NASA balks on timeline to incorporate cyber into spacecraft acquisition policies

Trends Antionette REPORT
NASA balks on timeline to incorporate cyber into spacecraft acquisition policies
NASA balks on timeline to incorporate cyber into spacecraft acquisition policies

The Government Accountability Office is concerned that NASA still hasn’t incorporated cybersecurity practices into required agency policies, particularly for its major spacecraft projects. Without these requirements, NASA could end up with “inconsistent implementation of cybersecurity controls,” the auditing agency warned in a new report sent to Congress.

“NASA officials explained that one key reason they have not yet incorporated this guidance into required acquisition policies and standards is because of the length of time it takes to do so. GAO acknowledges that the standards-setting process can take time, but it is essential that NASA do so for practices that should be required,” the report stated.

Spacecraft are incredibly dependent on software and IT, the report concludes. Even though the space agency has included cybersecurity elements in some of its contracts, they need to be standardized. For this reason, the GAO is recommending that the chief engineer, the chief information officer, and the principal advisor for enterprise protection develop a specific timeline for actually updating “its spacecraft acquisition policies and standards” to deal with cybersecurity threats.

Yet NASA pushed back on some of the recommendations. Per the report, NASA’s CIO said it was “not feasible” for there to be one set of essential controls for all mission spacecraft. GAO pushed back on that response, writing that “NASA should leverage its space security guide to determine the controls that address the likely threats to its spacecraft.”

NASA was also not interested in establishing a timeline, saying that it needed to carefully consider requirements. The space agency said that it had systems in place for dealing with the risks of space.

“While we do not dispute this, we note that NASA’s space security guide recognizes that NASA does not currently have a cybersecurity risk management framework for end-to-end integrated space mission systems,” the auditing agency said in response. “Without a plan with identified timeframes, it is unknown when the agency will actually perform an update to incorporate, if necessary, any additional cybersecurity controls.”

Written by Rebecca Heilweil

Rebecca Heilweil is an investigative reporter for FedScoop. She writes about the intersection of government, tech policy, and emerging technologies. Previously she was a reporter at Vox’s tech site, Recode. She’s also written for Slate, Wired, the Wall Street Journal, and other publications. You can reach her at [email protected]. Message her if you’d like to chat on Signal.

 
For Latest Updates Follow us on Google News
 

PREV The importance of simultaneous treatments for patients with microcytoma, a new therapeutic paradigm begins in Lazio
NEXT The horoscope of the day May 1, 2024 – Discover today’s lucky sign

Related posts

Play off, Catanzaro wins 4-2 against Brescia and reaches the semi-final: they will face Cremonese

Pope in Verona: Peace Arena meeting, “in the world today there is this grave sin: not caring for peace”

Supermedia survey freezes the left: FdI detaches the Pd, the M5S collapses

young couple from Biancavilla fly off the overpass