Title | NASA's cybersecurity program hasn't gotten off the ground | |
Date | Tuesday March 12 2019, @06:58PM | |
Author | martyb | |
Topic | ||
from the shall...we...play...a...game... dept. |
According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row to implement an efficient cybersecurity program.
Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.
The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).
Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.
This is reflected in reality. In a breach a few months back, both past and present NASA employees had their personal information — including Social Security Numbers and other personally identifiable information — lifted from NASA servers, and that incident was not alone.
Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.
Security isn't as fun as rocket surgery, but get with it please.
Links |
printed from SoylentNews, NASA's cybersecurity program hasn't gotten off the ground on 2024-04-25 02:08:18