Stories
Slash Boxes
Comments

SoylentNews is people

NASA's cybersecurity program hasn't gotten off the ground

posted by martyb on Tuesday March 12 2019, @06:58PM   Printer-friendly
from the shall...we...play...a...game... dept.

RandomFactor writes:

According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row to implement an efficient cybersecurity program.

Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.

The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).

Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.

This is reflected in reality. In a breach a few months back, both past and present NASA employees had their personal information — including Social Security Numbers and other personally identifiable information — lifted from NASA servers, and that incident was not alone.

Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.

Security isn't as fun as rocket surgery, but get with it please.

Original Submission

 
This discussion has been archived. No new comments can be posted.
NASA's cybersecurity program hasn't gotten off the ground | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by ikanreed on Tuesday March 12 2019, @07:08PM (3 children)

    by ikanreed (3164) Subscriber Badge on Tuesday March 12 2019, @07:08PM (#813424) Journal

    Science and engineering that fundamentally serves a purpose of advancing mankind wasn't tied up 16 ways with the vague concept of "national security" and NASA was a civilian organization.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 3, Interesting) by takyon on Tuesday March 12 2019, @07:15PM (2 children)

    by takyon (881) <takyonNO@SPAMsoylentnews.org> on Tuesday March 12 2019, @07:15PM (#813428) Journal

    NASA is juggling more than just its own "secrets".

    Security is also about more than just protecting information from being copied. A sufficiently motivated attacker could destroy systems, and possibly even satellites.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]

    • (Score: 2) by ikanreed on Tuesday March 12 2019, @07:18PM

      by ikanreed (3164) Subscriber Badge on Tuesday March 12 2019, @07:18PM (#813430) Journal

      And we're trying to make the one cool part of cyberpunk not happen?

    • (Score: 0) by Anonymous Coward on Tuesday March 12 2019, @07:26PM

      by Anonymous Coward on Tuesday March 12 2019, @07:26PM (#813432)

      Not to mention just plain old personnel records.