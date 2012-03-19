Stories
Slash Boxes
Comments

SoylentNews is people

NASA's cybersecurity program hasn't gotten off the ground

posted by martyb on Tuesday March 12, @06:58PM   Printer-friendly
from the shall...we...play...a...game... dept.
Security

RandomFactor writes:

According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row to implement an efficient cybersecurity program.

Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.

The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).

Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.

This is reflected in reality. In a breach a few months back, both past and present NASA employees had their personal information — including Social Security Numbers and other personally identifiable information — lifted from NASA servers, and that incident was not alone.

Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.

Security isn't as fun as rocket surgery, but get with it please.

Original Submission


«  Chinese Database of 1.8 Million "BreedReady" Women: Lost in Translation?
NASA's cybersecurity program hasn't gotten off the ground | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by ikanreed on Tuesday March 12, @07:08PM (3 children)

    by ikanreed (3164) on Tuesday March 12, @07:08PM (#813424)

    Science and engineering that fundamentally serves a purpose of advancing mankind wasn't tied up 16 ways with the vague concept of "national security" and NASA was a civilian organization.

  • (Score: 0) by Anonymous Coward on Tuesday March 12, @07:28PM (1 child)

    by Anonymous Coward on Tuesday March 12, @07:28PM (#813433)

    They shit on my instrument proposal because they say it doesn't have a high enough TRL number, and all they can muster is a crappy Level 2 for their shit.

    • (Score: 2) by DannyB on Tuesday March 12, @07:49PM

      by DannyB (5839) Subscriber Badge on Tuesday March 12, @07:49PM (#813439)

      I hate to be cynical* but it could be due to lack of greasing the right palms. This is quasi-government we're talking about. Corruption runs ALL the way to the top.

      * not really

      --
      ALL LIABILITY IS EXPRESSLY DISCLAIMED FOR PERSONAL INJURY OR DEATH THAT RESULTS FROM READING THE SOURCE CODE.
(1)