The Nationwide Aeronautics and Area Administration (NASA) wants to finish key actions inside numerous steps of its cybersecurity threat administration program, the US Authorities Accountability Workplace (GAO) says in a brand new report.
In keeping with the GAO, NASA’s tasks for Earth, moon, and photo voltaic system exploration threat disruption because of the cyber risk setting its spacecraft and area methods function in.
NASA has carried out the steps outlined by NIST’s cybersecurity threat administration pointers (which embrace preparation, system categorization, management choice, management implementation, management implementation evaluation, system authorization, and steady monitoring of the effectiveness of controls), however didn’t carry out key actions inside every step, the GAO says.
In keeping with the report, NASA didn’t carry out an organization-wide threat evaluation, in any other case “important to figuring out and mitigating the very best precedence cyber threats throughout the enterprise”.
Moreover, system-level steady monitoring methods haven’t been documented for the assessed methods, primarily attributable to lack of steerage on the matter. With out these documented methods, the watchdog says, organizations face elevated dangers of information breaches, delays in risk detection, and gradual assault response.
“Growing, implementing, and sustaining a complete cybersecurity threat administration program is vital to defending NASA’s methods and data, detecting suspicious exercise, and responding to incidents,” the GAO says.
“And not using a robust threat administration program overlaying the chosen methods, NASA faces elevated dangers that cyber incidents may lead to lack of mission information, or decreased lifespan or functionality of area methods,” the company continues.
In its report, GAO makes 16 suggestions to NASA to assist it enhance its safety stance by performing key actions inside the threat administration steps, together with making an organization-wide cybersecurity threat evaluation and making certain that steady monitoring methods are documented.Commercial. Scroll to proceed studying.
Per the suggestions, NASA ought to: put together and approve the evaluation; be certain that the documented affect on system confidentiality, integrity, and availability matches every system’s threat; replace its steerage to incorporate oversight duties; and will replace its steerage on documenting evaluation outcomes.
Associated: GAO Tells Coast Guard to Enhance Cybersecurity of Maritime Transportation System
Associated: CISA’s OT Assault Response Group Understaffed: GAO
Associated: GAO: Federal Businesses But to Totally Implement Incident Response Capabilities
