Not just cyber: NASA CIO says all IT is about risk management

All IT has a "dark side" that must be contained, NASA CIO Renee Wynn told the FedScoop IT Modernization Summit.
Renee Wynn speaks at FedScoop's IT Modernization Summit on March 28, 2017, at the Newseum in Washington. (FedScoop)

It’s axiomatic that cybersecurity is all about risk management, but NASA CIO Renee Wynn said Tuesday that all IT, indeed all technology, has a “dark side” that must be contained.

In a federal agency like NASA “the IT spend is all about managing risks — what are you buying?,” Wynn said Tuesday during FedScoop’s IT Modernization Summit. “Where’s it from? How well does it fit with your ecosystem? And can you protect it when it gets there?”

“Cybersecurity is about that last piece,” she added.

But long before IT is actually installed, the risk has to be assessed.


“It’s coming into to an [IT] environment from 1977,” she said. In fact, parts of NASA’s legacy IT were even older than that, since they dated back to the earliest days of space exploration.

“Before it flew you had to invent it, and it had to be on the chalkboard …probably for 10 years [before that] … so think about technology from 1967,” she told a standing-room only crowd at the Newseum in Washington, D.C.

Wynn told the summit, she is a subscriber, in certain cases, to the theory of “security through antiquity” — though she didn’t use those words.

In security terms, she said, “sometimes old is good.”

By contrast, technological advances “always have a dark side,” she said, giving as an example the increasing ease with which satellites can be put in orbit.


While that made it possible for NASA to blast satellites designed by school students into space, it also means that U.S. adversaries are more easily able to hold at risk vital national security satellites, such as those that provide global positioning services, or GPS.

“Now that more capability is flying around, it’s not just debris [that might pose a threat  to space vehicles] it’s what [the adversary] can do  — and we know there are some satellites vital to the protection of the United States.”

Wynn noted that, against certain attack vectors — like insider threats for instance — low tech options were often “the best you can do.”

“We like locked doors,” she said.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts