New report from NASA’s Office of the Inspector General (OIG) shows agency faces ‘higher-than-necessary risk from cyberthreats’, but new contract promises NASA to secure systems more effectively .
The report says the agency has a “disorganized approach” to enterprise architecture, resulting in a “fragmented approach to IT, with many distinct lines of authority,” according to the watchdog. .
“Attacks on NASA networks are not a new phenomenon, although attempts to steal critical information are increasing in complexity and severity,” May 18 OIG report said. “While NASA has taken positive steps to address cybersecurity in the areas of network monitoring, identity management, and updating its IT strategic plan, it continues to face challenges to strengthen fundamental cybersecurity efforts. ”
The report also noted that NASA conducts its assessment and authorization (A&A) of computer systems “inconsistently and inefficiently, with the quality and cost of assessments varying considerably” across the agency. However, a new Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) contract could be essential to address this issue, according to the report.
The contract is “intended to eliminate duplicate cyber services, which could provide the agency with a way to reset the A&A process in order to more effectively secure its IT systems,” the report said. According to SAM.gov, the draft RFP will be released shortly, with a release date expected in the second quarter of 2021.
The watchdog recommended that NASA advance the CyPrESS contract and develop basic requirements “for a dedicated corporate team to manage and execute the assessment process for all NASA systems subject to review. A&A. “
Jeffrey Seaton, NASA CIO, accepted all of the report’s recommendations, including developing the baseline requirements for the contract, and set an estimated completion date for the CyPrESS recommendation for December 30, 2022.