cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

NASA's crap infosec could be 'significant threat' to space ops

Oversight personnel from NASA's Office of the Inspector General criticised the space agency's staff for the "untimely [sic] performance of information security control assessments", saying it "could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the Agency's ability to protect the confidentiality, integrity, and availability of its data, systems, and networks."

Jim Morrison, assistant inspector general for audits within NASA's OIG, said in a letter :

"In sum, we rated NASA's cybersecurity program at a Level 2 (Defined) for the second year in a row, which falls short of the Level 4 (Managed and Measurable) rating agency cybersecurity programs are required to meet by the Office of Management and Budget in order to be considered effective."

Two areas were of immediate concern to Morrison's inspectors: NASA system security plans "contained missing, incomplete, and inaccurate data" and control assessments were not carried out "in a timely manner", something the auditors described as "an indicator of a continuing control deficiency".