House calls for investigation into security of cloud computing at NASA

Print Friendly, PDF & Email

US Capitol DomeHere’s something that people tend to gloss over when they get all wide-eyed with the promise of clouds: a good deal of the scientific computing around the world done by the state, in state-owned computing facilities. And more than half of that is done in the United States. Where there is a patchwork of legislation and regulation that expressly forbids the storage of federal data of various kinds on non-federal computers.

So it was with interest that I read Title IX of the House National Aeronautics and Space Administration Authorization Act of 2010 (text here)

TITLE IX. OTHER PROVISIONS

Sec. 901. Cloud Computing

(b) REPORT.—Not later than 1 year after NASA has entered into a contract for its first use of a non-Federal cloud computing facility, the Comptroller General shall transmit to the Congress a report detailing whether sensitive but unclassified and classified NASA information was processed on that facility and if so, how NASA ensured that data access and security requirements were in place to safeguard NASA’s scientific and technical information.

Not arguing that the rules make sense, and I’m not saying that all departments are governed by such rules. But some are — DoD is one. As this mention by the House indicates, even when there aren’t rules forbidding the storage of data outside the reservation, there are still minders to keep happy.

Also interesting: this is the only place that the word “computing” even appears in the Act (computer doesn’t make an appearance; same for HPC and its forms).

This news comes as NASA has done more than dip its toes into internal cloud experiments like its Nebula private cloud. NASA is also a primary partner with Rackspace in development of its recently open-sourced OpenStack cloud platform.