Have You Got Better Cybersecurity Than NASA?
So, you know NASA? The space agency with over $21billion in funding, 17,000+ employees and thousands of contractors on top of that? The space agency that was hacked as recently as December 2018, exposing staff data? You know the ones. They’re sure to have state of the art security and be following procedures to the T by now, right?
Wrong. Despite listing many policies and procedures on their site, they don’t seem to be following them all too closely. In a recent review, the maturity level of NASA’s cybersecurity was rated at level 2 (Defined), out of a maximum of 5 (Optimised).
In a letter to NASA from Jim Morrison, the Assistant Inspector General for Audits, he states, “In sum, we rated NASA’s cybersecurity program at a Level 2 (Defined) for the second year in a row, which falls short of the Level 4 (Managed and Measurable) rating agency cybersecurity programs are required to meet by the Office of Management and Budget in order to be considered effective.”
He continues with more specific details on where the main issues lie, “In addition to our overall assessment, we identified two areas of concern: (1) system security plans contained missing, incomplete, and inaccurate data and (2) information system control assessments were not conducted in a timely manner.”
These are deemed to be indicators of control deficiencies and are potentially significant threats to NASA’s operations, “which could impair the Agency’s ability to protect the confidentiality, integrity, and availability of its data, systems, and networks.”
How does your cybersecurity stack up against NASA’s? Are you following your processes carefully? Are all staff trained on these processes?
One big part of your cybersecurity plan should be the business continuity plan. How your business will deal with emergencies, be it cybersecurity related or even for other reasons, like if your office flooded, for example. We detail our top tips for business continuity here: https://www.vsl-net.com/solutions/businesscontinuity