GAO: NASA IT Systems Still Vulnerable
The Government Accountability Office on Thursday warned that although NASA has made progress in information technology security controls, "it has not always implemented appropriate controls to sufficiently protect the confidentiality, integrity, and availability of the information and systems supporting its mission directorates." The report, which was directed by a 2008 NASA reauthorization bill, said the space agency has not yet fully implemented key activities of its security program to ensure that controls are appropriately designed and operating effectively.
During fiscal years 2007 and 2008, NASA reported 1,120 security incidents that have resulted in the installation of malicious software on its systems and unauthorized access to sensitive information. To address these incidents, GAO reported that NASA established a Security Operations Center in 2008 to enhance prevention and provide early detection of security incidents and coordinate agency-level information related to its security posture.
"GAO's findings remind us that much remains to be done to ensure the security of all of our federal agencies' IT networks," House Science Committee Chairman Bart Gordon said in a press release. "Regulation and legislation alone will not suffice. Agencies and departments must follow through with corrective actions to mitigate identified vulnerabilities." NASA generally concurred with GAO's recommendations that the NASA administrator take steps to mitigate control vulnerabilities.
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus