank you, Mr. Chairman.
    Mr. Keegan, I think you are aware everybody on this panel, 
probably everyone in this room I think is a friend to NASA. 
They recognize NASA does many wonderful things. They want them 
to do many more things. But like everybody in this room, NASA 
is not perfect. We can't expect anybody to be perfect. But we 
are talking about matters of national security now and we need 
to be as close to perfect as we can possibly be. And when 
Members ask questions like about disciplinary action in the 
past, you know, and they kind of get rope-a-dope here, you 
know, the bobbing and weaving, no direct answers. It sounds 
petulant, arrogant, defiant. It seems like an us-against-them, 
and I know that you don't intend that but that is how it comes 
across.
    This is not my first rodeo with issues like this. Financial 
Services Committee, the Securities and Exchange Commission 
played rope-a-dope with us for a couple years. They let Bernard 
Madoff steal $70 billion from people, innocent people. People 
died because of it. People went broke. People are living in 
poverty now instead of a comfortable retirement because about 
50 people in that agency didn't do their job. And we had great 
Inspector General reports, IG reports, made recommendations 
about what the accountability should be, and we got the rope-a-
dope from the SEC for years. Well, we are working on it. Some 
of these things are still pending. We can't talk about them. It 
is a big secret.
    So finally, basically under Freedom of Information Act, we 
find out that none of the recommendations for disciplinary 
actions were taken. Everybody was let off easy. One explanation 
that was supposed to make us happy is the Secretary said, well, 
it might please you to know that half the employees are no 
longer with the agency that let him do all these things bad. I 
said, well, you know, great. That is problem solved. A 
pedophile moved into a different neighborhood. No. I mean they 
are retired on the government's dime. They took jobs as 
investigators or compliance people for other agencies maybe. 
That doesn't solve any problems because they are not with the 
agency.
    So we wonder how many of people in your agency that we are 
going to find out three years from now, oh, well, we let them 
hang in there until they got a better job and could double 
their salary on K Street or whatever, you know. I mean we would 
like some serious answers and I think you owe them.
    And my question to you now, has any disciplinary action 
ever been taken? And you can tell me yes or no and tell me what 
kind it was.
    Mr. Keegan. Yes, disciplinary action has been taken. I know 
certainly of instances of counseling. I don't know of----
    Mr. Posey. Okay.
    Mr. Keegan. --any other specifics related to the issues in 
these reports we are talking about here today. I certainly know 
about instances elsewhere in NASA where--I mean I don't think 
NASA shies away from taking appropriate discipline up to and 
including removal.
    Mr. Posey. Has anyone ever been removed, do you know?
    Mr. Keegan. At NASA?
    Mr. Posey. Yes, sir.
    Mr. Keegan. Sure.
    Mr. Posey. Over security breaches?
    Mr. Keegan. I don't know that.
    Mr. Posey. Could you find out for us? We would like to kind 
of have a summary. You can tell us what actions have taken and 
you don't have to name employees. The IG has even named 
specific employees and said this employee did this; they should 
be disciplined like such. Of course they weren't, you know, but 
I think we would like to know what the history is, with the 
track record is, if actions have really been taken. I mean do 
these people write these reports to come in and give them to 
Congress and then the agencies just blow them off and say, 
those suckers, they can't make us do anything?
    I mean that is the way it seems sometimes. That is the way 
a lot of the taxpayers feel at home. They see that there is a 
lack of accountability in government. We come here, we hold 
hearings, and yeah, we will check into that, yeah, we will 
report on that, and sure, we will get back with you. But we 
don't. I mean I have got stacks of unanswered correspondence, 
you know, over my head. It seems like, you know, some of the 
agencies just refuse to do any compliance and it just--it seems 
like it is us, government, against them, the public or their 
representatives. And we would like to think that that culture 
is not pervasive in NASA, but when we can't get straight 
answers, that is the conclusion people tend to think. And it 
makes it hard.
    I mean we want to get funding for NASA to big things. It 
takes money. And the public perception is, you know, that NASA 
gets 20 percent of the budget. We know the reality you get 1/2 
of one percent and we know that is plundered. We know that 
comes through like a big piinata from everything from the COPS 
program to whatever other pet projects people want to steal 
from NASA because, number one, we don't do a good PR job in 
NASA and I could spend a couple hours talking about that; and 
number two, people already think we spend too much money on it; 
and number three, there is cases like this where they don't see 
a lack of accountability.
    So I would hope that when you come in here to share with 
us, we work toward changing that, that it is not us against 
them. We are just trying to see that there is some fundamental 
accountability. We try and teach our children that in school. 
You know, everybody in the private sector has it that I know 
about and we just want to see that that is in place at NASA, 
too.
    And again, we are not talking about personalities. We are 
literally, we are literally talking about the national security 
of this Nation. We are talking about people that come here from 
another country and we can't expect you to profile everybody 
who is going to have access to any information because they 
shake down everybody when they get home, from tourists, to 
students, to everybody else. We know that is tough but we have 
to get off the dime and move in that direction. And when people 
seemingly almost willfully violate or transgress guidelines 
that make this nation secure, they need to be held accountable 
and you need to let us know that that is happening.
    Thank you, Mr. Chairman. I yield back.
    Chairman Palazzo. I now recognize Mr. Johnson.
    Mr. Johnson of Ohio. Thank you, Mr. Chairman.
    I would like to associate myself with some of the comments 
that my colleague Mr. Posey said. I am a big fan of NASA. I 
mean I grew up on Buck Rogers and Star Trek and enamored by 
space travel. I have got NASA, Glenn, in Ohio. I am a big, big 
fan of NASA's.
    But, Mr. Keegan, some of your responses don't rise to the 
level of credibility with what we are dealing with here today. 
How did you go about preparing for this hearing today? You knew 
this was going to be about security breaches and personnel 
having done those, but we are getting a lot of ``I don't know'' 
answers. What did you do to prepare for today's hearing?
    Mr. Keegan. I reviewed the reports and----
    Mr. Johnson of Ohio. You did review the reports?
    Mr. Keegan. Yes.
    Mr. Johnson of Ohio. Okay. That is a good start because you 
said earlier that you were not aware of any deliberate actions 
by NASA employees to violate security protocols. Have I got 
that right? Is that what you said earlier?
    Mr. Keegan. I am not aware of any specific employees that 
have----
    Mr. Johnson of Ohio. Okay. Well, in the report----
    Mr. Keegan. --been identified----
    Mr. Johnson of Ohio. --from--in the report from GAO they 
state that in some instances in terms of trying to avoid export 
control review, they said it was the result of deliberate 
action by authors to avoid export control review of papers 
prior to release. And yet you say you read the reports and to 
come to this hearing and not know whether or not people have 
been addressed and disciplined for those types of deliberate 
actions, that doesn't rise to a level of credibility for me, 
and I worked for almost 26-1/2 years in the Air Force, much of 
that in top-secret and classified conditions. I know at least 
in the environment I worked in where the buck stopped. You are 
pretty close to where the buck stops. I am a little incensed 
that you don't know the answers to these questions that you are 
saying you don't know the answers to.
    Let me go back to one that Mr. Posey asked you. You said 
that there have been people removed from NASA but specifically 
in your written testimony you noted that penalties for 
noncompliance with export control regulations, of which reviews 
are part of and Foreign National Access Management 
requirements, that those penalties could include fines, 
imprisonment, or administrative personnel actions. Well, let me 
ask you again--and you don't have to give me a specific name of 
anyone--but do you--has anyone in NASA received any of those 
things--fines, imprisonment, or administrative personnel 
actions--for a security breach--for a deliberate security 
breach, as noted by GAO? Has anyone been disciplined to that 
level?
    Mr. Keegan. I will take that question for the record and 
provide you a response.
    Mr. Johnson of Ohio. Okay. I would appreciate that. Thank 
you very much.
    Ms. Robinson's testimony noted that NASA's Jet Propulsion 
Laboratory has had success using engineers and scientists as 
export control representatives to work with the export control 
personnel, so I will ask, Mr. Keegan, if you know the answer to 
this. Maybe others on the panel want to comment. Can someone 
provide a more detailed explanation of the process of working 
with scientists as export control representatives? I mean what 
do the scientists at NASA's Jet Propulsion Laboratory do that 
scientists at NASA centers do not do? How do they work 
differently with export control personnel?
    Mr. Keegan. I would like whoever reviewed that as a model 
that we can look at to describe it.
    Mr. Johnson of Ohio. Okay. So we are not sure. Okay.
    Ms. Robinson. I think it is just--again, this was not in 
our report; it was something that I noted in the other reports, 
but I think it is a process that they have in place, a way to 
have interactions between the two groups of professionals so 
they are having conversations and they are understanding what 
kind of projects are we working on, are there foreign nationals 
working here, how do we resolve these issues? So it is a 
process.
    Mr. Johnson of Ohio. Okay. All right. Well, that five 
minutes went fast.
    Mr. Chairman, I guess I will yield back the balance of my 
time, the one second I have got.
    Chairman Palazzo. Are you sure you don't want 30 more 
seconds or a minute? Okay.
    That is perfect time and I do believe votes were just 
called or did they go back in session? Well, the buzzer went 
off.
    Well, it is absolutely obvious that this Committee takes 
our national security very importantly. It is a bipartisan 
issue. It is also obvious that when you look at the global 
events around the world that the world is not becoming safer; 
it is becoming much more dangerous. And America's leadership in 
space isn't just about national pride; it is about national 
security. And we are not going to wait 15 years to make sure 
that these recommendations are being implemented by NASA. We 
are going to be looking forward to reports every year and we 
are going to be taking a hard look at this.
    So I thank the witnesses for their valuable testimony and 
the Members for their questions. Members of the Committee may 
have additional questions for you and we will ask you to 
respond to those in writing. The record will remain open for 
two weeks for additional comments and written questions from 
Members.
    The witnesses are excused and this hearing is adjourned. 
Thank you.
    [Whereupon, at 11:22 a.m., the Subcommittees were 
adjourned.]
                               Appendix I

                              ----------                              


                   Answers to Post-Hearing Questions



                   Answers to Post-Hearing Questions
Responses by Mr. Richard Keegan


[GRAPHIC] [TIFF OMITTED] 

Responses by Ms. Belva Martin

[GRAPHIC] [TIFF OMITTED] 

Responses by Ms. Gail A. Robinson

[GRAPHIC] [TIFF OMITTED] 

Responses by Mr. Douglas Webster



                              Appendix II

                              ----------                              


                   Additional Material for the Record




[GRAPHIC] [TIFF OMITTED] 

Responses submitted by NASA for information requested by Chairman Broun

[GRAPHIC] [TIFF OMITTED] 

                                 
