NASA's crap infosec could be 'significant threat' to space ops
Oversight personnel from NASA's Office of the Inspector General criticised the space agency's staff for the "untimely [sic] performance of information security control assessments", saying it "could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the Agency's ability to protect the confidentiality, integrity, and availability of its data, systems, and networks."
Jim Morrison, assistant inspector general for audits within NASA's OIG, said in aletter:
"In sum, we rated NASA's cybersecurity program at a Level 2 (Defined) for the second year in a row, which falls short of the Level 4 (Managed and Measurable) rating agency cybersecurity programs are required to meet by the Office of Management and Budget in order to be considered effective."
Two areas were of immediate concern to Morrison's inspectors: NASA system security plans "contained missing, incomplete, and inaccurate data" and control assessments were not carried out "in a timely manner", something the auditors described as "an indicator of a continuing control deficiency".