According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row to implement an efficient cybersecurity program.
Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.
The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).
Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.
This is reflected in reality. In a breach a few months back, both past and present NASA employees had their personal information — including Social Security Numbers and other personally identifiable information — lifted from NASA servers, and that incident was not alone.
Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.
Security isn't as fun as rocket surgery, but get with it please.
(Score: 2, Funny) by Anonymous Coward on Tuesday March 12 2019, @07:28PM (1 child)
They shit on my instrument proposal because they say it doesn't have a high enough TRL number, and all they can muster is a crappy Level 2 for their shit.
(Score: 2) by DannyB on Tuesday March 12 2019, @07:49PM
I hate to be cynical* but it could be due to lack of greasing the right palms. This is quasi-government we're talking about. Corruption runs ALL the way to the top.
* not really
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.