INTERVIEW: Lee Holcomb, techie-turned-manager

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
The 2025 Local Government Budgeting and Planning Outlook Report
Presented By ClearGov
Download Now
Moving Government Finance from Complexity to Confidence
Presented By Workday
Download Now
By GCN

By GCN

|

Before becoming NASA's chief information officer, Lee Holcomb was a self-described techie for the space agency, serving as its director for information technology strategy.

Two things I would comment on. One is in information technology security. Our investment has grown substantially over the last few years as a percent of our programs. I think that is indicative that we are now reaching a more appropriate level of investment in IT security. That number is somewhat over $100 million for the agency.The other area the agency is looking at is how it does electronic business in the future. As a result of that, we may determine that an increased investment to improve our productivity and what we are able to achieve may be warranted. So you may see some growth for e-NASA types of initiatives.Recruitment and retention is a problem throughout the federal government in all IT worker communities. NASA has been successful in attracting IT professionals into certain areas.For instance, in the research community we have been reasonably successful in bringing in assistant professors or those who are in the research community because we offer a tremendous opportunity to take on a very challenging set of problems.In more operational areas, such as networking and IT security, we have to compete with the private-sector market, and it is difficult. We have looked at some latitude in changing pay scales provided by the Office of Personnel Management and that has provided a modest incentive.There has been work by the federal CIO Council on this issue. There have been proposals such as the Cyber Corps, which would let the government pay educational expenses and the individual would agree to work for a period of two or three years for the federal government. Those sorts of activities, I think, offer an opportunity to help with retention.It is a big problem. The demographics in the federal government show that the work force is aging. Depending on the agency or the area, you could have as many as 50 percent of your work force eligible for retirement sometime in the next four years.We met with the staff members of the committee and went over their method of scoring the agencies. We expressed a fairly strong disagreement with their method.The questionnaires they offered were appropriate if you are trying to grade a financial system that is pretty modest in size. That is in fact what it was based on, a set of audit standards used for small financial systems. If you try to use those same standards for a large agency with mission-critical systems, financial systems, Web pages and so forth, their method of analyzing doesn't really give a good perspective.We have set top-level IT security goals. We believe auditing against our achievement of these goals with real metrics is a more appropriate way to go forward.Goal No. 1 is making sure NASA and contract employees understand their responsibilities and demonstrate their skills. We measure that through training of chief information officers, IT managers and systems administrators. And we track percentage of training by individuals. We also look at the percentage of applicable contracts that have implemented our most recent IT security policies in contractual clauses. Goal No. 2 is looking for systems and application vulnerabilities and making sure they are kept at a level where they don't jeopardize operations. We use audit tools to specifically measure the number of known vulnerabilities per system in the agency.The third goal is to issue intrusion attempt alerts and take effective action. We want to make sure we maintain and identify and distribute a hostile site list. We want to make sure that our emergency notification is successful. We use a ratio of successful compromises to attacks, and we want to drive that down to a low level. We have tracked that for several quarters now, and in the last four quarters that ratio is dropping. We are getting more effective at shielding ourselves from attack.The fourth goal we have set is to have an effective infrastructure for authentication and access control. Our first step will be in deploying a public-key infrastructure. Last year, the infrastructure was put in place; this year, we are deploying the computers for PKI.Goal No. 5 is to maintain effective policies and guidance. In this area, we tracked a number of NASA systems that have implemented comprehensive IT security plans.I would not say at this point that we have solved all these problems, but we are moving in the right direction.I think among the federal agencies we should have been in the B range. We have a duality of roles. On the one hand, we need to communicate with the public and inform them of what we are doing. Many people who come to work for NASA do so because they can openly speak about everything they do. There are tremendous opportunities and value in sharing the excitement of space with the whole world. We as an agency will always be very open; that is in our culture, and that is in our mission. We have always had a big presence on the Web. We have about 1.9 million publicly accessible Web pages, making us one of the larger agencies in terms of volume of information. That does pose a big challenge.Every one of those external Web sites can become a point at which someone could attack the agency. So we have to balance our desire to be open and publish everything that is appropriate to publish and also provide for layered security or increased security for areas that need to be protected. So we have tried to lay out a strategy that allows us to be both open and protective. We have developed a framework. We haven't taken this too far yet. We are really looking at four portals. One is a portal for those who want to do business with NASA. In that portal, I think the Virtual Procurement Office would fit.What our e-NASA strategy would do is to allow those who want to do business with NASA to get the information they need to compete with others for NASA work via the portal. So it is broader than electronic transactions for procurement. It would enable small businesses, large businesses and disadvantaged businesses to be on an even playing ground, to electronically obtain information that they need to compete for grants, contracts and so forth.Our e-NASA strategy also includes portals serving three other communities. One would be a team doing collaborative work'that would include contractors, universities and others building spacecraft and doing science and engineering.There is a portal for employees that deals with internal business processes and employee needs.Finally, there is a public portal to help anyone access the 1.9 million Web pages that we have.

Lee Holcomb

Before becoming NASA's chief information officer, Lee Holcomb was a self-described techie for the space agency, serving as its director for information technology strategy.

In that job, Holcomb ran one of the world's first massively parallel processing systems and developed a real-time synthetic aperture radar processor.

He also worked on applications to support Voyager spacecraft, space shuttle and air traffic control systems.

As the Internet developed, Holcomb also helped establish NASA Web sites for aeronautics and space data, and educational products.

Holcomb also was a senior engineer at NASA's Jet Propulsion Laboratory, where he was responsible for directing Voyager spacecraft hardware development and systems analyses.

Since taking over the CIO post in October 1997, Holcomb has dealt with the space agency's budget, policy and personnel issues relating to technology.

Holcomb has a bachelor's degree from the University of California at Los Angeles and a master's degree from the California Institute of Technology. He also was a Sloan Fellow at the Massachusetts Institute of Technology.

Freelance writer Merry Mayer interviewed Holcomb by telephone.

GCN: Name your biggest budget concerns.

HOLCOMB:



GCN: How is NASA doing with recruiting and keeping IT workers?

HOLCOMB:









GCN: The House Government Reform Subcommittee on Government Management, Information and Technology last year gave NASA, along with many other agencies, a D' for its security practices. Why?

HOLCOMB:









WHAT'S MORE




  • Family: Wife and a 15-year-old daughter

  • Hometown: Los Angeles

  • Last movie seen: 'Miss Congeniality'

  • Hobbies: Tennis, as much as possible

  • Favorite Web site: www.nasa.gov


GCN: How is your agency trying to improve security?

HOLCOMB:















GCN: Using your metrics, what grade do you think you should have received?

HOLCOMB:

GCN: Do you think that the amount of information NASA puts on the Internet makes the agency vulnerable?

HOLCOMB:





GCN: Please talk a little about e-NASA.

HOLCOMB:










NEXT STORY: Name change doesn't impress Carnivore's critics

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.