According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row to implement an efficient cybersecurity program.
Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.
The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).
Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.
This is reflected in reality. In a breach a few months back, both past and present NASA employees had their personal information — including Social Security Numbers and other personally identifiable information — lifted from NASA servers, and that incident was not alone.
Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.
Security isn't as fun as rocket surgery, but get with it please.
(Score: 3, Insightful) by ikanreed on Tuesday March 12 2019, @07:08PM (3 children)
Science and engineering that fundamentally serves a purpose of advancing mankind wasn't tied up 16 ways with the vague concept of "national security" and NASA was a civilian organization.
(Score: 3, Interesting) by takyon on Tuesday March 12 2019, @07:15PM (2 children)
NASA is juggling more than just its own "secrets".
Security is also about more than just protecting information from being copied. A sufficiently motivated attacker could destroy systems, and possibly even satellites.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by ikanreed on Tuesday March 12 2019, @07:18PM
And we're trying to make the one cool part of cyberpunk not happen?
(Score: 0) by Anonymous Coward on Tuesday March 12 2019, @07:26PM
Not to mention just plain old personnel records.