The Government Accountability Office on Thursday warned that although NASA has made progress in information technology security controls, "it has not always implemented appropriate controls to sufficiently protect the confidentiality, integrity, and availability of the information and systems supporting its mission directorates." The report, which was directed by a 2008 NASA reauthorization bill, said the space agency has not yet fully implemented key activities of its security program to ensure that controls are appropriately designed and operating effectively.
During fiscal years 2007 and 2008, NASA reported 1,120 security incidents that have resulted in the installation of malicious software on its systems and unauthorized access to sensitive information. To address these incidents, GAO reported that NASA established a Security Operations Center in 2008 to enhance prevention and provide early detection of security incidents and coordinate agency-level information related to its security posture.
"GAO's findings remind us that much remains to be done to ensure the security of all of our federal agencies' IT networks," House Science Committee Chairman Bart Gordon said in a press release. "Regulation and legislation alone will not suffice. Agencies and departments must follow through with corrective actions to mitigate identified vulnerabilities." NASA generally concurred with GAO's recommendations that the NASA administrator take steps to mitigate control vulnerabilities.
New Media
Online Politics
Tech Policy
Comments
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Tech Daily Dose does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.