NASA, or Need Another Sourcing Act: IT Security Spending Horror Stories

We've recently been covering the travails of the latest scathing report to hit federal strategic sourcing circles: NASA’s inability to implement a strategic sourcing program including agency-wide spend visibility (see links to earlier installments at the end of this post). The following is an excerpt from NASA’s Inspector General’s Report into one particular failure to use a strategic sourcing program to drive savings. It’s too good to not print in its entirety:

“In a March 2013 report, the OIG identified that as of June 2012, NASA spent $25.7 million on 242 separate purchases of IT security assessment and monitoring tools as well as related annual maintenance costs across all levels of the organization.

Specifically, the Office of the CIO spent $7.3 million to purchase and $1.8 million annually to maintain IT security assessment and monitoring tools while Chief Information Security Officers spent $5.9 million to purchase and $2.2 million to annually maintain similar products. Organizational Computer Security Officials supporting project systems spent an additional $6.7 million to purchase and $1.8 million annually to maintain IT security assessment and monitoring tools. The OIG determined that in numerous instances these officials purchased the same or similar tools for the nine IT security control areas, a strong indication of missed opportunities for consolidation of procurements through NASA’s Enterprise License Management Team, one of the Agency’s strategic sourcing initiatives.

In our view, had NASA officials performed a comprehensive spend analysis at an Agency-wide level, they would have identified multiple opportunities for consolidation and reduced duplication among IT security assessment and monitoring tools."

In short (if we are reading this correctly):

  • NASA spent over $25 million in similar purchases (that could have been leveraged) over a short time frame
  • Similar IT departments are spending autonomously (without any communication or data sharing)
  • The same technology is being bought (in many cases) from the same potential vendors by multiple parties

This is the type of behavior in the private sector that would lead to heads flying at all levels of procurement departments. Yet it’s unclear what (if any) sanctions have been taken against the offending parties in this case.

As we conclude our look into what went wrong at NASA from a strategic sourcing vantage point, we’ll consider the recommendations that the Inspector General put forth.

Discuss this:

Your email address will not be published. Required fields are marked *