Congress asks GAO to investigate NASA cybersecurity

WASHINGTON — The bipartisan management of the Home Science Committee has requested the Authorities Accountability Workplace to research NASA’s cybersecurity actions amid rising issues about hacking of presidency laptop methods.

In a Could 27 letter, the highest Democrats and Republicans of the committee requested the GAO examine the “cybersecurity dangers to the delicate information” related to main NASA packages. That features evaluating NASA’s actions to main cybersecurity practices and figuring out further practices the company ought to undertake.

The letter didn’t determine any particular NASA cybersecurity breach or different occasion that prompted the request for the overview, however moderately longstanding issues in regards to the company’s vulnerabilities. “The extent to which these ongoing weaknesses have impacted the company’s skill to guard its most delicate information, particularly information tied to its main house improvement initiatives and spacecraft and human spaceflight operations, will not be nicely understood,” the members wrote within the letter.

NASA’s Workplace of Inspector Normal (OIG) has frequently reviewed, and criticized, NASA’s method to info expertise administration typically and cybersecurity particularly. In its most up-to-date cybersecurity report, launched Could 18, it warned of rising cybersecurity threats to the company.

“Assaults on NASA networks should not a brand new phenomenon, though makes an attempt to steal crucial info are rising in each complexity and severity,” the OIG report concluded. It acknowledged that phishing makes an attempt greater than doubled and malware assaults elevated “exponentially” in the course of the transfer to distant work attributable to the pandemic.

“The cyber risk to NASA’s laptop networks from internet-based intrusions is increasing in scope and frequency, and the success of those intrusions demonstrates the more and more complicated nature of cybersecurity challenges going through the Company,” the report acknowledged. These threats, as described within the report, vary from coordinated assaults by Chinese language hacking teams to a NASA contract worker who put in software program on company computer systems to mine cryptocurrency.

The OIG report criticized the company for a “disorganized” method to info expertise administration, akin to funding redundant providers. NASA additionally prioritizes cybersecurity for some key packages, just like the Worldwide House Station, “leaving cybersecurity for different mission methods as a secondary concern.”

The Science Committee management, of their letter to the GAO, steered that their request for a examine was additionally prompted by cybersecurity points elsewhere within the federal authorities. “Current, subtle cybersecurity assaults on a number of Federal authorities methods that went undetected for months underscore the significance of getting sturdy processes in place handle cybersecurity dangers associated to NASA’s delicate information,” they wrote.

That features what is named the “SolarWinds” hacking of each authorities and private-sector laptop methods by what cybersecurity analysts consider was a hacking group affiliated with Russian intelligence. These hackers final 12 months compromised software program developed by an organization referred to as SolarWinds that handles community administration. That gave hackers entry to the pc networks of SolarWinds’s prospects, together with a number of main firms and federal companies.

“SolarWinds was a giant wakeup name,” stated Kathy Lueders, NASA affiliate administrator for human exploration and operations, when requested about cybersecurity at NASA throughout a Could 25 assembly of the Nationwide Academies’ Aeronautics and House Engineering Board and House Research Board.

She didn’t elaborate on particular steps NASA took within the wake of the SolarWinds hack, however emphasised the significance the company positioned on cybersecurity. “This has completely been a significant focus space for us during the last 4 to 5 years.”

One downside is coping with firms and use of economic belongings, whose cybersecurity vulnerabilities can change into methods to get round NASA’s cybersecurity defenses. “It’s a giant fear for us,” she stated. “We’ve received to determine how to have the ability to do that and shield ourselves, whereas nonetheless being on the innovative.”

The letter to the GAO was signed by Reps. Eddie Bernice Johnson (D-Texas) and Frank Lucas (R-Okla.), chair and rating member, respectively, of the total Home Science Committee, and Reps. Don Beyer (D-Va.) and Brian Babin (R-Texas), chair and rating member, respectively, of the house subcommittee.

Recommended For You

Leave a Reply

Your email address will not be published.