OIG: NASA's Operational Technology Systems Are Inadequate and Disjointed

NASA OIG: Audit of Industrial Control System Security within NASA's Critical and Supporting Infrastructure

"Despite its significant presence across the Agency and its criticality to the success of the Agency's multi-faceted mission, NASA has not adequately defined OT [operational technology], developed a centralized inventory of OT systems, or established a standard protocol to protect systems that contain OT components. NASA needs to know which systems incorporate OT components because applying traditional IT security practices to OT systems can cause the underlying systems to malfunction. ... NASA also lacks an integrated approach to managing risk associated with its critical infrastructure that incorporates physical and cyber security considerations in all phases of risk assessment and remediation. Specifically, the security of physical and cyber components of NASA's critical assets is managed with minimal collaboration among key Agency stakeholders and does not involve the Office of Strategic Infrastructure, which manages the supporting infrastructure associated with critical assets. This disjointed approach has led to duplication of effort and gaps in security planning and risk remediation at both the Agency and Center levels."

  • submit to reddit


Loading





Join our mailing list




Monthly Archives

About this Entry

This page contains a single entry by Keith Cowing published on February 8, 2017 8:08 PM.

Rep. Bridenstine Speaks at FAA Space Commercial Space Conference was the previous entry in this blog.

That Whole SpaceX Vs ULA Thing is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.