SoylentNews

RandomFactor [soylentnews.org] writes:

According to the NASA Office of the Inspector General (OIG), in 2018 NASA failed for the second year in a row [securityweek.com] to implement an efficient cybersecurity program.

Based on their review, the OIG assigned a maturity level of 2 to NASA's cybersecurity program.

The Federal Information Security Modernization Act of 2014 (FISMA) defines five levels of maturity: Level 1 (Ad-hoc), Level 2 (Defined), Level 3 (Consistently Implemented), Level 4 (Managed and Measurable), and Level 5 (Optimized).

Level 2 organizations have their policies, procedures and strategies formalized and documented, but they are not consistently implemented. The Office of Management and Budget requires organizations to get a rating of at least Level 4 for their cybersecurity program to be considered effective.

This is reflected in reality, in a breach [securityweek.com] a few months back both past and present NASA employees had their personal information including Social Security Numbers and other personally identifiable information lifted from NASA servers, and that incident was not alone [securityweek.com].

Searching SpaceX breach, Blue Origin breach, Virgin Galactic + breach....I find some rockets blowing up, but that's a different kind of breach entirely.

Security isn't as fun as rocket surgery, but get with it please.

Original Submission