NASA’s Poor Cybersecurity Is An Operational Threat

Uploaded on 2019-03-27 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Government inspectors have uncovered serious deficiencies in NASA’s information security program which they claim could threaten operations. The findings come from the latest Office of the Inspector General (OIG) review of the space agency for fiscal year 2018, under the Federal Information Security Modernization Act of 2014 (FISMA).

The OIG tested the maturity of NASA’s infosec program via 61 metrics in five security function areas plus a subset of IT systems. This involved, testing systems against corresponding security documentation, and interviewing information system owners and security personnel.

Unfortunately, the report assessed NASA’s cybersecurity program as at Level 2 (Defined) for the second year in a row, well short of the Level 4 (Managed and Measurable) required by the Office of Management and Budget in order to be judged effective.

The inspectors also flagged two serious issues: missing, incomplete and inaccurate data in system security plans and control assessments not conducted in a timely manner.

“We consider the issue of missing, incomplete, and inaccurate information security plan data to be an indicator of a continuing control deficiency that we have identified in recent NASA OIG reviews,” explained assistant inspector general for audits, Jim Morrison, in a letter to NASA’s CIO, Renee Wynn.
“Likewise, the untimely performance of information security control assessments could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the agency’s ability to protect the confidentiality, integrity, and availability of its data, systems, and networks.”
The news is concerning given the willingness of nation state hackers to go after sensitive government IP, which could impact national security.
Yet it’s not the first time NASA has been called out for less than optimal cybersecurity: the agency received an even worse report card back in 2010 when the OIG inspected.
Last year, NASA also revealed that a server containing Social Security numbers and other identity data from current and former employees may have been compromised.

Infosecurity

You Might Also Read:

NASA Discloses A Data Breach:

« What's The Difference Between AI And Machine Learning?
Where On Earth Is Cloud Data Actually Stored? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

Payatu

Payatu

Payatu Technologies is a security testing and services company specialized in Software, Application and Infrastructure security assessments and deep technical security training.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Distology

Distology

Distology are an award-winning cloud security distributor bringing a wealth of experience and strong relationships with a huge breadth of partners covering the UK, Ireland and Benelux.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

RunReveal

RunReveal

RunReveal's mission is to make sure no breach goes undetected. That means having a product that is accessible and effective for companies of all sizes.

Hakware

Hakware

Hakware is a next-generation Security Management solution offering a comprehensive OneView of your entire IT and security environment.

Cyber Cops

Cyber Cops

Cyber Cops is a premium cybersecurity company committed to safeguarding your most valuable data.