NASA’s Inspector General highlighted the importance of cybersecurity to the agency as well as the agency’s cybersecurity shortcomings in a Memorandum on Top Management and Performance Challenges.
In the document, the IG notes that although “most NASA IT systems contain data that may be widely shared, others house sensitive information which, if released or stolen, could result in significant financial loss or adversely affect national security.”
Unfortunately, the IG found that NASA’s,
CIO has limited ability to direct NASA’s Mission Directorates to fully implement IT security programs, and consequently key Agency computer networks and systems operated by the Mission Directorates do not consistently comply with Agency-wide IT policy.
The IG also stated that,
As part of our FY 2009 and FY 2010 Federal Information Security Management Act (FISMA) audits, we found that NASA’s IT security program had not fully implemented key requirements needed to adequately secure Agency information systems and data.
Moreover,
Through our audits and assessments during the past year, the OIG has found significant and recurring internal control weaknesses in NASA’s IT security control monitoring and cyber-security oversight. For example, we found that the Agency did not ensure that its computer servers remained securely configured over time.
Among the specific problems discussed in the report was that,
The OIG also alerted NASA to systemic IT deficiencies discovered during the course of an investigation into unlawful computer intrusions at the Jet Propulsion Laboratory (JPL). The OIG determined that the intrusions resulted in the theft of approximately 22 gigabytes of program data illegally transferred to an IP address in China. The stolen data included information protected under International Traffic in Arms Regulations and Export Administration Regulations. The OIG investigation found that a significant contributing factor to the theft was inadequate security settings at JPL, which allowed the intruder access to a wide range of sensitive data.
The complete NASA IG report is attached below.
NASA_2010_ManagementChallenges
Leave a Reply