Cybersecurity
NASA doesn’t know what’s on its network
According to a watchdog report, NASA can’t provide an accurate count of the number of contractor-owned devices connected to its networks, and governance problems are hurting the agency’s attempts to get a better handle on overall cybersecurity.
According to an Aug. 27 inspector general report, NASA is “not adequately securing its networks from unauthorized access” from partner and employee IT devices and doesn’t have controls in place to remove or block devices as needed.
Because of these failures, “NASA remains vulnerable to cybersecurity attacks because enforcement controls to block unauthorized IT devices from accessing its networks and systems are not fully in place and operational,” the report states.
The report offers a look at how the space agency ping-ponged between trying to crack down completely on shadow IT, including contractor and employee devices, and attempting to implement a management system to control access. In April 2018, NASA’s CIO tried to take a tough line on shadow IT, banning…
