'Breadth and Depth' of Security Flaws at NASA Take House Chairman 'Aback'

A review of NASA security in the wake of last year's arrest of a Chinese national accused of spying revealed flaws that took one lawmaker "aback," but the damning report is being kept out of the public eye.

Rep. Frank Wolf (R-Va.), chairman of the House Appropriations subcommittee that funds NASA, requested the review after the March 2013 arrest of National Institute of Aerospace contractor Bo Jiang as he attempted to leave the country at Dulles International Airport.

According to the arrest warrant and criminal complaint, Jiang lived a few blocks from Naval Station Norfolk. On March 13, the Federal Bureau of Investigation opened an investigation into “conspiracies and substantive violations” of the Arms Export Control Act.

Two days later, agents learned Jiang had “abruptly” bought a one-way ticket back to China. He had boarded the flight at Dulles when agents stopped him and searched his belongings, finding more tech items on Jiang than he claimed to officials, including a second laptop computer, a SIM card, and an old hard drive.

The complaint noted that Jiang previously flew back to China once with a laptop belonging to NASA believed to have contained sensitive information.

Prosecutors later said they didn't find any sensitive information on the devices that Jiang had on him at the time of his March arrest, and he pleaded guilty in May to a misdemeanor charge of using his NASA laptop to download porn. He was then ordered to leave the country.

Jiang got his Ph.D. at Old Dominion before joining the National Institute of Aerospace as a research scholar at NASA Langley in January 2011. His title changed to research scientist in October 2012. In both positions, he worked on NASA’s aviation safety program.

Whistleblowers concerned about security breaches at NASA facilities had tipped off Wolf about Jiang and other employees. The FBI then began its investigation into the Chinese national, who came to the country in 2007.

Wolf said at the time of the bargain with prosecutors that they still weren't addressing what may have been on the laptop Jiang took to China in December or why a NASA laptop was provided to a foreign national in the first place.

In March, NASA Administrator Charles Bolden appeared before Wolf's committee and admitted that about 280 foreign nationals deemed security threats were working at NASA facilities. Wolf called for Bolden to appoint an outside panel to review foreign national access and export controls while stripping access for all foreign nationals with ties to suspect organizations or foreign governments.

“Last year, after learning of security violations at NASA’s Ames and Langley research centers, I called on Administrator Bolden to commission a comprehensive, independent review of the agency’s security, export control and access to NASA property by foreign nationals," Wolf said Wednesday evening.

NASA contracted with the National Academy of Public Administration to conduct a review of its foreign national operations. All that's publicly accessible from the report, issued by a panel helmed by former Pennsylvania Gov. Dick Thornburgh (R), is the executive summary.

In all, the review panel issued 27 recommendations, including managing the access of foreign nationals as a program, better control of centers employing foreign nationals by NASA headquarters, and correcting longstanding information technology security issues.

"NASA needs to improve how it protects all of its valuable technical data and proprietary information, not simply the proprietary, sensitive, and/or classified information potentially exposed to foreign nationals," the summary states."...The importance of security, the existence of 'real world' threats to NASA assets, and the need for improvements in handling foreign national issues have not been clearly and consistently communicated throughout NASA."

Last week, Bolden fired off a three-page letter to Thornburgh thanking him for the review yet disputing several findings or recommendations in the report. "NASA's counterintelligence program is focused on Agency assets, and by retaining the existing reporting structure, we ensure a standardized and consistent program across the Agency," Bolden wrote.

“Frankly, I was taken aback at the breadth and depth of security challenges identified across NASA and I am deeply disappointed the agency has restricted access to the report," Wolf said. "The report should be made public as soon as possible, with any necessary redactions in the interest of national security, because it confirms not only the serious security challenges that need to be addressed, but a persistent organizational culture that fails to hold center leadership, employees and contractors accountable for security violations. This must change."

“The U.S. intelligence community has made clear that we face unprecedented cyber and espionage threats, especially from countries seeking to steal cutting-edge aerospace technology which often has military applications," the congressman added. "It is imperative that NASA secure its key assets and instill a culture of accountability when security violations occur."

Wolf noted that he added language in the FY 2014 Omnibus spending bill requiring NASA to provide Congress with quarterly reports on the status of its implementation of the report’s recommendations.

"I look forward to discussing this further at my subcommittee’s hearing with Administrator Bolden in March," he said.