FBI investigating NASA whistleblower reports of Chinese data breach

Friday - 3/8/2013, 5:13am EST

Jared Serbu, DoD reporter, Federal News Radio

Download mp3

The congressman who oversees the committee that funds NASA says the FBI is looking into whistleblower reports that the agency allowed a Chinese national inside access to sensitive information, and that the data may have made its way back to the Chinese mainland.

Rep. Frank Wolf (R-Va.) said he turned the allegations over to the FBI after employees at NASA's Langley Research Center in Hampton, Va., approached him, claiming that higher-ups had authorized the hiring of a contractor employee connected with an organization within China that federal agencies already had red-flagged as a potential national security threat.

Wolf said the reports came to him from "a number" of career civil servants within NASA.

"They were documents and lists of names. I can't get into it much more than that because the FBI is looking at it, but it was shocking. When I saw it, I couldn't believe it," Wolf told reporters at the Capitol Thursday.

Rep. Frank Wolf (R-Va.)

Wolf, who is the chairman of the Appropriations Subcommittee on Commerce, Justice and Science, said he believes the contractor's access to sensitive data contravenes legislative language his panel inserted into NASA's funding bill restricting the agency's ability to cooperate with the Chinese space program or contract with Chinese companies.

"This Chinese national is affiliated with an institution in China that has been designated as an 'entity of concern' by other U.S. government agencies," Wolf said. "That is why I was deeply concerned to learn not only was he provided access and information he never should have received — working directly on technology that may have national security implications — but he was also allegedly allowed by both NASA and his contractor to take his work and volumes of other NASA research back to China for a period of time, as documented in an investigative report I received."

Violation of appropriations law?

Wolf refused to say what type of information he believes the employee exfiltrated to China, or even to identify that information's classification level.

NASA officials said Thursday that they take all allegations of security violations seriously, but the agency also declined to provide details on the case.

"Although we normally don't comment on investigations, because information now has been made public we can confirm we are familiar with the situation involving a Langley contractor, have completed our review and referred the matter to the appropriate law enforcement officials. The contractor in question no longer works at Langley," said David Weaver, NASA's associate administrator for communications.

Irrespective of any information the contractor may have taken from NASA, Wolf believes the mere fact that NASA let him work within the Langley center is a violation of the appropriations restriction Congress created for NASA with regard to interacting with China. He claimed the agency is using contract employees in an attempt to do an end-run around that prohibition.

"It's my understanding that NASA spent several hundred thousand dollars to pay for this individual's contract. Paying so that someone could come in and spy against us. I've also been given a list of several dozens of Chinese nationals, none of whom have U.S. citizenship and many of whom don't even have green cards, who are working at Langley under a similar scheme," Wolf said. "I worry that this workaround of congressional restrictions may be happening at other centers too."

Wolf is asking the Virginia U.S. Attorney with jurisdiction over Langley to investigate whether the agency's use of contracts to employ Chinese citizens is a violation of appropriations law.

NASA officials said the agency's interpretation of the law lets its contractors hire foreign nationals, including those from China, but that those contractors remain responsible for following all U.S. export control laws.

Possible breach at Ames

Additionally, any contractor that needs one of its foreign national workers to access a NASA facility must first have that employee undergo a security review by the agency itself.

"NASA applies its own security and export control review to determine whether that employee's access to the NASA facility is safe and appropriate," a senior agency official said.

Wolf said the Langley whistleblowers came to him after he made public allegations about another alleged breach of protected information at NASA's Ames Research Center near Mountain View, Calif.

"I am deeply concerned that these cases are just two examples that have come to light representing a much deeper problem at NASA, a management culture shared by some in the agency that turns a blind eye, or in some cases may outright encourage, violations of security regulations," Wolf said. "I know that most NASA employees work tirelessly to try to do the right thing and protect U.S. technology. Fundamentally, I don't believe the problem is that there are insufficient laws to protect this information. Instead, it's really a matter of will."

Apart from referring the allegations to the FBI, Wolf said he has asked NASA's inspector general to investigate the alleged lapses at the Ames and Langley facilities, and will probe the IG on the topic during testimony before his subcommittee next week.

Cybersecurity challenges

The agency's inspector general told Congress in a January letter that NASA does not appear to have violated restrictions on cooperating with China or Chinese companies, but it also found the agency faces several significant challenges when it comes to cybersecurity.

The IG said NASA's newly-centralized security operations center does not monitor all of NASA's networks for threats and that cybersecurity efforts such as encrypting all of the agency's laptops are proceeding too slowly because of a lack of internal controls over IT management.

In a Thursday letter to NASA's administrator, Wolf recommended several steps for the agency, including a comprehensive outside study of the agency's security protocols, new training for NASA employees to prevent security lapses, and an immediate review of all foreign nationals with current NASA credentials.

"We appreciate the management suggestions Chairman Wolf has offered up and will take those recommendations into consideration," Weaver said. "Meanwhile, we remain focused on our core mission: running the world's largest and most successful space agency, and ensuring the health and safety of the American astronauts living and working in space."

RELATED STORIES:

NASA endures 5,000 computer security breaches over two weeks

NASA readies draft RFP for SEWP V

NASA's Kennedy Space Center gets message from Hill on cyber