August 15, 2012
NASA’s efforts to consolidate and improve its cybersecurity efforts have borne some fruit, although potential blind spots remain, according to the agency’s Inspector General (SOC).
In November 2008, NASA consolidated the computer security programs at its various field centers into a single Security Operations Center (SOC), “in an effort to improve its capability to detect and respond to evolving threats posed by increasingly sophisticated cyber attacks,” according to the IG’s report.
The SOC’s intent was to continuously monitor NASA’s incoming and outgoing network traffic and provide a single system for reporting and tracking security incidents. The IG’s audit concluded that the SOC has succeeded in providing continuous incident detection coverage for all of NASA’s centers, as well as increased security communication through all centers by updating personnel with weekly conference calls and security bulletins.
However, the SOC does not monitor all of NASA’s computer networks, the IG says. Even though non-SOC networks had their own incident management program and several dedicated staff to document and respond to incidents, they do not receive the continuous coverage provided by the SOC.
The IG recommends that NASA “increase its readiness” against sophisticated cyber espionage by groups — also known as Advanced Persistent Threats. NASA’s chief information officer agreed with the IG’s recommendations.