NASA in ‘serious jeopardy’ due to big black hole in security

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

An audit of NASA’s infosec preparedness against insider threats has warned it faces “serious jeopardy to operations” due to lack of protection for Unclassified information.

A Monday report [PDF] found that NASA has done well, as required, in its efforts to defend and prevent insider threats to Classified information – stuff that NASA defines as “Official information regarding the national security that has been designated Confidential, Secret, or Top Secret.”

The report found the agency has deployed defenses including user activity monitoring, adopted mandatory agency-wide insider threat training, and “created an insider threat reference website that assists employees and contractors with identifying threats, their risks, and follow-up information.” Procurement controls are being strengthened in ways that address risks of foreign influence.

But while the report is satisfied NASA has done well to protect its Classified info, it notes that “the vast majority” of NASA tech is not Classified, including plenty of “high-value assets and critical infrastructure.” Among those assets are “sensitive and valuable information such as scientific, engineering, or research data; human resources files; or procurement sensitive information.” Because that infrastructure is not classified, it’s not covered by the insider threat program.

And that’s a worry, because in 2021 NASA’s auditor found “incidents of improper use of NASA IT systems had increased from 249 in 2017 to 1,103 in 2020 – a 343 per cent growth; the most prevalent error was failing to protect Sensitive but Unclassified (SBU) information.”

Among the booboos the auditors found were “sending unencrypted

Read more

Explore the site

More from the blog

Latest News