As cybersecurity grows in importance worldwide, NASA’s Katherine Johnson Independent Verification and Validation (IV&V) Facility has increased its focus on providing cybersecurity services and education.
Traditionally, the IV&V Facility has focused on examining software in developing NASA missions to identify and rectify glitches and failures before launch. However, cybersecurity has emerged as a consistently growing concern in mission security, prompting the facility to incorporate cybersecurity assessments into its services.
Cybersecurity as a Growing Priority
Manny Cordero, NASA IV&V Deputy Lead for the Safety and Mission Assurance Support office, explained to The State Journal that the facility has been adding cybersecurity expertise to its traditional assurance and software engineering roles.
We combine traditional assurance and software engineering roles with cybersecurity to independently assess the design, architecture and structures of space systems,” Cordero told the West Virginia publication. “A lot of what we do requires knowledge of network systems, protocols, industrial control systems, operating systems, hardware and federally mandated directives for cybersecurity.
NASA IV&V’s role is to better understand what the risks might be, or that risk to NASA missions, and, in cases of human space flight, to identify risks to preserve the safety of astronaut lives. Looking at software is an important part of it, but looking at a broader picture on how the software operates, the system itself, from a cybersecurity perspective, gives us a bigger picture.
A Decade of Cybersecurity Focus at NASA IV&V
Nearly a decade ago, the IV&V facility began analyzing ground system cybersecurity in order to gain new insight into how different components of such systems work together and what threats could be most harmful if they were exploited. Given IV&V’s engagement in NASA’s top projects, Cordero said, “IV&V is ideally suited for this work because of our enterprise perspective across many different missions.”
This wide-ranging oversight enables the facility to identify and manage cyber security risks that possibly impact NASA’s mission diversity.
Cordero said that the office has around 12 people working on one or two cybersecurity projects at any given time, and is in the process of expanding its services.
Educational Outreach and Workforce Development
NASA IV&V Office of System Engagement education specialist and internship coordinator Jess White discussed widening the set of cybersecurity offerings to include educational outreach. White pointed to the summer and year-long internships – where IV&V employs students – as two of its primary cyber education components, plus integration of cybersecurity learning into community outreach efforts. White said he thinks these campaigns to start training students and educators about how the world of cyber works will help in creating a cybersecurity-savvy next generation of workers.
Hiring fresh undergraduate students to go into mission security isn’t always possible because of the nature of the work,” White said. “It takes a lot of time to develop a practitioner in that world. However, knowing that, grooming them now for a future workforce need is something we see as a way to start preparing students to enter the workforce and, specifically, enter it here in West Virginia.”
Cordero also stressed the need for a stable cybersecurity workforce.
“Technology enables us, but technology can potentially be abused, and the right protections are needed,” Cordero said. “That’s beyond NASA. Much of our infrastructure, the way that we live and the way that we do business, heavily relies on it, and that reliance will continue to grow, so there’s a need to close that talent gap that exists and build a sustainable cybersecurity workforce.
“That’s why education is important, and why there is a lot of opportunity. A commitment to the cybersecurity field is a commitment to lifelong learning, and that’s part of what makes it very interesting.”
Cybersecurity Operations at the IV&V Facility have not had any trouble finding qualified cybersecurity interns, according to White.
“We’ve always had great students and applicant totals, but opening up mission security opens up a whole new academic group to consider working for IV&V and staying here in West Virginia,” White said. “One of the challenges that West Virginia faces is keeping talent here, so these are opportunities for students that normally wouldn’t find many positions at NASA.”
Future of Cybersecurity at NASA IV&V
Cordero said that he believes as time goes on, cybersecurity will become an increasingly important part of NASA mission safety, and the IV&V Facility will be right at the core of that work.
“NASA has partnerships with commercial crew and international partners, which introduces new technologies, engineering designs and capabilities,” Cordero said. “All of those ingredients are going to be looked at and analyzed to manage risk. The IV&V program is constantly evolving to meet the needs of the agency, so weaving cybersecurity into this multidisciplinary approach is not going to go away. It’s going to continue.”
