Control weaknesses jeopardize NASA’s systems

NASA has been audited by the U.S. Government Accountability Office, and the results are not satisfactory. The audit uncovered multiple weaknesses in the agency’s computer systems, that put at risk not only sensitive information, but its mission operations as well.

“NASA did not consistently implement effective controls to prevent, limit, and detect unauthorized access to its networks and systems. For example, it did not always sufficiently identify and authenticate users, restrict user access to systems, encrypt network services and data, protect network boundaries, audit and
monitor computer-related events, and physically protect its information technology resources”, the report states.

The auditors think that the “key reason for these weaknesses is that NASA has not yet fully implemented key activities of its information security program to ensure that controls are appropriately designed and operating effectively.

Specifically, it has not always fully assessed information security risks; fully developed and documented security policies and procedures; included key information in security plans; conducted comprehensive tests and evaluation of its information system controls; tracked the status of plans to remedy known weaknesses; planned for contingencies and disruptions in service; maintained capabilities to detect, report, and respond to security incidents; and incorporated important security requirements in its contract with the Jet Propulsion Laboratory.”

Advice given to NASA? They should implement an extensive information security program and, of course, fix the discovered vulnerabilities.

To read the complete report, go here.