NASA must fix cyber vulnerabilities

By on
NASA must fix cyber vulnerabilities

1,120 security incidents over last two years.

A new report from the US Government Accountability Office (GAO) found that NASA has multiple cybersecurity problems.

The report, dubbed “NASA Needs to Remedy Vulnerabilities in Key Networks" and released late last week, said the space agency does not always sufficiently identify and authenticate users, nor does it encrypt network services, audit and monitor computer-related events, or adequately protect its physical information technology resources.

Moreover, NASA networks and systems have been the targets of many successful cyberattacks, the report said. In a two-year period starting in 2007, NASA reported 1,120 security incidents that resulted in the installation of malicious software on its systems and unauthorised access to sensitive information.

“A key reason for these vulnerabilities is that NASA has not yet fully implemented its information security program to ensure that controls are appropriately designed and operating effectively,” the report concluded.

The report made several recommendations to fix the problems, such as implementing an adequate incident detection program, conducting comprehensive security testing of security control, and developing and implementing security policies for malware, physical protection and incident handling roles and responsibilities.

In a letter included in the report to the director of GAO information security issues, a NASA representative said the space agency "generally concurs" with the report's findings.

“Many of the recommendations are currently being implemented as part of an ongoing strategic effort to improve IT management and IT security program deficiencies,” said Lori Garver, NASA deputy administrator. “We will continue to mitigate the information security weaknesses identified in this report."

The GAO also revealed that it would make 179 additional recommendations to address access control weaknesses identified during its investigation.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
cyberfixgaogovernmentmckinnonnasasecurityvulnerabilities

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals
PayTo rollout kicks off

PayTo rollout kicks off
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry
Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce

Log In

  |  Forgot your password?