NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO

NASA needs to perform an agency-wide cybersecurity risk assessment and to complete important cybersecurity tasks for each of its projects.

The National Aeronautics and Space Administration (NASA) needs to complete key activities within various steps of its cybersecurity risk management program, the US Government Accountability Office (GAO) says in a new report.

According to the GAO, NASA’s projects for Earth, moon, and solar system exploration risk disruption due to the cyber threat environment its spacecraft and space systems operate in.

NASA has implemented the steps defined by NIST’s cybersecurity risk management guidelines (which include preparation, system categorization, control selection, control implementation, control implementation assessment, system authorization, and continuous monitoring of the effectiveness of controls), but did not perform key activities within each step, the GAO says.

According to the report, NASA did not perform an organization-wide risk assessment, otherwise “essential to identifying and mitigating the highest priority cyber ...