Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Even NASA struggles to keep its user data safe and secure

NASA.

Though many businesses are winding down for the festive period, NASA’s Office of Inspector General (OIG) has published a report of an audit carried out into the space agency's data handling.

The OIG noted that NASA processes a lot of personally identifiable information. As it deals with the public and other outside organizations, it is highly susceptible to data breaches that could seriously harm any individuals affected.

NASA privacy and cybersecurity officials were interviewed and privacy questionnaires were reviewed, among other things, to paint a picture of its cybersecurity performance so far.

NASA audited for its cybersecurity

The OIG said NASA’s approach to privacy was “comprehensive” and that there are plenty of things to like, but the report also highlights some additional steps to protect individuals’ personal information.

The space agency has been criticized for relying on users to self-report potential breaches instead of making full use of the data loss prevention (DLP) built into the Microsoft 365 platform that it uses, which is designed to automatically detect incidents.

Between October 2021 and March 2023, NASA’s Security Operations Center was found to have logged 118 self-reported incidents suspected to involve personally identifiable information.

NASA was also criticized for having too many documents and policies that appear to conflict with each other, rendering directions "unclear." The OIG called for a common understanding of what constitutes a breach and when to activate a Breach Response Team.

A total of six recommendations have been made, leaving plenty of room for improvement. They include improved documentation of some processes, the establishment of DLP roles and responsibilities, more guidance for tracking and documenting incident response, updated policies, regular tabletop discussions, and more training.

While this article doesn’t touch on the things that NASA has been credited for doing well in the interest of conciseness, the agency has been following plenty of best practices in a bid to protect individuals. Clearly, though, an evolving cybersecurity landscape calls for constant adaptations to any business or organization’s measures.

Via The Register

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.