b"<html>\n<title> - NASA SECURITY: ASSESSING THE AGENCY'S</title>\n<body><pre>[House Hearing, 113 Congress]\n[From the U.S. Government Publishing Office]\n\n\n\n\n                 NASA SECURITY: ASSESSING THE AGENCY'S\n\n                EFFORTS TO PROTECT SENSITIVE INFORMATION\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               BEFORE THE\n\n                        SUBCOMMITTEE ON SPACE &\n                       SUBCOMMITTEE ON OVERSIGHT\n\n              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY\n                        HOUSE OF REPRESENTATIVES\n\n                    ONE HUNDRED THIRTEENTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                             JUNE 20, 2014\n\n                               __________\n\n                           Serial No. 113-81\n\n                               __________\n\n Printed for the use of the Committee on Science, Space, and Technology\n\n\n       Available via the World Wide Web: http://science.house.gov\n\n\n\n\n                  U.S. GOVERNMENT PRINTING OFFICE\n89-410                    WASHINGTON : 2015\n-----------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing \nOffice Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC \narea (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC \n20402-0001\n\n\n              COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY\n\n                   HON. LAMAR S. SMITH, Texas, Chair\nDANA ROHRABACHER, California         EDDIE BERNICE JOHNSON, Texas\nRALPH M. HALL, Texas                 ZOE LOFGREN, California\nF. JAMES SENSENBRENNER, JR.,         DANIEL LIPINSKI, Illinois\n    Wisconsin                        DONNA F. EDWARDS, Maryland\nFRANK D. LUCAS, Oklahoma             FREDERICA S. WILSON, Florida\nRANDY NEUGEBAUER, Texas              SUZANNE BONAMICI, Oregon\nMICHAEL T. McCAUL, Texas             ERIC SWALWELL, California\nPAUL C. BROUN, Georgia               DAN MAFFEI, New York\nSTEVEN M. PALAZZO, Mississippi       ALAN GRAYSON, Florida\nMO BROOKS, Alabama                   JOSEPH KENNEDY III, Massachusetts\nRANDY HULTGREN, Illinois             SCOTT PETERS, California\nLARRY BUCSHON, Indiana               DEREK KILMER, Washington\nSTEVE STOCKMAN, Texas                AMI BERA, California\nBILL POSEY, Florida                  ELIZABETH ESTY, Connecticut\nCYNTHIA LUMMIS, Wyoming              MARC VEASEY, Texas\nDAVID SCHWEIKERT, Arizona            JULIA BROWNLEY, California\nTHOMAS MASSIE, Kentucky              ROBIN KELLY, Illinois\nKEVIN CRAMER, North Dakota           KATHERINE CLARK, Massachusetts\nJIM BRIDENSTINE, Oklahoma\nRANDY WEBER, Texas\nCHRIS COLLINS, New York\nBILL JOHNSON, Ohio\n                                 ------                                \n\n                         Subcommittee on Space\n\n               HON. STEVEN M. PALAZZO, Mississippi, Chair\nRALPH M. HALL, TEXAS                 DONNA F. EDWARDS, Maryland\nDANA ROHRABACHER, California         SUZANNE BONAMICI, Oregon\nFRANK D. LUCAS, Oklahoma             DAN MAFFEI, New York\nMICHAEL T. MCCAUL, Texas             JOSEPH P. KENNEDY III, \nMO BROOKS, ALABAMA                       Massachusetts\nLARRY BUCSHON, Indiana               DEREK KILMER, Washington\nSTEVE STOCKMAN, Texas                AMI BERA, California\nBILL POSEY, Florida                  MARC VEASEY, Texas\nDAVID SCHWEIKERT, Arizona            JULIA BROWNLEY, California\nJIM BRIDENSTINE, Oklahoma            FREDERICA WILSON, Florida\nCHRIS COLLINS, New York              EDDIE BERNICE JOHNSON, Texas\nLAMAR S. SMITH, Texas\n                                 ------                                \n\n                       Subcommittee on Oversight\n\n                   HON. PAUL C. BROUN, Georgia, Chair\nF. JAMES SENSENBRENNER, JR.,         DAN MAFFEI, New York\n    Wisconsin                        ERIC SWALWELL, California\nBILL POSEY, Florida                  SCOTT PETERS, California\nKEVIN CRAMER, North Dakota           EDDIE BERNICE JOHNSON, Texas\nBILL JOHNSON, Ohio\nLAMAR S. SMITH, Texas\n                            C O N T E N T S\n\n                             June 20, 2014\n\n                                                                   Page\nWitness List.....................................................     2\n\nHearing Charter..................................................     3\n\n                           Opening Statements\n\nStatement by Representative Steven M. Palazzo, Chairman, \n  Subcommittee on Space, Committee on Science, Space, and \n  Technology, U.S. House of Representatives......................    11\n    Written Statement............................................    12\n\nStatement by Representative Dan Maffei, Ranking Minority Member, \n  Subcommittee on Oversight, Committee on Science, Space, and \n  Technology, U.S. House of Representatives......................    13\n    Written Statement............................................    14\n\nStatement by Representative Paul C. Broun, Chairman, Subcommittee \n  on Oversight, Committee on Science, Space, and Technology, U.S. \n  House of Representatives.......................................    15\n    Written Statement............................................    16\n\nStatement by Representative Eddie Bernice Johnson, Ranking \n  Member, Committee on Science, Space, and Technology, U.S. House \n  of Representatives.............................................    17\n    Written Statement............................................    17\n\n                               Witnesses:\n\nMr. Richard Keegan, Associate Deputy Administrator, National \n  Aeronautics and Space Administration\n    Oral Statement...............................................    18\n    Written Statement............................................    20\n\nMs. Belva Martin, Director, Acquisition and Sourcing Management, \n  Government Accountability Office\n    Oral Statement...............................................    31\n    Written Statement............................................    33\n\nMs. Gail A. Robinson, Deputy Inspector General, National \n  Aeronautics and Space\n    Oral Statement...............................................    48\n    Written Statement............................................    50\n\nMr. Douglas Webster, Fellow, National Academy of Public \n  Administration and Principal, Cambio Consulting Group\n    Oral Statement...............................................    57\n    Written Statement............................................    59\n\nDiscussion.......................................................    75\n\n             Appendix I: Answers to Post-Hearing Questions\n\nMr. Richard Keegan, Associate Deputy Administrator, National \n  Aeronautics and Space Administration...........................    90\n\nMs. Belva Martin, Director, Acquisition and Sourcing Management, \n  Government Accountability Office...............................   112\n\nMs. Gail A. Robinson, Deputy Inspector General, National \n  Aeronautics and Space..........................................   119\n\nMr. Douglas Webster, Fellow, National Academy of Public \n  Administration and Principal, Cambio Consulting Group..........   126\n\n            Appendix II: Additional Material for the Record\n\nSubmitted statement for the record by Representative Donna F. \n  Edwards, Ranking Minority Member, Subcommittee on Space, \n  Committee on Science, Space, and Technology, U.S. House of \n  Representatives................................................   142\n\nResponses submitted by NASA for information requested by Chairman \n  Broun during the course of the hearing.........................   144\n\n \n                 NASA SECURITY: ASSESSING THE AGENCY'S\n\n                EFFORTS TO PROTECT SENSITIVE INFORMATION\n\n                              ----------                              \n\n\n                         FRIDAY, JUNE 20, 2014\n\n                  House of Representatives,\n                           Subcommittees on Space &\n                                                  Oversight\n               Committee on Science, Space, and Technology,\n                                                   Washington, D.C.\n\n    The Subcommittees met, pursuant to call, at 10:01 a.m., in \nRoom 2318 of the Rayburn House Office Building, Hon. Steven \nPalazzo [Chairman of the Subcommittee on Space] presiding.\n\n[GRAPHIC] [TIFF OMITTED] \n\n    Chairman Palazzo. This joint hearing of the Subcommittee on \nSpace and the Subcommittee on Oversight will come to order.\n    Good morning. Welcome to today's hearing titled, ``NASA \nSecurity: Assessing the Agency's Efforts to Protect Sensitive \nInformation.'' In front of you are packets containing the \nwritten testimony, biography, and truth-in-testimony disclosure \nfor today's witnesses.\n    Before we get started, since this is a joint hearing \ninvolving two Subcommittees, I want to explain how we will \noperate procedurally so all Members understand how the \nquestion-and-answer period will be handled. We will recognize \nthose Members present at the gavel in order of seniority on the \nfull Committee, and those coming in after the gavel will be \nrecognized in order of arrival.\n    I recognize myself for five minutes for an opening \nstatement.\n    Welcome to today's joint hearing on NASA's ability to \nprotect sensitive information. Recent events have reminded us \nthat protecting sensitive aerospace information is more than a \nmatter of national pride; it is also a matter of national \nsecurity. Yet NASA continues to struggle with the protection of \nsensitive information, even as the agency is persistently \ntargeted by our adversaries.\n    Today, we discuss the reports that have shown that NASA's \ncasual and negligent approach to foreign national access and \nfailure to control sensitive information is allowing our \nnation's prized aerospace technology to be compromised. The \npurpose of today's hearing is to ensure that NASA follows \nthrough on addressing these failures.\n    On March 16, 2013, Federal agents conducted a search of a \nforeign national contractor from the Langley Research Center \nbefore departure to China. This search was prompted by concerns \nthat the individual was inappropriately granted access to \nsensitive information. Despite the fact that the individual \npled guilty to a misdemeanor offense, the nature of the \ninformation on his computer and how he obtained it remains \nunder investigation.\n    Also, a multiyear investigation dating back to 2009 showed \nthat foreign nationals were granted inappropriate access to \ninformation and facilities at NASA's Ames Research Center. As a \nresult, NASA's Office of the Inspector General issued a \ndetailed 41-page report highlighting troubling cases where \nimproper access was granted under direction from senior center \nleadership.\n    Today's hearing is one in a series of Congressional actions \nto address these matters. In addition to a hearing held last \nCongress in this Committee, Dr. Paul Broun, Chairman of the \nOversight Committee, requested a GAO review of NASA's export \ncontrol processes. And Representative Frank Wolf petitioned \nNASA to work with the National Academy of Public Administration \nto conduct an independent review of NASA's Foreign National \nAccess Management. Unfortunately NASA has only released a \nsummary of this report.\n    These reports confirm our worst fears: that the incidents \nat Langley and Ames are not isolated incidents. Among \nconclusions from these reports we find most centers continue to \nrelease scientific and technical information that has not been \nreviewed for export control purposes. NASA lacks both clear \nexport control policies and the oversight necessary to enforce \nthem. The NASA network has indeed been compromised and these \nvulnerabilities could have significant impacts on national \nsecurity.\n    And finally, a troubling trend we have seen across agencies \nin this Administration: the failure or the willingness--\nunwillingness to hold accountable those responsible for these \nerrors.\n    Congress has also continued addressing these matters in the \nNASA Authorization Act that recently passed the House by an \noverwhelming bipartisan vote of 401 to 2. Our bill directs NASA \nto give a timely report on compliance efforts in response to \nthe recommendations of the NAPA report. It also calls for a GAO \nreview of NASA's compliance and directs NASA to take national \nsecurity into consideration when conducting technology \ntransfers.\n    My goal as Chairman of this Committee is to hold NASA \naccountable while working with the agency to correct these \nserious matters. I understand that NASA has its challenges. The \noriginal Space Act directed the agency to simultaneously \n``provide for the widest practicable and appropriate \ndissemination of information concerning its activities'' while \nalso directing the agency to protect classified, trade secret, \nand confidential information.\n    Additionally, NASA, like other Federal agencies, is subject \nto the requirements of the Arms Export Control Act and the \nExport Administration Act. Too often, enforcement is left to \nthe discretion of center leadership in a NASA culture that \n``has a tendency to lapse back into old habits once the \nspotlight is off the area under review.'' I will point out that \nthis is more than my personal assessment; it is the independent \nopinion as expressed in the NAPA report.\n    I am pleased that NASA's Office of the Inspector General is \nhere today to discuss these two reports, as well as their \nyearly report to Congress on NASA's compliance with Federal \nexport controls laws. I am also pleased that two other outside \ngroups have also reviewed the topic, the National Academy of \nPublic Administration and GAO.\n    While much of the focus of today's hearing will be to \nidentify the failures within NASA's current structure, it is \nalso an opportunity to identify ways Congress can improve and \nclarify its own roles in providing oversight and accountability \nover NASA activities. I believe this is in the best interest of \nall involved as we look to the future in a world where our \nnation's space interests are impacted by both the cooperation \nand competition of international players.\n    [The prepared statement of Mr. Palazzo follows:]\n\n              Prepared Statement of Subcommittee on Space\n                       Chairman Steven M. Palazzo\n\n    Welcome to today's joint hearing on NASA's ability to protect \nsensitive information.\n    Recent events have reminded us that protecting sensitive aerospace \ninformation is more than a matter of national pride; it is also a \nmatter of national security. Yet, NASA continues to struggle with the \nprotection of sensitive information, even as the agency is persistently \ntargeted by our adversaries. Today we discuss the reports that have \nshown that NASA's casual and negligent approach to foreign national \naccess--and failure to control sensitive information--is allowing our \nNation's prized aerospace technology to be compromised. The purpose of \ntoday's hearing is to ensure that NASA follows through on addressing \nthese failures.\n    On March 16, 2013 federal agents conducted a search of a foreign \nnational contractor from the Langley Research Center before departure \nto China. This search was prompted by concerns that the individual was \ninappropriately granted access to sensitive information. Despite the \nfact that the individual pled guilty to a misdemeanor offense, the \nnature of the information on his computer, and how he obtained it, \nremains under investigation.\n    Similarly, a multi-year investigation dating back to 2009 showed \nthat foreign nationals were granted inappropriate access to information \nand facilities at NASA's Ames Research Center. As a result, NASA's \nOffice of the Inspector General issued a detailed 41 page report \nhighlighting troubling cases where improper access was granted under \ndirection from senior center leadership. Today's hearing is one in a \nseries of congressional actions to address these matters. In addition \nto a hearing held last Congress in this Committee, Dr. Paul Broun, \nChairman of the Oversight Committee requested a GAO review of NASA's \nexport control processes. And Rep. Frank Wolf petitioned NASA to work \nwith the National Academy of Public Administration (NAPA) to conduct an \nindependent review of NASA's foreign national access management. \nUnfortunately NASA has only released a summary of this report.\n    These reports confirm our worst fears: that the incidents at \nLangley and Ames are not isolated incidences. Among conclusions from \nthese reports we find: most centers continue to release Scientific and \nTechnical Information that has not been reviewed for export control \npurposes. NASA lacks both clear export control policies and the \noversight necessary to enforce them.The NASA network has indeed been \ncompromised, and these vulnerabilities could have significant impacts \non national security. And finally, a troubling trend we've seen across \nagencies in this Administration: the failure or the unwillingness to \nhold accountable those responsible for these errors.\n    Congress has also continued addressing these matters in the NASA \nAuthorization Act that recently passed the House by an overwhelming \nbipartisan vote of 401 to 2. Our bill directs NASA to give a timely \nreport on compliance efforts in response to the recommendations of the \nNAPA report. It also calls for a GAO review of NASA's compliance and \ndirects NASA to take national security into consideration when \nconducting technology transfers.\n    My goal as Chairman of this Committee is to hold NASA accountable \nwhile working with the agency to correct these serious matters. I \nunderstand that NASA has its challenges: the original Space Act \ndirected the agency to simultaneously ``provide for the widest \npracticable and appropriate dissemination of information concerning its \nactivities'' while also directing the agency to protect classified, \ntrade secret, and confidential information. Additionally, NASA--like \nother federal agencies--is subject to the requirements of the Arms \nExport Control Act and the Export Administration Act. Too often, \nenforcement is left to the discretion of center leadership in a NASA \nculture that ``has a tendency to lapse back into old habits once the \nspotlight is off the area under review.'' I will point out that that is \nmore than my personal assessment- it is the independent opinion as \nexpressed in the NAPA report.\n    I am pleased that NASA's Office of the Inspector General is here \ntoday to discuss these two reports, as well as their yearly report to \nCongress on NASA's compliance with federal export controls laws. I am \nalso pleased that two other outside groups have also reviewed the \ntopic--National Academy of Public Administration (NAPA) and GAO. While \nmuch of the focus of today's hearing will be to identify the failures \nwithin NASA's current structure, it is also an opportunity to identify \nways Congress can improve and clarify its own roles in providing \noversight and accountability over NASA activities. I believe this is in \nthe best interest of all involved as we look to the future in a world \nwhere our nation's space interests are impacted by both the cooperation \nand competition of international players.\n    Thank you.\n\n    Chairman Palazzo. I now recognize Mr. Maffei, who--are you \ngoing to be doing Ms. Edwards' statement or are you just going \nto go straight into your statement?\n    Mr. Maffei. I am just going to go straight into mine, I \nthink.\n    Chairman Palazzo. Yes. Okay. Good.\n    Mr. Maffei. Thank you, Mr. Chairman. Thank you Chairman \nPalazzo. Ms. Edwards does apologize. She was unavoidably \ndetained and will be a little late. I for one though am pleased \nto see two Italian-American names up here, so, you know, a lot \nof our space technology has a lot to owe to Italy and history \nthere.\n    I won't talk long and actually I ask unanimous consent to \nput my full statement in the record. I want to put my full \nstatement in the record by unanimous consent and then I will \njust talk for a minute.\n    Chairman Palazzo. Without objection.\n    [The prepared statement of Mr. Maffei follows:]\n\n            Prepared Statement of Subcommittee on Oversight\n                   Ranking Minority Member Dan Maffei\n\n    Thank you Chairman Palazzo and Chairman Broun for holding this \nhearing today.\n    Ensuring that America's sensitive technical designs and security \nrelated research is not intentionally pilfered or inappropriately \nexported is important to this nation's economic and national security. \nEach year the U.S. loses billions of dollars' worth of advanced \ntechnologies, innovative scientific research, and other sensitive data \ndue to economic espionage and data theft.\n    This impacts U.S. businesses as well as U.S. government \nlaboratories and research centers. NASA is no exception. The National \nAeronautics and Space Administration (NASA), like other federal \nagencies, is a prime target of foreign agents and global cyber \ncriminals.\n    The agency has a lot to offer. NASA leads the world in space \nexploration, aeronautics research, and other key scientific areas. \nControlling the inadvertent release of sensitive information or \nintentional theft of export controlled technologies has always been a \ndifficult task. This is particularly true when that sort of data \nresides in an environment that depends upon international \ncollaborations and access to foreign scientists and facilities. Over \nits history NASA has had more than 3,000 international cooperative \nagreements and currently maintains an estimated 600 international \nagreements with more than 100 foreign countries. Last year NASA \napproved more than 11,000 foreign national visits to its facilities. At \na time of constrained federal budgets and reductions in investments in \nscience and technology, NASA is dependent upon these global \ninteractions to ensure its continued success.\n    Unfortunately, NASA has suffered from several security incidents in \nrecent years that sparked reviews of its security policies and \npractices. These reviews by the Government Accountability Office (GAO), \nNASA's Office of Inspector General and the National Academy of Public \nAdministration (NAPA) have all identified poor practices in protecting \nsensitive NASA technologies, organizational issues that may undermine \nNASA's security protocols, and financial constraints that may \ncontribute to the inadvertent release of export restricted data. NASA \nwas fortunate, however, that the incidents themselves do not appear to \nhave resulted in major losses of sensitive data.\n    In one of the most high profile cases involving Chinese national Bo \nJiang, who was accused of attempting to take a NASA laptop to China \nwithout proper authorization while working at NASA's Langley Research \nCenter in Virginia, federal prosecutors found that, ``none of the \ncomputer media that Jiang attempted to bring to [China] on March 16, \n2013, contained classified 2 information, export-controlled \ninformation, or NASA proprietary information.'' In a separate incident \ninvolving two foreign nationals working at NASA's Ames Research Center \nin California a NASA Inspector General report released in February, \n``uncovered no evidence to support allegations that any foreign \nnationals at Ames were provided classified information during the \nperiod covered by our review.''\n    NASA was lucky it did not sustain a serious loss of critical data \nor technology, but the space agency has unique national assets, \ninnovative technologies, and valuable scientific data that must be \nproperly protected from global economic competitors, foreign \nadversaries, or individual theft by those seeking to cash in on the \nagency's valuable research and innovative discoveries.\n    Being able to detect and deter these security threats while at the \nsame time supporting important international scientific collaborations \nis a delicate and often difficult balance to achieve. I look forward to \nour witnesses helping us to better understand these issues, evaluating \nthese often conflicting objectives, and recommending ways to maintain \nan appropriate balance.\n\n    Mr. Maffei. Ensuring that America's sensitive technical \ndesigns and security-related research is not intentionally \npilfered or inappropriately exported is extremely important to \nthis nation's economic and national security, and that is why I \nam so grateful to Chairman Palazzo and Chairman Broun for \nholding this hearing today. It is an extremely important issue.\n    Each year, the United States loses billions of dollars \nworth of advanced technologies, innovative scientific research, \nand other sensitive data due to economic espionage and data \ntheft, and this impacts U.S. businesses as well as government \nlaboratories and research centers. And NASA, like other Federal \nagencies, is a prime target for this type of espionage. Being \nable to detect and deter these security threats while at the \nsame time supporting important international scientific \ncollaboration is a delicate and often difficult balance to \nachieve.\n    And I particularly look forward to hearing from our \nwitnesses to help us better understand these issues, how we set \nthat balance, and evaluate sometimes conflicting objectives to \nrecommend the right way to do it.\n    So thank you very much, and with that I will yield back.\n    Chairman Palazzo. Thank you, Mr. Maffei.\n    I now recognize Dr. Broun, Chairman of the Oversight \nCommittee.\n    Mr. Broun. Thank you, Chairman Palazzo.\n    I would like to add my welcome to all of you all witnesses \nthat are here today as well. I am looking forward to hearing \nfrom you about this important matter of which I have been \nconcerned for a number of years now.\n    This Committee and the Oversight Subcommittee in particular \nhave held multiple hearings examining the state of information \nsecurity at NASA. A hearing two years ago highlighted the \nunique cybersecurity challenges that NASA continues to face \nwith constant and ever-changing threats and adversaries. Just \nlast year, the Oversight Subcommittee, which I Chair, held a \nhearing to focus on the broad intersection of two very \nimportant issues at stake here today: finding the appropriate \nbalance between scientific openness and protecting our national \nsecurity.\n    We have learned that NASA should not only worry about \nsensitive information going out of the back door through cyber \nintrusions and lax protocols but also out of the front door by \nits inability to protect sensitive technology and information \nfrom foreign nationals who may have unauthorized access to \nNASA's facilities.\n    In October of 2012, I wrote to the GAO regarding these \nfront-door concerns and requested a review of NASA's export \ncontrol program. While I was glad to see the completed GAO \nreport released last month, I was troubled by many of the \nreport's findings. For example, it is very troubling to learn \nthat although NASA's oversight tools have identified \ndeficiencies, NASA headquarters has not addressed them at all \nas far as I can tell.\n    The GAO report states specifically that ``at NASA's 2013 \nannual review, the Center Export Administrators presented NASA \nHC export control officials with a list of comments regarding \nthe export control program. However, NASA headquarters' export \ncontrol officials acknowledged that they have not fully \naddressed the CEA concerns from the most recent program review \nin March of 2013 and have not developed specific plans to do \nso.'' This is intolerable. This is not because of any \ndisagreement between NASA headquarters' staff and NASA centers' \nstaff; in fact, the GAO report explains that NASA headquarters \nexport control officials agree with issues raised by the CEAs, \nyet they have failed to develop an approach to address them. \nThis is wholly inadequate for protecting our valuable assets. \nNASA needs suitable accountability and oversight in order to, \nat the very least, make certain the agency's own audit findings \nand suggestions are implemented.\n    Further troubling, the report states the GAO ``identified \ninstances where NASA security procedures for foreign national \naccess were not followed, which were significant given the \npotential impact on national security or foreign policy from \nunauthorized access to NASA technologies.''\n    NASA relies on new and sophisticated technology to \naccomplish its mission. Given the sensitivity of these \ntechnologies, many are subject to export controls, which \nrestrict the transfer of military and dual-use technologies. In \norder to protect our leadership in technological innovations, \nwe must ensure that there is adequate and consistent oversight \nand management of NASA's export control program. It is in our \nnational interest. It must be done.\n    I look forward to hearing from our witnesses on their \ninsight and recommendations on these matters, and I hope that \nNASA will do everything in its power to address all of the \nshortcomings discussed today to ensure our nation's space \nagency can securely support and appropriately protect cutting-\nedge research and technology.\n    Thank you, Chairman Palazzo, for holding this very \nimportant hearing, and I yield back the balance of my time.\n    [The prepared statement of Mr. Broun follows:]\n\n  Prepared Statement of Subcommittee on Oversight Chairman Paul Broun\n\n    Assessing the Agency's Efforts to Protect Sensitive Information \nChairman Broun: Thank you Chairman Palazzo. I would like to add my \nwelcome to all of our witnesses here today as well. I am looking \nforward to hearing from you all on this important matter of which I \nhave been concerned for a number of years now.\n    This Committee and the Oversight Subcommittee, in particular, have \nheld multiple hearings examining the state of information security at \nNASA. A hearing two years ago highlighted the unique cybersecurity \nchallenges that NASA continues to face with constant and ever-changing \nthreats and adversaries. Just last year, the Oversight Subcommittee \nheld a hearing to focus on the broad intersection of two very important \nissues at stake here today - finding the appropriate balance between \nscientific openness, and protecting our national security.\n    We have learned that NASA should not only worry about sensitive \ninformation going out of the back door through cyber intrusions and lax \nprotocols, but also out of the front door by its inability to protect \nsensitive technology and information from foreign nationals who may \nhave unauthorized access to NASA's facilities.\n    In October of 2012, I wrote to the GAO regarding these front door \nconcerns and requested a review of NASA's export control program. While \nI was glad to see the completed GAO report released last month, I was \ntroubled by many of the report's findings. For example, it is very \ntroubling to learn that although NASA's oversight tools have identified \ndeficiencies, NASA headquarters has not addressed them. The GAO report \nstates specifically that ``at NASA's 2013 annual review, the Center \nExport Administrators presented NASA headquarters export control \nofficials with a list of comments regarding the export control \nprogram.However, NASA headquarters' export control officials \nacknowledged that they have not fully addressed the CEA concerns from \nthe most recent program review in March 2013 and have not developed \nspecific plans to do so.'' This is intolerable. This is not because of \nany disagreement between NASA headquarters' staff and NASA centers' \nstaff; in fact the GAO report explains that NASA headquarters export \ncontrol officials agree with issues raised by the CEAs--yet, they have \nfailed to develop an approach to address them.\n    This is wholly inadequate for protecting our valuable assets. NASA \nneeds suitable accountability and oversight in order to, at the very \nleast, make certain the agency's own audit findings and suggestions are \nimplemented.\n    Further troubling, the report states that GAO ``identified \ninstances where NASA security procedures for foreign national access \nwere not followed, which were significant given the potential impact on \nnational security or foreign policy from unauthorized access to NASA \ntechnologies.''\n    NASA relies on new and sophisticated technology to accomplish its \nmission. Given the sensitivity of these technologies, many are subject \nto U.S. export controls, which restrict the transfer of military and \ndual-use technologies. In order to protect our leadership in \ntechnological innovations, we must ensure that there is adequate and \nconsistent oversight and management of NASA's export control program. \nIt is in our national interest. It must be done!\n    I look forward to hearing from our witnesses on their insight and \nrecommendations on these matters, and I hope that NASA will do \neverything in its power to address all of the shortcomings discussed \ntoday to ensure our nation's space agency can securely support and \nappropriately protect cutting edge research and technology.\n    Thank you again Chairman Palazzo for holding this very important \nhearing, and I yield back the balance of my time.\n\n    Chairman Palazzo. Thank you, Dr. Broun.\n    I now recognize the Ranking Member of the full Committee \nfor a statement, Ms. Johnson.\n    Ms. Johnson of Texas. Thank you very much, Mr. Chairman. \nAnd let me say good morning to all.\n    In the interest of saving time, I will be brief so that our \ndistinguished panel of witnesses will have time to present \ntheir views.\n    I will say that civil R&D requires openness, collaboration, \nand sharing of results to be successful. NASA's R&D portfolio \nhas benefited from the culture of openness, but the benefits of \nthat culture of openness, collaboration, and sharing must be \nbalanced with appropriate security limit and protections. This \ncan be a constructive hearing, especially if we can find ways \nto enable NASA to strike a reasonable balance between \ninformation sharing and the need to safeguard any sensitive \ninformation and technologies from inadvertent disclosure.\n    I look forward to discussing this and other issues with our \nexpert panel since the issues being addressed today are many of \nthe same challenges that confront the other science agencies \nunder the Committee's oversight umbrella. And so with that, Mr. \nChairman, I yield back.\n    [The prepared statement of Ms. Johnson follows:]\n\n                 Prepared Statement of Full Committeee\n                  Ranking Member Eddie Bernice Johnson\n\n    Good morning. In the interest of saving time, I will be brief so \nthat our distinguished panel of witnesses will have time to present \ntheir views.\n    Civil R&D requires openness, collaboration, and sharing of results \nto be successful. NASA's R&D portfolio has benefitted from that culture \nof openness. But the benefits of that culture of openness, \ncollaboration, and sharing must be balanced with appropriate security \nlimits and protections.\n    This can be a constructive hearing, especially if we can find ways \nto enable NASA to strike a reasonable balance between information \nsharing and the need to safeguard any sensitive information and \ntechnologies from inadvertent disclosure.\n    I look forward to discussing this and other issues with our expert \npanel, since the issues being addressed today are many of the same \nchallenges that confront the other science agencies under the \nCommittee's oversight umbrella.\n    With that, I yield back.\n\n    Chairman Palazzo. Thank you, Ms. Johnson.\n    If there are Members who wish to submit additional opening \nstatements, your statements will be added to the record at this \npoint.\n\n    Chairman Palazzo. At this time I would like to introduce \nour witnesses.\n    Our first witness, Mr. Richard Keegan, is the National \nAeronautics and Space Administration's Associate Deputy \nAdministrator and Associate Administrator for Mission Support. \nOur second witness, Ms. Belva Martin, is the Director of \nAcquisition and Sourcing Management at the Government \nAccountability Office. Our third witness, Ms. Gail Robinson, is \nthe Deputy Inspector General of the National Aeronautics and \nSpace Administration. And our final witness, Mr. Douglas \nWebster, is a Fellow of the National Academy of Public \nAdministration and the Principal at Cambio Consulting Group.\n    As our witnesses should know, spoken testimony is limited \nto five minutes each after which the Members of the Committee \nwill have five minutes each to ask questions. It is the \npractice of the Subcommittee on Oversight to receive testimony \nunder oath. If you would now please stand and raise your right \nhand.\n    Do you solemnly swear or affirm to tell the whole truth and \nnothing but the truth, so help you God?\n    Please sit.\n    Let the record reflect that all witnesses participating \nhave taken the oath.\n    I now recognize Mr. Keegan for five minutes.\n\n                TESTIMONY OF MR. RICHARD KEEGAN,\n\n                ASSOCIATE DEPUTY ADMINISTRATOR,\n\n         NATIONAL AERONAUTICS AND SPACE ADMINISTRATION\n\n    Mr. Keegan. Mr. Chairman and Members of today's respective \nSubcommittees, I am pleased to have this opportunity to discuss \nNASA's efforts to manage and safeguard the agency's export-\ncontrolled technologies and information from unauthorized \naccess and use. This is a topic which we agree is of great \nimportance to our Nation.\n    As the world's premier aerospace agency with expertise in \nspace launch vehicles, satellites, aircraft, and other advanced \ntechnologies, NASA takes our responsibility for securing \nsensitive export-controlled information at our facilities very \nseriously. To be clear, all NASA employees have a \nresponsibility to comply with export control regulations and \nForeign National Access Management requirements. That is why \nthe NASA Administrator himself has communicated to every \nemployee that these requirements are critically important and \nthat there will be appropriate consequences for those who fail \nto appropriately safeguard sensitive technologies and \ninformation.\n    The recent independent reviews that will form the basis of \ntoday's hearing have already provided invaluable guidance to \nthe agency in our efforts to protect sensitive information and \nto improve our Information Technology Security, Foreign \nNational Access Management, and Export Control Management \nprograms. Therefore, NASA is working to implement these \nrecommendations in an expeditious manner, beginning \nimmediately. In parallel, NASA will continue to improve and \nimplement appropriate policy and process changes that we \nourselves identify during our own internal audits and reviews.\n    Cooperation with other nations is one of the agency's \nfounding principles and thus we would like to thank the GAO and \nNAPA for recognizing this core principle during their recent \nreviews about NASA security issues. In doing so, these \nindependent reviewers also highlighted the need for NASA to \nstrike the right balance between protecting sensitive export-\ncontrolled technologies from unauthorized access and the need \nfor the agency to share important scientific information to \nfurther our public and international partnerships. In striking \nthe appropriate balance, NASA recognizes that the agency must \nhave clear export control policies and procedures and that all \nNASA employees must understand and abide by those policies and \nprocedures.\n    NASA is redoubling our efforts to ensure that we are doing \nall we can to safeguard the sensitive and valuable resources \nentrusted to us. As specific examples, NASA is working to \nimprove training for employees who deal with export control and \nforeign nationals. We have established a new Foreign National \nAccess Management program office. We are strengthening our \nforeign national access and export control policies and \nprocedures. We are augmenting the civil service staff dedicated \nto counterintelligence activities. And we are increasing \ncollaboration with other Federal agencies to share intelligence \non threats and vulnerabilities to our information technology \nand other assets.\n    In conclusion, let me assure you that NASA takes seriously \nour responsibility to secure sensitive export-controlled \ninformation. Additionally, the agency's security issues and \nthreats will continue to have the focused attention of NASA's \nmost senior managers, including the Administrator himself.\n    Lastly, NASA will continue to follow through on the \nvaluable recommendations made by the GAO, NAPA, and our own \nInspector General with regard to these issues.\n    Thank you for the opportunity to testify before you today \nand for your ongoing support for NASA's missions and its \nworkforce. I would be pleased to answer any questions you may \nhave.\n    [The prepared statement of Mr. Keegan follows:]\n\n    [GRAPHIC] [TIFF OMITTED]     \nx\n    Chairman Palazzo. Thank you, Mr. Keegan.\n    I now recognize our next witness, Ms. Martin.\n\n            TESTIMONY OF MS. BELVA MARTIN, DIRECTOR,\n\n              ACQUISITION AND SOURCING MANAGEMENT,\n\n                GOVERNMENT ACCOUNTABILITY OFFICE\n\n    Ms. Martin. Thank you, Chairmen Palazzo, Broun, and Ranking \nMember Maffei, and Members of the Subcommittee for this \nopportunity to participate in this hearing. I will summarize my \nwritten testimony and ask that the entire statement be placed \nin the record.\n    Mr. Keegan has summarized actions that NASA is taking or \nplans to take to address recommendations from GAO, the IG, and \nNAPA. GAO issued its report in April. Today, I will focus on \none area: developing a risk-based approach to compliance where \nNASA can leverage existing resources to make improvements that \ncan help it to effectively balance its mission of protecting \nsensitive technologies and information and supporting \ninternational agreements on the one hand and disseminating \nimportant scientific information as broadly as possible.\n    But in order to develop a risk-based approach, NASA needs \nto know where technologies it is trying to protect and where \nthey are located. We found that NASA headquarters officials and \nsome of the front-line managers, the Center Export \nAdministrators, or the CEAs, lack a comprehensive inventory of \nthe types and locations of export-controlled technologies at \nthe centers, severely limiting their ability to identify and \ninternal and external risks to compliance. This is not a new \nissue. The NASA IG identified this issue as early as 1999.\n    While acknowledging the benefits of obtaining comprehensive \nknowledge of export-controlled technologies, NASA headquarters \nofficials state that doing so is resource-intensive. But as I \nhave just stated, NASA has an opportunity to leverage existing \nresources. So absent a NASA-wide initiative, three centers \nbegan recent efforts to identify export-controlled technologies \nat their centers. At one of these centers the \nCounterintelligence Office collaborated with the CEA to \nidentify the most sensitive technologies and develop protective \nmeasures. This is one example of a risk-based approach that \ncould be implemented NASA-wide to enable NASA to target \nresources to first identify the most sensitive technologies and \nthen ensure the location of these are known to staff and are \nprotected. NASA concurred with our recommendations in this \narea.\n    As I mentioned, the export-control--I am sorry, the Export \nCenter Administrators are the front-line managers. These \nprofessionals are responsible for ensuring that all center \nprogram activities comply with U.S. export control laws and \nregulations. However, our review found wide variations across \nthe centers in position and resource allocation for these \nprofessionals.\n    For example, seven of ten CEAs are at least three levels \nremoved from the center director. We were told by some CEAs \nthat such placement makes it difficult to maintain authority \nand visibility to staff and to obtain the resources necessary \nto carry out their responsibilities. We found variations among \ncenters and resource allocation and in particular found \nindications that the resources assigned to export controls at \ncenters did not always appear to be commensurate with the \nexport control workload. NASA concurred with our \nrecommendations to define the appropriate level and placement \nfor the CEA function and to assess workload to determine \nappropriate resources needed at each center.\n    In closing, ensuring compliance with export controls is \nimportant because just one instance of unapproved foreign \nnational access to NASA information or unapproved release of \nscientific and technical information increases the risk of harm \nto national security. Therefore, it is important that NASA \nleverage existing resources to identify export control items \nand assess vulnerabilities in adopting a risk-based approach to \nensuring compliance. Effective oversight is also important to \nensure consistent adherence across NASA centers. Moreover, it \nwill be important for NASA to be vigilant in assessing actions \ntaken to help ensure effective implementation and to avoid a \nrelapse into former practices. Unless this is done, NASA will \nremain at risk of unauthorized access to its export-controlled \ntechnologies.\n    Mr. Chairman, Ranking Members, this concludes my oral \nstatement. I will be happy to address any questions you may \nhave. Thank you.\n\n    [The prepared statement of Ms. Martin follows:]\n\n    [GRAPHIC] [TIFF OMITTED]     \n\n    Chairman Palazzo. Thank you, Ms. Martin.\n    I now recognize our next witness, Ms. Robinson.\n\n               TESTIMONY OF MS. GAIL A. ROBINSON,\n\n                   DEPUTY INSPECTOR GENERAL,\n\n         NATIONAL AERONAUTICS AND SPACE ADMINISTRATION\n\n    Ms. Robinson. Thank you, Mr. Chairman, Members of the \nSubcommittee. Thank you for the opportunity to testify today \nabout our work examining NASA's management of foreign national \naccess, compliance with export control laws, and related \nsecurity issues.\n    As you mentioned, in January of each year the OIG submits \nto the House and Senate Appropriations Committees a letter \ndescribing the audits and investigations we conducted the \npreceding year that shed light on the extent to which NASA is \ncomplying with Federal export control laws. In our most recent \nletter we cited four audits examining security controls for \nNASA's information technology assets, many of which contain \ndata subject to export control laws; and also a special review \nexamining a Chinese national's access to Langley Research \nCenter, which has also been mentioned.\n    Subsequent to that letter, we also completed our review \ninvolving foreign national access and export control issues at \nAmes. I summarized those reviews in my written testimony and \nalso described several of our audits.\n    In my oral statement, I would like to highlight several \nthemes from our oversight work that echo findings that the GAO \nand NAPA made as well. First, our work leads us to conclude \nthat NASA needs to take a more standardized and systematic \napproach to its management of both foreign national access and \nexport control. In the Langley matter, we were struck by the \nhighly bureaucratic nature of NASA's process for reviewing \nforeign visit requests. For example, we noted that many \nindividuals involved in the process appeared to view their \nroles in isolation with little consideration or understanding \nof the role played by others.\n    Similarly, in the Ames review we found a lack of early \ncoordination between project and export control personnel as \nwell as deep disagreement between those groups regarding \nwhether work performed by foreign nationals involved export-\ncontrolled technology. Indeed, the issue only surfaced when the \nAmes scientists sought to publish a paper many months after \nwork on the project had begun. In addition, it appeared that \nNASA lacked an efficient mechanism to resolve the dispute. We \nbelieve that NASA needs to work towards a model that encourages \nagency scientists and engineers to consult with export control \nprofessionals when projects involving foreign nationals are \ninitiated and develop a mechanism for resolving disputes in a \ntimely manner.\n    Second, we believe export control professionals at the \nvarious NASA Centers should improve their understanding of the \ntype and location of export-controlled technology and \ninformation at their Centers and at other facilities under \ntheir control. For example, in the course of a recent \ninvestigation we learned that a Center Export Control \nAdministrator was not aware that an off-site lab under his \nresponsibility contained export-controlled equipment and data. \nCenter export control personnel need this information to ensure \nthat foreign nationals do not have access to those areas.\n    Third, we encourage NASA to study the best practices noted \nin the GAO and NAPA reports and adopt them at all of their \nCenters. As we have learned through our oversight work in other \nareas, NASA Centers often work independently from one another \nand do not consistently learn about or benefit from successful \npractices developed at other locations. We were particularly \nintrigued by the discussion about the Jet Propulsion \nLaboratory's success with using engineers and scientists as \nExport Control Representatives to work with the Lab's export \ncontrol staff, a model that could help address the lack early \ninteraction between project managers and export control staff \nwe observed at Ames as well as provide a mechanism for dispute \nresolution.\n    Finally, we agree that NASA needs to improve and expand \ntraining to provide its scientists and engineers with a deeper \nunderstanding of the importance of complying with the rules and \nregulations governing export control and foreign national \naccess.\n    That concludes my remarks and I would be pleased to answer \nany questions. Thank you.\n    [The prepared statement of Ms. Robinson follows:]\n\n    [GRAPHIC] [TIFF OMITTED] \n\n    Chairman Palazzo. Thank you, Ms. Robinson.\n    I now recognize our final witness, Mr. Webster.\n\n           TESTIMONY OF MR. DOUGLAS WEBSTER, FELLOW,\n\n                   NATIONAL ACADEMY OF PUBLIC\n\n                 ADMINISTRATION AND PRINCIPAL,\n\n                    CAMBIO CONSULTING GROUP\n\n    Mr. Webster. Good morning, Mr. Chairman and members of the \nCommittee. I thank you for the opportunity to present the \nNational Academy of Public Administration's assessment of \nNASA's Foreign National Access Management.\n    NASA's charter to work cooperatively and share information \nwith other nations while safeguarding its classified and \nproprietary information and assets can prove to be a \nchallenging task. Security incidents involving foreign \nnationals at NASA research centers have led to justifiable \nscrutiny by NASA, the media, and Congress. Having a well-run \nForeign National Access Management, or FNAM, program is in the \nbest interest of NASA both in terms of protecting vital U.S. \nsecurity and proprietary information, as well as capitalizing \non the talents of foreign nationals.\n    The panel report describes a number of important steps the \nagency can take to improve Foreign National Access Management \nand has proposed 27 specific recommendations which I will \nsummarize under six topic areas, the first of which is a \nrecommendation to manage Foreign National Access Management as \na program.\n    There is no systematic approach to FNAM at NASA. It is not \nmanaged as a program but rather in a more stove-piped \norganizational fashion. Individual headquarters elements \nproduce program requirements which are in turn subject to \nbroadly varying interpretations by NASA centers. Additionally, \nheadquarters has inadequate means for determining the overall \nefficacy of these processes with a resulting broad range of \noutcomes, many of which are unsatisfactory.\n    The second topic area is to reduce the flexibility given to \ncenters to interpret FNAM requirements. The panel believes that \nNASA FNAM directives are overly broad and subject to too much \ninterpretation in the field combining too much flexibility for \ninterpreting largely procedural processes with a stove-piped \norganizational structure that produces organizationally \nspecific directives, results in inconsistent, ineffective, and \noften fundamentally flawed outcomes.\n    The third topic area is for NASA to determine critical \nassets and build mechanisms to protect them. NASA needs to \nimprove how it protects all of its valuable technical--excuse \nme, technical data and proprietary information, not simply the \nproprietary sensitive and/or classified information potentially \nexposed to foreign nationals. The panel recommended that NASA \nstrengthen its risk management capability by building on \nexisting agency risk review processes to compile a \ncomprehensive assessment of risks and threats.\n    The fourth topic area concerns information technology. The \npanel believes that NASA needs to correct long-standing \ninformation technology security issues. During this review, \nNASA IT professionals expressed strong concerns about the \nsecurity of the agency's non-classified systems with some \nbelieving that these systems have already been compromised. \nThis finding is reinforced by other reviews of NASA's \ninformation technology, including those done by the NASA IG.\n    The fifth topic area concerns NASA organizational culture, \nwhich in many ways is exemplary, but when considering FNAM, \nNASA needs to change several aspects of its culture. The first \naspect of NASA culture involves unnecessary competition between \nNASA field centers. Some centers struggle to solve problems \nthat other centers have already resolved, wasting time and \nmoney. NASA also needs to approach its current budget situation \nin an organizationally united fashion.\n    A second aspect concerns accountability. The belief that \nindividuals are not held accountable for ignoring or \ndeliberately failing to comply with FNAM requirements is \nwidespread at NASA and includes both managers and rank-and-file \nemployees.\n    A third aspect of NASA culture that needs to be addressed \nis the organizational tendency to revert back to prior lax \nhabits once a problem has been solved and the tension of the \nmoment has passed.\n    The sixth and final topic area involves communicating the \nimportance of these FNAM changes clearly, firmly, and \nconsistently. The importance of security, the existence of \nreal-world threats to NASA assets, and the need for \nimprovements in handling foreign national issues have not been \nclearly and consistently communicated throughout NASA. Senior \nleaders must communicate their total commitment to an effective \nForeign National Access Management program.\n    In closing, Mr. Chairman, let me note that I believe the \nAcademy has provided NASA with a good template for building a \nmore robust and effective FNAM program and that the agency has \nthe right leadership and commitment to make that happen. The \nAcademy is in a prime position to assist NASA and this \nCommittee in implementing the panel's recommendations and \nproviding the Committee with information to the extent to which \nNASA has complied with the recommendations. With the \nCommittee's support and oversight, I am certain this program \nwill continue to provide NASA with the foreign talent it needs \nto fulfill its mission while capably safeguarding sensitive \ninformation.\n    Thank you for providing me this opportunity to share these \nfindings with you.\n\n    [The prepared statement of Mr. Webster follows:]\n\n    [GRAPHIC] [TIFF OMITTED] \n\n    Chairman Palazzo. Thank you, Mr. Webster. I thank the \nwitnesses for their testimony.\n    Reminding Members that Committee rules limit questioning to \nfive minutes, the Chair will at this point open the round of \nquestions. The Chair recognizes himself for five minutes.\n    The NASA IG report on Bo Jiang stated Jiang admitted that \nthe laptop computer he carried with him when he attempted to \nleave the United States in March contains some NASA \ninformation. According to these Department of Justice \nofficials, the nature of the information on Jiang's computer \nand how he obtained it remains under investigation. The OIG \nreport also states that Jiang had access to a NASA employee's \ncomputer that specialized in technology that would allow for \nreal-time video image enhancement to improve aircraft safety by \nmaking it easier for pilots to fly in poor visibility \nconditions.\n    Ms. Robinson, are you aware of the status of this \ninvestigation? Has anyone looked into whether Jiang transferred \nany information electronically prior to being stopped at the \nairport since he had access to NASA information long before he \nattempted to leave the country?\n    Ms. Robinson. Mr. Chairman, to my knowledge the \ninvestigation is still open. The FBI is the cognizant law \nenforcement agency in that regard.\n    Chairman Palazzo. So it is ongoing and active?\n    Ms. Robinson. As far as I am aware, it is still open.\n    Chairman Palazzo. Okay. The IG's report on Bo Jiang \nincident states that from an individual perspective, the \npreponderance of the evidence available to us suggest that one \nof Jiang's sponsors inappropriately authorized Jiang to take \nthe laptop to China. Mr. Keegan, has that individual been \nreprimanded, and if so, how?\n    Mr. Keegan. We appreciate the Office of Inspector General--\n--\n    Chairman Palazzo. Your mike, please.\n    Mr. Keegan. We appreciate the Office of Inspector General's \nreport on the entire Bo Jiang incident and we have concurred \nwith all those recommendations.\n    With respect to personnel actions, I can't discuss them \nhere, but I can assure you that that report got the personal \nattention of the Administrator and appropriate actions have \nbeen taken or will be taken at the appropriate time.\n    Chairman Palazzo. Will you be able to provide some of that \ninformation to professional staff, Committee staff?\n    Mr. Keegan. I don't think I can discuss specific \nindividuals with respect to personnel actions. I would also \nnote because of the ongoing investigation, there are some \nactions that NASA could not have appropriately taken until that \ninvestigation is concluded.\n    Chairman Palazzo. Okay. Thank you.\n    The IG's Ames report states that a foreign national working \nat Ames inappropriately traveled overseas with a NASA-issued \nlaptop containing ITAR-restricted information. The report also \nstated, ``we believe several Ames managers exercised poor \njudgment in their dealings with foreign nationals.'' With \nrespect to ITAR issues, we found that several foreign \nnationals, without the required license, worked on projects \nthat were later determined to involve ITAR-restricted \ninformation. In addition, on two occasions, a senior Ames \nmanager inappropriately shared documents with unlicensed \nforeign nationals that contained ITAR markings or had been \nidentified as containing ITAR-restricted information by NASA \nexport control personnel.\n    Mr. Keegan, similar to the other question, were any of \nthese individuals reprimanded, and if so, how?\n    Mr. Keegan. As noted in Ms. Robinson's opening statement, \nthere was a great confusion and disagreement at Ames about what \nwas the appropriate roles and responsibilities and whether \nexport-controlled information was involved or not, and those \npointed to weaknesses in our guidance and in our policy and \nprocedures, and we have concurred with the recommendations to \nimprove those items and we are moving to implement those \nchanges.\n    Again, with respect to personnel actions, I can't discuss \nthose but I will say in that case, again, the Administrator \npersonally got involved with that report in response to it and \nappropriate actions have been taken.\n    Chairman Palazzo. Okay. Thank you, Mr. Keegan. And we \nrespect the fact that you are not going to be able to directly \ntalk about personnel actions. That is private in nature. We may \ndelve more into it at a later time but, you know, it goes back \nto the culture of, you know, just kind of shrugging off these \nincidents, not taking them seriously. And if senior officials \ndon't reprimand, you know, the parties that are allowing this \nsensitive information to possibly be compromised, it sends the \nwrong message across the entire institution. So we hope you \nwill continue taking these recommendations and not just \nconcurring with them but actually implementing them and then \npunishing those going forward if they continue to violate ITAR \nrestrictions.\n    My last question, the GAO report states that NASA \nheadquarters export control officials and Center Export \nAdministrators lack a comprehensive inventory of the types and \nlocation of export-controlled technologies and centers limiting \ntheir ability to identify internal and external risks to export \ncontrol compliance. This is not new. The GAO report also \nrecognized that NASA's lack of comprehensive inventory of its \nexport-controlled technologies is a long-standing issue that \nthe NASA Inspector General identified as early as 1999. I know \nMs. Martin's testimony touched on this.\n    So Mr. Keegan, how can NASA protect what it doesn't know it \nhas?\n    Mr. Keegan. I think the reports that you cited pointed out \nopportunities for NASA to improve its sort of centralized \napproach to categorizing the risk and the vulnerable \ntechnologies in our system. NASA has concurred with those \nrecommendations and is consulting with our own internal Chief \nTechnologist Office, Protective Services and the Mission \nSupport Directorate to identify existing catalogs of \ntechnologies that would prove useful in implementing a risk-\nbased assessment of Key technologies. We are also working to \nimprove our internal reviews and audits in both export control \nand Foreign National Access Management and to strengthen \ncompliance and accountability mechanisms to address the issue \nyou raised in your comment that individuals need to be held \naccountable for knowing their responsibilities and for \nfulfilling those responsibilities.\n    Chairman Palazzo. Well, I appreciate that. You know, the \nissue has been out there for 15 years. You know, Congress wants \nto trust NASA that they are going to take corrective action \nthis time and fix the problem.\n    At this time I recognize the Ranking Member, Mr. Maffei.\n    Mr. Maffei. Thank you, Mr. Chairman.\n    It seems to me that we are just lucky that even more \nsensitive information hasn't been compromised. I will ask Mr. \nKeegan, why is international collaboration so critical to \nNASA's mission and should we just suspend international \ncooperation until these security concerns are addressed?\n    Mr. Keegan. Cooperation with international nations is \nactually part of the NASA's foundational legislation, the Space \nAct, and NASA has derived great benefits from our international \ncooperation. Over half the operational science missions have \nsignificant international participation and contributions. The \nInternational Space Station obviously depends heavily on \ninternational contributions, and humans have inhabited that \nfacility continuously for 13 years. So a lot of NASA's best, \ngreatest accomplishments have depended on international \ncontributions and cooperation.\n    Given those benefits, we need to balance that with our duty \nto protect sensitive export-controlled information, and that \nis, you know, a balance that has been mentioned by a number of \nthe reports we are talking about today. And when the \nAdministrator first became aware of issues, that sort of shook \nhis confidence that we were able to fulfill that \nresponsibility. Therefore, he took immediate action to stand \ndown, for example, to issue a moratorium on foreign national \naccess until each center director could validate their \ncompliance with existing rules and policies through internal \nreviews, and he also took down a NASA website, the NASA NTRS \nwebsite, which is the website through which we share publicly \nthe results of NASA's scientific and technical research until \nwe could validate that all the documents, over a million on \nthat website, had proper internal controls.\n    And as a result of these actions and other actions we are \ntaking in response to the reports we are discussing here today, \nNASA is confident that we can assure the security of sensitive \nexport-controlled information.\n    Mr. Maffei. All right. Thank you, Mr. Keegan.\n    Mr. Webster, are you satisfied that NASA is making due \nprogress in addressing the concerns of your organization?\n    Mr. Webster. Well, I can say that they were very receptive \nand very cooperative with the study. The study has not reviewed \nthe progress that they have made since our recommendations, and \nso that progress remains to be seen.\n    Mr. Maffei. Ms. Martin and Ms. Robinson, can you comment on \nthe progress since the study?\n    Ms. Robinson. We have not gone to see what NASA has done \nsince the study in terms of an audit or anything like that, but \nI agree that they have been very receptive to our \nrecommendations and I believe they are working hard on the \nmatter.\n    Ms. Martin. Likewise, NASA agreed with all seven of our \nrecommendations. We were certainly encouraged that the \nAdministrator issued a memo to all staff reiterating the \nimportance of export controls and also met with the Center \nExport Administrators. So that is an example of the tone from \nthe top. But again, we have not fully evaluated all of the \nactions.\n    Mr. Maffei. Mr. Keegan, Mr. Webster talked about, in his \ntestimony, some cultural changes that would need to take place \nat NASA. Those are very challenging for any Administrator to \nimplement. Do you feel if the current Administrator is able to \nchange some of the culture at NASA? How are you approaching \nthat?\n    Mr. Keegan. In a couple ways. NASA is looking at our whole \ncompetition model as to the advantages and to the drawbacks of \nthat model and we acknowledge that that sometimes creates \nincentives not to share information across centers in a way \nthat is helpful to NASA as a whole. I think the Administrator \nhas emphasized directly both to me and Associate Administrator \nRobert Lightfoot and to the Center Directors and Mission \nDirectors who report to Mr. Lightfoot that they will be held \naccountable for implementing the actions in response to these \nreports and for emphasizing and complying with the requirements \nin these areas and for seeing that that is done in their \norganizations.\n    Mr. Maffei. I thank the witnesses and yield back.\n    Chairman Palazzo. I now recognize Dr. Broun for five \nminutes.\n    Mr. Broun. Thank you, Mr. Chairman.\n    Mr. Keegan, I am a little perplexed--actually a little more \nthan perplexed about NASA's priorities toward protecting \nsensitive or secure information. Chairman Palazzo has called \nthis hearing because of multiple points highlighting NASA's \npoor oversight and management in protecting sensitive \ninformation, yet your written statement discusses a request for \n``new'' statutory authority for--to allow NASA to withhold from \nthe public certain technical data requested under FOIA.\n    It is also my understanding that NASA has resisted the \nCommittee's efforts to make public the NAPA report even with an \noffer for the agency to redact it.\n    Now, don't get me wrong; I am certainly not encouraging \nNASA to release sensitive information. But to be clear, it is \nNASA's position that the entire NAPA report, the entire NAPA \nreport, is sensitive and that no aspect whatsoever can be \nreleased without compromising security vulnerabilities.\n    If so, would you please provide this Committee a detailed \nlist of the specific passages and concerns NASA is worried \nabout releasing? For instance, I find it hard to believe that \nthe background section has anything of concern within it.\n    Mr. Keegan. NASA appreciates the comprehensive, thorough, \nand detailed analysis that the NAPA panel did on our security \nvulnerabilities and problems with our systems and processes, \ninternal deliberations, IT assets, and so forth. We also \nappreciate the fact that they rank-ordered their 27 \nrecommendations with an assessment of risk associated with each \none so that we could prioritize our actions and response. But \nthe combination of that information would serve to make \nvulnerable the very information that we are trying to protect \nby improving our processes in these areas. The information that \nwould provide--you know, too much information about our \nvulnerabilities--is interwoven throughout the report, so to \nmeaningfully and thoroughly redact it, to take that out, would \nin our opinion make the report no more useful than the \nexecutive summary which summarizes the six areas of \nrecommendations and at the same time still pose a risk to \nsecurity. So NASA has no plans to publicly release that report, \nalthough we have provided a copy of the full report--an SBU \nfull report to the Committee Chairman at his request.\n    Mr. Broun. Mr. Webster, do you believe there is any \nspecific information in the NAPA report that is sensitive, and \nif so, could it be redacted that the entire--that the public \ncould read the rest of the report? We have just heard what Mr. \nKeegan said.\n    Mr. Webster. I do believe that there is some information in \nthere that is sensitive and I do understand the basic \nunderlying premise that you can take individually--information \nthat is standing on its own is not sensitive, but when you \npiece it together with other related pieces of information, it \ncan provide insight to an adversary that might be useful they \nwould otherwise not gain. So I understand the philosophy. I am \nnot in a position to judge if you will because we haven't done \nthat analysis and we don't really have that charter to provide \nthat type of analysis, but I do understand the basic logic.\n    Mr. Broun. Ms. Robinson, ironically, it appears that--as \nthough NASA is more concerned about protecting this report \nrather than its own sensitive information. As this hearing \ndemonstrates, this Committee is very aware of the impact of \nreleasing sensitive information. I am worried, however, that \nNASA is suppressing this report not because it would compromise \nsecurity but because it would embarrass the agency. Would the \nNASA Office of Inspector General be willing to conduct a review \nof the decision to classify this report as sensitive but \nunclassified?\n    Ms. Robinson. Well, I have to admit I haven't thought of \nthat. We certainly could take it under advisement.\n    Mr. Broun. I hope you will do so because I am very \nconcerned about this. And as Chairman of the Oversight \nSubcommittee, it is my responsibility in our Committee to make \nsure that we have all the information, and it seems to me that \nNASA has been more--has let sensitive information out.\n    Mr. Chairman, I have got a question if you would allow me \nto go over my time a half-minute.\n    But, Mr. Keegan, without divulging personal information, \nhow are the individuals that have allowed these compromises \nbeen punished, reprimanded, or dealt with? Now, you can tell us \nthat in open session like this. And I realize that also we can \ngo into closed session. We can go into whatever means it takes \nto protect a personal--a person's identity, et cetera. \nCertainly I am not asking you to divulge any personal \ninformation here today, but can you tell us how have these \nindividuals been reprimanded, punished, or dealt with?\n    Mr. Keegan. Their management has certainly spoken with the \nresponsible individuals about the incidents and the facts \nunderlying the report and I would say taken appropriate \npersonnel action for which the----\n    Mr. Broun. Mr. Keegan, that is not an answer. If you would \njust please--whatever--would you provide that to our Committee \nor the Committee staff?\n    Mr. Keegan. I don't--I believe as a matter of privacy we \ncan't provide information about employee discipline.\n    Mr. Broun. Well, I think you can provide how--individuals, \nthat is true. You cannot tell us how an individual particularly \nhas been reprimanded, punished, or dealt with, but I think you \ncan give us an idea. People need to be reprimanded. What I have \nseen over and over again in this Oversight Subcommittee, not \nonly in this Committee but others, is people violate what they \nare supposed to be doing, they violate security, and nothing \never happens. And I am sick of it. And I hope that you all will \nprovide this Committee some information.\n    Mr. Chairman, my time is expired. Thank you.\n    Chairman Palazzo. I now recognize the Ranking Member, Ms. \nEdwards.\n    Ms. Edwards. Thank you, Mr. Chairman. And thank you to our \nwitnesses today.\n    You know, when you look back at NASA and the establishment \nof the Space Act in 1958, it is an important consideration to \nlook at NASA's mission and the complications of balancing both \nthe openness that is expected in the scientific and research \ninnovation community and cooperation around the world with \nthese really important security interests, and so for me it \nreally, you know, raises a question about intent of the agency \nand the civil servants versus a culture that we need to work to \nchange and shape so that there is more consideration of \nsecurity, still respecting the overall mission of the agency. \nAnd I want to thank the witnesses for their testimony today.\n    I especially want to commend Ms. Martin. I know that you \nare here and you are in your waning days after 36 years of \npublic service, and so I want to thank you for that. I am \nreminded all the time, especially as one who represents a local \nCongressional District here in the Metropolitan Washington \nregion in Maryland about all of the important and valuable work \nof our civil servants, wherever they fall.\n    And so it leads me to the question about what is going on \nat the agency. And so, Ms. Martin, I would like to address this \nto you if you would, and other witnesses, please chime in. I \nwonder if, in looking at the conclusions of your three reports, \nwhether you conclude that the security weaknesses that you \nfound stem from an inconsistent application of policies and \nguidance on protecting sensitive information, technologies, and \nother assets of the agency and centers rather than from a \nconscious disregard of security measures by NASA personnel?\n    Ms. Martin. Well, first, Ms. Edwards, I would like to thank \nyou for your very kind remark, and it is indeed a pleasure to \nhave this opportunity to testify before this Committee, the \nSubcommittees, a week before I am actually due to retire. It \nhas been indeed an honor and a pleasure to serve the Congress \nand the American public for 36 years. So thank you very much \nfor that.\n    And to your question, we certainly did not find any \nwidespread indications of overt attempts to circumvent policies \nand procedures. As we state in our report, there were certainly \nsome lack of clarity in terms of the policies and procedures, \nand as you well know, NASA devolves a lot of responsibility to \nits centers, and so we found variations across those centers in \nterms of how they implemented policies and procedures. And no \ndoubt accountability is important, but there was not any \nwidespread indication in terms of our work that someone went \nabout, you know, deliberately trying to circumvent policies and \nprocedures.\n    Ms. Edwards. Thank you very much for clarifying that. And \nit then leads me, Mr. Webster, to a question for you, and that \nis around the culture at NASA and what you are doing because it \nstrikes me--and I worked at Goddard Space Flight Center, so I \nknow this--the importance of devolving a lot of \nresponsibilities to the agency because in part that is what \ncreates an environment of innovation and creativity. And so how \ndo you then balance security concerns and preventing breaches \nof release of sensitive information with a culture in which you \nwant to encourage innovation and creativity? What can you do to \nbring a lot more consistency to the application of these issues \nwithin the agency?\n    Mr. Webster. I believe that the cultural issue is perhaps \none of the largest challenges being faced as a result of this \nreview because unlike information technology or policies that \ncan be changed and so on, changing the culture is a long-term \neffort. It may be that NASA and the workforce looks at its \nmission as a set of objectives and then the rest of what NASA \nhas to do is sort of what they have to do in order to be able \nto execute the mission. And that would be unfortunate. And I \nsuspect that is the case in many cases because instead, the \nhousekeeping types of things that need to occur needed to be \nviewed as part of the mission so it is not this balancing what \ndo we have to put up with in order to achieve the mission? It \nis recognized as part of the mission.\n    And going back to your earlier question, I would say that \nin my perception, and I believe it is reflected in our study, \nis that NASA has consistent policy but it is inconsistently \napplied, and so that is where I think getting the culture to \nunderstand that as part of their mission is important.\n    Ms. Edwards. Thank you. Mr. Chairman, if you can indulge me \nwith Mr. Broun's 30 seconds, I would appreciate it.\n    Chairman Palazzo. I will.\n    Ms. Edwards. So I want to go to Mr. Keegan. I mean there \nhas been some discussion about an oversight body such as the \ninternal Asset Protection Oversight Board that has been \nadvocated by NAPA to oversee safety concerns. What is your view \nabout the necessity and how NASA would view the necessity of \nstanding up such a board?\n    Mr. Keegan. We think that is a valuable recommendation and \nwe agree that that function would be useful to help us address \nchallenges in this area and we are looking to set up something \nalong those lines that would then report up to the agency's \nMission Support Council to implement that recommendation.\n    Ms. Edwards. Thank you very much.\n    Thank you, Mr. Chairman.\n    Chairman Palazzo. I now recognize Mr. Brooks.\n    Mr. Brooks. Thank you, Mr. Chairman.\n    Dick Thornburgh, panel chair, testified before Congress on \nApril the 8th of 2014 that the National Academy of Public \nAdministration, or NAPA, as we have been referring to it, found \nthat ``there is little accountability for noncompliance when \nidentified through specific incidents or periodic assessments. \nThis validates the identified perception among NASA personnel \nthat 'mandatory compliance' means little as there are few if \nany consequences for deliberate or inadvertent violations of \nthe mandates.'' NAPA further found that ``NASA headquarters \nofficials and center directors have not adequately communicated \nthat strict compliance was and is required for a foreign \nnational hosting, sponsoring, and escort policy and \nprocedures.'' Finally, NAPA also found that ``a number of NASA \nleaders also noted that the agency tends not to hold \nindividuals accountable even when they make serious preventable \nerrors. Whenever an example of such an error was mentioned \nduring interviews, Academy staff would follow up with: what \nhappened to those responsible for the error? In almost every \ninstance, the answer was either 'nothing' or 'I don't know'.'' \nMr. Keegan, who at NASA is responsible for ensuring \naccountability for protecting sensitive information at NASA?\n    Mr. Keegan. Ultimately--the ultimate accountability for \nthat is the Administrator and I think the Administrator has \nmade it clear through his actions in response to these reports \nthat he takes that responsibility very seriously. He or the \nAssociate Administrator has traveled to every center to \nemphasize that every employee has the responsibility in this \narea. His message that Ms. Martin mentioned earlier that he \nsent to every employee at NASA said he wanted to--I am \nquoting--``I also want to remind each of you of your \nresponsibility to comply with all export control regulations \nand our foreign national management requirements. This is a \nserious matter and penalties for noncompliance can include \nfines and imprisonment, as well as administrative personnel \nactions such as reduction in grade or even termination.'' And \nhe has directed us, as we improve the internal audit functions \nfor both export control and foreign national access, to address \nstrengthening compliance and accountability mechanisms.\n    Mr. Brooks. Well, inasmuch as it is clear that there are \nmany NASA employees who are not doing their jobs protecting \nNASA's sensitive technology and information or protecting \nAmerica's national security by protecting information of a \nnational security concern, why haven't these individuals been \nfired or otherwise seriously punished?\n    Mr. Keegan. I am not sure the specific incidents to which \nyou are referring.\n    Mr. Brooks. Well, you just testified that you have got the \nNASA Administrator, Associate Administrator talking to these \nindividuals who apparently aren't following our sensitive \ninformation and national security interest, and that there is a \nproblem in NASA according to the NAPA report. How many of them \nhave been fired, the employees who have not been in compliance \nwith NASA's own rules and regulations concerning protection of \nsensitive information and protection of our national security?\n    Mr. Keegan. I am not aware of any findings of intentional \nmisconduct on the part of NASA employees but rather problems \nwith understanding the roles and responsibilities as spelled \nout by the policies and procedures.\n    Mr. Brooks. So if the employees are just not doing their \njobs, they are not paying attention, they are negligent, \ngrossly negligent, NASA doesn't terminate them because they are \ndoing a bad performance job?\n    Mr. Keegan. We have--we acknowledge that we have \nshortcomings in this area of accountability and I think the \nAdministrator has taken strong actions to address those \nshortcomings.\n    Mr. Brooks. And does that strong action include the threat \nto terminate the NASA employees who intentionally or \nnegligently or through gross or reckless misconduct fail to \nprotect sensitive NASA material, thereby also failing to \nprotect America's national security? Do we have assurances that \nin the future these people will be fired if they risk our \ncountry's sensitive information and national security?\n    Mr. Keegan. Well, you have NASA's assurance we will take \nthe appropriate disciplinary actions, the most serious of which \ninclude termination.\n    Mr. Brooks. Well, I hope in the future that termination \nwill be an option that NASA will utilize because I can assure \nyou in the private sector those folks are gone. And in the \npublic sector we should treat employees who fail to do their \njobs similarly. Thank you for your responses.\n    Chairman Palazzo. I now recognize Ms. Bonamici.\n    Ms. Bonamici. Thank you very much, Mr. Chairman.\n    Thank you to all the witnesses for your testimony, for \nbeing here today. This is an important topic. Of course it has \nnational security implications but also we are pondering \nwhether the recommendations made by the reports that we are \ndiscussing here today, whether they could impact some of the \ncore elements of NASA's mission.\n    Also, I have to say that the public is really looking to us \nto find the right balance, and we heard that word this morning, \nbalance, quite a lot, between of course keeping our country \nsafe and protecting sensitive research and data, maintaining \nour country's leadership role, but also understanding that \nthere is importance in NASA publicly disseminating the results \nof research and the scope of its scientific activities. I have \nto say that that is important for many reasons but especially \nto help educate the public about the benefits of NASA's work. \nSo it is finding that right balance.\n    I do want to point out that, Dr. Webster, you said in your \ntestimony that NASA provided complete cooperation for this \nreview and NASA interviewees were candid, cooperative, and \neager to offer both suggestions and be involved in problem-\nsolving, and I just wanted to point that out, that you \nrecognized that when you did your assessment. And that is so \nimportant.\n    We look at the report from the NAPA, National Academy of \nPublic Administration, and they acknowledge that foreign \nnational participation in NASA programs and projects is an \ninherent and essential element in NASA operations. So \nconsidering the implications that the OIG and the NAPA reports \nhave on these areas, I am interested in whether our witnesses \nsee any potential to improve international collaboration \nthrough the recommendations of these reports if they are all \nimplemented. Might there be a possibility that international \ncollaboration is improved? If you just want to each state \nbriefly whether you agree that there is any potential there?\n    Mr. Keegan. I think the thoughtful recommendations from all \nthree of the reports that we are talking about here this \nmorning offer the opportunity for NASA to strengthen its \nforeign national participation by having clear guidance and by \nassigning roles and responsibilities that everyone understands \nand complies with. This will sort of make it easier for \ninvolving foreign nationals as appropriate in our research.\n    Ms. Bonamici. Does anyone disagree with that? Ms. Martin?\n    Ms. Martin. No. I would agree that it is not an either/or, \nand obviously foreign participation, international agreements \nare important to NASA's work, as Mr. Keegan and others have \nsaid, but it is important to have those clear policies and \nprocedures and we think that risk-based approach to compliance \nis really one way that can help NASA with that balance.\n    Ms. Bonamici. Ms. Robinson, Dr. Webster, do you agree \nwith----\n    Ms. Robinson. Yes.\n    Mr. Webster. I do as well. I believe it is a risk-based \napproach and it is a balancing act. I mean you can obviously \nhave more collaboration by ignoring security, but there is a \ncost to be paid for that.\n    Ms. Bonamici. Right. And thank you. I want to follow up on \nquestions that were just asked. It seems listening to the \ntestimony and reviewing what you have submitted that the core \nproblems described in the reports are because individual NASA \nemployees did not appropriately follow existing policies or \nprocedures. So I want to start with Mr. Keegan. Do you see that \nas resulting from inadequate training, ineffective \norganizational structure, or a lack of resources, or some of \neach?\n    Mr. Keegan. I think that it is a combination, and we are \ntaking action. One of the earlier reports mentioned that there \nwas confusion and bureaucracy in the implementation of these \nrequirements, so we are trying to address that through \nclarified policy, through clarified training. And also we have \ndetailed a full-time person who is a project engineer who can \nsort of put these export control requirements in language and \nin the training sort of in terms of the process that flight \nproject folks understand in terms of what their \nresponsibilities are. So we think there are improvements to be \nmade in all three areas.\n    And we are allocating, as I mentioned in my opening \nstatement, increased resources to this area as well. And I \nthink the Foreign National Access program will pull together, \nyou know, the coordination of the various elements in this area \nof responsibility across the agency.\n    Ms. Bonamici. And the recommendations that NASA is \nimplementing, do you see those as realistic fixes? Once \nimplemented, will they resolve the problems that were brought \nto light by the assessment?\n    Mr. Keegan. Absolutely realistic fixes and we hope they \nwill address all of the issues, but in my 32 years at NASA I \nhave never seen a strong external review that has failed to \nidentify some areas where we could continue to improve as well.\n    Ms. Bonamici. Thank you.\n    And I yield back the balance of my time. Thank you, Mr. \nChairman.\n    Chairman Palazzo. I now recognize Mr. Posey.\n    Mr. Posey. Thank you, Mr. Chairman.\n    Mr. Keegan, I think you are aware everybody on this panel, \nprobably everyone in this room I think is a friend to NASA. \nThey recognize NASA does many wonderful things. They want them \nto do many more things. But like everybody in this room, NASA \nis not perfect. We can't expect anybody to be perfect. But we \nare talking about matters of national security now and we need \nto be as close to perfect as we can possibly be. And when \nMembers ask questions like about disciplinary action in the \npast, you know, and they kind of get rope-a-dope here, you \nknow, the bobbing and weaving, no direct answers. It sounds \npetulant, arrogant, defiant. It seems like an us-against-them, \nand I know that you don't intend that but that is how it comes \nacross.\n    This is not my first rodeo with issues like this. Financial \nServices Committee, the Securities and Exchange Commission \nplayed rope-a-dope with us for a couple years. They let Bernard \nMadoff steal $70 billion from people, innocent people. People \ndied because of it. People went broke. People are living in \npoverty now instead of a comfortable retirement because about \n50 people in that agency didn't do their job. And we had great \nInspector General reports, IG reports, made recommendations \nabout what the accountability should be, and we got the rope-a-\ndope from the SEC for years. Well, we are working on it. Some \nof these things are still pending. We can't talk about them. It \nis a big secret.\n    So finally, basically under Freedom of Information Act, we \nfind out that none of the recommendations for disciplinary \nactions were taken. Everybody was let off easy. One explanation \nthat was supposed to make us happy is the Secretary said, well, \nit might please you to know that half the employees are no \nlonger with the agency that let him do all these things bad. I \nsaid, well, you know, great. That is problem solved. A \npedophile moved into a different neighborhood. No. I mean they \nare retired on the government's dime. They took jobs as \ninvestigators or compliance people for other agencies maybe. \nThat doesn't solve any problems because they are not with the \nagency.\n    So we wonder how many of people in your agency that we are \ngoing to find out three years from now, oh, well, we let them \nhang in there until they got a better job and could double \ntheir salary on K Street or whatever, you know. I mean we would \nlike some serious answers and I think you owe them.\n    And my question to you now, has any disciplinary action \never been taken? And you can tell me yes or no and tell me what \nkind it was.\n    Mr. Keegan. Yes, disciplinary action has been taken. I know \ncertainly of instances of counseling. I don't know of----\n    Mr. Posey. Okay.\n    Mr. Keegan. --any other specifics related to the issues in \nthese reports we are talking about here today. I certainly know \nabout instances elsewhere in NASA where--I mean I don't think \nNASA shies away from taking appropriate discipline up to and \nincluding removal.\n    Mr. Posey. Has anyone ever been removed, do you know?\n    Mr. Keegan. At NASA?\n    Mr. Posey. Yes, sir.\n    Mr. Keegan. Sure.\n    Mr. Posey. Over security breaches?\n    Mr. Keegan. I don't know that.\n    Mr. Posey. Could you find out for us? We would like to kind \nof have a summary. You can tell us what actions have taken and \nyou don't have to name employees. The IG has even named \nspecific employees and said this employee did this; they should \nbe disciplined like such. Of course they weren't, you know, but \nI think we would like to know what the history is, with the \ntrack record is, if actions have really been taken. I mean do \nthese people write these reports to come in and give them to \nCongress and then the agencies just blow them off and say, \nthose suckers, they can't make us do anything?\n    I mean that is the way it seems sometimes. That is the way \na lot of the taxpayers feel at home. They see that there is a \nlack of accountability in government. We come here, we hold \nhearings, and yeah, we will check into that, yeah, we will \nreport on that, and sure, we will get back with you. But we \ndon't. I mean I have got stacks of unanswered correspondence, \nyou know, over my head. It seems like, you know, some of the \nagencies just refuse to do any compliance and it just--it seems \nlike it is us, government, against them, the public or their \nrepresentatives. And we would like to think that that culture \nis not pervasive in NASA, but when we can't get straight \nanswers, that is the conclusion people tend to think. And it \nmakes it hard.\n    I mean we want to get funding for NASA to big things. It \ntakes money. And the public perception is, you know, that NASA \ngets 20 percent of the budget. We know the reality you get 1/2 \nof one percent and we know that is plundered. We know that \ncomes through like a big piinata from everything from the COPS \nprogram to whatever other pet projects people want to steal \nfrom NASA because, number one, we don't do a good PR job in \nNASA and I could spend a couple hours talking about that; and \nnumber two, people already think we spend too much money on it; \nand number three, there is cases like this where they don't see \na lack of accountability.\n    So I would hope that when you come in here to share with \nus, we work toward changing that, that it is not us against \nthem. We are just trying to see that there is some fundamental \naccountability. We try and teach our children that in school. \nYou know, everybody in the private sector has it that I know \nabout and we just want to see that that is in place at NASA, \ntoo.\n    And again, we are not talking about personalities. We are \nliterally, we are literally talking about the national security \nof this Nation. We are talking about people that come here from \nanother country and we can't expect you to profile everybody \nwho is going to have access to any information because they \nshake down everybody when they get home, from tourists, to \nstudents, to everybody else. We know that is tough but we have \nto get off the dime and move in that direction. And when people \nseemingly almost willfully violate or transgress guidelines \nthat make this nation secure, they need to be held accountable \nand you need to let us know that that is happening.\n    Thank you, Mr. Chairman. I yield back.\n    Chairman Palazzo. I now recognize Mr. Johnson.\n    Mr. Johnson of Ohio. Thank you, Mr. Chairman.\n    I would like to associate myself with some of the comments \nthat my colleague Mr. Posey said. I am a big fan of NASA. I \nmean I grew up on Buck Rogers and Star Trek and enamored by \nspace travel. I have got NASA, Glenn, in Ohio. I am a big, big \nfan of NASA's.\n    But, Mr. Keegan, some of your responses don't rise to the \nlevel of credibility with what we are dealing with here today. \nHow did you go about preparing for this hearing today? You knew \nthis was going to be about security breaches and personnel \nhaving done those, but we are getting a lot of ``I don't know'' \nanswers. What did you do to prepare for today's hearing?\n    Mr. Keegan. I reviewed the reports and----\n    Mr. Johnson of Ohio. You did review the reports?\n    Mr. Keegan. Yes.\n    Mr. Johnson of Ohio. Okay. That is a good start because you \nsaid earlier that you were not aware of any deliberate actions \nby NASA employees to violate security protocols. Have I got \nthat right? Is that what you said earlier?\n    Mr. Keegan. I am not aware of any specific employees that \nhave----\n    Mr. Johnson of Ohio. Okay. Well, in the report----\n    Mr. Keegan. --been identified----\n    Mr. Johnson of Ohio. --from--in the report from GAO they \nstate that in some instances in terms of trying to avoid export \ncontrol review, they said it was the result of deliberate \naction by authors to avoid export control review of papers \nprior to release. And yet you say you read the reports and to \ncome to this hearing and not know whether or not people have \nbeen addressed and disciplined for those types of deliberate \nactions, that doesn't rise to a level of credibility for me, \nand I worked for almost 26-1/2 years in the Air Force, much of \nthat in top-secret and classified conditions. I know at least \nin the environment I worked in where the buck stopped. You are \npretty close to where the buck stops. I am a little incensed \nthat you don't know the answers to these questions that you are \nsaying you don't know the answers to.\n    Let me go back to one that Mr. Posey asked you. You said \nthat there have been people removed from NASA but specifically \nin your written testimony you noted that penalties for \nnoncompliance with export control regulations, of which reviews \nare part of and Foreign National Access Management \nrequirements, that those penalties could include fines, \nimprisonment, or administrative personnel actions. Well, let me \nask you again--and you don't have to give me a specific name of \nanyone--but do you--has anyone in NASA received any of those \nthings--fines, imprisonment, or administrative personnel \nactions--for a security breach--for a deliberate security \nbreach, as noted by GAO? Has anyone been disciplined to that \nlevel?\n    Mr. Keegan. I will take that question for the record and \nprovide you a response.\n    Mr. Johnson of Ohio. Okay. I would appreciate that. Thank \nyou very much.\n    Ms. Robinson's testimony noted that NASA's Jet Propulsion \nLaboratory has had success using engineers and scientists as \nexport control representatives to work with the export control \npersonnel, so I will ask, Mr. Keegan, if you know the answer to \nthis. Maybe others on the panel want to comment. Can someone \nprovide a more detailed explanation of the process of working \nwith scientists as export control representatives? I mean what \ndo the scientists at NASA's Jet Propulsion Laboratory do that \nscientists at NASA centers do not do? How do they work \ndifferently with export control personnel?\n    Mr. Keegan. I would like whoever reviewed that as a model \nthat we can look at to describe it.\n    Mr. Johnson of Ohio. Okay. So we are not sure. Okay.\n    Ms. Robinson. I think it is just--again, this was not in \nour report; it was something that I noted in the other reports, \nbut I think it is a process that they have in place, a way to \nhave interactions between the two groups of professionals so \nthey are having conversations and they are understanding what \nkind of projects are we working on, are there foreign nationals \nworking here, how do we resolve these issues? So it is a \nprocess.\n    Mr. Johnson of Ohio. Okay. All right. Well, that five \nminutes went fast.\n    Mr. Chairman, I guess I will yield back the balance of my \ntime, the one second I have got.\n    Chairman Palazzo. Are you sure you don't want 30 more \nseconds or a minute? Okay.\n    That is perfect time and I do believe votes were just \ncalled or did they go back in session? Well, the buzzer went \noff.\n    Well, it is absolutely obvious that this Committee takes \nour national security very importantly. It is a bipartisan \nissue. It is also obvious that when you look at the global \nevents around the world that the world is not becoming safer; \nit is becoming much more dangerous. And America's leadership in \nspace isn't just about national pride; it is about national \nsecurity. And we are not going to wait 15 years to make sure \nthat these recommendations are being implemented by NASA. We \nare going to be looking forward to reports every year and we \nare going to be taking a hard look at this.\n    So I thank the witnesses for their valuable testimony and \nthe Members for their questions. Members of the Committee may \nhave additional questions for you and we will ask you to \nrespond to those in writing. The record will remain open for \ntwo weeks for additional comments and written questions from \nMembers.\n    The witnesses are excused and this hearing is adjourned. \nThank you.\n    [Whereupon, at 11:22 a.m., the Subcommittees were \nadjourned.]\n                               Appendix I\n\n                              ----------                              \n\n\n                   Answers to Post-Hearing Questions\n\n\n\n                   Answers to Post-Hearing Questions\nResponses by Mr. Richard Keegan\n\n\n[GRAPHIC] [TIFF OMITTED] \n\nResponses by Ms. Belva Martin\n\n[GRAPHIC] [TIFF OMITTED] \n\nResponses by Ms. Gail A. Robinson\n\n[GRAPHIC] [TIFF OMITTED] \n\nResponses by Mr. Douglas Webster\n\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n                              Appendix II\n\n                              ----------                              \n\n\n                   Additional Material for the Record\n\n\n\n\n[GRAPHIC] [TIFF OMITTED] \n\nResponses submitted by NASA for information requested by Chairman Broun\n\n[GRAPHIC] [TIFF OMITTED] \n\n                                 <all>\n\x1a\n</pre></body></html>\n"