Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

NASA's crap infosec could be 'significant threat' to space ops

Inspectors not happy with stagnant security practices

NASA's Office of the Inspector General has once again concluded the American space agency's tech security practices are "not consistently implemented".

Confirmation that the US government department's infosec abilities are not up to scratch was a repeat of last year's federally mandated security audit, which also found that processes and procedures were below par.

Oversight personnel from NASA's Office of the Inspector General (OIG) criticised the space agency's staff for the "untimely [sic] performance of information security control assessments", saying it "could indicate control deficiencies and possibly significant threats to NASA operations, which could impair the Agency's ability to protect the confidentiality, integrity, and availability of its data, systems, and networks."

Jim Morrison, assistant inspector general for audits within NASA's OIG, said in a letter [PDF]:

"In sum, we rated NASA's cybersecurity program at a Level 2 (Defined) for the second year in a row, which falls short of the Level 4 (Managed and Measurable) rating agency cybersecurity programs are required to meet by the Office of Management and Budget in order to be considered effective."

Two areas were of immediate concern to Morrison's inspectors: NASA system security plans "contained missing, incomplete, and inaccurate data" and control assessments were not carried out "in a timely manner", something the auditors described as "an indicator of a continuing control deficiency".

The OIG's annual review assessed "61 metrics in five security function areas," it said, testing "a subset of information systems to determine the maturity of their agency's information security program.”

Drilling down, OIG inspectors looked closely at seven "judgmentally selected Agency information systems along with their corresponding security documentation" to arrive at their verdict.

A rating of "Level 2 (Defined)" means, according to the NASA OIG, that "policies, procedures, and strategies are formalized and documented but not consistently implemented". This contrasts with Level 4, where successful American government agencies have "Quantitative and qualitative measures on the effectiveness of policies, procedures, and strategies [that are] are collected across the organization and used to assess them and make necessary changes".

More details are scheduled to emerge in the full US Federal Information Security Modernisation Act (FISMA) review of NASA for fiscal year 2019. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like