NASA Years Behind on Cybersecurity Strategy, Report Says
The government agency tasked with using cutting edge technology to explore the stars is years behind on its plan to implement a comprehensive cybersecurity strategy, a new government report says.
The report from the Government Accountability Office says that NASA realized in 2015 it needed an agency-wide strategy for cybersecurity "to address weaknesses it had identified with the decentralized approach it was using." The space agency was hoping to get the new strategy in place by the fall of 2016, but later realized that timeline was seriously overly optimistic.
Now, the strategy remains "in development," the GAO report says.
You might be asking yourself, aside from aliens, who would bother to hack NASA?
The GAO report says from 2016 to 2017, the agency reported "more than 3,000 computer security incidents related to malicious software on or unauthorized access to agency computers. These incidents included criminal enterprises seeking profit and intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives."
In one example, prior to 2016, NASA was one of the many targets of a few hackers who called themselves the Syrian Electronic Army, who said they were acting in support of, but not directed by, the Syrian regime. In that case, court papers said NASA's existing security protocols kept the hackers out.
Primary Source: GAO Report on NASA Information Technology (PDF)
[Do you have a tip or question for Code and Dagger? Reach out at CodeAndDagger@protonmail.com. And if you like what you read and want to help keep the site running (kind of) smoothly, click here to learn how you can lend your support. ]