NASA Plagued By Security Breaches

Its own Office of Inspector General (OIG) has been critical of IT management and cybersecurity at NASA for years, and now a cyberattack may have compromised personally identifiable information about NASA personnel, including their Social Security numbers. The extent of the breach is unclear, but a spokesman said it could affect current employees and those who joined or left the agency, or transferred between centers, as far back as July 2006. The OIG has identified “systemic and recurring weaknesses in NASA’s IT security program that adversely affect the Agency’s ability to protect the information and information systems vital to its mission,” the office stated in its latest semi-annual report, dated Oct. 31. Last May the OIG published an audit of NASA’s Security Operations Center that found several problems including high management turnover, and a lack of formal authority to manage information security issues. A 2017 report by the inspector general on overall IT management at the agency also cited cybersecurity problems. “Lingering confusion about security roles coupled with poor IT inventory practices continues to negatively impact NASA’s security posture,” it said.