US Government Accountability Office Recommends NASA Harden Protection Against Cyberattacks

The Government Accountability Office (GAO) sent a letter to NASA in an effort to make the space agency more resilient to cyberattacks by proposing several security measures that would ensure its protection.

NASA is one of the many agencies in the US government considered vulnerable to cyberattacks, making it a prime candidate for essential improvements. Like any big organization, NASA has organizational issues that often translate to security problems. In some respects, NASA faces the same challenges as a private conglomerate, with issues stemming from the huge number of employees.

The proposed measures cover many areas, but it’s worth mentioning that NASA already implemented some of the proposals coming from GAO. In any case, NASA is not the only agency going through these changes.

“We have designated information security as a government-wide, high-risk area since 1997 and subsequently expanded this high-risk area to include protecting cyber critical infrastructure and securing personally identifiable information,” says GAO.

“Accordingly, federal agencies need to take urgent actions to ensure that they have programs in place to protect their information technology systems and sensitive information against increasing cyber risks.”

NASA already agreed to implement GAO’s recommendations, including an organization-wide cybersecurity risk assessment, a typical process that every large organization has to complete. Another request covers NASA Acquisition Management, which incidentally is on GAO’s High-Risk List of government operations with more significant vulnerabilities.

Finally, GAO is urging NASA to cover the rest of the high-risk targets that include improving the management of IT acquisitions and operations, improving strategic human capital management, managing federal real property, and ensuring the nation’s cybersecurity and government-wide personnel security. Some of these measures are already being implemented and should be ready by the end of the year.