IG: NASA needs an IT guard dog
The agency lacks comprehensive plans for IT security and hasn't had steady leadership in charge of protecting its assets, a new report says.
NASA's individual centers might be protected, but its inspector general said the agency as a whole is suffering from a lack of strong security direction.
The IG criticized NASA's lack of an agencywide risk management framework or architecture for information security in a report released April 14.
“The Office of the CIO has not developed an information security program plan to effectively manage its resources,” NASA IG Paul Martin wrote. “In addition, the office is experiencing a period of transition with different leaders acting in the senior security officer role, which has caused uncertainty surrounding information security responsibilities at the agency level.”
Coming on the heels of a hacking claim and a congressional inquiry into aging NASA tech, the report points out that the space agency needs a solid sense of its security position.
“NASA’s high-profile and sensitive technology makes the agency an attractive target for hackers, and it is vital the agency develop an integrated view of its information security program to protect its data and resources,” Martin wrote.
He also cited the lack of steady leadership as a particular cause for concern.
“As of February 2016, NASA did not have a permanent senior security officer, and three different employees have served as the acting senior security officer over the previous 19 months,” the report states. “We believe the absence of a permanent senior security officer has contributed to uncertainty regarding the position’s responsibilities and resulted in a lack of strong leadership to manage the information security program.”
In response to the report, NASA CIO Renee Wynn pledged to develop an agencywide information security program plan and finalize it by Dec. 6, 2019.
She did not comment directly on the hiring of a senior security officer, and a NASA spokesperson did not respond to requests for comment.
NEXT STORY: Making the most of your power user