NASA employs 118 Chinese nationals in "remotely-based" information technology jobs that may enable them to penetrate the space agency's national security database servers, The Washington Examiner has learned.
But NASA administrator Charles Bolden said nothing about these individuals during his testimony last week before a House Appropriations subcommittee hearing on cyber espionage threats against the space agency.
Bolden told the panel he counted 192 Chinese nationals in positions with "physical access" to NASA facilities like its Langley Research Center in Hampton, Va., and Ames Research Center near San Francisco.
The 118 employees with remote access were described in a sensitive but unclassified NASA document given to the subcommittee separately from Bolden's testimony.
The Washington Examiner obtained a subcommittee summary of the document, which described the 118 individuals as having "varying degrees of access" to NASA research and databases.
Rep. Frank Wolf, the subcommittee chairman, told The Washington Examiner he found the discrepancy troubling because "the numbers didn't match" with other data he had seen.
"I think everyone has been surprised that there are so many working at NASA," he said. "Who are they? What are their backgrounds," he asked.
Wolf wants NASA Inspector General Paul Martin to investigate the space agency's offsite Chinese IT workforce to determine each individual's location, background, access and duties.
"We're going to asks the IG to look at what they are doing, those who are not on campus," he said. He said he hoped the IG would "fill in the blanks."
Michael Cabbage, a NASA spokesman, declined to comment on why the 118 individuals with remote access weren't included in Bolden's testimony, saying only:
"Administrator Bolden directed last week that NASA take immediate action to deny remote access to agency facilities by individuals from specific designated countries, including China. NASA takes all security concerns very seriously. The agency will continue to take strong, swift action to ensure NASA's information remains secure."
Disclosure of the additional 118 Chinese nationals comes as NASA confronts a spiraling controversy over the agency's vulnerability to cyber espionage efforts by China.
FBI agents arrested Bo Jiang, a NASA Langley contractor, as he was trying to board a March 16 flight to China with a one-way ticket. He was indicted March 21 by a grand jury for making false statements to law enforcement officials.
The FBI is "investigating conspiracies and substantive violations of the Arms Export Control Act," according to the FBI's arrest warrant.
NASA research centers work on sensitive space defense technologies and related programs that the Chinese military has sought to penetrate for several decades as part of it's increasingly sophisticated anti-satellite weaponry.
Bolden told the subcommittee on March 20, "we have 281 foreign nationals from 'designated countries' who have physical access to NASA facilities. And of those 192 are foreign nationals from China."
NASA defines "designated countries" as those that support terrorism, are under sanctions or embargo, and countries of "Missile Technology Concern." The countries are China, Iran, North Korea, Burma, Eritrea, Sudan, Uzbekistan and Saudi Arabia.
The summary document shows the biggest concentrations of Chinese nationals work at the Goddard Space Flight Center outside of Washington; the Ames Research Center near San Francisco; the Jet Propulsion Lab at California's Institute of Technology and the Langley Research Center in Virginia.
At the same hearing, Bolden announced a moratorium on granting new access of foreign nationals to NASA facilities who are from "designated countries." He also authorized an internal review of overall security at the agency.
Bolden's silence about foreign nationals greatly concerns Richard Bejtlich, the chief security officer at Mandiant, a cyber security firm that works for Fortune 100 firms.
"I find that a pretty worrying state of affairs," Bejtlich told The Washington Examiner. Mandiant made public last month its report on a vast Shanghai-based People's Liberation Army unit that since 2006 has been launching global cyber attacks.
Chinese nationals working in IT jobs that give them remote access to NASA resources could be a greater threat to U.S. national security than those physically at or near the agency's research centers, he said.
"If by definition you already have access remotely by virtue of your job, you transfer information from your location and the site, there's hardly any bar to cross there," Bejtlich said.
Bejtlich said he opposed placement of any foreign citizen of a suspect country like China in any sensitive government position.
"If you're considering them for a job at a national lab or a government agency, I think we're at the point now where it's recognized that's probably not a good idea," he said.
Bejtlich said the Chinese unit described in his firm's February report has a definite "shopping list" of information being sought and will quietly sit on a network from one to five years.
"It makes sense for the adversary to sit them with them and watch them develop the technology, and to steal it over time," he said.
Larry Wortzel, a former military counterintelligence officer who was twice assigned as a military attache to the U.S. Embassy in China, said Chinese are vulnerable to pressure to spy on behalf of Beijing. A visa or green card is no assurance of honesty.
"And even as they go through the visa process, my experience is that many of them are called in and spoken to by the various (Chinese) security services and ministries," he told The Washington Examiner.
Wortzel added that many leave behind family members or loved ones who are subjected to pressure. They are "subject to some form of compellants by the Chinese government to do things for them in the United States."
The 192 Chinese represents a 25 percent surge over numbers released by the NASA Inspector General's office in June 2012. A NASA spokesman declined to discuss the surge.
Richard Pollock is a member of The Washington Examiner Watchdog investigative reporting team. He can be reached at firstname.lastname@example.org.