NASA OIG Finds Pervasive Problems With JPL Cybersecurity

NASA OIG: Cybersecurity Management and Oversight at the Jet Propulsion Laboratory

"Multiple IT security control weaknesses reduce JPL's ability to prevent, detect, and mitigate attacks targeting its systems and networks, thereby exposing NASA systems and data to exploitation by cyber criminals. ... We also found that security problem log tickets, created in the ITSDB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time - sometimes longer than 180 days. ... Further, we found that multiple JPL incident management and response practices deviate from NASA and recommended industry practices. ... Finally, while the contract between NASA and Caltech requires JPL to report certain types of IT security incidents to the Agency through the NASA SOC incident management system, no controls were in place to ensure JPL compliance with this requirement nor did NASA officials have access to JPL's incident management system. Collectively, these weaknesses leave NASA data and systems at risk. Despite these significant concerns, the contract NASA signed with Caltech in October 2018 to manage JPL for at least the next 5 years left important IT security requirements unresolved and instead both sides agreed to continue negotiating these issues. As of March 2019, the Agency had not approved JPL's plans to implement new IT security policies and requirements NASA included in its October 2018 contract."

NASA Needs A New Chief Information Officer, earlier post

"NASA's CIO has been asleep at the wheel for years. Its time for a reboot."

  • submit to reddit


Loading









Monthly Archives

About this Entry

This page contains a single entry by Keith Cowing published on June 18, 2019 12:28 PM.

Mike Griffin Is Not Making Many Friends at DoD was the previous entry in this blog.

Will Orbit Beyond's Indian Lander Be Built In Florida or India? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.