Since mid-1992, the National Aeronautics and Space Administration (NASA) Mission Control Center (MCC) in Houston has pursued commonality and consolidation of facilities and equipment to reduce the implementation costs associated with the modernization of the control center, as well as the on-going operations and sustaining costs. In December of 1993, a management team, comprised almost entirely of individuals with manned spaceflight operations experience, was given the charter of completing the development. Past practices and conventional thinking have been set aside in an effort to deliver the new control center “better, faster, and cheaper”. This new paradigm has carried-over to the engineering associated with securing the control center's information resources. The group originally tasked with ensuring the security of the MCC's information resources was not directly associated with development or operations of the MCC, and thus had lost sight of the fact that the MCC's mission is the command and control of space vehicles, not the pursuit of information security. Under the new paradigm for control center development, responsibility for ensuring system security and integrity has been brought into the development organization. Old methods and approaches to security have been replaced by a new approach which emphasizes the implementation of an automated information systems security architecture that is both logical and cost effective.In both Government, and industry, it is common for those tasked with information security responsibilities to be separated from the mainstream of engineering. This separation often results in conflict during requirements definition, design, implementation and testing. The following is a case study of such an information security organization, and process, run amok. It also discusses the steps required to bring the process back into line with the goals of cost-effective development and operation.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.